Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp5455512pxb; Mon, 28 Mar 2022 12:43:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCFkXzMbxS6PToZu4Q/+5SuTxVX61JFVXHj7Zv9UEfmOJx1ABMVvnDM9h7YBKIk8BpZLy4 X-Received: by 2002:a17:906:1411:b0:6da:f354:fb83 with SMTP id p17-20020a170906141100b006daf354fb83mr29809673ejc.539.1648496594863; Mon, 28 Mar 2022 12:43:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648496594; cv=none; d=google.com; s=arc-20160816; b=SmOxt6XhxRCCjyI9LzfHaeh4Z+wcBK5U4pPDxGdxbGRORtal6U54PhSdeW+3nEy7gW TM+r28ww72VcMjcQ6CbiQNroPUXJE+S01/4fSnNsXJkqui8mjIco87wMBxCTwRej05LJ 1V08QefK1gMZlhjAJ9RkkLLXAXQQdxIGB3T7xtcF2ENF7+cznZ1lw8gGdoNEYY2JT9J3 PqEWhLezrZ41XM3nraZlcVTWmQP0BDdADNN+tUd5quC0brYSLJppfYIG1yot5POsF/iW cqSLl2Mgz0w+HmJLGFgaCvWKW4jNSCVuVNiaFPAEsVJ15NYn46jztrhIDMVXcIeCfTG0 jq0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=SXP1ik3lrjK57FXiL04JsjsIKOVUb7B7g5d/PkInF3g=; b=O8Ecy0jlHu+PQCmZCWA25auDYXlLmqj/mhBjiYoD5wEzqrE1L2+9zW6f+r3nUT9EI7 9keJYEKGGejGUNwAYS821PZ3P1yAIfat28JNnfMqpWWBoapnAt0NlT8PRDLy8y9L4BtL Fl9tO5Rq9TdlckjYYMOoFBVCxjJXZoQIbyiUr5rFNEAd0uZzqkgyp5szFWhKaxULPalt SzoH7NkdVxsdmfp4SD7G0VCw2aUEs0nCYHrGy/SCMWZqr9TaZwu2LNBk0b5G2TqPivFG M05BZuZtIJ3BsVdcHLMrCxTZy4ORzYlIWTX+DYdD3bfK7Ea9402LX82S+9fV88DDOQfE y+UA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id de25-20020a1709069bd900b006df76385ed2si14550219ejc.882.2022.03.28.12.42.49; Mon, 28 Mar 2022 12:43:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243602AbiC1REb (ORCPT + 99 others); Mon, 28 Mar 2022 13:04:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40360 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234838AbiC1REa (ORCPT ); Mon, 28 Mar 2022 13:04:30 -0400 Received: from gate.crashing.org (gate.crashing.org [63.228.1.57]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 42D9F62BC8; Mon, 28 Mar 2022 10:02:49 -0700 (PDT) Received: from gate.crashing.org (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id 22SGwOb6019521; Mon, 28 Mar 2022 11:58:24 -0500 Received: (from segher@localhost) by gate.crashing.org (8.14.1/8.14.1/Submit) id 22SGwL89019520; Mon, 28 Mar 2022 11:58:21 -0500 X-Authentication-Warning: gate.crashing.org: segher set sender to segher@kernel.crashing.org using -f Date: Mon, 28 Mar 2022 11:58:21 -0500 From: Segher Boessenkool To: Peter Zijlstra Cc: Mark Rutland , Nick Desaulniers , Borislav Petkov , Nathan Chancellor , x86-ml , lkml , llvm@lists.linux.dev, Josh Poimboeuf , linux-toolchains@vger.kernel.org Subject: Re: clang memcpy calls Message-ID: <20220328165821.GL614@gate.crashing.org> References: <20220325151238.GB614@gate.crashing.org> <20220328142220.GI614@gate.crashing.org> <20220328155957.GK614@gate.crashing.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 28, 2022 at 06:16:37PM +0200, Peter Zijlstra wrote: > On Mon, Mar 28, 2022 at 10:59:57AM -0500, Segher Boessenkool wrote: [ Context added back: ] > > > My argument is: if the compiler is permitted to implictly and > > > arbitrarily add calls to instrumented functions within a function marked > > > with `no_sanitize_address`, the `no_sanitize_address` attribute is > > > effectively useless, and therefore *something* needs to change. > I do not see how that follows. Maybe that is obvious from how you look > > at your use case, but it is not from the viewpoint of people who just > > want to do sanitation. > > It's a substitution issue: > > either: > > memcpy() equals: "asan instrumentation" + "memcpy implementation" > > or: > > memcpy() equals: "memcpy implementation" > > It can not be both, since they're not equivalent. Equivalent in what sense? ASAN (like any other sanitizer) does not change the semantics of valid programs *at all*. And invalid programs do not have semantics, of course. > So if the compiler does the substitution, it needs some sense of > equivalence. All we're asking is that it be consistent (my preference is > for the latter). If you want to never do sanitation, there is -fno-sanitize=all. But that obviously is not what you want either. > > So what is the goal here? Why do you need to > > prevent sanitation on anything called from this function, at all cost? > > Kernel entry code might not have reached a point where instrumentation > assumptions are valid yet. Consider calling into C before the kernel > page-tables are swapped in. KASAN instrumentation would insta-explode > simply because the environment it expects (the shadow data etc..) isn't > there. Ah. Something like the proposed global boolean flag would work fine for that, afaics? Have all the asan implementation functions just return until the "I am ready now" flag is set. This is trivial overhead, compared to having asan at all! Segher