Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4408226ioa; Wed, 27 Apr 2022 03:14:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/kj6LFkNy9/DbhiVgY/vpiOb/DuT0yhoA+s0nnBLK3taYQTaJ6IZyT+LhtkzWhvbFFks8 X-Received: by 2002:a63:5710:0:b0:399:365e:5dde with SMTP id l16-20020a635710000000b00399365e5ddemr24116106pgb.192.1651054497659; Wed, 27 Apr 2022 03:14:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651054497; cv=none; d=google.com; s=arc-20160816; b=kFhRghsN3nqOAY9iv2PSXJ03j1s99OyD/njzk095NJA6JA0kjbOcxHd50NUonmd1qV i7uieeMMaZ6Dkz3b0amMxhaXxVdRQi47v+irezToiTTr1OE3WgbmbeBF5UFX2diy75uA 0ApM8+eaFvedGJ7FD161KaWFniGPy/k+/Rs0cPd3m59fgWo86f5wbsdRLwv4c1tBhoO5 o4BkQMBI4A90bi1O9PkvCjcLc15A9cJKy1rbHER6RXXjQmeyOT/+MEA5DhF78fh/PeRw IwJcajysB8QWyRUGgz8vrNG2sv4Awogr2YJ/WyxvQJyzgQiN+wTo4vdU+HNhLhDravoz bxZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=XLE4dDKZQivTtEUon/Tj4SL+cxx+nqfawlbFCYGovJc=; b=cJB/xQmPPLcXiQw9QhzFf3He6FCyfCFBpOk1guWXxtzyKOtnFZU2RHKFtRKXde+2F4 02CJ/G8Bp2mjTN5m1ghuMe08A5iKkcvmTvIJ5DbZgp6KX47LYOuRaLC5bsDGeOx053wn XhgsC9iI9QrQuRORAay/pUmdwyjCAzVM2pjh+xFff21aWR6aQtgys+ZOSXDK1mqBC9Sb L32UQuDnUqRG25jh/Q7j9Dttwqe8iPf8N0WoOhBnAp89x4/nvwQtSza+8acShLhvCQ/z Dc6cQtHweq/m/T7Qf725x2K15NaS/hpTz+K+cGt+OlIaRtDrPbOuAZgDLATKqXTIntbE zf8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=JMsNnrgA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id x5-20020a1709029a4500b00153bb806739si1086294plv.478.2022.04.27.03.14.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 03:14:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=JMsNnrgA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8EAFEB21; Wed, 27 Apr 2022 02:36:36 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353393AbiDZQv6 (ORCPT + 99 others); Tue, 26 Apr 2022 12:51:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353360AbiDZQvA (ORCPT ); Tue, 26 Apr 2022 12:51:00 -0400 Received: from mail-ed1-x549.google.com (mail-ed1-x549.google.com [IPv6:2a00:1450:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A0B24833A for ; Tue, 26 Apr 2022 09:46:03 -0700 (PDT) Received: by mail-ed1-x549.google.com with SMTP id b24-20020a50e798000000b0041631767675so10630033edn.23 for ; Tue, 26 Apr 2022 09:46:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=XLE4dDKZQivTtEUon/Tj4SL+cxx+nqfawlbFCYGovJc=; b=JMsNnrgA3RJaeGbSFsIbMJk1WKHAyC9mHh9w+Ezp2I0AryPzMo0hvP3hFHcM3Fes/j 0Od6aTn5hLCVFSLoC+QEN/Y51yJ/k3To1PPqp71oGx9SidpVIg7W/FFigKzrWKt5pZNf ObR3IfkU591CrM0QCB8Yyv69AzGBOduai/CQ5ZELgXkxhQBpzhytZFiVH0+MwZEQnsa3 V3yvl4lBVXMYXdY61XOr/QmKRJgkZHWIaUhgcwCtzjh2gZfAxHgEOuB8kzeynle/cRhb dXMQ2W1fkb0VB8Nx+GeffYe9rusz/mxzvp3Q0HOhGVl2s14bRkzEjCgm6Hi/UlxZ9QPZ fd4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=XLE4dDKZQivTtEUon/Tj4SL+cxx+nqfawlbFCYGovJc=; b=5Ra/e4QlsN++eNV7i8TFW51YOuE0yFvEPt17f7v2T3wDVKSPznn0hsiDb/6arspLa8 7Z2sF4S6MX0zs9c6KgAC4tudtqSCVwP4RZnFFbm+Gnvko3r8mIekfdeuhHaPob+rIEBy uvYcyyqd9DKgKulopVs8NBvwxxsHikmHs4lIygx49qKTux+fhA7HESfSVXddJuIGuUx1 jP6uFtsvlQKFnqp9vE+CEYn43TN3Cz6D8VTqKtVjn4l1biHbOwWdrGyFK8F29ETvGq0s cFVxGRrgIkaQL8Ey0ifqd7hSJfeD6Kc7xoxH7NHx6EeVU9HHtmF35XaDJI7sPA5U682U Dapw== X-Gm-Message-State: AOAM532u3/MuPqCHtXDbC/0Wwe5nmOofD5vHhP0V7VVo2eRRC3YsqY58 ko5kD4KQV90LT2SffHF+sKv+uvEEhAE= X-Received: from glider.muc.corp.google.com ([2a00:79e0:15:13:d580:abeb:bf6d:5726]) (user=glider job=sendgmr) by 2002:a17:907:3e21:b0:6f3:bd59:1aa0 with SMTP id hp33-20020a1709073e2100b006f3bd591aa0mr1461947ejc.682.1650991561485; Tue, 26 Apr 2022 09:46:01 -0700 (PDT) Date: Tue, 26 Apr 2022 18:43:08 +0200 In-Reply-To: <20220426164315.625149-1-glider@google.com> Message-Id: <20220426164315.625149-40-glider@google.com> Mime-Version: 1.0 References: <20220426164315.625149-1-glider@google.com> X-Mailer: git-send-email 2.36.0.rc2.479.g8af0fa9b8e-goog Subject: [PATCH v3 39/46] x86: kmsan: skip shadow checks in __switch_to() From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When instrumenting functions, KMSAN obtains the per-task state (mostly pointers to metadata for function arguments and return values) once per function at its beginning, using the `current` pointer. Every time the instrumented function calls another function, this state (`struct kmsan_context_state`) is updated with shadow/origin data of the passed and returned values. When `current` changes in the low-level arch code, instrumented code can not notice that, and will still refer to the old state, possibly corrupting it or using stale data. This may result in false positive reports. To deal with that, we need to apply __no_kmsan_checks to the functions performing context switching - this will result in skipping all KMSAN shadow checks and marking newly created values as initialized, preventing all false positive reports in those functions. False negatives are still possible, but we expect them to be rare and impersistent. Suggested-by: Marco Elver Signed-off-by: Alexander Potapenko --- v2: -- This patch was previously called "kmsan: skip shadow checks in files doing context switches". Per Mark Rutland's suggestion, we now only skip checks in low-level arch-specific code, as context switches in common code should be invisible to KMSAN. We also apply the checks to precisely the functions performing the context switch instead of the whole file. Link: https://linux-review.googlesource.com/id/I45e3ed9c5f66ee79b0409d1673d66ae419029bcb Replace KMSAN_ENABLE_CHECKS_process_64.o with __no_kmsan_checks --- arch/x86/kernel/process_64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index e459253649be2..9952a4c7e1d20 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -553,6 +553,7 @@ void compat_start_thread(struct pt_regs *regs, u32 new_ip, u32 new_sp, bool x32) * Kprobes not supported here. Set the probe on schedule instead. * Function graph tracer not supported too. */ +__no_kmsan_checks __visible __notrace_funcgraph struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct *next_p) { -- 2.36.0.rc2.479.g8af0fa9b8e-goog