Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4661603iob; Sun, 8 May 2022 21:02:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx878BQuthMRNbLmrOKZmfLlKs55jGLOUk9lrbEEQmtsCuyZv5GKkW5J+pwIKFmW9Uq733X X-Received: by 2002:a17:90b:601:b0:1d9:5a0f:2017 with SMTP id gb1-20020a17090b060100b001d95a0f2017mr24633229pjb.162.1652068933220; Sun, 08 May 2022 21:02:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652068933; cv=none; d=google.com; s=arc-20160816; b=N0Fuc5PN90LN9Fd+ChSg2mjFegt/xp6S13P+DZOG6DAYMkfEzxBJQxQ++Zq7B080IX 2b0I7Hk/rH1iMN0OniLxIHeBdHlsJ7h6gYmKXsub83kVwBIUKiWzVkTIuwLIsMnFw09g 6WQWCFJ8MusyGI8ImXu8kGs+gew5RbujU8QaFlgmXKKQRMprrpGA7yCHlxuiMjwaJSFH JeOrS4mfQJjVwbFWlRHU8m/UtOljXF+4N0Xq7wZBUh/epIYSTS/9QD/pRf76GWnBIZnr 6Gny7Ov5umfbwdvfLXksIoiFMJaXXqFx+kg9oV9ArgBq8WJjZHLKxgi/qYkEPibA7Jm/ hfPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=YKfnJFHuOviCdMg0UB5UffT9B/WVcObEOxiRN5y2Kug=; b=DOJkoVSP/ryTwde8io6QhxLQTJ6Er/QH38ATJWLcV5BAVitxNl/oZuJIbNAsCtQOZn oW3Itgi8pixLK5eTRO9nM+WmI9BTUJAM6iEzOO8XcwLjhakPI749p54htdto4rkR1vRP B+alx7qWc0euxiibcscQOnbq9tvWnWyesGP+vKUW9k4EV/MYwDLadV5yRzS6gqujg98Z HqIdUpgb5Oz7cVHH7Y1Lje0CLQPWC8k2Gvo3TO0Mc8aEzOhu1KjHCvD9QtLI38VGs3n8 CRi32BO7C3dvWjE0o9YaSSl77wlcxsMqKkKkVn2nDt0TCiDYx1sxRkU0RN6tn06ozHhD 7hgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=emmUN3k1; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id g188-20020a636bc5000000b0039cef73106esi11150886pgc.511.2022.05.08.21.02.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 May 2022 21:02:13 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=emmUN3k1; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 42031A18F; Sun, 8 May 2022 21:00:37 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1444240AbiEFRp7 (ORCPT + 99 others); Fri, 6 May 2022 13:45:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1444236AbiEFRp6 (ORCPT ); Fri, 6 May 2022 13:45:58 -0400 Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AEBA353717 for ; Fri, 6 May 2022 10:42:14 -0700 (PDT) Received: by mail-yb1-xb32.google.com with SMTP id s30so14099575ybi.8 for ; Fri, 06 May 2022 10:42:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YKfnJFHuOviCdMg0UB5UffT9B/WVcObEOxiRN5y2Kug=; b=emmUN3k1bPN4J6n6aBe2FemprgUT+FF6VAYxV6ekMwnHvd4yMg9T5KGYmUYmFa9oAe l8wgj8tdCP2FJPIShfAg2Fk/rOBVcSKoqvKeqjnUKen1LIajvaEdZt/TPfqzH6t/XrSo syM1kjCv3gSDfacEuEc3EgG0lwGjeC2hWNg5U2El7kqEz+o0tsjk8MjpqNijR6o+XqPs q3onvlApQgHZ5xOXxhHzjSgk18UOnvT+GgtT76x6XFC/llE4jgVQddy0F0CFkFJAkHTB 0S9hvZkV7X0lPAIZLLytf/7qjnZXN3mz9RqswI5f966807Geg/q/71UbscP2MlkhGUSo 7bxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YKfnJFHuOviCdMg0UB5UffT9B/WVcObEOxiRN5y2Kug=; b=GMnNev09V0zakOmDaz8vN6vtmn2Gj3z8u8XJ4MhttvAi2UQHXRj6ZCk88vbc1F/JJI AYy7HnFs39wTvjI5qf6DWacY3oBWFMJU6uJXR5iZ2qr1kxwkRIJ1339GpCw+4CCWikhT +RgK+6Z9vJP02ZOG536Ux5TIuDd/bwjLIkyWRJgvqhv/YX2WtQs5m1d+433I+4nnMEpw J4KDUd7bOzdu7wOXoyiLHAEBQAYOut1u0C4h/OFHEEP0eUoXajKyuWTHGzsWbBq68x4J ExBmDcKf+AqiFocWxT2aFha4OrI07e4LsKnyJ6BkF5qwam14ca1/ofq6iVDIZ6/zDFQ6 zGEQ== X-Gm-Message-State: AOAM532VAhmTrjg4ueCGKjkctKauTkvWNgt3dftCV95eAS0EOelw4yhb Rq+76G/av/yG+ox/zz7NnwdqmQNa2slpypzkGOlEJw== X-Received: by 2002:a25:bb0f:0:b0:61d:60f9:aaf9 with SMTP id z15-20020a25bb0f000000b0061d60f9aaf9mr3038082ybg.199.1651858933696; Fri, 06 May 2022 10:42:13 -0700 (PDT) MIME-Version: 1.0 References: <20220426164315.625149-1-glider@google.com> <20220426164315.625149-29-glider@google.com> <87a6c6y7mg.ffs@tglx> <87y1zjlhmj.ffs@tglx> <878rrfiqyr.ffs@tglx> <87k0ayhc43.ffs@tglx> In-Reply-To: <87k0ayhc43.ffs@tglx> From: Alexander Potapenko Date: Fri, 6 May 2022 19:41:37 +0200 Message-ID: Subject: Re: [PATCH v3 28/46] kmsan: entry: handle register passing from uninstrumented code To: Thomas Gleixner Cc: Alexander Viro , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev , Linux Memory Management List , Linux-Arch , LKML Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 6, 2022 at 6:14 PM Thomas Gleixner wrote: > > On Fri, May 06 2022 at 16:52, Alexander Potapenko wrote: > > On Thu, May 5, 2022 at 11:56 PM Thomas Gleixner wrote: > >> @@ -452,6 +455,7 @@ irqentry_state_t noinstr irqentry_nmi_en > >> rcu_nmi_enter(); > >> > >> instrumentation_begin(); > >> + unpoison(regs); > >> trace_hardirqs_off_finish(); > >> ftrace_nmi_enter(); > >> instrumentation_end(); > >> > >> As I said: 4 places :) > > > > These four instances still do not look sufficient. > > Right now I am seeing e.g. reports with the following stack trace: > > > > BUG: KMSAN: uninit-value in irqtime_account_process_tick+0x255/0x580 > > kernel/sched/cputime.c:382 > > irqtime_account_process_tick+0x255/0x580 kernel/sched/cputime.c:382 > > account_process_tick+0x98/0x450 kernel/sched/cputime.c:476 > > update_process_times+0xe4/0x3e0 kernel/time/timer.c:1786 > > tick_sched_handle kernel/time/tick-sched.c:243 > > tick_sched_timer+0x83e/0x9e0 kernel/time/tick-sched.c:1473 > > __run_hrtimer+0x518/0xe50 kernel/time/hrtimer.c:1685 > > __hrtimer_run_queues kernel/time/hrtimer.c:1749 > > hrtimer_interrupt+0x838/0x15a0 kernel/time/hrtimer.c:1811 > > local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 > > __sysvec_apic_timer_interrupt+0x1ae/0x680 arch/x86/kernel/apic/apic.c:1103 > > sysvec_apic_timer_interrupt+0x95/0xc0 arch/x86/kernel/apic/apic.c:1097 > > ... > > (uninit creation stack trace is irrelevant here, because it is some > > random value from the stack) > > > > sysvec_apic_timer_interrupt() receives struct pt_regs from > > uninstrumented code, so regs can be partially uninitialized. > > They are not passed down the call stack directly, but are instead > > saved by set_irq_regs() in sysvec_apic_timer_interrupt() and loaded by > > get_irq_regs() in tick_sched_timer(). > > sysvec_apic_timer_interrupt() invokes irqentry_enter() _before_ > set_irq_regs() and irqentry_enter() unpoisons @reg. > > Confused... As far as I can tell in this case sysvect_apic_timer_interrupt() is called by the following code in arch/x86/kernel/idt.c: INTG(LOCAL_TIMER_VECTOR, asm_sysvec_apic_timer_interrupt), , which does not use IDTENTRY_SYSVEC framework and thus does not call irqentry_enter(). I guess handling those will require wrapping every interrupt gate into a function that performs register unpoisoning? By the way, if it helps, I think we don't necessarily have to call kmsan_unpoison_memory() from within the instrumentation_begin()/instrumentation_end() region? We could move the call to the beginning of irqentry_enter(), removing unnecessary duplication.