Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp5166225iob; Mon, 9 May 2022 10:01:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxbPE4lVzclTlMEq6N5YDER5TZ6/9Tpk1xUzw1EtSKUb5s4dMPjfSvBaV/4JfTCwc5Q6WS7 X-Received: by 2002:a17:902:b698:b0:158:faee:442f with SMTP id c24-20020a170902b69800b00158faee442fmr17492018pls.75.1652115671871; Mon, 09 May 2022 10:01:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652115671; cv=none; d=google.com; s=arc-20160816; b=QjbX2i7Mc9kszA+vR1K8ZESPwKKIfrVa+g6vGqX4iJNS89f4qvN3JBnUGA+S4aArDb +QNThFk7XWtex+r6zilr89ARco4BvadMyjgQScHXzeI5ks688UjueH3Tqa1e33356Hcv aRGiIXla0aQ4kK7cKIPTlZUd9SqV5uyDaOR22cnayuT4iCNYAp9BJBDKyB8OAg6Wagxc 6+rzG6gdSub2zkOs2kLRj4zOWs0CQB9oQeikB5T0RevMdbfUA9vLWo3TYix8GmkG2ZiA 8g8vpRxZ4MwmaTXbkQlMeCJtQKRRnOu+UUI+99ORd0kAMo/ZdU/Y94aLkxCqccYymvdL Iv6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=UXiFk325eT/uin6juY8MDs9uDbcZ0rRGYF4uwLrhYoM=; b=fW1RK2iUSZvUXwkBZHwDBqhVuJ66XCHWg4DQbCD4IUBeOyEwT+miieVjNWKhgnr0hN C0xTwz3YhtIG/LDZ2c8wFLYDzfn1pWLri26ff5T/L54T/idW020h+lMg8TQBufnlPuG1 J1hqT6KRFdtkwH1t5uQxZFl76yrJCTHiFSmg0saVredFAXkK6vcbc2kYVm8eO7Le0Rlh xcAimwq2ISRK/NMGlGSPUwTgVjS/yBlK0W8v9T1/o7WmPYOCwc2JLyybDdvtNIoKeI2h NsuMMHn+ITuIR4kKnhxbYvxaMrij0hrcl5olCqnofos5w+qhlRiNs3Sao/kZvH/j2qi9 ZreA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=CU57t1DG; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id y71-20020a638a4a000000b003a007b8c222si15115453pgd.505.2022.05.09.10.01.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 May 2022 10:01:11 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=CU57t1DG; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3317C2AACE1; Mon, 9 May 2022 09:52:44 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239314AbiEIQ4b (ORCPT + 99 others); Mon, 9 May 2022 12:56:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56042 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239305AbiEIQ4a (ORCPT ); Mon, 9 May 2022 12:56:30 -0400 Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05A202AACCA for ; Mon, 9 May 2022 09:52:36 -0700 (PDT) Received: by mail-yb1-xb35.google.com with SMTP id e12so26025563ybc.11 for ; Mon, 09 May 2022 09:52:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UXiFk325eT/uin6juY8MDs9uDbcZ0rRGYF4uwLrhYoM=; b=CU57t1DGavqfk6REfm4jRrmgtCHhA9Bxhq2YKjsvtcug8qNwcUw80SzW3L1amX/eub aWHrplchw1istxVlUaUqAhQHIEM8hsceFJO5JdyQz47ykHSStdl3M0N1JESaF9e0u5ET upwfQlac2YdqILyIu5hYCpNmJDkQ6jcNcvVSPUfOJR5QX3UaEFzcUOY5WJlp44FK8QKq kAJJMWIH9muaZmmyuxcPnCOPkOrgn8pItEUdQcV8XOUyXlezRsYugSSsA9pqfGIOaQcO 2+0WkYzqIPwPTT/I+Wky0adhyCLHO6M8xSl9FA8nkJWQ7OdR+VbR7QCM7s9ZqkuxB5N4 qpEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UXiFk325eT/uin6juY8MDs9uDbcZ0rRGYF4uwLrhYoM=; b=hmktVChq+VUQ2WKR4sMTT5+3KjuFa/BhrSP3oppF18sKt2FCEozDBOiZ1ui5qdnNYy TciW7DmZ9JVCe9O4ws+SOvakLycbOppZxb4/GHBe0IvhssOSUZ+fSggtBvyAxrjmwu1K k6bHydqDIO0ISZQPzI37wvJEghF05eTtqhylL90ZoK69FPuaQzZ2h21PiUV/4Lc4m9s6 /0BBHIc2lCtmlTGjgKA++KuGGC0dBTbGbEQw4YDYwlOGh1CuVI78cQ2VuXznryyK4Bhj MCmt3hvsbaI+pSdBRZn3YbufLDwKCJSdOkxRHjao+pZPxQfCElknwDhT+5tiwEBU/08z uBDQ== X-Gm-Message-State: AOAM533GqeF2lM0pKnM37B7+8Cb//y7RgEKEwOjJiEPgpsUkb3ua23mh 6sii11+X3CT/Tjx8zUpl9dffcWH/YI2xmN83rfVzjw== X-Received: by 2002:a25:e7d1:0:b0:645:7216:d9d0 with SMTP id e200-20020a25e7d1000000b006457216d9d0mr14454488ybh.307.1652115155053; Mon, 09 May 2022 09:52:35 -0700 (PDT) MIME-Version: 1.0 References: <20220426164315.625149-1-glider@google.com> <20220426164315.625149-29-glider@google.com> <87a6c6y7mg.ffs@tglx> <87y1zjlhmj.ffs@tglx> <878rrfiqyr.ffs@tglx> <87k0ayhc43.ffs@tglx> <87h762h5c2.ffs@tglx> In-Reply-To: From: Alexander Potapenko Date: Mon, 9 May 2022 18:51:59 +0200 Message-ID: Subject: Re: [PATCH v3 28/46] kmsan: entry: handle register passing from uninstrumented code To: Thomas Gleixner Cc: Alexander Viro , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev , Linux Memory Management List , Linux-Arch , LKML Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SCC_BODY_URI_ONLY,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 9, 2022 at 6:50 PM Alexander Potapenko wrote: > > > The callchain is: > > > > asm_sysvec_apic_timer_interrupt <- ASM entry in gate > > sysvec_apic_timer_interrupt(regs) <- noinstr C entry point > > irqentry_enter(regs) <- unpoisons @reg > > __sysvec_apic_timer_interrupt(regs) <- the actual handler > > set_irq_regs(regs) <- stores regs > > local_apic_timer_interrupt() > > ... > > tick_handler() <- One of the 4 variants > > regs = get_irq_regs(); <- retrieves regs > > update_process_times(user_tick = user_mode(regs)) > > account_process_tick(user_tick) > > irqtime_account_process_tick(user_tick) > > line 382: } else if { user_tick } <- KMSAN complains > > > > I'm even more confused now. > > Ok, I think I know what's going on. > > Indeed, calling kmsan_unpoison_memory() in irqentry_enter() was > supposed to be enough, but we have code in kmsan_unpoison_memory() (as > well as other runtime functions) that checks for kmsan_in_runtime() > and bails out to prevent potential recursion if KMSAN code starts > calling itself. > > kmsan_in_runtime() is implemented as follows: > > ============================================== > static __always_inline bool kmsan_in_runtime(void) > { > if ((hardirq_count() >> HARDIRQ_SHIFT) > 1) > return true; > return kmsan_get_context()->kmsan_in_runtime; > } > ============================================== > (see the code here: > https://lore.kernel.org/lkml/20220426164315.625149-13-glider@google.com/#Z31mm:kmsan:kmsan.h) > > If we are running in the task context (in_task()==true), > kmsan_get_context() returns a per-task `struct *kmsan_ctx`. > If `in_task()==false` and `hardirq_count()>>HARDIRQ_SHIFT==1`, it > returns a per-CPU one. > Otherwise kmsan_in_runtime() is considered true to avoid dealing with > nested interrupts. > > So in the case when `hardirq_count()>>HARDIRQ_SHIFT` is greater than > 1, kmsan_in_runtime() becomes a no-op, which leads to false positives. Should be "kmsan_unpoison_memory() becomes a no-op..."