Received: by 2002:ac2:464d:0:0:0:0:0 with SMTP id s13csp3269245lfo; Mon, 23 May 2022 00:21:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzDPGrBexHjFg2Oas+1Z36+T3T839ScTaE5eNsEZMsmerrzYNy8PJSrpEUh/yB3j20uk6oF X-Received: by 2002:a05:6a00:c85:b0:518:b4a7:cce1 with SMTP id a5-20020a056a000c8500b00518b4a7cce1mr775224pfv.66.1653290481821; Mon, 23 May 2022 00:21:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653290481; cv=none; d=google.com; s=arc-20160816; b=NTNAXfrxs8HU+LmwPMl9G8nosFO128NrGndOiZVRs0vlLYp3CrGqj0O3GZWLqIG13V Y1H9dvkBGZRNQtyQhD4l7KsuPvazpNQFdZjTsVw2IbreJyfj7Fm9tLzxniMpYzTC/DZG Xdl0fqwrnWtzquAgselW7EU5vz3OPnasDpTTqbk9sYCvsdhknyF4DdScf4spxov5iSye XYQUmm1ujla04oAmsPc5jNMSHxbHAkZSQj9PykcM5Te8lTowhgQrAP7awxhE9LccpARv TnUtemPHmFoFn0YKfBScD2fp5ab5k0efEsaQcwpZ5uGXtbnYKQSiZwTIOCW03wHNTQy7 Yf2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:ironport-hdrordr:ironport-data :ironport-sdr; bh=EAIsD2GTS3XDG+buHkLtWnipY1LNgqGZnwCsD6SWf2c=; b=fSfvZBdhcXhx6c4/ZbUQpOb8rkgxpPooyB+0TNqigHIFtJwJ8BZyLiaEpEmrUZ2dhZ JTiViDEEqSGu3T3sPBuUTja10zJtL8pHNxa3Yicx4AtSMRtjZinUF+XWV6AZXQiUf7Lw FKXrDCoDVhzczFBKjHGhlvcFSL6b++eNgbzq4Qc99G9/j0FitMBtOfuF0AXfaLPAcwYV DqHMD+9B5rED4lrMW/RRWeqj8t2I3nl+HeInBJWroo1t6LPR08gFjmpKASkVkbD8zUhE svc245Aykru8zGyCN0rFvj1uV1rC/Dtj0QUG7EFUWfuD5+wcQVesgtP+dkgVyHYEMNZR o+nQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=purdue.edu Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id 129-20020a621587000000b0050d6182e323si12064647pfv.146.2022.05.23.00.21.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 00:21:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=purdue.edu Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id DDA629B1AB; Sun, 22 May 2022 23:37:05 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235790AbiEWFg7 (ORCPT + 99 others); Mon, 23 May 2022 01:36:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232226AbiEWFg5 (ORCPT ); Mon, 23 May 2022 01:36:57 -0400 X-Greylist: delayed 63 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Sun, 22 May 2022 22:36:56 PDT Received: from xppmailspam04.itap.purdue.edu (xppmailspam04.itap.purdue.edu [128.210.5.15]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4227A1C933 for ; Sun, 22 May 2022 22:36:56 -0700 (PDT) IronPort-SDR: 7S1kxYPAs/kDDMfSrsekWdS8eTswCq5YAtn2a0PAzktF6gr5pbKmBkw+jRW+JyYYbpfluM2fym aFu5gfbGSnmwZ8uzXljHcl5ucaI6ehbgg= X-Ironport-AuthID: liu3101@purdue.edu IronPort-Data: =?us-ascii?q?A9a23=3ApY2qUqPJMarjxOrvrR2ml8FynXyQoLVcMsEvi?= =?us-ascii?q?/4bfWQNrUpx1DxWxmcYCmuBOq2IM2T3c95xPYi2px5QsMXRzNI2HXM5pCpnJ?= =?us-ascii?q?55oRWspJjg7wn8dt0p+F+WbJK6+x8lBONTGMu4uSXrQ+kWkPrT79CEuzbySS?= =?us-ascii?q?qfxTuPIJ3kpFwNjTS4gjzNlmvI43t4z2ITpU1vVtIOgudDbNX+kxyVwbjAe5?= =?us-ascii?q?ZWFpU49p//1oj4Z4gEzaKkT7l/TnnUYFrwFIqS1IyeqS4VYBLfiFf7e1r2k8?= =?us-ascii?q?yXU8wp0UoGplbPyc0srRL/OPFTe0SMKC/j62hUb/348yKc2MvYYeHx7sTTRk?= =?us-ascii?q?oAj0shJuLyxVRwtYv/GltMbXkQKCCp5J6BHpOLKLHXj48yey0rKLynlz/l0V?= =?us-ascii?q?hlkPIsU674qR2pVs+QFMjwQY1aOi//vmOC3Texlh8ICKsj3Pd9P4Sg8nWGBV?= =?us-ascii?q?ft2E4reR6jq5MND2GtijM55G/uDNdESbiBibUidbhATaE0bDokywLWhinXlK?= =?us-ascii?q?WUKqVSZtPJqpWPIihRsyrTwPZzYdsHTHZdZmUORp2Tn+WXlA01Kb4XDmWrdq?= =?us-ascii?q?n/81PXSmS7bWZ4JEOHq/PBdhlDOlHcYDwcbVAfmrPS04qJktwmzEGRJvHt3x?= =?us-ascii?q?UQO3BbzFIOlAkfi+CTsUiM0ArK8LcVrsGlh9YKLu251NkBcJtJwQIROWP0eH?= =?us-ascii?q?FTG5XfV9z/dPgGDhZXOIZ6r3urO8WniaXB9wVgqPkfoRSNdizXqTRpaYhjnF?= =?us-ascii?q?r6PG4bt5jH59K2ZL5lncUEDa7svYc4jj81X/HjGhT69/sWPRRVz/hjNUn+oq?= =?us-ascii?q?A51eeZJZaTxswidtK4Gdd3BCADf4xDomODHhAwKJZWMiXfUGLwlBKyz6+uId?= =?us-ascii?q?jDQnDaDGrF9qGr1qi/zId04DDZWYR0B3tw/UTP3cVLQvh1565hUM3+nK6RwZ?= =?us-ascii?q?uqZAsIm16XxFtL7Utjba9NPZt56cwrv1CJnfkeWmmzgjmAjlqYwPZqUa8GxF?= =?us-ascii?q?W1cAqNipBKyRuEAwfooyzo4yGf7W5/21VKk3KCYaXrTTq0KWHOKb/1itfvdi?= =?us-ascii?q?B3I6dpCOo2Hxwg3bQFUSkE76qYSK1wbdSV9Douws9FNevOOZAdqBQkc5zbq6?= =?us-ascii?q?etJU+RYc259z48kJk2AZ3I=3D?= IronPort-HdrOrdr: =?us-ascii?q?A9a23=3A/RJRpattgGOoH7bfmqG0oNxA7skDb9V00z?= =?us-ascii?q?EX/kB9WHVpmwKj+vxG+85rtiMc5wx/ZJhNo7u90cq7IU80i6Qa3WB5B97LYO?= =?us-ascii?q?CMggeVxe9Zh7cKuweAJxHD?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.91,245,1647316800"; d="scan'208";a="476099845" Received: from indy05.cs.purdue.edu ([128.10.130.167]) by xppmailspam04.itap.purdue.edu with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 23 May 2022 01:35:51 -0400 From: Congyu Liu To: dvyukov@google.com, andreyknvl@gmail.com Cc: kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, Congyu Liu Subject: [PATCH v2] kcov: update pos before writing pc in trace function Date: Mon, 23 May 2022 05:35:31 +0000 Message-Id: <20220523053531.1572793-1-liu3101@purdue.edu> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In __sanitizer_cov_trace_pc(), previously we write pc before updating pos. However, some early interrupt code could bypass check_kcov_mode() check and invoke __sanitizer_cov_trace_pc(). If such interrupt is raised between writing pc and updating pos, the pc could be overitten by the recursive __sanitizer_cov_trace_pc(). As suggested by Dmitry, we cold update pos before writing pc to avoid such interleaving. Apply the same change to write_comp_data(). Signed-off-by: Congyu Liu --- PATCH v2: * Update pos before writing pc as suggested by Dmitry. PATCH v1: https://lore.kernel.org/lkml/20220517210532.1506591-1-liu3101@purdue.edu/ --- kernel/kcov.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/kernel/kcov.c b/kernel/kcov.c index b3732b210593..e19c84b02452 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -204,8 +204,16 @@ void notrace __sanitizer_cov_trace_pc(void) /* The first 64-bit word is the number of subsequent PCs. */ pos = READ_ONCE(area[0]) + 1; if (likely(pos < t->kcov_size)) { - area[pos] = ip; + /* Previously we write pc before updating pos. However, some + * early interrupt code could bypass check_kcov_mode() check + * and invoke __sanitizer_cov_trace_pc(). If such interrupt is + * raised between writing pc and updating pos, the pc could be + * overitten by the recursive __sanitizer_cov_trace_pc(). + * Update pos before writing pc to avoid such interleaving. + */ WRITE_ONCE(area[0], pos); + barrier(); + area[pos] = ip; } } EXPORT_SYMBOL(__sanitizer_cov_trace_pc); @@ -236,11 +244,13 @@ static void notrace write_comp_data(u64 type, u64 arg1, u64 arg2, u64 ip) start_index = 1 + count * KCOV_WORDS_PER_CMP; end_pos = (start_index + KCOV_WORDS_PER_CMP) * sizeof(u64); if (likely(end_pos <= max_pos)) { + /* See comment in __sanitizer_cov_trace_pc(). */ + WRITE_ONCE(area[0], count + 1); + barrier(); area[start_index] = type; area[start_index + 1] = arg1; area[start_index + 2] = arg2; area[start_index + 3] = ip; - WRITE_ONCE(area[0], count + 1); } } -- 2.34.1