Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp296557imn; Wed, 3 Aug 2022 04:20:28 -0700 (PDT) X-Google-Smtp-Source: AA6agR6HhwV/jLkHGP2ThjV8iY7fd3Km1iDd1v/pyHRXQl9Sc3hQM6hUURZ0+OPTCY026Rw3CWGi X-Received: by 2002:a05:6402:5211:b0:43e:1ac4:4b39 with SMTP id s17-20020a056402521100b0043e1ac44b39mr4962391edd.345.1659525628449; Wed, 03 Aug 2022 04:20:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659525628; cv=none; d=google.com; s=arc-20160816; b=QYmSRiErElerDttfCa9nyT3ditUNgKcCzdxQ4iuV6ZGCyO7QoNQdZRIr9dZa9K1kB6 o3JDtWrwLYKjVZz67T6dZPqQ9CFp4JpcmHcw60q5pvxMDOmc/FWY6xZda4veWDazKxFz 5wskB3DIpTzCLdhJIWOqcl2csqjsmk43JjGq8ovBxDJ8JZHR4Uym4P+itH15LhXR7CmB QXw4ptdnT091bOgmvNA9J558vpvhkklYlhxRL5AGHbhoE9h4h/Fyic2ED4aHlrfiBw00 eOJLQZ8RmAYa3Tu6FmA59cwvSZmgwOAksmMegrbvj165vfGHo5PijXmX0vl4G+WkfHsA 3s2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=PSBSqSCCzFolep6UPGhOMMv5cemuy3j+hc8VPw5MalM=; b=ByHCMH8+i9vMLgelApqgY3nUss2xlvWiBHtzgj0mewB65fNiLuOhSYii+CLjHq+a5b l7gZTUJaww+r/N+vaIKi74Iz3rKmPL0p6wbzusDR4/ZEntCvJgeLW2dbJImyOLZ0sfpo TrYV/0d9kwIdmSANvj3oV/NMq5LMNEYdqginRqsKcPgzPnjGiNmGgeeBHcp2vWihRt/H 1Wy1ywpFSyhzVWdk8OwdGBYyJLtysAkvvsUA0g4ZBX1eSCvMHXhDkcS0hg2dgQF6hTKv +MQUbm+iRoirQR+9H8Yr2Y7sIa1PH0tUMHbNHMD+mtEx96UKaVn+KN95gDaJNDjAZDeH RrgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=bMHRKq5s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s18-20020a056402521200b0043de0917993si5767535edd.216.2022.08.03.04.20.00; Wed, 03 Aug 2022 04:20:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=bMHRKq5s; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230301AbiHCLSh (ORCPT + 99 others); Wed, 3 Aug 2022 07:18:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235839AbiHCLSd (ORCPT ); Wed, 3 Aug 2022 07:18:33 -0400 Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD2BB1C90A for ; Wed, 3 Aug 2022 04:18:32 -0700 (PDT) Received: by mail-yb1-xb31.google.com with SMTP id y127so27832246yby.8 for ; Wed, 03 Aug 2022 04:18:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc; bh=PSBSqSCCzFolep6UPGhOMMv5cemuy3j+hc8VPw5MalM=; b=bMHRKq5scJSaAAH/R+bIAKiVW2q76rsyS5fqChaK2vvP0e6X8lMOJ9fvJpVbuVUJf9 IChi94VhhfBbdTI2M0D6R0ol52pbvpIWTX5RokondoQu4TASVcmEbumPPXkQwXm+8vUR loGd4D/ublp4BotEl4FDKW/8SbxfxgSBIcvBxNCqYCDJTWv1q9v//8OX1NtoVTjBQugp FRidMBKH+pYAfWV2DljliF14OLvHW8MohTIvNFWjXrqkVqpwGM8wo1GWYVY+fqTe2ZAK XtV8W+6uyL7Ih8Wr0y2ekD6szJA6VlkiENUbAtY64eghDk0gKJXZmOPEvPk/VMtM+HPV cqFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc; bh=PSBSqSCCzFolep6UPGhOMMv5cemuy3j+hc8VPw5MalM=; b=JR3Xs67CXjXATwfObY/1QS3lcy6B+ymLNf3UaLHGW0NHC7UKFkESSq7OtoRqq4tuxR LpgUtpLqZFsbF7Z1d3uDImDkc5WEixoEiw2k7kzJ0riSLJdkIXYSCY47JvIq0XlPast5 oEV5NWXNhR0Wb60KZSUUnu7Z6NuHiH0gJk1RJZAA6EF7z7dP9izFB3zUkL+xLiFWU6qz EFjZAyeCGyAwOeyFD2Lr9pgjwIrI/q6aQBr7jyumuHlJmbEAx8p3UDGdZmrH3VgC2vo4 Ccxp6s6udoOZRDqKHyECFQk1lngw/EspB4avWJHDsf0YawwIyfkwMCy3xFrUmMX54p39 7szA== X-Gm-Message-State: ACgBeo395jI9spiuWWP3LkMe5Y/+tPPE05ZqE7BplRuMxr/5LJQ3FecS Ij1LAQ1CclF58v+RDp7ZVggsr1Bcd1Eicv9ECrPI5w== X-Received: by 2002:a25:1687:0:b0:671:8241:610d with SMTP id 129-20020a251687000000b006718241610dmr19350594ybw.250.1659525511896; Wed, 03 Aug 2022 04:18:31 -0700 (PDT) MIME-Version: 1.0 References: <20220701142310.2188015-1-glider@google.com> <20220701142310.2188015-19-glider@google.com> In-Reply-To: From: Alexander Potapenko Date: Wed, 3 Aug 2022 13:17:55 +0200 Message-ID: Subject: Re: [PATCH v4 18/45] instrumented.h: add KMSAN support To: Marco Elver Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev , Linux Memory Management List , Linux-Arch , LKML Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 12, 2022 at 3:52 PM Marco Elver wrote: > > On Fri, 1 Jul 2022 at 16:24, Alexander Potapenko wrot= e: > > > > To avoid false positives, KMSAN needs to unpoison the data copied from > > the userspace. To detect infoleaks - check the memory buffer passed to > > copy_to_user(). > > > > Signed-off-by: Alexander Potapenko > > Reviewed-by: Marco Elver > > With the code simplification below. > > [...] > > --- a/mm/kmsan/hooks.c > > +++ b/mm/kmsan/hooks.c > > @@ -212,6 +212,44 @@ void kmsan_iounmap_page_range(unsigned long start,= unsigned long end) > > } > > EXPORT_SYMBOL(kmsan_iounmap_page_range); > > > > +void kmsan_copy_to_user(void __user *to, const void *from, size_t to_c= opy, > > + size_t left) > > +{ > > + unsigned long ua_flags; > > + > > + if (!kmsan_enabled || kmsan_in_runtime()) > > + return; > > + /* > > + * At this point we've copied the memory already. It's hard to = check it > > + * before copying, as the size of actually copied buffer is unk= nown. > > + */ > > + > > + /* copy_to_user() may copy zero bytes. No need to check. */ > > + if (!to_copy) > > + return; > > + /* Or maybe copy_to_user() failed to copy anything. */ > > + if (to_copy <=3D left) > > + return; > > + > > + ua_flags =3D user_access_save(); > > + if ((u64)to < TASK_SIZE) { > > + /* This is a user memory access, check it. */ > > + kmsan_internal_check_memory((void *)from, to_copy - lef= t, to, > > + REASON_COPY_TO_USER); > > This could just do "} else {" and the stuff below, and would result in > simpler code with no explicit "return" and no duplicated > user_access_restore(). Sounds good, will do. --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg