Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp514274rwe; Fri, 26 Aug 2022 09:03:54 -0700 (PDT) X-Google-Smtp-Source: AA6agR4oRihh057/IgRqBT/NJavDW9yeb4OakWsa2B95bukaxXUboONBLLBWLhKTomahHEEEtYAi X-Received: by 2002:a17:90b:1e0a:b0:1f5:6554:d502 with SMTP id pg10-20020a17090b1e0a00b001f56554d502mr4866248pjb.101.1661529833815; Fri, 26 Aug 2022 09:03:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661529833; cv=none; d=google.com; s=arc-20160816; b=pHb5EXWfcY1d8sVLDN8o9yodiXEpXtg1yS+oyyUhgFkTj9J1KDHlxiUW+5QjnIOWgm tBOIE/KRZ47hHR+Dvs+9PRcp3OLEoOeBN9WGvMq41SNSSi7P4NxMRHXCUFsTpPLKV7cv qw5LpwGwzHSCc2F4VcaobPSSHwVMQeNRXdSnlgrju7oKj84nwOkkj7d9ZJEotBdgzesQ M+D1V/BZGnmaeGdYA0+mpXDK+BYXHFp/BH+qXe3HtiezARi9XX+9PfJoHeNfUICkBk2v 84xiX0I2A9G3RLGJJj1dY2hSsJ1qxg2akpPHTZTOafZ6Ir03VQ7JPBfQmoKRx2mRH/te 6LBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=3xJV8lOEjvc/s3Zvuma5zSeTndu+UAUJOaQAKluuQYo=; b=vnRCOjvO1WH1fI2fjcA/eHmLA901I+l2A0FD+Se7nAS6MYwb3Nk9mhbSLB+HLRHUmu y1I5lcx/BV7o+abbb5O/Wk+9cpBkT2CtLZuB+v28SORLuDk7OZhoWi8PrD2a+4eM++b8 tIMyZQCLWWaBDxLxQ6uFCQtPO20uZKdj87M5MmSr7WxzkS8OPIDEvKcwFCsQrQqcYuiE W1Me8nY8zrhG5Fnmj2qejfd51ZS2hEeA7iFfinadDYMdtLLzS9h8ncIcrOiwP6zffTHH PNEpoDNWKAWuQAt1npTXiGpBZOidEpu18RdQ0aTyreoa00qYIpxGDHf+DkRPHcHNXrR3 82Mg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=iowtS53R; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f62-20020a636a41000000b0042397d5f113si1840552pgc.803.2022.08.26.09.03.41; Fri, 26 Aug 2022 09:03:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=iowtS53R; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237904AbiHZPQE (ORCPT + 99 others); Fri, 26 Aug 2022 11:16:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244642AbiHZPOM (ORCPT ); Fri, 26 Aug 2022 11:14:12 -0400 Received: from mail-ej1-x64a.google.com (mail-ej1-x64a.google.com [IPv6:2a00:1450:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A8FF24BDA for ; Fri, 26 Aug 2022 08:09:56 -0700 (PDT) Received: by mail-ej1-x64a.google.com with SMTP id he38-20020a1709073da600b0073d98728570so728419ejc.11 for ; Fri, 26 Aug 2022 08:09:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc; bh=3xJV8lOEjvc/s3Zvuma5zSeTndu+UAUJOaQAKluuQYo=; b=iowtS53RHlpCL6qU/VWV5GQVG1CF6AM2cb2K8UF+xf9Eri/m9bP/5b0fP/Yv5g71u0 G4xosRyjwnbYFvqXAKPuwh/r0w9aoa69XWRuAOHrIhWmWSx0iV2XmDVoCP0JlE47FuAB nmm0HUugDUAGgo/u5XwfJyioj1O9wMPKtRlUGvvX8gKw+EEmNXhvxQbPL/ZKDRcZQQPf MtPg7V/4IJP2t5P4sgZyKRHmwuOCzbI6xunPoBepArW292PT19a5ne9C4DB1Q+Nr1eTB S6mxBrnLUZM9ZZ8fq3aL2JmDi/WAivgNEzeAkYRHzPgQwniErjEHU3w34yBn1hByADXw pmoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc; bh=3xJV8lOEjvc/s3Zvuma5zSeTndu+UAUJOaQAKluuQYo=; b=4xAo+YaCKf4SsAzHpHifrJreBw0yNMEEcOnolbKkCpIm2C6Ox21xXCCjlug3jwQOxx pw5acR220KBO5Wy2JHZr+yjxqEKjCEWMcuRAECg3/dMkpGepo4LQrnQtvdn7XJzgzzC0 B8GmrbBehUSrVlKzN5ihoxIN0PopI5t/XT9ozx92+Ws1HnEvpPhJtlBgNvxUneAUoVKs xt606JQU4GBtF7Tj0HqRj+/967LRXQAk8UeJ3zj6pLRCQWw0cGiLgrY5Sm0kPhH3t1kB Penf3Hh8tlY9c7No7ldbERL/97wawMsrZb56LQi+62mnHQ8sVv6T1E0LE/iKPgdhRac7 5n/g== X-Gm-Message-State: ACgBeo14V2aeQy2yqn6QCBTfVb/MNcRU/bJvSdk7bQx3wtWa8eJ31Yt1 wioSLP8IQmS1wbNJAJXzSZK8oS0L4DQ= X-Received: from glider.muc.corp.google.com ([2a00:79e0:9c:201:5207:ac36:fdd3:502d]) (user=glider job=sendgmr) by 2002:a05:6402:3491:b0:446:ea7d:8d9c with SMTP id v17-20020a056402349100b00446ea7d8d9cmr7130674edc.184.1661526588030; Fri, 26 Aug 2022 08:09:48 -0700 (PDT) Date: Fri, 26 Aug 2022 17:07:57 +0200 In-Reply-To: <20220826150807.723137-1-glider@google.com> Mime-Version: 1.0 References: <20220826150807.723137-1-glider@google.com> X-Mailer: git-send-email 2.37.2.672.g94769d06f0-goog Message-ID: <20220826150807.723137-35-glider@google.com> Subject: [PATCH v5 34/44] x86: kmsan: skip shadow checks in __switch_to() From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When instrumenting functions, KMSAN obtains the per-task state (mostly pointers to metadata for function arguments and return values) once per function at its beginning, using the `current` pointer. Every time the instrumented function calls another function, this state (`struct kmsan_context_state`) is updated with shadow/origin data of the passed and returned values. When `current` changes in the low-level arch code, instrumented code can not notice that, and will still refer to the old state, possibly corrupting it or using stale data. This may result in false positive reports. To deal with that, we need to apply __no_kmsan_checks to the functions performing context switching - this will result in skipping all KMSAN shadow checks and marking newly created values as initialized, preventing all false positive reports in those functions. False negatives are still possible, but we expect them to be rare and impersistent. Suggested-by: Marco Elver Signed-off-by: Alexander Potapenko Link: https://linux-review.googlesource.com/id/I520c414f52c19f3ea22377a9c570fff0d5943a95 --- v2: -- This patch was previously called "kmsan: skip shadow checks in files doing context switches". Per Mark Rutland's suggestion, we now only skip checks in low-level arch-specific code, as context switches in common code should be invisible to KMSAN. We also apply the checks to precisely the functions performing the context switch instead of the whole file. v5: -- Replace KMSAN_ENABLE_CHECKS_process_64.o with __no_kmsan_checks Link: https://linux-review.googlesource.com/id/I45e3ed9c5f66ee79b0409d1673d66ae419029bcb --- arch/x86/kernel/process_64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 1962008fe7437..6b3418bff3261 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -553,6 +553,7 @@ void compat_start_thread(struct pt_regs *regs, u32 new_ip, u32 new_sp, bool x32) * Kprobes not supported here. Set the probe on schedule instead. * Function graph tracer not supported too. */ +__no_kmsan_checks __visible __notrace_funcgraph struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct *next_p) { -- 2.37.2.672.g94769d06f0-goog