Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp3055932rwb; Mon, 5 Sep 2022 05:58:20 -0700 (PDT) X-Google-Smtp-Source: AA6agR7ytYQNM2HG10ADvfj/nEZjrPDa0Gk0/9Xn77K+InBlHN6V6+B1Ltn2W1l0GYUU9ycpLdao X-Received: by 2002:a17:90a:f517:b0:200:3a79:b036 with SMTP id cs23-20020a17090af51700b002003a79b036mr9672454pjb.147.1662382700037; Mon, 05 Sep 2022 05:58:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662382700; cv=none; d=google.com; s=arc-20160816; b=O/wCgs12Bc+fnCGmJ/BwrX9Y++G4DQMQpO3egEsdDzG+wkEyeU5f9yNAvSM4KiIe0H 0YjBN8apNoMoagCxZzJYsv1KurbL4CBKdag3ABG7HhCMXUpLrXLxoeTLCjr7oFULZxeO dBplecwDsPmupdcx4To09hcjwaj92jkXm0HW8HgZHDVC1P46ZQGbi0l0qD6j8LKoniYw yeyON90SSlOeKuxppczE9QXzKtgb/f2tFKOPbTNHkS+qmeHxCEUBZbDqOLqKqdFq0WYu kC5A6GJcwZCfR93wvkFAOvUjQ2Dje/bHBwKUzaYBYlpvQPjzpM+GGi6kVSubUMNfIhCX sYjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=VswCSWA+rV4PC5eDv8SsttMbBbTb1fmAEKvfw1RwEtM=; b=NtgX9AlfIa3RZSoqlkxLACV6rqxz5UaBvEGHYuVf1UorsLXjn2jh/Rv0SBNRo5OY0O Q27EOoel09KmLMzTkv4La7fEuRJuY5gK1tZB0N5LxYvv3QGjqbj2Be0hKs0KF2uwzc+z Q0jSYYBbSXCF7eXwNAJyS3nJ4g486gizG9J0QfpxTnoBxZapl+cvgIHAhToI9BsPx7lU PAxW7w5K0rta/qJYuIIJlqtODfCfst6YBaeR9VeI6vnr9lISwpfI02AyYXnCmm6LhcTO 8P2FIZrvD7lRnBWJSYiZFAAvpX28KZst1mdqJLsJmLZTcyXPFxc+o/XMNYrk+19/p9Ap 33SQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=FaysfHPU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w3-20020a170902d70300b00176c8d664f3si3646ply.73.2022.09.05.05.58.08; Mon, 05 Sep 2022 05:58:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=FaysfHPU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238134AbiIEMcQ (ORCPT + 99 others); Mon, 5 Sep 2022 08:32:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237793AbiIEMa0 (ORCPT ); Mon, 5 Sep 2022 08:30:26 -0400 Received: from mail-wr1-x44a.google.com (mail-wr1-x44a.google.com [IPv6:2a00:1450:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2BAC6111F for ; Mon, 5 Sep 2022 05:26:37 -0700 (PDT) Received: by mail-wr1-x44a.google.com with SMTP id t12-20020adfa2cc000000b00224f577fad1so1233458wra.4 for ; Mon, 05 Sep 2022 05:26:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=VswCSWA+rV4PC5eDv8SsttMbBbTb1fmAEKvfw1RwEtM=; b=FaysfHPUHEI9xDQ+DizkafuJSz2Euxr4w8pch7JyeIF7w+mm9SpixN7VAttRnhIcf1 iHLsEV9jw/pLNwUY4C8KGw1A06689EYkbOQFe18iHyK1OO4vYcFXMfZ5ltlCGAVJ5Riu XG1siZwi0o/mlCR+V64/HPoH407x/VrsCnkDyjBQzBqc2hGL0yRU8s5mEz8P1N59BhTg hzG3VGefRSfd/eN++lt3E3Gg+z8Tl5riHtwzfLnKb+uWX3YCISAS21Fwh0ERlJq81TyF KZxD8W4yBHXpc4Lq6Y1MBvt4ESwZqiGITUw1+GV0SilDaebvQNF1YZTejeneVonkFaZs QPng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=VswCSWA+rV4PC5eDv8SsttMbBbTb1fmAEKvfw1RwEtM=; b=GDwUDLZei5lRhXXIJL01p7/72FpxBg0HtJobzU8qxPpQn8KLA5jJ6N98Mcbxb1pV4/ hc6pMJC4AK3o3Z0fHDLvWh8P5EgrebOUSwXobxL5GYJQ9GSAaquKD4LaWblh4Nh/FSKZ jXCSSztFubGI3rZGuI4VHOY9ZpzPlfPJFboqzyUoV2pBp2XJlQoMLXABk/U2QDR4n/4t xJAk5MWwup1l5CyagvCTOzInjkJV+T0Neio/565Pn+PLUZlhQa59PjO8sYgI0OIH2OAG EKITDK3DF+36jPauC7Hb1TfuRRZBNAM69O689fXet+k4aWg27+XeIwchUV5t9bKeoVeY PhMg== X-Gm-Message-State: ACgBeo0qv8HIHQLbWPxWmMyVHeKTrgGla2QF69ypy70w6VB1OacNFP75 V42RXSDVHWmsMc5cYof3SnvVm8Znn8I= X-Received: from glider.muc.corp.google.com ([2a00:79e0:9c:201:b808:8d07:ab4a:554c]) (user=glider job=sendgmr) by 2002:a5d:4448:0:b0:226:82ff:f3e6 with SMTP id x8-20020a5d4448000000b0022682fff3e6mr25180706wrr.115.1662380790918; Mon, 05 Sep 2022 05:26:30 -0700 (PDT) Date: Mon, 5 Sep 2022 14:24:42 +0200 In-Reply-To: <20220905122452.2258262-1-glider@google.com> Mime-Version: 1.0 References: <20220905122452.2258262-1-glider@google.com> X-Mailer: git-send-email 2.37.2.789.g6183377224-goog Message-ID: <20220905122452.2258262-35-glider@google.com> Subject: [PATCH v6 34/44] x86: kmsan: skip shadow checks in __switch_to() From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When instrumenting functions, KMSAN obtains the per-task state (mostly pointers to metadata for function arguments and return values) once per function at its beginning, using the `current` pointer. Every time the instrumented function calls another function, this state (`struct kmsan_context_state`) is updated with shadow/origin data of the passed and returned values. When `current` changes in the low-level arch code, instrumented code can not notice that, and will still refer to the old state, possibly corrupting it or using stale data. This may result in false positive reports. To deal with that, we need to apply __no_kmsan_checks to the functions performing context switching - this will result in skipping all KMSAN shadow checks and marking newly created values as initialized, preventing all false positive reports in those functions. False negatives are still possible, but we expect them to be rare and impersistent. Suggested-by: Marco Elver Signed-off-by: Alexander Potapenko --- v2: -- This patch was previously called "kmsan: skip shadow checks in files doing context switches". Per Mark Rutland's suggestion, we now only skip checks in low-level arch-specific code, as context switches in common code should be invisible to KMSAN. We also apply the checks to precisely the functions performing the context switch instead of the whole file. v5: -- Replace KMSAN_ENABLE_CHECKS_process_64.o with __no_kmsan_checks Link: https://linux-review.googlesource.com/id/I45e3ed9c5f66ee79b0409d1673d66ae419029bcb --- arch/x86/kernel/process_64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 1962008fe7437..6b3418bff3261 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -553,6 +553,7 @@ void compat_start_thread(struct pt_regs *regs, u32 new_ip, u32 new_sp, bool x32) * Kprobes not supported here. Set the probe on schedule instead. * Function graph tracer not supported too. */ +__no_kmsan_checks __visible __notrace_funcgraph struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct *next_p) { -- 2.37.2.789.g6183377224-goog