Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp970415rwn; Thu, 15 Sep 2022 08:41:14 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4SEY4xsaZO07yuiq4TdXHneDsLIj49AuFJQMFsYfhwl3BYV20moz4QMhhu+Gn3zn70YyUV X-Received: by 2002:a17:90b:390:b0:200:4c58:efb with SMTP id ga16-20020a17090b039000b002004c580efbmr500845pjb.97.1663256474244; Thu, 15 Sep 2022 08:41:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663256474; cv=none; d=google.com; s=arc-20160816; b=xOo8K9VyzlTx89sWwRrzn3jOdaFYRDK1UgnPrsw3JzavjC50fexcdy2qTY12eK2uu6 8S8c7rE82qs5LVVM/6xFRZvsXJezxb5LDPY9PyVhzvF7Qt41fsD/9r+CyLk3DrAN0MHI tagMdASEjTVva09EfLWejr2zXNR3QZ6dvVgWuAa+gxHDVqyXV3yQStJhVTsLkRwvESTe jBWLf/u0rsesabhnqp2L3AmlY8Ug2Amu1msfV/IYsEGModfDNdCC7tjzYDRKuWPOZCzT YgQUUs0XbXlKaBPX3WmZsihCXpvUpYty4Um4rB1Y/MC28xBLNfj10kX2sM6ycBKbYJC4 R1+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=VswCSWA+rV4PC5eDv8SsttMbBbTb1fmAEKvfw1RwEtM=; b=pnw8aYawiVoiOa9NyW0O/GWYED2UWA3HAcKUy6Yam4eKnOVYEnbg1jARgbYA3z+WcX PnjF9QqD/DngSqGA4U8hKaRvp6++3KldPc3MQEQ1b0uGrXJGR29GgU1UiIW8yZdv0lGe xD7keCt69QpuWtXlT2/c1gIdJ97I9h0VjidJVJwhYlorq+5ciVFgmZxSJhVUtKRJjwB6 7dmcVjSX1kZNWjnZDiu7jCVqy26ytXp7AM9s3k4cvQ52aiIuk3BIIiILljk3BgkKFiIm BK6od81g4lZ4HCKvYpvAbsHcACIxTO9Iz0svtHvKjFJUfbljDO9Su5WIDPWn+Uw9x0HX BEgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qfYRjxVX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n12-20020a170902e54c00b001781c1abee9si4351482plf.587.2022.09.15.08.41.00; Thu, 15 Sep 2022 08:41:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=qfYRjxVX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230383AbiIOPKx (ORCPT + 99 others); Thu, 15 Sep 2022 11:10:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230474AbiIOPJN (ORCPT ); Thu, 15 Sep 2022 11:09:13 -0400 Received: from mail-ed1-x549.google.com (mail-ed1-x549.google.com [IPv6:2a00:1450:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9D2399B72 for ; Thu, 15 Sep 2022 08:06:09 -0700 (PDT) Received: by mail-ed1-x549.google.com with SMTP id w17-20020a056402269100b0045249bc17a9so6685869edd.9 for ; Thu, 15 Sep 2022 08:06:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date; bh=VswCSWA+rV4PC5eDv8SsttMbBbTb1fmAEKvfw1RwEtM=; b=qfYRjxVXvUP5x+DcPXm3cMpN29PKGbNCTHYBFMXzeLDQrOVXXcI7lnw1mKbLyfQDyf zl3gs2m3r+JCNAr/TDs0bhFO5u7OCk1B7yPDbCbyn/nyJ8moWGvVbwEJ8b/NTADuA2hu GVJM48X6WPcJX77xHjwdMXCTk2TzlmcM2WmbJN+Tb7cJYZ8ZMxb4lsDwYDszYJI7C8rM 1v90JwvujpMn91tjws4xJKu3q+aRZi4qRprrXtU3qcvqWjX+oI7M0nFmjrmJqS8Xks0S V+NPLDQXzcvw7OagUuNKL/XuXS9vYYBVB/CqPRy/mO0mjIB75a2Iuvk5eZtREaBUnGAd /+pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date; bh=VswCSWA+rV4PC5eDv8SsttMbBbTb1fmAEKvfw1RwEtM=; b=1Ie2cUKDy/1G3i9benWpP0/dHZEVV4QQYk+qYWxV3eqNS6QmAJ+upczWXwe7LlN064 Sak21w4XFmPuasSgPQtLgJlCA5D0NdmVmjSV0Ks64FaZZM7vnC4b1BSA80jRWv5fGFyN 8NnidsTcofRtnAG/Yi7nk2NmWFDgtl4wpxRCDVmFxg8rMDNirkQ6GTl2SeEOMrDuuXXM Bvue/ajjUcc7LxCHljnIwfDwD4Utp3b6rA/DcAUm21bhttcMKzXi18txga6cF5KhkPoZ +S6bRI1TH2qyh3KJHR9uFUGsbtRKTum5d92bnWnIgCdH/d2FYmXpJTY2QyYy7fX2yS9D XreA== X-Gm-Message-State: ACrzQf1+YYPRGP6KpZfrt+3VM1/YwrA/GU/hiHI63dZ38FSdEwjyR87v VKFtn22dFqFHcEHJ9A9opU9Y6kMzlzI= X-Received: from glider.muc.corp.google.com ([2a00:79e0:9c:201:686d:27b5:495:85b7]) (user=glider job=sendgmr) by 2002:a05:6402:1655:b0:44e:b208:746d with SMTP id s21-20020a056402165500b0044eb208746dmr253604edx.229.1663254368151; Thu, 15 Sep 2022 08:06:08 -0700 (PDT) Date: Thu, 15 Sep 2022 17:04:07 +0200 In-Reply-To: <20220915150417.722975-1-glider@google.com> Mime-Version: 1.0 References: <20220915150417.722975-1-glider@google.com> X-Mailer: git-send-email 2.37.2.789.g6183377224-goog Message-ID: <20220915150417.722975-34-glider@google.com> Subject: [PATCH v7 33/43] x86: kmsan: skip shadow checks in __switch_to() From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Biggers , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Stephen Rothwell , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When instrumenting functions, KMSAN obtains the per-task state (mostly pointers to metadata for function arguments and return values) once per function at its beginning, using the `current` pointer. Every time the instrumented function calls another function, this state (`struct kmsan_context_state`) is updated with shadow/origin data of the passed and returned values. When `current` changes in the low-level arch code, instrumented code can not notice that, and will still refer to the old state, possibly corrupting it or using stale data. This may result in false positive reports. To deal with that, we need to apply __no_kmsan_checks to the functions performing context switching - this will result in skipping all KMSAN shadow checks and marking newly created values as initialized, preventing all false positive reports in those functions. False negatives are still possible, but we expect them to be rare and impersistent. Suggested-by: Marco Elver Signed-off-by: Alexander Potapenko --- v2: -- This patch was previously called "kmsan: skip shadow checks in files doing context switches". Per Mark Rutland's suggestion, we now only skip checks in low-level arch-specific code, as context switches in common code should be invisible to KMSAN. We also apply the checks to precisely the functions performing the context switch instead of the whole file. v5: -- Replace KMSAN_ENABLE_CHECKS_process_64.o with __no_kmsan_checks Link: https://linux-review.googlesource.com/id/I45e3ed9c5f66ee79b0409d1673d66ae419029bcb --- arch/x86/kernel/process_64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 1962008fe7437..6b3418bff3261 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -553,6 +553,7 @@ void compat_start_thread(struct pt_regs *regs, u32 new_ip, u32 new_sp, bool x32) * Kprobes not supported here. Set the probe on schedule instead. * Function graph tracer not supported too. */ +__no_kmsan_checks __visible __notrace_funcgraph struct task_struct * __switch_to(struct task_struct *prev_p, struct task_struct *next_p) { -- 2.37.2.789.g6183377224-goog