Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp1350061rwn; Thu, 15 Sep 2022 14:31:00 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7/daUpHEqQ6Q5qmXTIo1MJyiPE4ESH4X67INp3Xz5FZxgwynvgfjlvsIq0eLiYp9DhonLg X-Received: by 2002:a17:902:8b8a:b0:178:5938:2f89 with SMTP id ay10-20020a1709028b8a00b0017859382f89mr1540956plb.109.1663277460185; Thu, 15 Sep 2022 14:31:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663277460; cv=none; d=google.com; s=arc-20160816; b=cr9kcs7bpul3VpXnSZ2vKLkkyFTzvVko+iRagVzwwSpmc8lcZwuxvqp+y2X1gJ85ej zIPU6eFxSFIi9FLj/l1X+pLXwVjKWNFq8vnnb901qk4DqSZsEnvUt32Uul+oQtb/SMdg vSoH2YBdVxobqubEsH//p1KICbqUiA0z6sb3Is/qkwzKet+y3l3r/fdmTW4oaYctJoNq 7quhnOoznLzHorvrHch6JlTKP4ghul3wXDota2e90dkt6tMWmpW1KWDtomlwsa7vFUsT x6dwGTecl/OpWttQSv09o3CtojxgL5jMRoD8LMoZcI8j0lf/9tTHVAlaxwEmJqWWK99A yrHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=vlWj2NYLyRUOXAJrHk6h7mpFMyF26yljvB7x4WHUu08=; b=X3bLG/suv0WRV/1CQg1+llvrSDnpV3fffdc4/VFs8rxbvyoxxReD0llAX9jb1RST9F 2Hgy54yh5P8LAW7lj/osIW8hWXXrLftE/yEI7HqHGyNiRdyDDTnx6vKmn3deiPG7L+wW tL1URJtVwBrWhDRA/X29Xy2OZQ501f8g7SSLb5WMlpk9ZkXlVkJ66yWzhMQ6W09xqfrJ KzubtM3KzWH9Uwa+VhxM6eulghfUsrn5FQtwopXZrlT+ui7HGESLwZTXznWh53B0gjPv kzR9WryBwUYY4c/JdiSx/mnZjiP/RozAQBZLgm8OSFDdrEDr1eCNMNB6OU/wA4PyyA7v Az9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=jNTI5WaC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z10-20020a63330a000000b00429f9f98fb2si20627406pgz.549.2022.09.15.14.30.47; Thu, 15 Sep 2022 14:31:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b=jNTI5WaC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229709AbiIOVF6 (ORCPT + 99 others); Thu, 15 Sep 2022 17:05:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229448AbiIOVF4 (ORCPT ); Thu, 15 Sep 2022 17:05:56 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6F0A901AA; Thu, 15 Sep 2022 14:05:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 52C90B82136; Thu, 15 Sep 2022 21:05:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DBB10C433C1; Thu, 15 Sep 2022 21:05:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1663275953; bh=ZTlRWzdCjBAx3bH9+dtYR09jPGy07SAWGHOUyD/Qpl0=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=jNTI5WaCQ7Qd80ZdMTxdgMs7EfZSgx0H1s/ibA/wkcQdTqtknwe8qdztixKSti45w Ar8kuh4fOu/uLe7f55ZhqMWOJ2NqGGjDsZ2rrCzyTjajyazrgyHg0qLH4z833vUzlX YHHLeNiA38U/hh9WIDcJLNxOqj2Li1ab5yQf1mig= Date: Thu, 15 Sep 2022 14:05:51 -0700 From: Andrew Morton To: Alexander Potapenko Cc: Alexander Viro , Alexei Starovoitov , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Biggers , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Stephen Rothwell , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v7 00/43] Add KernelMemorySanitizer infrastructure Message-Id: <20220915140551.2558e64c6a3d3a57d7588f5d@linux-foundation.org> In-Reply-To: <20220915150417.722975-1-glider@google.com> References: <20220915150417.722975-1-glider@google.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-8.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 15 Sep 2022 17:03:34 +0200 Alexander Potapenko wrote: > Patchset v7 includes only minor changes to origin tracking that allowed > us to drop "kmsan: unpoison @tlb in arch_tlb_gather_mmu()" from the > series. > > For the following patches diff from v6 is non-trivial: > - kmsan: add KMSAN runtime core > - kmsan: add tests for KMSAN I'm not sure this really merits a whole new patchbombing, but I'll do it that way anyway. For the curious, the major changes are: For "kmsan: add KMSAN runtime core": mm/kmsan/core.c | 28 ++++++++++------------------ mm/kmsan/kmsan.h | 1 + mm/kmsan/report.c | 8 ++++++++ 3 files changed, 19 insertions(+), 18 deletions(-) --- a/mm/kmsan/core.c~kmsan-add-kmsan-runtime-core-v7 +++ a/mm/kmsan/core.c @@ -29,13 +29,6 @@ #include "../slab.h" #include "kmsan.h" -/* - * Avoid creating too long origin chains, these are unlikely to participate in - * real reports. - */ -#define MAX_CHAIN_DEPTH 7 -#define NUM_SKIPPED_TO_WARN 10000 - bool kmsan_enabled __read_mostly; /* @@ -219,23 +212,22 @@ depot_stack_handle_t kmsan_internal_chai * Make sure we have enough spare bits in @id to hold the UAF bit and * the chain depth. */ - BUILD_BUG_ON((1 << STACK_DEPOT_EXTRA_BITS) <= (MAX_CHAIN_DEPTH << 1)); + BUILD_BUG_ON( + (1 << STACK_DEPOT_EXTRA_BITS) <= (KMSAN_MAX_ORIGIN_DEPTH << 1)); extra_bits = stack_depot_get_extra_bits(id); depth = kmsan_depth_from_eb(extra_bits); uaf = kmsan_uaf_from_eb(extra_bits); - if (depth >= MAX_CHAIN_DEPTH) { - static atomic_long_t kmsan_skipped_origins; - long skipped = atomic_long_inc_return(&kmsan_skipped_origins); - - if (skipped % NUM_SKIPPED_TO_WARN == 0) { - pr_warn("not chained %ld origins\n", skipped); - dump_stack(); - kmsan_print_origin(id); - } + /* + * Stop chaining origins once the depth reached KMSAN_MAX_ORIGIN_DEPTH. + * This mostly happens in the case structures with uninitialized padding + * are copied around many times. Origin chains for such structures are + * usually periodic, and it does not make sense to fully store them. + */ + if (depth == KMSAN_MAX_ORIGIN_DEPTH) return id; - } + depth++; extra_bits = kmsan_extra_bits(depth, uaf); --- a/mm/kmsan/kmsan.h~kmsan-add-kmsan-runtime-core-v7 +++ a/mm/kmsan/kmsan.h @@ -27,6 +27,7 @@ #define KMSAN_POISON_FREE 0x2 #define KMSAN_ORIGIN_SIZE 4 +#define KMSAN_MAX_ORIGIN_DEPTH 7 #define KMSAN_STACK_DEPTH 64 --- a/mm/kmsan/report.c~kmsan-add-kmsan-runtime-core-v7 +++ a/mm/kmsan/report.c @@ -89,12 +89,14 @@ void kmsan_print_origin(depot_stack_hand depot_stack_handle_t head; unsigned long magic; char *descr = NULL; + unsigned int depth; if (!origin) return; while (true) { nr_entries = stack_depot_fetch(origin, &entries); + depth = kmsan_depth_from_eb(stack_depot_get_extra_bits(origin)); magic = nr_entries ? entries[0] : 0; if ((nr_entries == 4) && (magic == KMSAN_ALLOCA_MAGIC_ORIGIN)) { descr = (char *)entries[1]; @@ -109,6 +111,12 @@ void kmsan_print_origin(depot_stack_hand break; } if ((nr_entries == 3) && (magic == KMSAN_CHAIN_MAGIC_ORIGIN)) { + /* + * Origin chains deeper than KMSAN_MAX_ORIGIN_DEPTH are + * not stored, so the output may be incomplete. + */ + if (depth == KMSAN_MAX_ORIGIN_DEPTH) + pr_err("\n\n"); head = entries[1]; origin = entries[2]; pr_err("Uninit was stored to memory at:\n"); _ and for "kmsan: add tests for KMSAN": --- a/mm/kmsan/kmsan_test.c~kmsan-add-tests-for-kmsan-v7 +++ a/mm/kmsan/kmsan_test.c @@ -469,6 +469,34 @@ static void test_memcpy_aligned_to_unali KUNIT_EXPECT_TRUE(test, report_matches(&expect)); } +static noinline void fibonacci(int *array, int size, int start) { + if (start < 2 || (start == size)) + return; + array[start] = array[start - 1] + array[start - 2]; + fibonacci(array, size, start + 1); +} + +static void test_long_origin_chain(struct kunit *test) +{ + EXPECTATION_UNINIT_VALUE_FN(expect, + "test_long_origin_chain"); + /* (KMSAN_MAX_ORIGIN_DEPTH * 2) recursive calls to fibonacci(). */ + volatile int accum[KMSAN_MAX_ORIGIN_DEPTH * 2 + 2]; + int last = ARRAY_SIZE(accum) - 1; + + kunit_info( + test, + "origin chain exceeding KMSAN_MAX_ORIGIN_DEPTH (UMR report)\n"); + /* + * We do not set accum[1] to 0, so the uninitializedness will be carried + * over to accum[2..last]. + */ + accum[0] = 1; + fibonacci((int *)accum, ARRAY_SIZE(accum), 2); + kmsan_check_memory((void *)&accum[last], sizeof(int)); + KUNIT_EXPECT_TRUE(test, report_matches(&expect)); +} + static struct kunit_case kmsan_test_cases[] = { KUNIT_CASE(test_uninit_kmalloc), KUNIT_CASE(test_init_kmalloc), @@ -486,6 +514,7 @@ static struct kunit_case kmsan_test_case KUNIT_CASE(test_memcpy_aligned_to_aligned), KUNIT_CASE(test_memcpy_aligned_to_unaligned), KUNIT_CASE(test_memcpy_aligned_to_unaligned2), + KUNIT_CASE(test_long_origin_chain), {}, }; _