Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2350301rdb; Fri, 8 Dec 2023 05:53:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IH7GZAUGkfF1lMBY1DVl4pVR5hLA0RiWv7ymsXA67hJQqCn7VD4rTXm1vKeULHC9cY1xQX4 X-Received: by 2002:a05:6a20:c329:b0:18f:97c:8a2d with SMTP id dk41-20020a056a20c32900b0018f097c8a2dmr27833pzb.88.1702043592559; Fri, 08 Dec 2023 05:53:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702043592; cv=none; d=google.com; s=arc-20160816; b=L27P0vPrypiq96HyJj6Nvqlmn1ovgCrE0OsmzfizyrKJUz5JMcqfLxol1wvX7vJCka LFFdQAMFFk0gyWLpOW2pex51ztLG1+IkCtcTAhu6TzPjUHgOZBEsZelWCl2i4yoS6xbc RfR0NkTorW/eAvAPfx0bG6YzPv2whj6luaVzDOcyT9j8E3icSlYgCSrjupoY71P9DH3X BsucxXp1kvLjiaXy6y8mSshPSvcKmUOG8uapLstsInqrPX3N+UZkLi98aythuIMW3FVc nq7KD/e8WlqjF8An4OTtJVoKqCdww4AtCV2w7Fxvk6Z2y1MVjmWXBqyAyyO7uvELhwSt ibiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=kxr02EuEVtCzgI9ve8IFgXJLU7RV4njnkPo6roz6Un8=; fh=kmKVJfn1Y9YZhlVPpqCDHuVVZsVgm/oqvGOUm8JK+fE=; b=C1xiNx1i6TRIQ7av7Tkh6xDa9o2HQMvW0R7mAuld/R1LkdP341CX2n97lfmmUkMCDH 9sC2I9CvtYxJR2KP7oXW4vxHGWr9H+ROk9xQNhSMiW5qhCNrU2LDcg+Aqgs5z/+ZdQmq +gK0AxLeWEXhMzuAaeCBX5sUQtJ0GIi3y7bubOQWO20ugp6lmrzaYp34dV0IPDvjrsIC WVj1fWZuAjjWIF0lIMVAl9phIW3QIYd9LjXXh+zStiw3h0w4sb8ygEJF4/wnELAee/AC cQkca45HLUKOTVpKcPQoE9sAsRyiIH5h9KyYoZD9EkaWL4yhtzaNQlOL4OeYbpCAXBnk 0xCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=hQLmIfQt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id ea26-20020a056a004c1a00b006ce555313a2si1605140pfb.382.2023.12.08.05.53.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Dec 2023 05:53:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=hQLmIfQt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 38DE28077536; Fri, 8 Dec 2023 05:53:10 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1573877AbjLHNww (ORCPT + 99 others); Fri, 8 Dec 2023 08:52:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1573897AbjLHNwo (ORCPT ); Fri, 8 Dec 2023 08:52:44 -0500 Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 86A8A1BCA for ; Fri, 8 Dec 2023 05:52:32 -0800 (PST) Received: by mail-qv1-xf2e.google.com with SMTP id 6a1803df08f44-67ad032559fso11460226d6.2 for ; Fri, 08 Dec 2023 05:52:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702043551; x=1702648351; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=kxr02EuEVtCzgI9ve8IFgXJLU7RV4njnkPo6roz6Un8=; b=hQLmIfQtUoPQQ/g+M5NJHOhVTMi/Y1THsU954vbcdOtOpsMso+OHDAraBpSrghwm6X hyRdY+0nNT10aK7nqithEl8x0VivxxO2wa8iWpkYu8N0wJySjvyybUMiHtALeboehjK7 MJsWYYiCp5GTIgoK4QC2XBz8cPnaAhiCejIZO1t3erzBBvvJS0k0rWlEm1EhFGiTcdLY VzTxiNqyLN28it/3bvasse2L56XyRxai+4CokEYrmDjQQuay6iPNgNWh1v8EBs414WpX aIbz+mYhqt3TCAa1RZRNS3pck3BgaUsa8gl3aDi2CGScowdgfqysa8c6asPTGfA/DsIT m6CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702043551; x=1702648351; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kxr02EuEVtCzgI9ve8IFgXJLU7RV4njnkPo6roz6Un8=; b=d+HXVnWXcfowfkefiEEadlDESTkOPaBm35dm3xet7PgvdHPdlsm25lO/CATj3wYde9 c2i/cP5wWNPtgR86kszNE+NKNRchtJtcNSWJiao6QgT7tFaPnPfuACJyyElU2e0DvQhu iMtw/OVaJju+Ki4KcLZbKhyHNOO0YwpGLC8L++GqFt1m82i8bGRIDceKh5Mc2J+N2cr/ V+80yXbbh7s7Syk7cRIJ3Mg2PTSY7kDoXA7s9mf8Ost4lOgFLuq9MS5PZu4L8pjLavEv CShKduZNWleRSuQ2t3pJI7lzjmRquxQXiQbhtPOXpwCisw6FToL0KS2rEbUIv5Ysixc/ EhVw== X-Gm-Message-State: AOJu0YyEFFfcNCxMeYnKQUI2Q54/VDyHgtHC6ftb9bV24c/gIbZDRDe6 qg9LkonyExP2FTS0V3hlgmUIHfgP34UFML3DtHw4vQ== X-Received: by 2002:ad4:50c8:0:b0:67a:d049:bd31 with SMTP id e8-20020ad450c8000000b0067ad049bd31mr4464764qvq.72.1702043551094; Fri, 08 Dec 2023 05:52:31 -0800 (PST) MIME-Version: 1.0 References: <20231121220155.1217090-1-iii@linux.ibm.com> <20231121220155.1217090-15-iii@linux.ibm.com> In-Reply-To: <20231121220155.1217090-15-iii@linux.ibm.com> From: Alexander Potapenko Date: Fri, 8 Dec 2023 14:51:51 +0100 Message-ID: Subject: Re: [PATCH v2 14/33] kmsan: Support SLAB_POISON To: Ilya Leoshkevich Cc: Alexander Gordeev , Andrew Morton , Christoph Lameter , David Rientjes , Heiko Carstens , Joonsoo Kim , Marco Elver , Masami Hiramatsu , Pekka Enberg , Steven Rostedt , Vasily Gorbik , Vlastimil Babka , Christian Borntraeger , Dmitry Vyukov , Hyeonggon Yoo <42.hyeyoo@gmail.com>, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-s390@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Mark Rutland , Roman Gushchin , Sven Schnelle Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 08 Dec 2023 05:53:10 -0800 (PST) On Tue, Nov 21, 2023 at 11:02=E2=80=AFPM Ilya Leoshkevich wrote: > > Avoid false KMSAN negatives with SLUB_DEBUG by allowing > kmsan_slab_free() to poison the freed memory, and by preventing > init_object() from unpoisoning new allocations. The usage of > memset_no_sanitize_memory() does not degrade the generated code > quality. > > There are two alternatives to this approach. First, init_object() > can be marked with __no_sanitize_memory. This annotation should be used > with great care, because it drops all instrumentation from the > function, and any shadow writes will be lost. Even though this is not a > concern with the current init_object() implementation, this may change > in the future. > > Second, kmsan_poison_memory() calls may be added after memset() calls. > The downside is that init_object() is called from > free_debug_processing(), in which case poisoning will erase the > distinction between simply uninitialized memory and UAF. > > Signed-off-by: Ilya Leoshkevich > --- > mm/kmsan/hooks.c | 2 +- > mm/slub.c | 10 ++++++---- > 2 files changed, 7 insertions(+), 5 deletions(-) > > diff --git a/mm/kmsan/hooks.c b/mm/kmsan/hooks.c > index 7b5814412e9f..7a30274b893c 100644 > --- a/mm/kmsan/hooks.c > +++ b/mm/kmsan/hooks.c > @@ -76,7 +76,7 @@ void kmsan_slab_free(struct kmem_cache *s, void *object= ) > return; > > /* RCU slabs could be legally used after free within the RCU peri= od */ > - if (unlikely(s->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON))) > + if (unlikely(s->flags & SLAB_TYPESAFE_BY_RCU)) > return; > /* > * If there's a constructor, freed memory must remain in the same= state > diff --git a/mm/slub.c b/mm/slub.c > index 63d281dfacdb..169e5f645ea8 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -1030,7 +1030,8 @@ static void init_object(struct kmem_cache *s, void = *object, u8 val) > unsigned int poison_size =3D s->object_size; > > if (s->flags & SLAB_RED_ZONE) { > - memset(p - s->red_left_pad, val, s->red_left_pad); > + memset_no_sanitize_memory(p - s->red_left_pad, val, As I wrote in patch 13/33, let's try to use __memset() here (with a comment that we want to preserve the previously poisoned memory)