Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp1055359lqs; Wed, 6 Mar 2024 05:14:51 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXKidDWuuBGWgj82uWMvvc/EzUCF1bSczygk2EgsK9b05R5mdDwzjBA1gpENFvETxJ7MMIJbsCsf6qEWGBZUzBVaZQk+FdklK8OqqAmfw== X-Google-Smtp-Source: AGHT+IH9PnQrTytb2HGhl/KqyCFWkpoQY1EOfH/NyLmsFfnsk/+7+C17SrErwKFnKyNt5AT4H7Ms X-Received: by 2002:a05:6a20:d90b:b0:1a1:4a95:e7a3 with SMTP id jd11-20020a056a20d90b00b001a14a95e7a3mr4856481pzb.42.1709730890873; Wed, 06 Mar 2024 05:14:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709730890; cv=pass; d=google.com; s=arc-20160816; b=TK65cEd81gS8qUyxfqfdfPzyDAQUDPaWqPjLGZ+7eWxod/cOx7UcNJDvy+Lu4sN0dW o9FueoltZ4skN+zHeAXGBDJ0L3JsZBN3av3yOtilOKMs8g7nnWQoKtS5gCon0h2NCubF X69DKBw4CRMuSrOARda6OaJ9v9gegEmnmoSUIcj3cvrTyo/3iZAyVuVxodUSJE+lgQv7 qNxhKxZiawlmMvVQ7vlc9w0dgrIz3FqsQHYvhfejL70CUe4QKX08PzYxuI8C6NsBhSfZ wEjQHvvHkSl65x/Esy3eHBbj7BuTJ5LzAmDyQ3iBUMNoyAsnTHhwkfssEaNdJg9dvzCs ZIRA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:from:subject:message-id:in-reply-to:date:mime-version :list-unsubscribe:list-subscribe:list-id:precedence; bh=u5M20glDBiQnz053hv9P0J8VDogdHXOJ11z3E6yWqJI=; fh=V9AeBafJgTW96HdC48wsxGAfd7Fe9P2uAL8tLCjpUN4=; b=JT+ZclS2vo2/bfiIzdwh7FXrFeptX8osA6H2IlbqU/F0DZ9JyoI6t45KJ+nj469B5g veoae6/jxE6WO6P0oCCEI5JYQT4otuXKOwMlKWJZSnuu8GOy4/2YxAq+VrLtDJ+ouBuS P28XMIZNX/1h2/odnZzQjx7mKuEOdUNAKCrvcU63xK3h3Mv9oACSUyvTbTCmoPIZ3CBz JEGDoVMAt0fLXDjW2m2d5uAQBD4E2MvuVzDlGp3xAwJRdoToedmd71YDwxCRWSPnEL/o Ei1w61vSS8XppdZaVJGkom1hDlVbaLgM2S1yZEYLbEdXEFk+FKJHVUgByks2wwL8vrYY MPsA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=m3kw2wvrgufz5godrsrytgd7.apphosting.bounces.google.com); spf=pass (google.com: domain of linux-kernel+bounces-93961-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93961-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id ld3-20020a056a004f8300b006e60fa2ec75si1182267pfb.278.2024.03.06.05.14.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 05:14:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-93961-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=m3kw2wvrgufz5godrsrytgd7.apphosting.bounces.google.com); spf=pass (google.com: domain of linux-kernel+bounces-93961-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-93961-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 86BBC281F0D for ; Wed, 6 Mar 2024 13:14:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 19796130AEE; Wed, 6 Mar 2024 13:14:42 +0000 (UTC) Received: from mail-io1-f71.google.com (mail-io1-f71.google.com [209.85.166.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10F5A86647 for ; Wed, 6 Mar 2024 13:14:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.71 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709730881; cv=none; b=Iuxor8avHkO7MXnj9/RKikoamx2QjhlP3xwMzqwEuqpY6CEszOr8ooPGGIUgi3Tuh8R4diuuUh5s5ryq07sROucYLoit98BNev4gOlzxXYb3LLqRD1nkYxnTw8pT/+yIcVhFFmKjpeC0EW/r5NO3lspbazaDC0ovh3svaD/qhQE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709730881; c=relaxed/simple; bh=NBkN7yQfAa7PLCdKB8AWp3JIJxP/gKGV/xcc0W35Ujw=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=YA+n20VPE3hmHrergnuzvtfoMtbGh+5Tmh25TZBB+vNfng1XeTqxtl6m87e8CjE/Hgpk9zT1eC8nnnewV5jyLNY2KaQI/ul4R8qtOkcskvtvKMEezV3Qzd5sNCSdyYE4tpSPDrb9BUWae/cpbYgFY+q76R2N8xTjkMrkoWwA/FA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.166.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-7c84939e5a4so291379439f.0 for ; Wed, 06 Mar 2024 05:14:39 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709730879; x=1710335679; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=u5M20glDBiQnz053hv9P0J8VDogdHXOJ11z3E6yWqJI=; b=FN1m/R3E5Cj2D98Z124MAEWvCMtjfnvcFBM8/PfIPq81fJy1oE8cSXKrSbBQZu5ZX7 oF9xSvat6xLr0P7gEPYted9sc0wx7DZE9c0ZRsfE36ugoN/WuppWyO9wWa7sy5DtWEcv DF8oazMTgkLPMh2e0HzzHenC7ZlB+XsNw3yLIG3vPuHf2hKlqLlbARzSYCiD7HiHcgUc FNG2peRbKh0d84FWKCoTLlfNkGspMC4YV8jLQ26uZ0JuaIF/J/s5TEuM/0Rzg+V05RjD b0YHzhTLA2YBTV4rUdpWt1lzbuxmRkxAAq0vI2/hNkrbbZIQVHLk0v+ITutmkMrwGX6a jvLg== X-Gm-Message-State: AOJu0YzUUUbqfjWJ4smEnl3EMT1pG6cEu8PMzlO9XAF/fcHLWD6jcI14 j3GizIs/mkpHBf6ZwAyNQbsUDqyknTOssM/esdwhGnJikfhtefvMuj6ZIMccM4i1LBhbI7M/zap irWnHU2HAj/BLZNPxZhYqRavtnFL3DAJ0o7KUQ5Oqv3V5gLpkgVx4Jkzlig== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6e02:1d01:b0:365:177f:6db6 with SMTP id i1-20020a056e021d0100b00365177f6db6mr1109462ila.3.1709730879216; Wed, 06 Mar 2024 05:14:39 -0800 (PST) Date: Wed, 06 Mar 2024 05:14:39 -0800 In-Reply-To: <000000000000fd588e060de27ef4@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <000000000000b7b41d0612fdbdb5@google.com> Subject: Re: [syzbot] Re: [syzbot] [virtualization?] KMSAN: uninit-value in virtqueue_add (4) From: syzbot To: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org. *** Subject: Re: [syzbot] [virtualization?] KMSAN: uninit-value in virtqueue_add (4) Author: penguin-kernel@i-love.sakura.ne.jp #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.7 diff --git a/arch/x86/lib/copy_mc.c b/arch/x86/lib/copy_mc.c index 6e8b7e600def..6858f80fc9a2 100644 --- a/arch/x86/lib/copy_mc.c +++ b/arch/x86/lib/copy_mc.c @@ -61,12 +61,18 @@ unsigned long copy_mc_enhanced_fast_string(void *dst, const void *src, unsigned */ unsigned long __must_check copy_mc_to_kernel(void *dst, const void *src, unsigned len) { - if (copy_mc_fragile_enabled) - return copy_mc_fragile(dst, src, len); - if (static_cpu_has(X86_FEATURE_ERMS)) - return copy_mc_enhanced_fast_string(dst, src, len); - memcpy(dst, src, len); - return 0; + unsigned long ret; + + if (copy_mc_fragile_enabled) { + ret = copy_mc_fragile(dst, src, len); + } else if (static_cpu_has(X86_FEATURE_ERMS)) { + ret = copy_mc_enhanced_fast_string(dst, src, len); + } else { + memcpy(dst, src, len); + ret = 0; + } + kmsan_memmove(dst, src, len - ret); + return ret; } EXPORT_SYMBOL_GPL(copy_mc_to_kernel); @@ -78,15 +84,13 @@ unsigned long __must_check copy_mc_to_user(void __user *dst, const void *src, un __uaccess_begin(); ret = copy_mc_fragile((__force void *)dst, src, len); __uaccess_end(); - return ret; - } - - if (static_cpu_has(X86_FEATURE_ERMS)) { + } else if (static_cpu_has(X86_FEATURE_ERMS)) { __uaccess_begin(); ret = copy_mc_enhanced_fast_string((__force void *)dst, src, len); __uaccess_end(); - return ret; + } else { + ret = copy_user_generic((__force void *)dst, src, len); } - - return copy_user_generic((__force void *)dst, src, len); + kmsan_copy_to_user(dst, src, len, ret); + return ret; } diff --git a/include/linux/kmsan-checks.h b/include/linux/kmsan-checks.h index c4cae333deec..4c2a614dab2d 100644 --- a/include/linux/kmsan-checks.h +++ b/include/linux/kmsan-checks.h @@ -61,6 +61,17 @@ void kmsan_check_memory(const void *address, size_t size); void kmsan_copy_to_user(void __user *to, const void *from, size_t to_copy, size_t left); +/** + * kmsan_memmove() - Notify KMSAN about a data copy within kernel. + * @to: destination address in the kernel. + * @from: source address in the kernel. + * @size: number of bytes to copy. + * + * Invoked after non-instrumented version (e.g. implemented using assembly + * code) of memmove()/memcpy() is called, in order to copy KMSAN's metadata. + */ +void kmsan_memmove(void *to, const void *from, size_t size); + #else static inline void kmsan_poison_memory(const void *address, size_t size, @@ -77,6 +88,9 @@ static inline void kmsan_copy_to_user(void __user *to, const void *from, size_t to_copy, size_t left) { } +static inline void kmsan_memmove(void *to, const void *from, size_t size) +{ +} #endif diff --git a/mm/kmsan/hooks.c b/mm/kmsan/hooks.c index 5d6e2dee5692..364f778ee226 100644 --- a/mm/kmsan/hooks.c +++ b/mm/kmsan/hooks.c @@ -285,6 +285,17 @@ void kmsan_copy_to_user(void __user *to, const void *from, size_t to_copy, } EXPORT_SYMBOL(kmsan_copy_to_user); +void kmsan_memmove(void *to, const void *from, size_t size) +{ + if (!kmsan_enabled || kmsan_in_runtime()) + return; + + kmsan_enter_runtime(); + kmsan_internal_memmove_metadata(to, (void *)from, size); + kmsan_leave_runtime(); +} +EXPORT_SYMBOL(kmsan_memmove); + /* Helper function to check an URB. */ void kmsan_handle_urb(const struct urb *urb, bool is_out) {