Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp281913lql; Mon, 11 Mar 2024 02:31:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXmbipSFPoP0tD4sTxTpuz6RHxfaRuwqFVx2CIa7fSA44mMTrvo2q6yhIh9oQfUmujnJK+xe4JZElolZbrMmWRlHzoLnFXwodCa4nZbDQ== X-Google-Smtp-Source: AGHT+IFMWeMwJhKcFs5UxFdvNmXYjXV0f01NbaPweW5d8z3NiGj5/aIm0oEJCgCMKJQvVus5C9SP X-Received: by 2002:a17:906:1950:b0:a45:f773:603e with SMTP id b16-20020a170906195000b00a45f773603emr3599365eje.51.1710149467817; Mon, 11 Mar 2024 02:31:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710149467; cv=pass; d=google.com; s=arc-20160816; b=fKaB0UxVXr/lAtkAp04CeWDhCiNsoFoe4ODQamzcYH5uF7ZNsFyELrUm6gQcbJIpmE TSQZAx+Dn7P957lfhGSpZWs9pqIIdjBRxjhMC+j4EEskJOhKVQJ82e9k6LRiNZgIQ9Od ZwktKDIAGECF9VeEEmIzv1s0qUmN/+DQaFvkjskpMg0f3BN1O4qDY7Ba3Y9UbpxY5Alf mja7IVk/93LHC88bAlyClSg7Z8OhM/pT6P/j+ooSJ9xqZKxrC1U8v32jzae9mZpc+ktZ /ldnj62n1gQXHn9hgm0e0ImB5Xm7GlUD8QcWUtElTwFd5kyYK6mTHxy7Ti+czoz7Vlm+ StTA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date; bh=OOREsHi53h0aMH3pJm8Hl9w4EN0sLOYVJ8BoshkfZD4=; fh=rFhXia1eMb2njlZBQ2+h96Vjll0tzf7z4xew2OluTME=; b=aK2wuG7i+J9WBONo1bfkVfqrVO1f3txDPUlArp8AqUgPiQmGzfdwogGw+yTPaysY43 QSReGGwqLdJxE08V63SD1P97jrnzkuY2XAZQEPFxvE3kQMPhGgDlshComfnAGjFP6v+r L/a5c+o88pJsMC1fcnywNXYbvnD+gNTbCS7pTTiNKolKXNSx+icVBAiOE3jokpS4IJQy GZ0+ZCSMxNyilvNZGrK6L6iOifx4Xp8JHRWgqdAYEsPC+ZHbsjIoNBRq2wzJm+MGwyOv Zqr66GEY7uOP9h5icATnGy+Y53zXTLwTD8KA421z4LlljwtTHgrWvQYDlQOmF8iQuoEm MOvQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-98622-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98622-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id rp20-20020a170906d97400b00a456423c7e1si2349012ejb.692.2024.03.11.02.31.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 02:31:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-98622-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huawei.com dmarc=pass fromdomain=huawei.com); spf=pass (google.com: domain of linux-kernel+bounces-98622-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98622-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 8B7931F21BE5 for ; Mon, 11 Mar 2024 09:31:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A739C18B15; Mon, 11 Mar 2024 09:30:54 +0000 (UTC) Received: from szxga06-in.huawei.com (szxga06-in.huawei.com [45.249.212.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2C2B17561 for ; Mon, 11 Mar 2024 09:30:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.32 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710149454; cv=none; b=p3MyCl1z6tEehAA/3OnuU2Dv6dy0fGIU7eLYLDGEBUFWFIESDnMvfD4gPCkVqpBKOYjxXoJtyhvfs2rdMr0Iy1O5t9tggeyvY0pUu+AHWHkah00+pXpoNtLje4+TsmXKDBqfj5BncMRWgtYQwS0GcFsDavHWfRlQqNVCPYf8V0s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710149454; c=relaxed/simple; bh=8ubKSyzVaaBrztU45QKm/bQ8zC4NfIF1wOLHO3M3UQo=; h=Date:From:To:CC:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=g64NYwcVoI/citallzhQ/nM8wukVOxq0igMD4sn7kkRmi4SwJf49NcAAn7+oo7pWbVFPqRJy1EZ6Bbi+Kt0NT9MMfAGlmeKsLrrrn02C4UvLylUK1EpRZ9Sq1EIyN+ZpVBUDJ8Vyp/f1qqYrg99+DstqqQiT6Qe0nkjuXk5uDEM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com; spf=pass smtp.mailfrom=huawei.com; arc=none smtp.client-ip=45.249.212.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=huawei.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huawei.com Received: from mail.maildlp.com (unknown [172.19.163.17]) by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4TtWhR2Szvz3F0MV; Mon, 11 Mar 2024 17:29:59 +0800 (CST) Received: from kwepemd100011.china.huawei.com (unknown [7.221.188.204]) by mail.maildlp.com (Postfix) with ESMTPS id A72B11A0172; Mon, 11 Mar 2024 17:30:41 +0800 (CST) Received: from M910t (10.110.54.157) by kwepemd100011.china.huawei.com (7.221.188.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Mon, 11 Mar 2024 17:30:40 +0800 Date: Mon, 11 Mar 2024 17:30:36 +0800 From: Changbin Du To: Marco Elver CC: Changbin Du , Alexander Potapenko , Andrew Morton , , , Subject: Re: [BUG] kmsan: instrumentation recursion problems Message-ID: <20240311093036.44txy57hvhevybsu@M910t> References: <20240308043448.masllzeqwht45d4j@M910t> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To kwepemd100011.china.huawei.com (7.221.188.204) On Fri, Mar 08, 2024 at 10:39:15AM +0100, Marco Elver wrote: > On Fri, 8 Mar 2024 at 05:36, 'Changbin Du' via kasan-dev > wrote: > > > > Hey, folks, > > I found two instrumentation recursion issues on mainline kernel. > > > > 1. recur on preempt count. > > __msan_metadata_ptr_for_load_4() -> kmsan_virt_addr_valid() -> preempt_disable() -> __msan_metadata_ptr_for_load_4() > > > > 2. recur in lockdep and rcu > > __msan_metadata_ptr_for_load_4() -> kmsan_virt_addr_valid() -> pfn_valid() -> rcu_read_lock_sched() -> lock_acquire() -> rcu_is_watching() -> __msan_metadata_ptr_for_load_8() > > > > > > Here is an unofficial fix, I don't know if it will generate false reports. > > > > $ git show > > commit 7f0120b621c1cbb667822b0f7eb89f3c25868509 (HEAD -> master) > > Author: Changbin Du > > Date: Fri Mar 8 20:21:48 2024 +0800 > > > > kmsan: fix instrumentation recursions > > > > Signed-off-by: Changbin Du > > > > diff --git a/kernel/locking/Makefile b/kernel/locking/Makefile > > index 0db4093d17b8..ea925731fa40 100644 > > --- a/kernel/locking/Makefile > > +++ b/kernel/locking/Makefile > > @@ -7,6 +7,7 @@ obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o > > > > # Avoid recursion lockdep -> sanitizer -> ... -> lockdep. > > KCSAN_SANITIZE_lockdep.o := n > > +KMSAN_SANITIZE_lockdep.o := n > > This does not result in false positives? > I saw a lot of reports but seems not related to this. [ 2.742743][ T0] BUG: KMSAN: uninit-value in unwind_next_frame+0x3729/0x48a0 [ 2.744404][ T0] unwind_next_frame+0x3729/0x48a0 [ 2.745623][ T0] arch_stack_walk+0x1d9/0x2a0 [ 2.746838][ T0] stack_trace_save+0xb8/0x100 [ 2.747928][ T0] set_track_prepare+0x88/0x120 [ 2.749095][ T0] __alloc_object+0x602/0xbe0 [ 2.750200][ T0] __create_object+0x3f/0x4e0 [ 2.751332][ T0] pcpu_alloc+0x1e18/0x2b00 [ 2.752401][ T0] mm_init+0x688/0xb20 [ 2.753436][ T0] mm_alloc+0xf4/0x180 [ 2.754510][ T0] poking_init+0x50/0x500 [ 2.755594][ T0] start_kernel+0x3b0/0xbf0 [ 2.756724][ T0] __pfx_reserve_bios_regions+0x0/0x10 [ 2.758073][ T0] x86_64_start_kernel+0x92/0xa0 [ 2.759320][ T0] secondary_startup_64_no_verify+0x176/0x17b > Does > KMSAN_ENABLE_CHECKS_lockdep.o := n > work as well? If it does, that is preferred because it makes sure > there are no false positives if the lockdep code unpoisons data that > is passed and used outside lockdep. > > lockdep has a serious impact on performance, and not sanitizing it > with KMSAN is probably a reasonable performance trade-off. > Disabling checks is not working here. The recursion become this: __msan_metadata_ptr_for_load_4() -> kmsan_get_metadata() -> virt_to_page_or_null() -> pfn_valid() -> lock_acquire() -> __msan_unpoison_alloca() -> kmsan_get_metadata() > > ifdef CONFIG_FUNCTION_TRACER > > CFLAGS_REMOVE_lockdep.o = $(CC_FLAGS_FTRACE) > > diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c > > index b2bccfd37c38..8935cc866e2d 100644 > > --- a/kernel/rcu/tree.c > > +++ b/kernel/rcu/tree.c > > @@ -692,7 +692,7 @@ static void rcu_disable_urgency_upon_qs(struct rcu_data *rdp) > > * Make notrace because it can be called by the internal functions of > > * ftrace, and making this notrace removes unnecessary recursion calls. > > */ > > -notrace bool rcu_is_watching(void) > > +notrace __no_sanitize_memory bool rcu_is_watching(void) > > For all of these, does __no_kmsan_checks instead of __no_sanitize_memory work? > Again, __no_kmsan_checks (function-only counterpart to > KMSAN_ENABLE_CHECKS_.... := n) is preferred if it works as it avoids > any potential false positives that would be introduced by not > instrumenting. > This works because it is not unpoisoning local variables. > > { > > bool ret; > > > > diff --git a/kernel/sched/core.c b/kernel/sched/core.c > > index 9116bcc90346..33aa4df8fd82 100644 > > --- a/kernel/sched/core.c > > +++ b/kernel/sched/core.c > > @@ -5848,7 +5848,7 @@ static inline void preempt_latency_start(int val) > > } > > } > > > > -void preempt_count_add(int val) > > +void __no_sanitize_memory preempt_count_add(int val) > > { > > #ifdef CONFIG_DEBUG_PREEMPT > > /* > > @@ -5880,7 +5880,7 @@ static inline void preempt_latency_stop(int val) > > trace_preempt_on(CALLER_ADDR0, get_lock_parent_ip()); > > } > > > > -void preempt_count_sub(int val) > > +void __no_sanitize_memory preempt_count_sub(int val) > > { > > #ifdef CONFIG_DEBUG_PREEMPT > > > > > > -- > > Cheers, > > Changbin Du -- Cheers, Changbin Du