Received: by 2002:ab2:620c:0:b0:1ef:ffd0:ce49 with SMTP id o12csp1390698lqt; Wed, 20 Mar 2024 02:30:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX0/FoDScvpNLIH7Z75Rpvd8KtnstVQ6DnN3KSNdXA4R8g0aLhWHzjyfAoSM6oFiCzzlCUNq3O+jNNEhgt+avsUuOD2vF0y00mdTqAq3w== X-Google-Smtp-Source: AGHT+IEjleoWnomZlVXO9qgAmirBGwUzuhpIewUdF9UPU4hKopLFYJt0zHm0UpLVlAt5XbY593oh X-Received: by 2002:a05:6a20:6a0c:b0:1a3:4660:1324 with SMTP id p12-20020a056a206a0c00b001a346601324mr16031283pzk.20.1710926999854; Wed, 20 Mar 2024 02:29:59 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710926999; cv=pass; d=google.com; s=arc-20160816; b=PFlDnD5IZOwYoyVZJUrjgX0r9U7lkC8nRxLQ5LonwjSbxt50U5aCpDOneXvKaaBK3V W8zZ/n2v8BKxZ20S09f7qJM3+SQp/GNL/3T3lIKaqdZTts4FLdlSA46//xBlDV3r3OnM AtmxfO5PqMeH0epZawg4iwfE8iqWlwCD/9R9uwhklbCTApvO38n1pyhhJcBBC7LczcPm 9y4goT/gKwdwwaZKzGjqGtoq6EYrb4YtbXyhHQPjsITaJW7mC5FE9Q2pMU0PSwEvflqH erPqtwTSFWNwLHuVjC9iN6iSxnEUzesg5WVdbdf++W9N31f9TUK4nqzsXDHBb6WYN/1k zr8A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=bLyoCiqbHiSdNZKr0m0tptqhq/5sVBW4PAT9ynMrYdw=; fh=DIKAUhgSDD4lpkSiNkrkHrg7wjxAJnlLl8VhXxOabrc=; b=XwpSthJ37RyUrT2CWL/n1KkOYMgg8Y6Cm8x51G8lqvZFp5GBLJmgHImAAa7PyxQoFM 4Tpze67f0dBYGE2gZWSmFdm+wnGvh+EUvwsRuF9z7cd7T5HlGRKGi3g3EGo25kU0k6U9 VJNvvdNAi0c36K4u99eFEqC3OIEwjz1WLI3/kLT+xIrCT45Do2hmuKot2zd9xqfn3lHg 61IwWzColwg27FwgUi0hMkoKYtuASAmMQERz5WptiVXmoKIYoiPbvS66omUsuBKGCLci 6Ji8JSaI1rTRWNtvzAdY9iJTp+j+FnbmBSqXdKFi8ma7E8ezcEy6nPzf4RxsG04gPzx1 7vuQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="A7/ZfMUK"; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-108693-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-108693-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id e18-20020a17090301d200b001ddd43d1375si11458078plh.509.2024.03.20.02.29.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Mar 2024 02:29:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-108693-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="A7/ZfMUK"; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-108693-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-108693-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7889A2821F4 for ; Wed, 20 Mar 2024 09:29:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9BE213BB48; Wed, 20 Mar 2024 09:29:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="A7/ZfMUK" Received: from mail-qk1-f177.google.com (mail-qk1-f177.google.com [209.85.222.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D7583B1AB for ; Wed, 20 Mar 2024 09:29:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.177 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710926986; cv=none; b=AQk6hBwYy8MwjoxheFUdhomDkgEJW8A/ofjOfTQEApaDLXclkyTj70NrPRjcRQqY5Z/WMJdftp85SgoCz1k8iWaJqG7Hq10R4OcTYPFyNGEsttTCpOjjYhtN5SikigLfUxcrpocvcNWBED1m1YD4eklrFcY2d9rQih0/1eqA4SU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710926986; c=relaxed/simple; bh=JV5AsD2lAi9wBqVvLQn7AIdqYz+TReKn30XElI8tZow=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=hoc+d0adLBdQ1Bo8K9kHhEWQEDJ1idO8uTKsUFA+Pin3cx1JDAhf+IufgLFqsdp1dxcqHH/ggfpi0Yp54oGf7TDXzT5AO1lHEVoiAZwPHakwmQCTd2zjQxr8Y1FlG5huxNrXptPGuzNqUd6NAtZ1IAKx0rVKqVPmGojHIkbKIu4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=A7/ZfMUK; arc=none smtp.client-ip=209.85.222.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-qk1-f177.google.com with SMTP id af79cd13be357-78822e21a9dso280794185a.2 for ; Wed, 20 Mar 2024 02:29:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1710926984; x=1711531784; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bLyoCiqbHiSdNZKr0m0tptqhq/5sVBW4PAT9ynMrYdw=; b=A7/ZfMUKLntQ9difjhbvO1NHec+sm7YD9l7muAzf8n9gfUG5vMDaQgC61un+D5zwlt 3oAdKxNoj6urNxI5hjKwaIIj4FoobXKCcJiWNsymhKIkjxDjuBO5ltE6vCuGjNTleu2K Bbzj4zX0dWV1snFGsKbUh7LEpVQPWfXJNxsdRqAlDtAlK6xG0aA9TQuXzjpmkZ8tDO28 yGbM4qxqTW3Lmmxr/YR0ut08L4I7juxh9PWjHVCnpVwP6SxCie1todM/2zafw6csDYV2 PxpyfvknIX+DgAW4wIdYJ5tkIE+5qB5iz66Zb0TkKW4O78pgWdgrdaf0CMULfTTl07F2 nW0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710926984; x=1711531784; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bLyoCiqbHiSdNZKr0m0tptqhq/5sVBW4PAT9ynMrYdw=; b=KKwyWyGPnjYrtt6L3/SQryTcPtIy/ugxg+q0M4qGNnjmgJ3VZ/ZcqxBJLdBLuCEn+o Tf6dz9DtnqUl+XYRdlbJAGW7j/R16y5B0gmI2yDLOccbKQoIj69XnROgrJjA9nwFxp4p nw2cwcY5x3tDOcfwu75EOWv+nhR6fwof3HYQuYriJPl5BRlTRhenrVxBGdhUHlJayuM2 729Dp4CqGhVbejVmFpm4XwheXx56VEzJjpuLdBosV9RgR3AHHr7ShO9MbzLjN/QTrHY5 rtxszIkADWv25jevmfHttjoeHLzwXjVtyNoMIHWp6Lrb+P5uj4VSzuEwPLMY8NVZnbPX 8cJw== X-Forwarded-Encrypted: i=1; AJvYcCXDZgRwqWTShdGMczws4VUQdvB8Nh965cq6rRqZJpzty3AyGC5PhghTrFtC6/upi6kKTetIze/y8hPDHkFgIovU+bQPXS/7GXCWR2ch X-Gm-Message-State: AOJu0YzTSkqn9ZtiBMxhbK385dB00YUc1nufFuRD36kzGGuATSNqQtlA WzQJicLIJeuEANlbbqnHYwczEabsP8fFOlkDBCtHk/ldtTYF/x3mnLYC5p9KbEKUDfTw6zI4+PT +EZ5CzyZCMy/G2QOdzwI4jRMs/lWTim0ZGnkZ X-Received: by 2002:ad4:5bef:0:b0:691:641a:7bbb with SMTP id k15-20020ad45bef000000b00691641a7bbbmr22395757qvc.28.1710926984060; Wed, 20 Mar 2024 02:29:44 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240319163656.2100766-1-glider@google.com> <20240319163656.2100766-3-glider@google.com> In-Reply-To: From: Alexander Potapenko Date: Wed, 20 Mar 2024 10:29:03 +0100 Message-ID: Subject: Re: [PATCH v1 3/3] x86: call instrumentation hooks from copy_mc.c To: Tetsuo Handa Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, kasan-dev@googlegroups.com, tglx@linutronix.de, x86@kernel.org, Linus Torvalds , Dmitry Vyukov , Marco Elver Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Mar 20, 2024 at 4:54=E2=80=AFAM Tetsuo Handa wrote: > > On 2024/03/20 1:36, Alexander Potapenko wrote: > > @@ -61,10 +62,20 @@ unsigned long copy_mc_enhanced_fast_string(void *ds= t, const void *src, unsigned > > */ > > unsigned long __must_check copy_mc_to_kernel(void *dst, const void *sr= c, unsigned len) > > { > > - if (copy_mc_fragile_enabled) > > - return copy_mc_fragile(dst, src, len); > > - if (static_cpu_has(X86_FEATURE_ERMS)) > > - return copy_mc_enhanced_fast_string(dst, src, len); > > + unsigned long ret; > > + > > + if (copy_mc_fragile_enabled) { > > + instrument_memcpy_before(dst, src, len); > > I feel that instrument_memcpy_before() needs to be called *after* > copy_mc_fragile() etc. , for we can't predict how many bytes will > copy_mc_fragile() etc. actually copy. That's why we have both _before() and _after(). We can discuss what checks need to be done before and after the memcpy call, but calling instrument_memcpy_before() after copy_mc_fragile() is counterintuitive. For KMSAN it is indeed important to only handle `len-ret` bytes that were actually copied. We want the instrumentation to update the metadata without triggering an immediate error report, so the update better be consistent with what the kernel actually did with the memory. But for KASAN/KCSAN we can afford more aggressive checks. First, if we postpone them after the actual memory accesses happen, the kernel may panic on the invalid access without a decent error report. Second, even if in a particular case only `len-ret` bytes were copied, the caller probably expected both `src` and `dst` to have `len` addressable bytes. Checking for the whole length in this case is more likely to detect a real error than produce a false positive.