Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp2545971lqb; Tue, 28 May 2024 03:27:04 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXogNGeuy7NfaNkik5nYxzWZYNHNZYPYgBXFLQ86y1lSBQva3bVLgQ+ZyLXBhBfJpqYM0vzxlQ9eHrHsqwqMOTYXaMjxMThuH7ybnCJSQ== X-Google-Smtp-Source: AGHT+IGgyLmAuvFU2OQ1CqTsY2X4QAGboschSQPN/q2Wq41S91/RPGI+3y/1BtTLyxNasr1fArMv X-Received: by 2002:a17:90b:378e:b0:2bd:83e9:8764 with SMTP id 98e67ed59e1d1-2bf5ee1beabmr9972637a91.12.1716892024362; Tue, 28 May 2024 03:27:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716892024; cv=pass; d=google.com; s=arc-20160816; b=0oA4TD8HTeig+Ns/ziwVlEqSPftcIKKMWBX5c3Wkt4aXn+cpHsxtxO3JJ1N9SNZ4of /J+zPYhCK1TO3jA3w5I2fB0xQwY+nnNg3HlUKZkdxB3HPUcfdJlfZTzTNEotTAx8AkjD eVD7Wd1XFiQ4YO548vMz31QYMHyOeBQmNJdqzGpEwwTGRAB7B7gAV4k0ZYNNi8quy9+C nYf44qdix8g0YF2zMWmWrNzcqiKblQl1J/LvQgjnYtI9TpgJ1/gqeTiCM2CxY0a49oae ET1rV0vwWSIecpMJlI2ES9Vy6MJv6ggO3nuaWlPj523Of5GEbm6+MfBkR1vZqR5wb7/f jJ8w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=gL61El2MUvMXM1QO7xxPZA2/oELsPgEiA0VxGFI8MCw=; fh=nLvDsu520mPUURTrW8OX/AHIcgkRpKz4/VG3uIBdkpU=; b=VB3UPzo4BT/gV55WoY9cUGq3BtXabnPFRc3Oe/cjsyB/dOPV/T7vHL13M60aVcIR+p 2X/fEE9h5cgUZiyELDgrnT2wL71v7Je9RH3E2+7lwetJnGuz9LMh6va/aq79UK33cNJ1 2rr21djsNhKFR68x9EnN0sCIx8tSOTXM5ElQVKbhVYxbtUkPFHZqykoS7NJluYpIbfB2 u1Egxe2aVsTuzJ2q4PlAxZ5PCy1Doo4JQnyjA28EiL/PhjT5PJJLbwGXu9KZDBWNp8jd tZJBOVsGRw7+Ig3wyAgtwLI2uepG3p8roK4xQb0dLvT1AD/ivOxmdVBcTf0hhuwDX4eG 88kw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=nnq0Z0NU; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-192102-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192102-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2bf5fe623e9si7710770a91.132.2024.05.28.03.27.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 May 2024 03:27:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-192102-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=nnq0Z0NU; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-192102-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192102-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 35943289A17 for ; Tue, 28 May 2024 10:22:13 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C451E16B73C; Tue, 28 May 2024 10:21:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nnq0Z0NU" Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 422141667FE for ; Tue, 28 May 2024 10:20:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716891659; cv=none; b=oNKgWXi/5O/78q7yiqFUs1jlONR+5Z+AI7zlA41qsVUfRn3VA8zu53tIEqrD7e92DNaUNHG1cxkSqnfcoF1cX2Xmn+f/03JFvoTL2kI+q1oVHXtrk8jVNPqgtx8L1cRVXJthK28x/zxhFeFL8O5ojU3UWy5t72VbCfwa4FWYuk8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716891659; c=relaxed/simple; bh=RIajptdCcq/rafFhvv82Wc0kj1l/1DfJzTJxG03pLEE=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=jnbH+CEVIgxwL6svNFAauX/mQgoG7xA09Ws2HzAtR7S1dqoiCl+DCj0muMzd7Q+JSPgZYE6fcHLGrrjQvaLmljuwaGdQFdPf2TRPUdWeKLyiE1GJ5OnOMLH68SsCB+u7LmtSbP0HrVPu3FIZvrVCgxyIfm63iqK7/q9o+RyFLxI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nnq0Z0NU; arc=none smtp.client-ip=209.85.128.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-62a08b1a81bso5911747b3.3 for ; Tue, 28 May 2024 03:20:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1716891657; x=1717496457; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=gL61El2MUvMXM1QO7xxPZA2/oELsPgEiA0VxGFI8MCw=; b=nnq0Z0NU7GaT7doqKlPYzZSxwkd7cs1mtUEq5YZii4yyI0jSWAfw+KW+aYEwpGEJWC hJeVpwgPnLsZ2WhL4UO0516YTJEyJ6ngmGIDavxSxymEfEy72egI9tidrEgjz6KgpwIV lUcvxWQHe01cJHpjfMTFmAGyEWBHwKKQ1qLMIIVfNU4Yg7yEkxcWCfnncVKkqW1tx8n7 PV2nFZUGQAhg5ZSLoPiZgC2bohiDOtQVI8UkKRCvEmTNFyTpmpjnyCcpIhlnAdU7DSk4 9vy452L2AIYRZnMMXjkzCJHrd1lxLqikDBrgDnhgSbUo1yht1N/tELksWUJI2WZFAUmS sffA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716891657; x=1717496457; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gL61El2MUvMXM1QO7xxPZA2/oELsPgEiA0VxGFI8MCw=; b=LV014wD868pJBbRLK3kxY/hVGzHdSl239Q6C0EBYNVX97FiImZwk8AnqgCXxUCuP0h BdQa10Egrexh39MhOXtOJ/k3KvtCAnER9zYyf7YdWsIAKY5xA7Hrioq89MT3np8j+K0D iZ2D2tziZL5GizqaSWij+k5jsPx/8uBHmOl0LYdGfb4LfSQXK0WU/g6QEsvtKQPfdid3 59Ux7MGa8G1Ne6Wi2ZqdL0tIOYP+m+q/Oljfw88yjnMMgk0+CEAT/IutBKdMhMb9JKoy dUqcQG6gmYoMHcsB4oHiPxsBl/kaC6pc83ZXb9aw5guQWlhMnYjd5bM8+UjjAkh/a0YG gIZg== X-Forwarded-Encrypted: i=1; AJvYcCXcCy5OAeBkrrSMBAm1n5GuEVLKEjGyXg5r37ycRZAdErdJn76zCjAHsAir+DV7jbaE5Hp4Go+3e3pMVOuWmZcu1dxlosjmw29WUy6R X-Gm-Message-State: AOJu0Yz5b8Oe5RihNcpuAkGzN23s+024ALAR6VhUjHqbIad/xdxPXTF6 sF8ogSkEputAzk8ePFLq2iHPzt7aO0clwpl9T80UgDRHrXRGUVagShZopaNaPBXu/x2FLhi3PAB gO0y1JsvYD7llKCgmrI1mKw5Zpmb+RkYdjFKn X-Received: by 2002:a25:ad0b:0:b0:df4:db5c:99f4 with SMTP id 3f1490d57ef6-df77224071fmr10979349276.53.1716891656941; Tue, 28 May 2024 03:20:56 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240524232804.1984355-1-bjohannesmeyer@gmail.com> In-Reply-To: <20240524232804.1984355-1-bjohannesmeyer@gmail.com> From: Alexander Potapenko Date: Tue, 28 May 2024 12:20:15 +0200 Message-ID: Subject: Re: [PATCH] kmsan: introduce test_unpoison_memory() To: Brian Johannesmeyer Cc: Marco Elver , Dmitry Vyukov , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, May 25, 2024 at 1:28=E2=80=AFAM Brian Johannesmeyer wrote: > > Add a regression test to ensure that kmsan_unpoison_memory() works the sa= me > as an unpoisoning operation added by the instrumentation. (Of course, > please correct me if I'm misunderstanding how these should work). > > The test has two subtests: one that checks the instrumentation, and one > that checks kmsan_unpoison_memory(). Each subtest initializes the first > byte of a 4-byte buffer, then checks that the other 3 bytes are > uninitialized. Unfortunately, the test for kmsan_unpoison_memory() fails = to > identify the 3 bytes as uninitialized (i.e., the line with the comment > "Fail: No UMR report"). > > As to my guess why this is happening: From kmsan_unpoison_memory(), the > backing shadow is indeed correctly overwritten in > kmsan_internal_set_shadow_origin() via `__memset(shadow_start, b, size);`= . > Instead, the issue seems to stem from overwriting the backing origin, in > the following `origin_start[i] =3D origin;` loop; if we return before tha= t > loop on this specific call to kmsan_unpoison_memory(), then the test > passes. Hi Brian, You are right with your analysis. KMSAN stores a single origin for every aligned four-byte granule of memory, so we lose some information when more than one uninitialized value is combined in that granule. When writing an uninitialized value to memory, a viable strategy is to always update the origin. But if we partially initialize the granule with a store, it is better to preserve that granule's origin to prevent false negatives, so we need to check the resulting shadow slot before updating the origin. This is what the compiler instrumentation does, so kmsan_internal_set_shadow_origin() should behave in the same way. I found a similar bug in kmsan_internal_memmove_metadata() last year, but missed this one. I am going to send a patch fixing this along with your test (with an updated description), if you don't object. > Signed-off-by: Brian Johannesmeyer > --- > mm/kmsan/kmsan_test.c | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/mm/kmsan/kmsan_test.c b/mm/kmsan/kmsan_test.c > index 07d3a3a5a9c5..c3ab90df0abf 100644 > --- a/mm/kmsan/kmsan_test.c > +++ b/mm/kmsan/kmsan_test.c > @@ -614,6 +614,30 @@ static void test_stackdepot_roundtrip(struct kunit *= test) > KUNIT_EXPECT_TRUE(test, report_matches(&expect)); > } > > +/* > + * Test case: ensure that kmsan_unpoison_memory() and the instrumentatio= n work > + * the same > + */ > +static void test_unpoison_memory(struct kunit *test) > +{ > + EXPECTATION_UNINIT_VALUE_FN(expect, "test_unpoison_memory"); > + volatile char a[4], b[4]; > + > + kunit_info( > + test, > + "unpoisoning via the instrumentation vs. kmsan_unpoison_m= emory() (2 UMR reports)\n"); > + > + a[0] =3D 0; // Initialize a[0= ] > + kmsan_check_memory((char *)&a[1], 3); // Check a[1]--a[3] > + KUNIT_EXPECT_TRUE(test, report_matches(&expect)); // Pass: UMR re= port > + > + report_reset(); > + > + kmsan_unpoison_memory((char *)&b[0], 1); // Initialize b[0] > + kmsan_check_memory((char *)&b[1], 3); // Check b[1]--b[3] > + KUNIT_EXPECT_TRUE(test, report_matches(&expect)); // Fail: No UMR= report > +} > + > static struct kunit_case kmsan_test_cases[] =3D { > KUNIT_CASE(test_uninit_kmalloc), > KUNIT_CASE(test_init_kmalloc), > @@ -637,6 +661,7 @@ static struct kunit_case kmsan_test_cases[] =3D { > KUNIT_CASE(test_memset64), > KUNIT_CASE(test_long_origin_chain), > KUNIT_CASE(test_stackdepot_roundtrip), > + KUNIT_CASE(test_unpoison_memory), > {}, > }; > > -- > 2.34.1 > > -- > You received this message because you are subscribed to the Google Groups= "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an= email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgi= d/kasan-dev/20240524232804.1984355-1-bjohannesmeyer%40gmail.com. --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg