Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp474270lqs;
        Thu, 13 Jun 2024 16:30:56 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVhvupH3jbLVY3yg2WvI+SlfZwbtm8RKA79DqkrODHy0W+ykEmR7EG8Yu9Nea/mAeBiTlYcv1ZBP8DLAU4WAh0p6J/D6vA5G6MFOC8v1A==
X-Google-Smtp-Source: AGHT+IGXUdE8BnfndDKVzcFxP7rzvaCEmpIJ4zu7kN/22830e/Wb8uBafrEfBBAez9RgV8/UOMPW
X-Received: by 2002:ac2:5608:0:b0:52b:81de:1125 with SMTP id 2adb3069b0e04-52ca6e9f33dmr632739e87.61.1718321456439;
        Thu, 13 Jun 2024 16:30:56 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1718321456; cv=pass;
        d=google.com; s=arc-20160816;
        b=NW4f+xwG77gy0hHUFYomnKC/0vxbLaJNXB/xRSIDDYpXht7OauMCRsewKh60hpTlNL
         Lji80jGdUEOi8fDWVZket1GTyu0MYKmfPbDFToNAoWTGcYDlYdsJW1YExiItXZmHdHSa
         Qv7hNPFnBITW/DbM3hc3+0olTf+Gr7VpYJ0voDJZOJSGAK8qL9djRoEcPV7tMQ0sox7l
         uY7RiePsgYa/CkwyVXDc7RiQNR9Ha+ifkG2c9SrLKQ+/gulW4JXIri2Umynf20WMgyis
         GbAD3UmZDuavDh4Gn/KyOkCL0skamgSEgj0ZigxRnC8IWwVntAS+w16QNR1hDiLs9XII
         K+IA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=hxaGvxkScOTKCiAV8+k9eEP+nZdOtp9Q1FaHIeD1exo=;
        fh=3VgqL3ysDGk4Fi4EyHSNk9pdzE1DL0JFC7fE/1spQD4=;
        b=YkwSOVQ0VBN9F56vS3YsUsO3MvRCiWrHuXk6VUfCy1QM4Fe1fyMSfUbP3Npdvk+AdW
         uGSvsNRt3+VrsB4B+g03ncIhrcj4uyprOqRlTFxKOEI3cooP1nyifxOXWKMEKFsQKnUQ
         AS5dFzIpVoXuBLtYgCF5J6+q8G5qmZXxTjnuk0DgwOspL63QDsT8BlwkMKertNXHwWUC
         DyKN0s5vVU+BUbY790WOO76R4gPiWgy2OFkdp4uSC7Wft7GZRomIc1lyu6b/Znj36/RW
         iP00gZ8d+gVzZYNXhb0EufjieosjFF+EEw1JUpv4CRwgw8mjHwvE7Y2lQ9DRKDupqgQR
         XwzQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZtjrlNte;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-214097-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214097-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-214097-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id a640c23a62f3a-a6f56dd6d54si106110666b.442.2024.06.13.16.30.56
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 13 Jun 2024 16:30:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-214097-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ZtjrlNte;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-214097-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214097-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 265E71F23C79
	for <linux.lists.archive@gmail.com>; Thu, 13 Jun 2024 23:30:56 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 0239414D6F9;
	Thu, 13 Jun 2024 23:30:50 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZtjrlNte"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16EC75A4FD;
	Thu, 13 Jun 2024 23:30:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1718321449; cv=none; b=Ikk80dkzjQbqSNak06EbPOa26lq8o7R8MrfhvUaVzjJz1eK2Dtb19PMks4RMmi8PgLnmIVcRTZTkHD9Q7ZXznczFiCP7rqCPTiKemiMqQwELTQuDzz+ubR3zh4IdHy9OH2q989Q61hvZmS+z1e/r7NeIPjU5EeuXM8YpJ4M9Zbc=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1718321449; c=relaxed/simple;
	bh=PW00fcWzZ7rP+l8wtSRyUhUcthMcm78zijiC8gH1ZzQ=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version; b=uVicknJBq4KzoUReVGE6Opowgq2Ad7dUCpCxTFVSmw+YY1kpqz1sTsoJZbt7v+OcLuXFnUJBDzI5fwUR7D1HS8Bdx+t1m0IRnbjaaHpp+ZAAQ3Mg8uYVpnArCYZhyhwGYVuZDxOoDzJGprfaxXv3bfl8s6MvUk+lKQyEbX5RQ9E=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZtjrlNte; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1F9DC2BBFC;
	Thu, 13 Jun 2024 23:30:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1718321448;
	bh=PW00fcWzZ7rP+l8wtSRyUhUcthMcm78zijiC8gH1ZzQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ZtjrlNtei/CJSiX6UYG5KNZw73izRuSmLgW6A1GZEsLtaRKZQtHYNomLZTK9GNhnb
	 ctaZmJz31OO7MhKgOyloDCSRsTVCQ+3pymkq++vM5g/ycWf8GL6sC9XILt/hqm1hN4
	 u8lHbBjbxkwwFRKscoBM45TSTGv1ij52Ox2IUN8DcZrvbZNM5eOKMxd1RJDRDNDQwh
	 21olhu2jjss3qs9lfSmbXZtoDpRBSeZWqXnerR22r1spRA4hNhRgB/oG9ZXebs5Mcd
	 WjbOYVgj981QV1rjP5Tutpr6MxPKlhTEs4jJQ2/Kofj5DRn1fURfmmU5ZJ37suFRxw
	 jDUBTjYRCc4Mg==
From: SeongJae Park <sj@kernel.org>
To: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: SeongJae Park <sj@kernel.org>,
	Alexander Gordeev <agordeev@linux.ibm.com>,
	Alexander Potapenko <glider@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Christoph Lameter <cl@linux.com>,
	David Rientjes <rientjes@google.com>,
	Heiko Carstens <hca@linux.ibm.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Marco Elver <elver@google.com>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Pekka Enberg <penberg@kernel.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	Vasily Gorbik <gor@linux.ibm.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	Christian Borntraeger <borntraeger@linux.ibm.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	kasan-dev@googlegroups.com,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-s390@vger.kernel.org,
	linux-trace-kernel@vger.kernel.org,
	Mark Rutland <mark.rutland@arm.com>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Sven Schnelle <svens@linux.ibm.com>
Subject: Re: [PATCH v4 12/35] kmsan: Support SLAB_POISON
Date: Thu, 13 Jun 2024 16:30:44 -0700
Message-Id: <20240613233044.117000-1-sj@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20240613153924.961511-13-iii@linux.ibm.com>
References: 
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Hi Ilya,

On Thu, 13 Jun 2024 17:34:14 +0200 Ilya Leoshkevich <iii@linux.ibm.com> wrote:

> Avoid false KMSAN negatives with SLUB_DEBUG by allowing
> kmsan_slab_free() to poison the freed memory, and by preventing
> init_object() from unpoisoning new allocations by using __memset().
> 
> There are two alternatives to this approach. First, init_object()
> can be marked with __no_sanitize_memory. This annotation should be used
> with great care, because it drops all instrumentation from the
> function, and any shadow writes will be lost. Even though this is not a
> concern with the current init_object() implementation, this may change
> in the future.
> 
> Second, kmsan_poison_memory() calls may be added after memset() calls.
> The downside is that init_object() is called from
> free_debug_processing(), in which case poisoning will erase the
> distinction between simply uninitialized memory and UAF.
> 
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>  mm/kmsan/hooks.c |  2 +-
>  mm/slub.c        | 13 +++++++++----
>  2 files changed, 10 insertions(+), 5 deletions(-)
> 
[...]
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -1139,7 +1139,12 @@ static void init_object(struct kmem_cache *s, void *object, u8 val)
>  	unsigned int poison_size = s->object_size;
>  
>  	if (s->flags & SLAB_RED_ZONE) {
> -		memset(p - s->red_left_pad, val, s->red_left_pad);
> +		/*
> +		 * Use __memset() here and below in order to avoid overwriting
> +		 * the KMSAN shadow. Keeping the shadow makes it possible to
> +		 * distinguish uninit-value from use-after-free.
> +		 */
> +		__memset(p - s->red_left_pad, val, s->red_left_pad);

I found my build test[1] fails with below error on latest mm-unstable branch.
'git bisect' points me this patch.

      CC      mm/slub.o
    /mm/slub.c: In function 'init_object':
    /mm/slub.c:1147:17: error: implicit declaration of function '__memset'; did you mean 'memset'? [-Werror=implicit-function-declaration]
     1147 |                 __memset(p - s->red_left_pad, val, s->red_left_pad);
          |                 ^~~~~~~~
          |                 memset
    cc1: some warnings being treated as errors

I haven't looked in deep, but reporting first.  Do you have any idea?

[1] https://github.com/awslabs/damon-tests/blob/next/corr/tests/build_m68k.sh


Thanks,
SJ

[...]