From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A894FC5475B for ; Mon, 11 Mar 2024 09:30:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3F3386B0075; Mon, 11 Mar 2024 05:30:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3A4976B0078; Mon, 11 Mar 2024 05:30:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 26C0D6B007B; Mon, 11 Mar 2024 05:30:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 153E66B0075 for ; Mon, 11 Mar 2024 05:30:52 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id DDB46140EFA for ; Mon, 11 Mar 2024 09:30:51 +0000 (UTC) X-FDA: 81884238702.17.5C47159 Received: from szxga06-in.huawei.com (szxga06-in.huawei.com [45.249.212.32]) by imf13.hostedemail.com (Postfix) with ESMTP id BFE9620003 for ; Mon, 11 Mar 2024 09:30:47 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf13.hostedemail.com: domain of changbin.du@huawei.com designates 45.249.212.32 as permitted sender) smtp.mailfrom=changbin.du@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710149450; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OOREsHi53h0aMH3pJm8Hl9w4EN0sLOYVJ8BoshkfZD4=; b=xSoRtHNvMFwyUh1DQsR27jHBbD03N5NtCrchhXxhLdcXoM+q1MO2TWMt3XzN2cQKIyYEsn k+y265nfZ/kvs3+j2Ta8Kk/dxeWrRim/3apmgn8YsM4q6hffN9K39K9yC76EvtMxqR4eIL kEwpl+Xt591SVnKA3b+It5A2/RYOXbI= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf13.hostedemail.com: domain of changbin.du@huawei.com designates 45.249.212.32 as permitted sender) smtp.mailfrom=changbin.du@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710149450; a=rsa-sha256; cv=none; b=2WT5ei7fWcSGEbcSdoLd86A9ohdydX8M5N7t7jr2cE1VPG6eg8ub9v/VnIxQchiBvM1wrF LEzmSz25dd0SzEAvujrT8AKnD6To6fmJdyRDBTOToNIYcXHAc+z27O2HUqg4ds+cFdYBgi uavBn9RlBtC8slthPckeHFpalGXRcZg= Received: from mail.maildlp.com (unknown [172.19.163.17]) by szxga06-in.huawei.com (SkyGuard) with ESMTP id 4TtWhR2Szvz3F0MV; Mon, 11 Mar 2024 17:29:59 +0800 (CST) Received: from kwepemd100011.china.huawei.com (unknown [7.221.188.204]) by mail.maildlp.com (Postfix) with ESMTPS id A72B11A0172; Mon, 11 Mar 2024 17:30:41 +0800 (CST) Received: from M910t (10.110.54.157) by kwepemd100011.china.huawei.com (7.221.188.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Mon, 11 Mar 2024 17:30:40 +0800 Date: Mon, 11 Mar 2024 17:30:36 +0800 From: Changbin Du To: Marco Elver CC: Changbin Du , Alexander Potapenko , Andrew Morton , , , Subject: Re: [BUG] kmsan: instrumentation recursion problems Message-ID: <20240311093036.44txy57hvhevybsu@M910t> References: <20240308043448.masllzeqwht45d4j@M910t> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: X-Originating-IP: [10.110.54.157] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To kwepemd100011.china.huawei.com (7.221.188.204) X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: BFE9620003 X-Stat-Signature: jnxf8rjce4mr7aio5a67c4qqncurcq1p X-Rspam-User: X-HE-Tag: 1710149447-608870 X-HE-Meta: U2FsdGVkX18Sb9egRTwBjvOt7w7JyaMh25Rmn0iYxhZJdsvVkn1xSAaktAt3O5B6AHRTSZwmCm18J9vSDGneau5TfJHYaPdTMC+qT8dJsCAUcO7AUaqzFmUiOzyEaYeFBKbZNxQ7gPzdV/XU8Bw0JFKSTQMJfcjvrNvzozUQ+atKOdZO97diUYigf79zF7CaOLgaGTFKP5HoBsOByVOFeBdhbnjIli2mg8uQ838vrwczNI0dy+Rohtp8yJeKzq9cVcxj4GIwPc+DUaVayzTLt5RBln0bsnsgHrUsZZ2z+hwXdFqKceeMXuQVM/TgwON6IfqBaS8FMm3e3kLou1xReDhH/QTwPbDTNo8Vgi9suGr04QbPRQjjEU6VQMU4mAdckyDf95f5Mei8vQfo+XTvusjO7Zgy+FGDiY0WrnwFdZ/9/e6FsffN0N0JLx/dvSIi+Jnd46kSvxgr9y7O/gHLqmDNnTaJ+oSDtgPTUCHMSlu31QETUI4+40pK43iis2r3HhWWjCYlAoR9R+d7EIvLX5LVNMuaCY8V6HpWk9Acp4NUOT+oSjmMenq5TkiAWa5B99KKHeIxAFKJr/O4k1KTmrBd9y/6jYwIKnImua77pFWpUp1JNsRmt/57ibh3PWDtN7FsVIo2v0fLWAQf+FkPA0OBiNmDLtSqo8KTdF/GLxO0+thjBbkb3EsJDx8KKyJbkFgPbDjj5nT7r8wdAwszrfgD8vovMMP5Dr2Zw+/bcKtV9PiL+ke4YmynfF1vYp4ZPILLnJf8h5y31H2dExY5IY5IS8FQht+Juf+xoXtlEaUDAc9fcWmQoR0clYYvKaC0JP93X4FOXFBLVsh6uSt4T17TZE1y7lBvwVtuw7qYnlJRLHvTJm8KCBU3CkPYi7ElPnsfnatKdlw0c0ecMceyoic7tfHRa6MsJvWVuS83NtiQ3abyXzf2CTK1/pLZawTwamSCOXmDU4hgu+Ti5Rb eqT27Nmy 4pm78feBzNnBwEM1HYoj0d2qap8pGTfnWzBBaX6gJpvK+PhcwTKTsqjBBzUAn9Wr1TWPhqqSbEd425w49v406F7MnidRRns+fdgWGD+WmI01cyGuYWqKTCRes/Se8RVE5v6VIGKrQ8LlkwMSSgkAVU9hRntfcKGaRfAn9yVKKj87oeckj32+wo5Dxj31xon+qaVBj1t57aUujjsvWTyeHN3n719290atif5xnmca5BH9Gp4xNxVgl1FqKCw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Mar 08, 2024 at 10:39:15AM +0100, Marco Elver wrote: > On Fri, 8 Mar 2024 at 05:36, 'Changbin Du' via kasan-dev > wrote: > > > > Hey, folks, > > I found two instrumentation recursion issues on mainline kernel. > > > > 1. recur on preempt count. > > __msan_metadata_ptr_for_load_4() -> kmsan_virt_addr_valid() -> preempt_disable() -> __msan_metadata_ptr_for_load_4() > > > > 2. recur in lockdep and rcu > > __msan_metadata_ptr_for_load_4() -> kmsan_virt_addr_valid() -> pfn_valid() -> rcu_read_lock_sched() -> lock_acquire() -> rcu_is_watching() -> __msan_metadata_ptr_for_load_8() > > > > > > Here is an unofficial fix, I don't know if it will generate false reports. > > > > $ git show > > commit 7f0120b621c1cbb667822b0f7eb89f3c25868509 (HEAD -> master) > > Author: Changbin Du > > Date: Fri Mar 8 20:21:48 2024 +0800 > > > > kmsan: fix instrumentation recursions > > > > Signed-off-by: Changbin Du > > > > diff --git a/kernel/locking/Makefile b/kernel/locking/Makefile > > index 0db4093d17b8..ea925731fa40 100644 > > --- a/kernel/locking/Makefile > > +++ b/kernel/locking/Makefile > > @@ -7,6 +7,7 @@ obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o > > > > # Avoid recursion lockdep -> sanitizer -> ... -> lockdep. > > KCSAN_SANITIZE_lockdep.o := n > > +KMSAN_SANITIZE_lockdep.o := n > > This does not result in false positives? > I saw a lot of reports but seems not related to this. [ 2.742743][ T0] BUG: KMSAN: uninit-value in unwind_next_frame+0x3729/0x48a0 [ 2.744404][ T0] unwind_next_frame+0x3729/0x48a0 [ 2.745623][ T0] arch_stack_walk+0x1d9/0x2a0 [ 2.746838][ T0] stack_trace_save+0xb8/0x100 [ 2.747928][ T0] set_track_prepare+0x88/0x120 [ 2.749095][ T0] __alloc_object+0x602/0xbe0 [ 2.750200][ T0] __create_object+0x3f/0x4e0 [ 2.751332][ T0] pcpu_alloc+0x1e18/0x2b00 [ 2.752401][ T0] mm_init+0x688/0xb20 [ 2.753436][ T0] mm_alloc+0xf4/0x180 [ 2.754510][ T0] poking_init+0x50/0x500 [ 2.755594][ T0] start_kernel+0x3b0/0xbf0 [ 2.756724][ T0] __pfx_reserve_bios_regions+0x0/0x10 [ 2.758073][ T0] x86_64_start_kernel+0x92/0xa0 [ 2.759320][ T0] secondary_startup_64_no_verify+0x176/0x17b > Does > KMSAN_ENABLE_CHECKS_lockdep.o := n > work as well? If it does, that is preferred because it makes sure > there are no false positives if the lockdep code unpoisons data that > is passed and used outside lockdep. > > lockdep has a serious impact on performance, and not sanitizing it > with KMSAN is probably a reasonable performance trade-off. > Disabling checks is not working here. The recursion become this: __msan_metadata_ptr_for_load_4() -> kmsan_get_metadata() -> virt_to_page_or_null() -> pfn_valid() -> lock_acquire() -> __msan_unpoison_alloca() -> kmsan_get_metadata() > > ifdef CONFIG_FUNCTION_TRACER > > CFLAGS_REMOVE_lockdep.o = $(CC_FLAGS_FTRACE) > > diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c > > index b2bccfd37c38..8935cc866e2d 100644 > > --- a/kernel/rcu/tree.c > > +++ b/kernel/rcu/tree.c > > @@ -692,7 +692,7 @@ static void rcu_disable_urgency_upon_qs(struct rcu_data *rdp) > > * Make notrace because it can be called by the internal functions of > > * ftrace, and making this notrace removes unnecessary recursion calls. > > */ > > -notrace bool rcu_is_watching(void) > > +notrace __no_sanitize_memory bool rcu_is_watching(void) > > For all of these, does __no_kmsan_checks instead of __no_sanitize_memory work? > Again, __no_kmsan_checks (function-only counterpart to > KMSAN_ENABLE_CHECKS_.... := n) is preferred if it works as it avoids > any potential false positives that would be introduced by not > instrumenting. > This works because it is not unpoisoning local variables. > > { > > bool ret; > > > > diff --git a/kernel/sched/core.c b/kernel/sched/core.c > > index 9116bcc90346..33aa4df8fd82 100644 > > --- a/kernel/sched/core.c > > +++ b/kernel/sched/core.c > > @@ -5848,7 +5848,7 @@ static inline void preempt_latency_start(int val) > > } > > } > > > > -void preempt_count_add(int val) > > +void __no_sanitize_memory preempt_count_add(int val) > > { > > #ifdef CONFIG_DEBUG_PREEMPT > > /* > > @@ -5880,7 +5880,7 @@ static inline void preempt_latency_stop(int val) > > trace_preempt_on(CALLER_ADDR0, get_lock_parent_ip()); > > } > > > > -void preempt_count_sub(int val) > > +void __no_sanitize_memory preempt_count_sub(int val) > > { > > #ifdef CONFIG_DEBUG_PREEMPT > > > > > > -- > > Cheers, > > Changbin Du -- Cheers, Changbin Du