From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A1020C27C4F
	for <linux-mm@archiver.kernel.org>; Thu, 13 Jun 2024 23:30:58 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9DB9C6B0096; Thu, 13 Jun 2024 19:30:53 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 98B1C6B0098; Thu, 13 Jun 2024 19:30:53 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 852CF6B0099; Thu, 13 Jun 2024 19:30:53 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 670BD6B0096
	for <linux-mm@kvack.org>; Thu, 13 Jun 2024 19:30:53 -0400 (EDT)
Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id E47BC80388
	for <linux-mm@kvack.org>; Thu, 13 Jun 2024 23:30:52 +0000 (UTC)
X-FDA: 82227462744.21.193D02F
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf11.hostedemail.com (Postfix) with ESMTP id 3671F4000B
	for <linux-mm@kvack.org>; Thu, 13 Jun 2024 23:30:50 +0000 (UTC)
Authentication-Results: imf11.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZtjrlNte;
	dmarc=pass (policy=none) header.from=kernel.org;
	spf=pass (imf11.hostedemail.com: domain of sj@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=sj@kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1718321448;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=hxaGvxkScOTKCiAV8+k9eEP+nZdOtp9Q1FaHIeD1exo=;
	b=PjpQNsBKyxzOCd3e4nCHC1DxU7LjQ1O+BK2QGpXJKjl92IDJ2xfJsZJqHAcaV0MeKE2TDN
	mbiWFUtzuCvracnuX42mKkPiI2xLWvlT6/nIs7+CKmfK3L4D9sqDcp/PCqoFEVHaZE0TZ+
	RrRG5wjYoQw/ZFJdKAuBIxIP0C/oAI0=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718321448; a=rsa-sha256;
	cv=none;
	b=ieqcWOWskVFRlz+TiG008cTtHuXBvYkGF2SgddfrGy/XlF862qqWtcCGMoACb/7ITHD8Nq
	SLp4T6jPP63RLCLBxUkIp4Nckueg2zsSONpL3j/ZrzUgZYknTRrbbmBTyoh6JMh/QtF52t
	Z+Ken5vzveewCs11bN+s9wiBkQ4R/DE=
ARC-Authentication-Results: i=1;
	imf11.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZtjrlNte;
	dmarc=pass (policy=none) header.from=kernel.org;
	spf=pass (imf11.hostedemail.com: domain of sj@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=sj@kernel.org
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id ED99D61DAA;
	Thu, 13 Jun 2024 23:30:48 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1F9DC2BBFC;
	Thu, 13 Jun 2024 23:30:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1718321448;
	bh=PW00fcWzZ7rP+l8wtSRyUhUcthMcm78zijiC8gH1ZzQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ZtjrlNtei/CJSiX6UYG5KNZw73izRuSmLgW6A1GZEsLtaRKZQtHYNomLZTK9GNhnb
	 ctaZmJz31OO7MhKgOyloDCSRsTVCQ+3pymkq++vM5g/ycWf8GL6sC9XILt/hqm1hN4
	 u8lHbBjbxkwwFRKscoBM45TSTGv1ij52Ox2IUN8DcZrvbZNM5eOKMxd1RJDRDNDQwh
	 21olhu2jjss3qs9lfSmbXZtoDpRBSeZWqXnerR22r1spRA4hNhRgB/oG9ZXebs5Mcd
	 WjbOYVgj981QV1rjP5Tutpr6MxPKlhTEs4jJQ2/Kofj5DRn1fURfmmU5ZJ37suFRxw
	 jDUBTjYRCc4Mg==
From: SeongJae Park <sj@kernel.org>
To: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: SeongJae Park <sj@kernel.org>,
	Alexander Gordeev <agordeev@linux.ibm.com>,
	Alexander Potapenko <glider@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Christoph Lameter <cl@linux.com>,
	David Rientjes <rientjes@google.com>,
	Heiko Carstens <hca@linux.ibm.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Marco Elver <elver@google.com>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Pekka Enberg <penberg@kernel.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	Vasily Gorbik <gor@linux.ibm.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	Christian Borntraeger <borntraeger@linux.ibm.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	kasan-dev@googlegroups.com,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-s390@vger.kernel.org,
	linux-trace-kernel@vger.kernel.org,
	Mark Rutland <mark.rutland@arm.com>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Sven Schnelle <svens@linux.ibm.com>
Subject: Re: [PATCH v4 12/35] kmsan: Support SLAB_POISON
Date: Thu, 13 Jun 2024 16:30:44 -0700
Message-Id: <20240613233044.117000-1-sj@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20240613153924.961511-13-iii@linux.ibm.com>
References: 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam07
X-Rspamd-Queue-Id: 3671F4000B
X-Stat-Signature: 5ek8nzyqf6tefx5ok4pe9y9kbsxh8amb
X-Rspam-User: 
X-HE-Tag: 1718321450-362018
X-HE-Meta: U2FsdGVkX18FwvqICxpv59VH+huzbLfZOGXuDHQjZTQRbZlnfYafForwobYfSVQreESrNXPwv1uLF4TUmC96R8YfLiggCXv4TUe5BYkAkkb+sZtvZ/Xw/umdIuqaohX6nALuqvoHnulIBL0rrCM1wFFP3T61G5J+BSyCY1FG2fGtAM4XDLbVwLeQCRc4BT8I0DbYaXWTrjKIVHlDuq/OsO/QmROoqwCs9NqX8w8nJIms7ijKX968H6iFbVAV34EvSuQZN4qF2g97h7qSnnmm8IGDBoITt4EsngNwnw8lS4/LAaiIWAqfckubarBZf5t4rfdAbrxnUIy6dCPb1JyUVS+z/v0FZfPxNWcuSDJjlGQnwBYoi2OEO9eDYSTD9u9m/toLYluiqfHHGG1wMImk+t+LLPwwhWykS5fTJn0yyOSETWcFqDWBTexThccd9HyTNNFcHSqPY+czoVJLAdykiFHK+2Op8Q1N6kU2qD+K2V6v4RmVttvU9BxyRl5NYwwSlaGxWse9HNKxEdlEl7Nnm83XaUaJB+LnXEbJjQoQS7vNga9WS2Mkf2Nxy/APw/TzLLM8C3JCukWoHUA0gsuEYLtHcdS2Bw417HxddC73/IPbkOKF/Ac4wi87HCve5EzcqJd6O7VxXr2qu35ANED1Ml8ogxihqts2zTbGBvqV/FGBC0BRtvzeDkEFuo0h+KgVw10lDP+NaanbgGQXmGMqpOZM8GoArUttkExeGiRjV+Z7gVfDUZjzJwJh4AvQUihBJLsYoJloVdQNKvCfENH87gBSmcZ5A3EgF7Vbxdi0LKSNgTUbVcX3ueXE02nsixG/T5274mxsHJ22eoYqXU64THE5A6+iKhTT1j6dTexgsfUrKEqzXQiW6chs1jleUKq5csjQYCPtprgSemxk0UQ/M3FTao8Tp4MlJSZvMoGJ1pQqRDf32D1Qc8ryoKLbUgOgof0apzoNEF/THPFhONR
 jmQ3b62L
 L3+r7NpXNNpun84u2qONSicMhdPvf//fcnXPWsAEa2hRTboR4OXYex4uGRn4VFA9TzXJo64KiPlLI4Sz+AUTvSDjkFC1flJA6VhKxjnT5uwA9hhbx+Dc2sAlxO/X8cVe6+PW9MRG4OzD2qh5uc9o20D2YIJzrS5yKxibTNrKmrSkzhkjgn/Jcp0mFDdwg0FL0fAJ7RGJi1OZ9YEx8lvpuLM8nISamacVhcsx1I34RDZxZ/mnyKGjJSI5aRZ7HzwIx+iKwzO7EaHlRpng9vHIKrieF6LwpSXlvFrOk8NrXXhd2t2TPcuij4Glq4tC6pO71jliSnuG3sKTcX2UG9jsoYeFdmQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hi Ilya,

On Thu, 13 Jun 2024 17:34:14 +0200 Ilya Leoshkevich <iii@linux.ibm.com> wrote:

> Avoid false KMSAN negatives with SLUB_DEBUG by allowing
> kmsan_slab_free() to poison the freed memory, and by preventing
> init_object() from unpoisoning new allocations by using __memset().
> 
> There are two alternatives to this approach. First, init_object()
> can be marked with __no_sanitize_memory. This annotation should be used
> with great care, because it drops all instrumentation from the
> function, and any shadow writes will be lost. Even though this is not a
> concern with the current init_object() implementation, this may change
> in the future.
> 
> Second, kmsan_poison_memory() calls may be added after memset() calls.
> The downside is that init_object() is called from
> free_debug_processing(), in which case poisoning will erase the
> distinction between simply uninitialized memory and UAF.
> 
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>  mm/kmsan/hooks.c |  2 +-
>  mm/slub.c        | 13 +++++++++----
>  2 files changed, 10 insertions(+), 5 deletions(-)
> 
[...]
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -1139,7 +1139,12 @@ static void init_object(struct kmem_cache *s, void *object, u8 val)
>  	unsigned int poison_size = s->object_size;
>  
>  	if (s->flags & SLAB_RED_ZONE) {
> -		memset(p - s->red_left_pad, val, s->red_left_pad);
> +		/*
> +		 * Use __memset() here and below in order to avoid overwriting
> +		 * the KMSAN shadow. Keeping the shadow makes it possible to
> +		 * distinguish uninit-value from use-after-free.
> +		 */
> +		__memset(p - s->red_left_pad, val, s->red_left_pad);

I found my build test[1] fails with below error on latest mm-unstable branch.
'git bisect' points me this patch.

      CC      mm/slub.o
    /mm/slub.c: In function 'init_object':
    /mm/slub.c:1147:17: error: implicit declaration of function '__memset'; did you mean 'memset'? [-Werror=implicit-function-declaration]
     1147 |                 __memset(p - s->red_left_pad, val, s->red_left_pad);
          |                 ^~~~~~~~
          |                 memset
    cc1: some warnings being treated as errors

I haven't looked in deep, but reporting first.  Do you have any idea?

[1] https://github.com/awslabs/damon-tests/blob/next/corr/tests/build_m68k.sh


Thanks,
SJ

[...]