From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Alexander Gordeev <agordeev@linux.ibm.com>,
Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Christoph Lameter <cl@linux.com>,
David Rientjes <rientjes@google.com>,
Heiko Carstens <hca@linux.ibm.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Marco Elver <elver@google.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Pekka Enberg <penberg@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Vasily Gorbik <gor@linux.ibm.com>,
Vlastimil Babka <vbabka@suse.cz>
Cc: Christian Borntraeger <borntraeger@linux.ibm.com>,
Dmitry Vyukov <dvyukov@google.com>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-s390@vger.kernel.org,
linux-trace-kernel@vger.kernel.org,
Mark Rutland <mark.rutland@arm.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Sven Schnelle <svens@linux.ibm.com>,
Ilya Leoshkevich <iii@linux.ibm.com>
Subject: [PATCH v7 19/38] mm: kfence: Disable KMSAN when checking the canary
Date: Fri, 21 Jun 2024 13:35:03 +0200 [thread overview]
Message-ID: <20240621113706.315500-20-iii@linux.ibm.com> (raw)
In-Reply-To: <20240621113706.315500-1-iii@linux.ibm.com>
KMSAN warns about check_canary() accessing the canary.
The reason is that, even though set_canary() is properly instrumented
and sets shadow, slub explicitly poisons the canary's address range
afterwards.
Unpoisoning the canary is not the right thing to do: only
check_canary() is supposed to ever touch it. Instead, disable KMSAN
checks around canary read accesses.
Reviewed-by: Alexander Potapenko <glider@google.com>
Tested-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
mm/kfence/core.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/mm/kfence/core.c b/mm/kfence/core.c
index 964b8482275b..83f8e78827c0 100644
--- a/mm/kfence/core.c
+++ b/mm/kfence/core.c
@@ -305,8 +305,14 @@ metadata_update_state(struct kfence_metadata *meta, enum kfence_object_state nex
WRITE_ONCE(meta->state, next);
}
+#ifdef CONFIG_KMSAN
+#define check_canary_attributes noinline __no_kmsan_checks
+#else
+#define check_canary_attributes inline
+#endif
+
/* Check canary byte at @addr. */
-static inline bool check_canary_byte(u8 *addr)
+static check_canary_attributes bool check_canary_byte(u8 *addr)
{
struct kfence_metadata *meta;
unsigned long flags;
@@ -341,7 +347,8 @@ static inline void set_canary(const struct kfence_metadata *meta)
*((u64 *)addr) = KFENCE_CANARY_PATTERN_U64;
}
-static inline void check_canary(const struct kfence_metadata *meta)
+static check_canary_attributes void
+check_canary(const struct kfence_metadata *meta)
{
const unsigned long pageaddr = ALIGN_DOWN(meta->addr, PAGE_SIZE);
unsigned long addr = pageaddr;
--
2.45.1
next prev parent reply other threads:[~2024-06-21 11:38 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-21 11:34 [PATCH v7 00/38] kmsan: Enable on s390 Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 02/38] kmsan: Make the tests compatible with kmsan.panic=1 Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 04/38] kmsan: Increase the maximum store size to 4096 Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 05/38] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 07/38] kmsan: Remove a useless assignment from kmsan_vmap_pages_range_noflush() Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 08/38] kmsan: Remove an x86-specific #include from kmsan.h Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 09/38] kmsan: Expose kmsan_get_metadata() Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 11/38] kmsan: Allow disabling KMSAN checks for the current task Ilya Leoshkevich
2024-06-21 11:34 ` [PATCH v7 14/38] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata() Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 16/38] kmsan: Expose KMSAN_WARN_ON() Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 17/38] mm: slub: Let KMSAN access metadata Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 18/38] mm: slub: Disable KMSAN when checking the padding bytes Ilya Leoshkevich
2024-06-24 7:34 ` Vlastimil Babka
2024-06-21 11:35 ` Ilya Leoshkevich [this message]
2024-06-21 11:35 ` [PATCH v7 20/38] lib/zlib: Unpoison DFLTCC output buffers Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 21/38] kmsan: Accept ranges starting with 0 on s390 Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 22/38] s390/boot: Turn off KMSAN Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 23/38] s390: Use a larger stack for KMSAN Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 24/38] s390/boot: Add the KMSAN runtime stub Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 25/38] s390/checksum: Add a KMSAN check Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 26/38] s390/cpacf: Unpoison the results of cpacf_trng() Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 27/38] s390/cpumf: Unpoison STCCTM output buffer Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 28/38] s390/diag: Unpoison diag224() " Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 31/38] s390/mm: Define KMSAN metadata for vmalloc and modules Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 32/38] s390/string: Add KMSAN support Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 33/38] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 35/38] s390/uaccess: Add the missing linux/instrumented.h #include Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 36/38] s390/unwind: Disable KMSAN checks Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 37/38] s390/kmsan: Implement the architecture-specific functions Ilya Leoshkevich
2024-06-21 11:35 ` [PATCH v7 38/38] kmsan: Enable on s390 Ilya Leoshkevich
2024-06-21 17:55 ` [PATCH v7 00/38] " Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240621113706.315500-20-iii@linux.ibm.com \
--to=iii@linux.ibm.com \
--cc=42.hyeyoo@gmail.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=borntraeger@linux.ibm.com \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mhiramat@kernel.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=rostedt@goodmis.org \
--cc=svens@linux.ibm.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox