From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C66F2CEFC4C for ; Tue, 8 Oct 2024 19:34:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 42A066B0085; Tue, 8 Oct 2024 15:34:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3D8B16B0096; Tue, 8 Oct 2024 15:34:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2C7F76B0099; Tue, 8 Oct 2024 15:34:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C14E56B0096 for ; Tue, 8 Oct 2024 15:34:51 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 488DF160ADC for ; Tue, 8 Oct 2024 19:34:50 +0000 (UTC) X-FDA: 82651437582.17.7B0D497 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by imf08.hostedemail.com (Postfix) with ESMTP id A3925160023 for ; Tue, 8 Oct 2024 19:34:49 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=m+inyrmm; spf=pass (imf08.hostedemail.com: domain of elver@google.com designates 209.85.214.182 as permitted sender) smtp.mailfrom=elver@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728415955; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=a1eBAKb+IiIssJhkKo3Muao/vVP76nI3R2s5zzwX6xM=; b=5T1qqnwypu85/a07C3hHjQZP2Oxf8K90O6B46/gxGfraZAnMX68BvlqB64J+uA6/kXJle/ yTnINUNPM7t83UbI83LVeF/FDEh/CSBFp56NSJxkBBVbjkxujh0rkA+JdEDcIuAjqcCuQk OSnnnEDvcZfr3ZVYfolw5LiCHRr+gqo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728415955; a=rsa-sha256; cv=none; b=sDwDY10nbfgPfsilnhbIpNO0yVFn3WGrNbZx0fMPgQ97mxmEDcictk7jc9OPPdt3xuXDnF hxdBKHYq/o3Ae3ii6oxATrOWXySdy3SMSqg+OJyJQyEtMrzA+/xV64ZKDfYng4jUU//d7u abDOdd2vSm5GryRhE6EDvCz+INVZoVE= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=m+inyrmm; spf=pass (imf08.hostedemail.com: domain of elver@google.com designates 209.85.214.182 as permitted sender) smtp.mailfrom=elver@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-20c593d6b1cso8914185ad.0 for ; Tue, 08 Oct 2024 12:34:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728416088; x=1729020888; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=a1eBAKb+IiIssJhkKo3Muao/vVP76nI3R2s5zzwX6xM=; b=m+inyrmmHPYbCG+yqUoqe0PCT2JU4JChR+BtSSIwUUPKgiQvaQo8S6oSVFgboXfXNN OO7TL49fdxD9mLyiGmD/+AHPELS8W5QwVroBxfvXf5v55NR1XMrTSPdnWxGYrZlCsPV3 ySGGPfmI5MyMr7VywlujoSU6xzSvOew/jQXC936bz5br8wA25zScqX1LNS/2bxB+HjFH cgTJAacSpMTiWiMzbxmSLoSiIcnocRlRqPRcncdAUNRz/9YsiFYWTT3IdiEIkT6BPhcS RCpRYhqb/G+c1NM8lNoVciHX2kJ5tL235KnB6yXXVCaGK8yuMVkfefg7452Cl6L/oaPN FJ/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728416088; x=1729020888; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=a1eBAKb+IiIssJhkKo3Muao/vVP76nI3R2s5zzwX6xM=; b=PpgPbN0z3622QQxkjM+8afOM6s3otRSVrm7FRyO9SGkrbDPEvQEq+Ip59V16+1vAhz JEo9FS+pd7sLPI4nXP21C5yF4+1vlyJ2lpkJOalBEMZHrM53wegnsWOEtVtXolctnkk1 7nB2ixpjHli4XTgrmxUFGkKOQS3SWMug9PzQLMTUwIpoNJ5B1NChXT1rURFt82lYqoRG TJ4lX3o5M4KNk2rb0A4mQdE7V5ZsK+ejaYuNynYOIxjDiBq9Eg5hv80ZYH6D8AtmAU3u 9OqJ8liZfPwA8O8LtHjsGvhfolhe7Psll+vBeM0IssWeEXhiZQLFRbrlk/Pc2f9k2BW1 DbCA== X-Forwarded-Encrypted: i=1; AJvYcCVQu5LXh1vAG8nJrg28Q/gFCkxLFMLgmsMtAtfTkzbNt1OxdXJgCcld4zRyV1z2yIQVaNRgCwEHoA==@kvack.org X-Gm-Message-State: AOJu0YxIQ1LMKW7UGNpR0bkhpJgLeY0NRJXI9L7zQ9rKYeVS69j7f9sB 1GmUnDMRtCEAa77zLRLY6Jfc03ncfASlJN3YNzRB+wG5X8QxD8N/Tu+Y9/bmddu0uMHYSffzifx tCtn2qniqtuCPWt8W/BUQiTEftWPs+xtGkIAv X-Google-Smtp-Source: AGHT+IHYkc33I6J5rJ3ZrK3WsR4R/63QF58VfSy7YbQLLmAS3xIFpM5nkuhj8nCvgdfxMN2NVwszrk1J6M+tUzweF3k= X-Received: by 2002:a17:902:e5c1:b0:207:7eaa:d6bb with SMTP id d9443c01a7336-20c6374711fmr1457145ad.29.1728416088034; Tue, 08 Oct 2024 12:34:48 -0700 (PDT) MIME-Version: 1.0 References: <20241008192910.2823726-1-snovitoll@gmail.com> In-Reply-To: <20241008192910.2823726-1-snovitoll@gmail.com> From: Marco Elver Date: Tue, 8 Oct 2024 21:34:10 +0200 Message-ID: Subject: Re: [PATCH v4] mm, kasan, kmsan: copy_from/to_kernel_nofault To: Sabyrzhan Tasbolatov Cc: akpm@linux-foundation.org, andreyknvl@gmail.com, bpf@vger.kernel.org, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, syzbot+61123a5daeb9f7454599@syzkaller.appspotmail.com, vincenzo.frascino@arm.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: A3925160023 X-Stat-Signature: asj5ntdf4w7igtftydgd9auyp8dey9me X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1728416089-143966 X-HE-Meta: U2FsdGVkX1/PbtdfN64w3UMMxpu+qDTpkZbSNHF4XN3cCmdQJLpL2pqGcgRFcKr4fGnuVMm0eSKRzCjPSxKodfG7DgCm2rwwQKc6b4s1Su3BN8HB/iEb6k+p4Y0V93WetS8grzHCn7tZI8Tq6gQwKVTP31CIibi9n+HmN/K/5eUEXODCBdSvjplR9aLe56Hp2es6skEIDbIy6I9j8NbDCX24d3MoWsFrpPTRTHSlkILB2NSz8wXKEvqakYQpHrrBEzVFNy2JdfdBKGtcnbEq5KO+fgDifc76VOBIgUsnf0FnIzCAfQ79QYMvc8t7kMOY8bhwr8HddKQxvbp+bYWtBr7FEAI2gkGs6UqKWxB+KzNmy7TVbxUO6Zrx+hZJVaGrAhHwagCPzG6LkgQDpHDdATsI0n50Lcnw8PPfzY9QqNWWs8+pSLUOlrrLNkCjUvcaXvCPW2QSjAY7VDL2W1p6vkjcqCa7h1xpuAaFoTUFmKbyQLPL7MhEaoDAZyLyHqCIec1WhtzTH/+otCy6SDo33P3WVZ6tWzssX6W5ao56vUpeNbMgn4mtG3rKP2lqWuCiSVqY6IEZHuoDrBOvK/KZKbiiCfMwefKuru9g+fhJXjJLTPzM+ytI7kBrn0+O7OThSg7aJTBaN2rkFavw3vC5Cev3e7NuM5Sl1yftj6gN8Go+GmyI4W1Pez6X481dbq0/yu2gsmJ+vsfY/K532ehTLRq4nxw67UIDPwFHX/4uLl+Kdgg1Kgnsje0nqKOekvgzA5CPLNdTnTuW29faQFo4moguZI3BW91QCK34+K9QGw4DkcILJTWrktFxWkOKQ7JyNTEeRZD6QwDrkC3CPopFBdqrnXjtYAv6z//27JJLY0wEWTJX6kRwybf808M1cHeONXuoGcytQHpjCwJsspSaVcGw0CaLlQeRXMtKOaOe5tELHlyzwIpEPaRG3o3PmhPf8OoR0Eh+u6VIalOkCqO O4VTJ9a6 jy69Ebl0m0/vT5UiH2UMitmXybyfkZI3uJKHuBS9gxjod0HE+05jrREgO+H7wmcRDLqpI9j+O9cfSlPck7cyiX+b4/KBOofBu7NDvK1x6C3+HfhQu1jsksHNmTpbzpjINgyVLJ/P5M9b8afQ6vOAAPAvpVAL6kBNPw7q05+fqz+CokrI7fFY41XUBV52RMH5+wQabv0s6l4A5BYDePlkOfkum2oq8+aBbzWGI9ER5VgJE/EnmySycmY81kvqfMRVDaINMjoZoHBabqKK6ENs/oYXxg4QPKaBABMjG2SBH46njJrKFaOZWdDEIlIFQkLGZq+hN/HySSFNaW8tzaZzn4e91h+nuP0MUMSbaMX5AdgJfPsHxrawMg/kek+7CNmKYN9haDhdaEBTqiO3U0hVKVQy/Oku9gaZGnfswbPKd+H7GQ0eOsxrZ8sJoJ6O7Gl63oHNBN8XKbXCvobpEXZj4xYVmYAWYr2yn2DrGsxiUMTXFWkXzKZx8PK5uZRukAOF5d7TkbLZNwUXHotOUu2MACatE9g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 8 Oct 2024 at 21:28, Sabyrzhan Tasbolatov wrote: > > Instrument copy_from_kernel_nofault() with KMSAN for uninitialized kernel > memory check and copy_to_kernel_nofault() with KASAN, KCSAN to detect > the memory corruption. > > syzbot reported that bpf_probe_read_kernel() kernel helper triggered > KASAN report via kasan_check_range() which is not the expected behaviour > as copy_from_kernel_nofault() is meant to be a non-faulting helper. > > Solution is, suggested by Marco Elver, to replace KASAN, KCSAN check in > copy_from_kernel_nofault() with KMSAN detection of copying uninitilaized > kernel memory. In copy_to_kernel_nofault() we can retain > instrument_write() explicitly for the memory corruption instrumentation. > > copy_to_kernel_nofault() is tested on x86_64 and arm64 with > CONFIG_KASAN_SW_TAGS. On arm64 with CONFIG_KASAN_HW_TAGS, > kunit test currently fails. Need more clarification on it > - currently, disabled in kunit test. > > Link: https://lore.kernel.org/linux-mm/CANpmjNMAVFzqnCZhEity9cjiqQ9CVN1X7qeeeAp_6yKjwKo8iw@mail.gmail.com/ > Reviewed-by: Marco Elver > Reported-by: syzbot+61123a5daeb9f7454599@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=61123a5daeb9f7454599 > Reported-by: Andrey Konovalov > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=210505 > Signed-off-by: Sabyrzhan Tasbolatov > --- > v2: > - squashed previous submitted in -mm tree 2 patches based on Linus tree > v3: > - moved checks to *_nofault_loop macros per Marco's comments > - edited the commit message > v4: > - replaced Suggested-By with Reviewed-By: Marco Elver For future reference: No need to send v+1 just for this tag. Usually maintainers pick up tags from the last round without the original author having to send out a v+1 with the tags. Of course, if you make other corrections and need to send a v+1, then it is appropriate to collect tags where those tags would remain valid (such as on unchanged patches part of the series, or for simpler corrections).