From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 267D2C25B78 for ; Tue, 28 May 2024 12:38:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9E8346B009C; Tue, 28 May 2024 08:38:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 998F86B009E; Tue, 28 May 2024 08:38:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 861F36B009F; Tue, 28 May 2024 08:38:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 65DD46B009C for ; Tue, 28 May 2024 08:38:50 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 8955AA0553 for ; Tue, 28 May 2024 12:38:49 +0000 (UTC) X-FDA: 82167758778.01.A9F738D Received: from mail-vk1-f172.google.com (mail-vk1-f172.google.com [209.85.221.172]) by imf29.hostedemail.com (Postfix) with ESMTP id D7B3B120003 for ; Tue, 28 May 2024 12:38:46 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=wFxUtIvM; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf29.hostedemail.com: domain of elver@google.com designates 209.85.221.172 as permitted sender) smtp.mailfrom=elver@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1716899926; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=K2yOu7S394kYY/a0W/YaDXm8nhL73Hm/MC9DzzKzcks=; b=lSdv6nm/cL/Yo+CdLlmnPN6ipswSv2GBtxvL+5cgLTOI7HSOcu/gE3gf+KUTJ5hfLtd21g tzQKMtvE/nhh+ojJpv72YOgHR7LqKbm6pLdU5/VVfXZAdLVBU3KSzvTHagHDzViPGlU+ky xzpkh/5FMRbM3jz0zJRxciadv76Sdbo= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=wFxUtIvM; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf29.hostedemail.com: domain of elver@google.com designates 209.85.221.172 as permitted sender) smtp.mailfrom=elver@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1716899926; a=rsa-sha256; cv=none; b=WuQEvwXq4pqCrQtqdcTn07st7Xelk1nT/nWLVCp6S/BZ5YdODBj97fpO3teL/Epb+PXJJa 3peB4cMrZCHy1vySs3u3VMclUc8bct3jPXX2JdKbUVlB+SfuNyzonjk+T7G0cS7/Eg9x6B 0d3FFXG52z+LHZwy/dofEClSY/gb3UM= Received: by mail-vk1-f172.google.com with SMTP id 71dfb90a1353d-4e96d8c3c53so312789e0c.2 for ; Tue, 28 May 2024 05:38:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1716899926; x=1717504726; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=K2yOu7S394kYY/a0W/YaDXm8nhL73Hm/MC9DzzKzcks=; b=wFxUtIvMEo93So95noUNERn+AY/Tj2ZLm+CU+kyYfr29DR7aLOJtjk1ek6h6JV+YcW eZWAJb2Wm/zv/Xf0fRcxLm5CC39ZPAwsuqcEgqluA8Ua6TiI4k0Mcn0eSOehwTYm+xub SEf8AynTGAbXPy5Rr9dMyOhGJQAIS9/qS5+Qc6vFp2Qx0o9YDC8AnBB1rE9avOajdWEo LquHtD5er4eMvMObegqw+jHHTEpin3xrEV2WjbB+HkAe6mZetst2w11+x06Ck1gfDtj/ TivyMUmjR3hDySNeSdMoTsiP9fQqykZKzwJMRa2iM5cNh05coglq/XKvVZUtUngjIw6R 5AmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716899926; x=1717504726; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=K2yOu7S394kYY/a0W/YaDXm8nhL73Hm/MC9DzzKzcks=; b=n4KJQamKaMijKtNKC054Mvtnjbs0R++9rqDVh+MsMtkGGBaAaSkp0tNgBgN/nAhgpD qX/lVLI8ynE49Tev0nO4sF2e2ybHTHak3jv2sBYOJyVli6UQDxGy24qpRU9nDrbeVHwr khCgCcSPROiKdbiG3A/svXWEs/+sGXAYPGjyGsJp07/d5SGkweNbjgK79IjNgIILQ2iC bV0SjfmzYrZzGbE3wUMy9hIKmqtPwah5MeiFUesKGy7yvtQ7UwK9twVMTeXb/8jlxym/ WalXew3iY7jaReE62oRuDkUwj4wZCwMHz4oiLItZx2PrpgWVqGPGxr1PRjIkGEY6D1Za QxyA== X-Forwarded-Encrypted: i=1; AJvYcCX4ZiDKmy+PFd/+/npN6f51LGFSOB+MCNWC7jvU1ycymbB2TY7BvqIA4zeGUrWyKo8Nms1JjrHtBpkFhuVIrwjXkA8= X-Gm-Message-State: AOJu0Yzj159fAVGxnADgFhAZcu3crgXSQv2Cv1u5/xNBpF9JJbMYtWle cIE6dRZyGwsX6QUv35hD9iN/W+QUYkNNXcXIUoDIWV5RnxyJHgq0kn1/e+h97xkvTVGrRAnCXf4 UP2qbJMuaXhKf/IrCMz57aFd0SgsZVR3ppkt/ X-Google-Smtp-Source: AGHT+IHhpCFC2ppGca+Q9ly9BhuExXpqJYQW66tPB8V/Y8sevhG9hHDhtb3sA3mSYn+eXFk4goUGUDSRFcvz2TMJoE4= X-Received: by 2002:a05:6122:3c91:b0:4dc:d7b4:5f7d with SMTP id 71dfb90a1353d-4e4f0283c61mr11666919e0c.8.1716899924298; Tue, 28 May 2024 05:38:44 -0700 (PDT) MIME-Version: 1.0 References: <20240528104807.738758-1-glider@google.com> In-Reply-To: <20240528104807.738758-1-glider@google.com> From: Marco Elver Date: Tue, 28 May 2024 14:38:05 +0200 Message-ID: Subject: Re: [PATCH 1/2] kmsan: do not wipe out origin when doing partial unpoisoning To: Alexander Potapenko Cc: dvyukov@google.com, akpm@linux-foundation.org, bjohannesmeyer@gmail.com, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: D7B3B120003 X-Stat-Signature: mqaetf9hzkr9uwqkdi3eby9pt45z5cwc X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1716899926-97635 X-HE-Meta: U2FsdGVkX1+pf1pVToRUu79P+8WkzfV6LcjRLulDBQMQG7RM+P+rJp8BedtrjSVBeLtKMmt5Iw7xE3p/tK88cd5/e9+3ZODK0RC62//z0NIpu+Jw29+jjaVTl/yUxP8LjMQ6Ul8pb9134bT4YqyMpArV5AXWqRNSDKVJkpUy7fo9BNfOvWzeY7pZxyPgpvWwIrk17G0SNj2hKTP9uGlR61Nu5qX6JhEYZos6f/1EOtXcw354/8faPfDAyuaBjiaOWl29OTHR7kDT/emVZcKWIk8wUlT9DKf32XjGqBcPpAPDRGroctrlrnbH96S9IVTpuzL89Pii9F+XhsCT4a3barRsdb4cYQqQwOQLyUi4zJjzXyrsHHRVxNsiO0Tdj6XZie4d2bEaf3qxpEDf2GteEKXRKyIToB5Rne9iDpFIkR59YCqzSl/8C246sNm1VQkg3GNPT8Xx8aS23tJMaPpLk1SQsJ+FXWOX4hS+EEvTIOB0EcuML7CwVW7yRBqFoGAmi4RWgm90kJ52CHwiB0S0twonVk0RGgrBndH3rdrb/WyXJi1LO0QE/JQUJ8hI+GSdgkrUwNJB9Tg1/DJVpqjFii1B6ZkZQtBKgdGw1we3ChemiJYI7YSnWMLNFq2ENN/TAeIOSgh8xIPfcW/eZsK4EH32b38F7yUTWGjxoL0z3z6Sif7FF9a1zFQNNWwiv97xcQOH3uTzIrD0T7LR3gfX/b9gwgMXjeC+3yrycIVbp8ZXalSIcaS1Q26be/gnPanQVQmWqpOXViiU6bMOknk2XDjg3mAhj76/JKCmdFDPvgKgV4DjvXqlAo3oyNC8e2Puj/ES9Ltv6K6QaeccH/859SHsvifrBlM5sQKU8tsr4O6AYY7jgpY3B9NWM2/gEzERaespJpkldJfTkL8Z8geujfoyBT8IUgALEzJxUfGyxhh0sPqDf7V1X/Na3Mp7AHqPlgqwwjEnUMiTvyWmSaO jB0LYqq4 L9o/k2Jao5NQsPVbX4wX0zyx9153FjWjMtDlBFnsRElgxGROJb0KqFEb0ndaUcEXij+4+Sv7w2zeNDOdMoRlfvboAgdSOJIgYOIjqXA0JfS5BmkQH6+OLBpwJoF1zqml73FnXoXeX5GOwxKFkk3qI/quqRoBx8HP9agTJiLhEguQLYkC+aS3A3U1EIkWuLk5hLzBNJCbLQGg3b40x0oP2yVDrJ7rvWmt5dMxQYEbUv8/7wD/q34/1z5TqzvMkLLz900JYikS7upcrKbyEreqS6eG3gN0EeNyRmThu0N70xM+xvh1A9qBJDgb/22oS79S3uHJRHntz8kyCkKA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000022, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 28 May 2024 at 12:48, Alexander Potapenko wrote: > > As noticed by Brian, KMSAN should not be zeroing the origin when > unpoisoning parts of a four-byte uninitialized value, e.g.: > > char a[4]; > kmsan_unpoison_memory(a, 1); > > This led to false negatives, as certain poisoned values could receive zero > origins, preventing those values from being reported. > > To fix the problem, check that kmsan_internal_set_shadow_origin() writes > zero origins only to slots which have zero shadow. > > Reported-by: Brian Johannesmeyer > Link: https://lore.kernel.org/lkml/20240524232804.1984355-1-bjohannesmeyer@gmail.com/T/ > Fixes: f80be4571b19 ("kmsan: add KMSAN runtime core") > Signed-off-by: Alexander Potapenko > --- > mm/kmsan/core.c | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) > > diff --git a/mm/kmsan/core.c b/mm/kmsan/core.c > index cf2d70e9c9a5f..95f859e38c533 100644 > --- a/mm/kmsan/core.c > +++ b/mm/kmsan/core.c > @@ -196,8 +196,7 @@ void kmsan_internal_set_shadow_origin(void *addr, size_t size, int b, > u32 origin, bool checked) > { > u64 address = (u64)addr; > - void *shadow_start; > - u32 *origin_start; > + u32 *shadow_start, *origin_start; > size_t pad = 0; > > KMSAN_WARN_ON(!kmsan_metadata_is_contiguous(addr, size)); > @@ -225,8 +224,16 @@ void kmsan_internal_set_shadow_origin(void *addr, size_t size, int b, > origin_start = > (u32 *)kmsan_get_metadata((void *)address, KMSAN_META_ORIGIN); > > - for (int i = 0; i < size / KMSAN_ORIGIN_SIZE; i++) > - origin_start[i] = origin; > + /* > + * If the new origin is non-zero, assume that the shadow byte is also non-zero, > + * and unconditionally overwrite the old origin slot. > + * If the new origin is zero, overwrite the old origin slot iff the > + * corresponding shadow slot is zero. > + */ > + for (int i = 0; i < size / KMSAN_ORIGIN_SIZE; i++) { > + if (origin || !shadow_start[i]) > + origin_start[i] = origin; > + } Reviewed-by: Marco Elver