From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E413CEF142 for ; Tue, 8 Oct 2024 09:27:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DA4EB6B0083; Tue, 8 Oct 2024 05:27:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D54BC6B0085; Tue, 8 Oct 2024 05:27:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BF54C6B0088; Tue, 8 Oct 2024 05:27:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id A20FD6B0083 for ; Tue, 8 Oct 2024 05:27:37 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 7F9D81A1AFE for ; Tue, 8 Oct 2024 09:27:35 +0000 (UTC) X-FDA: 82649907312.29.205F5F0 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by imf10.hostedemail.com (Postfix) with ESMTP id ECAA6C000A for ; Tue, 8 Oct 2024 09:27:34 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=HLG4dKr9; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf10.hostedemail.com: domain of elver@google.com designates 209.85.128.53 as permitted sender) smtp.mailfrom=elver@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728379555; a=rsa-sha256; cv=none; b=fKw7+QxWYmXMQ6sstohUu/rmoRJjpsrNnYUgZ1/ZN51i5hNTgKX8qyJ31uUxen8yXrsuIj wkqQzCFQdy+SnMNKaCpkbtBjm3kUhKDuhwiboQ9pLGJhsKWnHO6LaNX1ufA7uO8GBgAEUi X6gcmZDUwDpwJtoqh4Qri8LkENBvoXA= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=HLG4dKr9; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf10.hostedemail.com: domain of elver@google.com designates 209.85.128.53 as permitted sender) smtp.mailfrom=elver@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728379555; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ftu5SMGfw++3h3QWzAJcU0tvoV223zfvN8/LiEMFNTQ=; b=uyf0u6y01/A3rC6XhzQks4KdKLOcXZUn1nZJ+RihpYpFSrUat2BJi6FjkJqNx42fOm4U4r ekOqnpE4J3Qjq8H2O4otyVJLeul75Qn4ZpU725OETlHV5teRCyM6ovLQ5ZiZC7ZK0h6lYq pQ4ZNI/WZVA30vtkoFQtxoGkOCNozQI= Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-43055b43604so2023465e9.3 for ; Tue, 08 Oct 2024 02:27:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728379653; x=1728984453; darn=kvack.org; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Ftu5SMGfw++3h3QWzAJcU0tvoV223zfvN8/LiEMFNTQ=; b=HLG4dKr9qdvs10gDnJZbIyUPt6w9TC4oEX/OTQQRfrgRs8gVunRNkY/BI9TEcXfhN+ e+YIMkGJEQElZ2CWBcOJRHALiiMAlpKQeDJM1OdDtbRtxlihljntdqdM9ot/70GOnr9+ XSAGP3x0xT59f/gr33fucCdSHhEbCpMiP8pzms1Uxm8WVFb5Yq9CS0yWYYr/R3ILT7ot rmaWTfZoDG5IcGzKS2mttyKPNaEPZMr5nYVhxiwcbyRCiBJPT2ZOQ5t3TkG8dOhU00Wm M9oYJ8+7bGfF937a7S5ak3orUEzg+iU53QFMe4IDUt44+pAxDzaKemjL8zN459T7SOtB 6//g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728379653; x=1728984453; h=user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Ftu5SMGfw++3h3QWzAJcU0tvoV223zfvN8/LiEMFNTQ=; b=QczgvP/TSiyGHzfI3o//OjkA4eXlup2wRZcJK7j+IZfZzh/poAhZppEUAsD6qpFM6r Mf9uzSw70qpXuaL1SkRNGKutnHYYguc4An8btFlmqJrJwFCzDPbAH0pI9zNzFbWOaVQx 9QoUhfSfaVcxOZ9RgLXuDcBwb5CuG5CGKFHF6Sq6lLtwqt6iRNG15UyHTDc2nvD9Gdwn rAPT4OPurDKFCR5NOy3A8J4zuUeJl4jRSxX0+h4m3HzFWxgkdbjVW0LW01WHNbAGteUN 3xvHfPrM4/ddymegHJP6QFDeIkyrPatXGkFR1aiL5kuACp6grlXPQ5+kciPlTWDmxGgm OIcQ== X-Forwarded-Encrypted: i=1; AJvYcCWpcFwLHJMNIjj6iK1lhaGxsFr1w7c7He6fAphq2VRzbmod/h5niHgBdnJAH3rxmMHDBUhGjRpKwg==@kvack.org X-Gm-Message-State: AOJu0Yy3PF7510kL2/OFrjDQIBklp6FHFTItGsVRvOyVAHhl8km+hrZE 6LkRRGbFMqgNyD1cVJnj/1xTGDKoYA1FP180IZq1BM6JQY8R4hxEiqtF8QCe9A== X-Google-Smtp-Source: AGHT+IEyVvOcAQ883pE177fhTi23NiZAjw0ZWzY7AsaEeANWZD6rGY74lVjOqOIHKEywH+G44G+LWg== X-Received: by 2002:a05:600c:1907:b0:42c:af2a:dcf4 with SMTP id 5b1f17b1804b1-42f85ae8ee5mr101095455e9.27.1728379653199; Tue, 08 Oct 2024 02:27:33 -0700 (PDT) Received: from elver.google.com ([2a00:79e0:9c:201:c862:2d9d:4fdd:3ea5]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42f9384f63dsm43016745e9.26.2024.10.08.02.27.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Oct 2024 02:27:32 -0700 (PDT) Date: Tue, 8 Oct 2024 11:27:26 +0200 From: Marco Elver To: Sabyrzhan Tasbolatov Cc: akpm@linux-foundation.org, andreyknvl@gmail.com, bpf@vger.kernel.org, dvyukov@google.com, glider@google.com, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, ryabinin.a.a@gmail.com, syzbot+61123a5daeb9f7454599@syzkaller.appspotmail.com, vincenzo.frascino@arm.com Subject: Re: [PATCH v2 1/1] mm, kasan, kmsan: copy_from/to_kernel_nofault Message-ID: References: <20241005164813.2475778-1-snovitoll@gmail.com> <20241005164813.2475778-2-snovitoll@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/2.2.12 (2023-09-09) X-Rspamd-Queue-Id: ECAA6C000A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: efhxdn6ns7skbmonwxofn8a45rogypwc X-HE-Tag: 1728379654-166414 X-HE-Meta: U2FsdGVkX1+CqP+oauUGqSZ10zMdR5DvvIQOA1/5z/JXYHj5vMc5Fd1G2w01y3wHiko/gpYry5DZBu74qaemQkCmo/L5PNzRet+swNim0RUVa4J8vK/Dmb/VGxncXS8EavM+zXrjHFnd9FvxchOs2EWkuLOooM0QMRESSbkVMTa/AGchKX9aajPxVHkfCxAJr3L8leIkBuS9/Uo5wkDYmeJLsGa8ThsQu2TPbvk/G6wCqYO9NrpQzmWu3cKFAChJEfVcb7Yv27O7txfB7BUZ/D6+uDILiTjT7edNNQlh11/bY/wz+wlw6t8con3VFZhEc43YpUmCj9nUew+ZIrBdYQmzASbfE84ax1rYj3hf7Gzek5pncGLeQJddTKFkzsWfY6U/2WrmO4AKNmIrJRFBhZHf+EWFzdbXICFor7N9LB/3o4FxwO96QwMbMLDX3zEiuF3bk/3Wi5FyDjblugylr9qTQ+H0AO3FE/7gxHrh6rHihOj5MzU3i1doXev0r+z3RWUJC+1R8ckJNausMaVt8+2XicHwRP3BdnzLjB7ajSvzDKInBL83WOh9bwg5FugTHRfGISg792bHxo7d9M+/BTF2paaKhpYDmEhWqzs3zC8PZcMiafI3iGnxB1OCtuyUaP6iKcyymcrS9M1W+XBdt73hdC/Yq32QHLzgUivtZ7r1oKgpVgc+1TsOYDyxbxcQZ3CGB69nYNSFRUJRpQB9Kbk+Yb31hb9Hi0DHbdEFi0vGQFbq27XMimzVdtd/Y/5EOg3BlcfCTyQpkklXwTcmTa3qfwh75VKxDshvLwTkHsyRri/Z1q8Bf+zvITM26aTHlzCVHCmkcC/L88uC0ROuOANWkCrqtngQP+kYdnznu9scOAMBD0WA98rer+xKZFM5Gz6M3YCD+BVwzU3b1UlUartZf6qoMGIfL6yU+U2rHcCHOEEdo8R2eevmJlZzVIjssuMDVzI8u5xOZkD9Jjy KoBd8+QF 7epWwsdydS5Eyf8i3mMe9G4X1LoGjghpqNiQnsCwh1XDQBkp3mEOGKPNXDH2EzQAXKuwsR0QJ6pOA4Zc6XPmaIAIMVjWkWWcjD1UNCEaE91T8Y89WmgiSCZwFVMPcFgUbOxdYAYK+/719gOUH+d/ADXYWZAGDnDyfIGo7F2dwUU39OvYSR2AoPI84/5HSalMp3dt4hAIyS4n9XQ3S94v1hRSBWQf0W+kPHiGUcZW9NlVGtb2PZO/0klgd4cOoYXlxHa9O5Y5LiSmZ/CqVUuS8EXZESjbApuOx8Af60rEa84t5+aoUeapKr0ouimJ5tMIqrT18Mgm699sC1JLP48AVN1+Nrt1ELFaEE2l5EYF/pXlo6paC3taIVLM0056Ryf0pQhQEyf8CaWNigSPfqUE13dUY/oOHzuTq7btqaHXnx08kQCI5ZeZ4n1+Kii4M+j1uvbrq0/ma8g96iWdNGIlktpBJwzbQwhXspLou4g54NVjEaJWJDtRaGvmvdA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.022327, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Oct 08, 2024 at 01:46PM +0500, Sabyrzhan Tasbolatov wrote: > On Tue, Oct 8, 2024 at 1:32 PM Marco Elver wrote: > > > > On Sat, Oct 05, 2024 at 09:48PM +0500, Sabyrzhan Tasbolatov wrote: > > > Instrument copy_from_kernel_nofault() with KMSAN for uninitialized kernel > > > memory check and copy_to_kernel_nofault() with KASAN, KCSAN to detect > > > the memory corruption. > > > > > > syzbot reported that bpf_probe_read_kernel() kernel helper triggered > > > KASAN report via kasan_check_range() which is not the expected behaviour > > > as copy_from_kernel_nofault() is meant to be a non-faulting helper. > > > > > > Solution is, suggested by Marco Elver, to replace KASAN, KCSAN check in > > > copy_from_kernel_nofault() with KMSAN detection of copying uninitilaized > > > kernel memory. In copy_to_kernel_nofault() we can retain > > > instrument_write() for the memory corruption instrumentation but before > > > pagefault_disable(). > > > > I don't understand why it has to be before the whole copy i.e. before > > pagefault_disable()? > > > > I was unsure about this decision as well - I should've waited for your response > before sending the PATCH when I was asking for clarification. Sorry > for the confusion, > I thought that what you meant as the instrumentation was already done after > pagefault_disable(). I just did some digging and there is some existing instrumentation, but not for what we want. The accesses in the loop on x86 do this: copy_to_kernel_nofault: #define __put_kernel_nofault(dst, src, type, err_label) \ __put_user_size(*((type *)(src)), (__force type __user *)(dst), \ sizeof(type), err_label) and __put_user_size: #define __put_user_size(x, ptr, size, label) \ do { \ __typeof__(*(ptr)) __x = (x); /* eval x once */ \ __typeof__(ptr) __ptr = (ptr); /* eval ptr once */ \ __chk_user_ptr(__ptr); \ switch (size) { \ case 1: \ __put_user_goto(__x, __ptr, "b", "iq", label); \ break; \ case 2: \ __put_user_goto(__x, __ptr, "w", "ir", label); \ break; \ case 4: \ __put_user_goto(__x, __ptr, "l", "ir", label); \ break; \ case 8: \ __put_user_goto_u64(__x, __ptr, label); \ break; \ default: \ __put_user_bad(); \ } \ instrument_put_user(__x, __ptr, size); \ } while (0) which already has an instrument_put_user, which expands to this: #define instrument_put_user(from, ptr, size) \ ({ \ kmsan_copy_to_user(ptr, &from, sizeof(from), 0); \ }) So this is already instrumented for KMSAN, to check no uninitialized memory is accessed - but that's only useful if copying to user space. __put_kernel_nofault is "abusing" the same helper to copy to the kernel, so adding explicit instrumentation as proposed still makes sense. Thanks, -- Marco