From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Changbin Du <changbin.du@huawei.com>, elver@google.com
Cc: Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
kasan-dev@googlegroups.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: [BUG] kmsan: instrumentation recursion problems
Date: Wed, 13 Mar 2024 00:52:33 +0100 [thread overview]
Message-ID: <ndf5znadjpm4mcscns66bhcgvvykmcou3kjkqy54fcvgtvu7th@vpaomrytk4af> (raw)
In-Reply-To: <20240311110223.nzsplk6a6lzxmzqi@M910t>
On Mon, Mar 11, 2024 at 07:02:23PM +0800, Changbin Du wrote:
> On Mon, Mar 11, 2024 at 05:30:36PM +0800, Changbin Du wrote:
> > On Fri, Mar 08, 2024 at 10:39:15AM +0100, Marco Elver wrote:
> > > On Fri, 8 Mar 2024 at 05:36, 'Changbin Du' via kasan-dev
> > > <kasan-dev@googlegroups.com> wrote:
> > > >
> > > > Hey, folks,
> > > > I found two instrumentation recursion issues on mainline kernel.
> > > >
> > > > 1. recur on preempt count.
> > > > __msan_metadata_ptr_for_load_4() -> kmsan_virt_addr_valid() -> preempt_disable() -> __msan_metadata_ptr_for_load_4()
> > > >
> > > > 2. recur in lockdep and rcu
> > > > __msan_metadata_ptr_for_load_4() -> kmsan_virt_addr_valid() -> pfn_valid() -> rcu_read_lock_sched() -> lock_acquire() -> rcu_is_watching() -> __msan_metadata_ptr_for_load_8()
> > > >
> > > >
> > > > Here is an unofficial fix, I don't know if it will generate false reports.
> > > >
> > > > $ git show
> > > > commit 7f0120b621c1cbb667822b0f7eb89f3c25868509 (HEAD -> master)
> > > > Author: Changbin Du <changbin.du@huawei.com>
> > > > Date: Fri Mar 8 20:21:48 2024 +0800
> > > >
> > > > kmsan: fix instrumentation recursions
> > > >
> > > > Signed-off-by: Changbin Du <changbin.du@huawei.com>
> > > >
> > > > diff --git a/kernel/locking/Makefile b/kernel/locking/Makefile
> > > > index 0db4093d17b8..ea925731fa40 100644
> > > > --- a/kernel/locking/Makefile
> > > > +++ b/kernel/locking/Makefile
> > > > @@ -7,6 +7,7 @@ obj-y += mutex.o semaphore.o rwsem.o percpu-rwsem.o
> > > >
> > > > # Avoid recursion lockdep -> sanitizer -> ... -> lockdep.
> > > > KCSAN_SANITIZE_lockdep.o := n
> > > > +KMSAN_SANITIZE_lockdep.o := n
> > >
> > > This does not result in false positives?
> > >
> This does result lots of false positives.
>
> > I saw a lot of reports but seems not related to this.
> >
> > [ 2.742743][ T0] BUG: KMSAN: uninit-value in unwind_next_frame+0x3729/0x48a0
> > [ 2.744404][ T0] unwind_next_frame+0x3729/0x48a0
> > [ 2.745623][ T0] arch_stack_walk+0x1d9/0x2a0
> > [ 2.746838][ T0] stack_trace_save+0xb8/0x100
> > [ 2.747928][ T0] set_track_prepare+0x88/0x120
> > [ 2.749095][ T0] __alloc_object+0x602/0xbe0
> > [ 2.750200][ T0] __create_object+0x3f/0x4e0
> > [ 2.751332][ T0] pcpu_alloc+0x1e18/0x2b00
> > [ 2.752401][ T0] mm_init+0x688/0xb20
> > [ 2.753436][ T0] mm_alloc+0xf4/0x180
> > [ 2.754510][ T0] poking_init+0x50/0x500
> > [ 2.755594][ T0] start_kernel+0x3b0/0xbf0
> > [ 2.756724][ T0] __pfx_reserve_bios_regions+0x0/0x10
> > [ 2.758073][ T0] x86_64_start_kernel+0x92/0xa0
> > [ 2.759320][ T0] secondary_startup_64_no_verify+0x176/0x17b
> >
> Above reports are triggered by KMEMLEAK and KFENCE.
>
> Now with below fix, I was able to run kmsan kernel with:
> CONFIG_DEBUG_KMEMLEAK=n
> CONFIG_KFENCE=n
> CONFIG_LOCKDEP=n
>
> KMEMLEAK and KFENCE generate too many false positives in unwinding code.
> LOCKDEP still introduces instrumenting recursions.
FWIW I see the same issue on s390, and the best I could come up with so
far was also disabling lockdep.
For KFENCE I have the following [1] though, maybe this will be helpful
to you as well?
[1] https://patchwork.kernel.org/project/linux-mm/patch/20231213233605.661251-17-iii@linux.ibm.com/
[...]
next prev parent reply other threads:[~2024-03-12 23:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-08 4:34 Changbin Du
2024-03-08 9:39 ` Marco Elver
2024-03-11 9:30 ` Changbin Du
2024-03-11 11:02 ` Changbin Du
2024-03-12 23:52 ` Ilya Leoshkevich [this message]
2024-03-13 1:41 ` Ilya Leoshkevich
2024-03-18 13:59 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ndf5znadjpm4mcscns66bhcgvvykmcou3kjkqy54fcvgtvu7th@vpaomrytk4af \
--to=iii@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=changbin.du@huawei.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox