From: Mark Rutland <mark.rutland@arm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Alexander Popov <alex.popov@linux.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Quentin Casasnovas <quentin.casasnovas@oracle.com>,
andreyknvl <andreyknvl@google.com>,
Kees Cook <keescook@chromium.org>,
Vegard Nossum <vegard.nossum@oracle.com>,
syzkaller <syzkaller@googlegroups.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 1/3] kcov: support comparison operands collection
Date: Mon, 9 Oct 2017 19:37:34 +0100 [thread overview]
Message-ID: <20171009183734.GA7784@leverpostej> (raw)
In-Reply-To: <CACT4Y+Y_79MQVHg--92AJFk3_9XoLgaM2zF3zK5ErfnH-zNcPw@mail.gmail.com>
On Mon, Oct 09, 2017 at 08:15:10PM +0200, 'Dmitry Vyukov' via syzkaller wrote:
> On Mon, Oct 9, 2017 at 5:46 PM, Mark Rutland <mark.rutland@arm.com> wrote:
> > On Mon, Oct 09, 2017 at 05:05:19PM +0200, Alexander Potapenko wrote:
> > ... I note that a few places in the kernel use a 128-bit type. Are
> > 128-bit comparisons not instrumented?
>
> Yes, they are not instrumented.
> How many are there? Can you give some examples?
>From a quick scan, it doesn't looks like there are currently any
comparisons.
It's used as a data type in a few places under arm64:
arch/arm64/include/asm/checksum.h: __uint128_t tmp;
arch/arm64/include/asm/checksum.h: tmp = *(const __uint128_t *)iph;
arch/arm64/include/asm/fpsimd.h: __uint128_t vregs[32];
arch/arm64/include/uapi/asm/ptrace.h: __uint128_t vregs[32];
arch/arm64/include/uapi/asm/sigcontext.h: __uint128_t vregs[32];
arch/arm64/kernel/signal32.c: __uint128_t raw;
arch/arm64/kvm/guest.c: __uint128_t tmp;
[...]
> >> + area = t->kcov_area;
> >> + /* The first 64-bit word is the number of subsequent PCs. */
> >> + pos = READ_ONCE(area[0]) + 1;
> >> + if (likely(pos < t->kcov_size)) {
> >> + area[pos] = ip;
> >> + WRITE_ONCE(area[0], pos);
> >
> > Not a new problem, but if the area for one thread is mmap'd, and read by
> > another thread, these two writes could be seen out-of-order, since we
> > don't have an smp_wmb() between them.
> >
> > I guess Syzkaller doesn't read the mmap'd kcov file from another thread?
>
>
> Yes, that's the intention. If you read coverage from another thread,
> you can't know coverage from what exactly you read. So the usage
> pattern is:
>
> reset coverage;
> do something;
> read coverage;
Ok. I guess without a use-case for reading this from another thread it doesn't
really matter.
Thanks,
Mark.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Alexander Popov <alex.popov@linux.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Quentin Casasnovas <quentin.casasnovas@oracle.com>,
andreyknvl <andreyknvl@google.com>,
Kees Cook <keescook@chromium.org>,
Vegard Nossum <vegard.nossum@oracle.com>,
syzkaller <syzkaller@googlegroups.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 1/3] kcov: support comparison operands collection
Date: Mon, 9 Oct 2017 19:37:34 +0100 [thread overview]
Message-ID: <20171009183734.GA7784@leverpostej> (raw)
In-Reply-To: <CACT4Y+Y_79MQVHg--92AJFk3_9XoLgaM2zF3zK5ErfnH-zNcPw@mail.gmail.com>
On Mon, Oct 09, 2017 at 08:15:10PM +0200, 'Dmitry Vyukov' via syzkaller wrote:
> On Mon, Oct 9, 2017 at 5:46 PM, Mark Rutland <mark.rutland@arm.com> wrote:
> > On Mon, Oct 09, 2017 at 05:05:19PM +0200, Alexander Potapenko wrote:
> > ... I note that a few places in the kernel use a 128-bit type. Are
> > 128-bit comparisons not instrumented?
>
> Yes, they are not instrumented.
> How many are there? Can you give some examples?
>From a quick scan, it doesn't looks like there are currently any
comparisons.
It's used as a data type in a few places under arm64:
arch/arm64/include/asm/checksum.h: __uint128_t tmp;
arch/arm64/include/asm/checksum.h: tmp = *(const __uint128_t *)iph;
arch/arm64/include/asm/fpsimd.h: __uint128_t vregs[32];
arch/arm64/include/uapi/asm/ptrace.h: __uint128_t vregs[32];
arch/arm64/include/uapi/asm/sigcontext.h: __uint128_t vregs[32];
arch/arm64/kernel/signal32.c: __uint128_t raw;
arch/arm64/kvm/guest.c: __uint128_t tmp;
[...]
> >> + area = t->kcov_area;
> >> + /* The first 64-bit word is the number of subsequent PCs. */
> >> + pos = READ_ONCE(area[0]) + 1;
> >> + if (likely(pos < t->kcov_size)) {
> >> + area[pos] = ip;
> >> + WRITE_ONCE(area[0], pos);
> >
> > Not a new problem, but if the area for one thread is mmap'd, and read by
> > another thread, these two writes could be seen out-of-order, since we
> > don't have an smp_wmb() between them.
> >
> > I guess Syzkaller doesn't read the mmap'd kcov file from another thread?
>
>
> Yes, that's the intention. If you read coverage from another thread,
> you can't know coverage from what exactly you read. So the usage
> pattern is:
>
> reset coverage;
> do something;
> read coverage;
Ok. I guess without a use-case for reading this from another thread it doesn't
really matter.
Thanks,
Mark.
next prev parent reply other threads:[~2017-10-09 18:39 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-09 15:05 [PATCH v2 1/3] kcov: support comparison operands collection Alexander Potapenko
2017-10-09 15:05 ` Alexander Potapenko
2017-10-09 15:05 ` [PATCH v2 2/3] Makefile: support flag -fsanitizer-coverage=trace-cmp Alexander Potapenko
2017-10-09 15:05 ` Alexander Potapenko
2017-10-09 15:53 ` Andrey Ryabinin
2017-10-09 15:53 ` Andrey Ryabinin
2017-10-10 15:28 ` Alexander Potapenko
2017-10-10 15:28 ` Alexander Potapenko
2017-10-10 21:53 ` kbuild test robot
2017-10-09 15:05 ` [PATCH v2 3/3] kcov: update documentation Alexander Potapenko
2017-10-09 15:05 ` Alexander Potapenko
2017-10-09 15:46 ` [PATCH v2 1/3] kcov: support comparison operands collection Mark Rutland
2017-10-09 15:46 ` Mark Rutland
2017-10-09 18:15 ` Dmitry Vyukov
2017-10-09 18:15 ` Dmitry Vyukov
2017-10-09 18:37 ` Mark Rutland [this message]
2017-10-09 18:37 ` Mark Rutland
2017-10-09 18:46 ` Dmitry Vyukov
2017-10-09 18:46 ` Dmitry Vyukov
2017-10-10 9:56 ` Mark Rutland
2017-10-10 9:56 ` Mark Rutland
2017-10-10 15:28 ` Alexander Potapenko
2017-10-10 15:28 ` Alexander Potapenko
2017-10-10 15:34 ` Dmitry Vyukov
2017-10-10 15:34 ` Dmitry Vyukov
2017-10-11 9:56 ` Alexander Potapenko
2017-10-11 9:56 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171009183734.GA7784@leverpostej \
--to=mark.rutland@arm.com \
--cc=akpm@linux-foundation.org \
--cc=alex.popov@linux.com \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=quentin.casasnovas@oracle.com \
--cc=syzkaller@googlegroups.com \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.