From: Will Deacon <will.deacon@arm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: mark.rutland@arm.com, peterz@infradead.org, mingo@redhat.com,
hpa@zytor.com, aryabinin@virtuozzo.com,
kasan-dev@googlegroups.com, x86@kernel.org,
linux-kernel@vger.kernel.org, tglx@linutronix.de
Subject: Re: [PATCH v6 0/4] x86, kasan: add KASAN checks to atomic operations
Date: Tue, 30 Jan 2018 15:36:10 +0000 [thread overview]
Message-ID: <20180130153609.GA10917@arm.com> (raw)
In-Reply-To: <cover.1517246437.git.dvyukov@google.com>
Hi Dmitry,
On Mon, Jan 29, 2018 at 06:26:03PM +0100, Dmitry Vyukov wrote:
> KASAN uses compiler instrumentation to intercept all memory accesses.
> But it does not see memory accesses done in assembly code.
> One notable user of assembly code is atomic operations. Frequently,
> for example, an atomic reference decrement is the last access to an
> object and a good candidate for a racy use-after-free.
>
> Atomic operations are defined in arch files, but KASAN instrumentation
> is required for several archs that support KASAN. Later we will need
> similar hooks for KMSAN (uninit use detector) and KTSAN (data race
> detector).
>
> This change introduces wrappers around atomic operations that can be
> used to add KASAN/KMSAN/KTSAN instrumentation across several archs,
> and adds KASAN checks to them.
>
> This patch uses the wrappers only for x86 arch. Arm64 will be switched
> later. And we also plan to instrument bitops in a similar way.
One way you could reduce the intrusivness for each architecture would be
to leave the existing macro names as-is, and redefine them in the
asm-generic header. It's certainly ugly, but it makes the porting work
a lot smaller. Apologies if you've considered this approach before, but
I figured it was worth mentioning just in case.
e.g. for atomic[64]_read, your asm-generic header looks like:
#ifndef _LINUX_ATOMIC_INSTRUMENTED_H
#define _LINUX_ATOMIC_INSTRUMENTED_H
#include <linux/build_bug.h>
#include <linux/kasan-checks.h>
static __always_inline int __atomic_read_instrumented(const atomic_t *v)
{
kasan_check_read(v, sizeof(*v));
return atomic_read(v);
}
static __always_inline s64 __atomic64_read_instrumented(const atomic64_t *v)
{
kasan_check_read(v, sizeof(*v));
return atomic64_read(v);
}
#undef atomic_read
#undef atomic64_read
#define atomic_read __atomic_read_instrumented
#define atomic64_read __atomic64_read_instrumented
#endif /* _LINUX_ATOMIC_INSTRUMENTED_H */
and the arch code just includes that in asm/atomic.h once it's done with
its definitions.
What do you think? Too stinky?
Will
next prev parent reply other threads:[~2018-01-30 15:36 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-29 17:26 [PATCH v6 0/4] x86, kasan: add KASAN checks to atomic operations Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 1/4] locking/atomic: Add asm-generic/atomic-instrumented.h Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 2/4] x86: switch atomic.h to use atomic-instrumented.h Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-03-12 12:24 ` [tip:locking/core] locking/atomic/x86: Switch " tip-bot for Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 3/4] asm-generic: add KASAN instrumentation to atomic operations Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-03-12 12:24 ` [tip:locking/core] locking/atomic, asm-generic: Add " tip-bot for Dmitry Vyukov
2018-01-29 17:26 ` [PATCH v6 4/4] asm-generic, x86: add comments for atomic instrumentation Dmitry Vyukov
2018-01-29 17:26 ` Dmitry Vyukov
2018-03-12 12:25 ` [tip:locking/core] locking/atomic, asm-generic, x86: Add " tip-bot for Dmitry Vyukov
2018-01-30 9:23 ` [PATCH v6 0/4] x86, kasan: add KASAN checks to atomic operations Dmitry Vyukov
2018-01-30 9:27 ` Dmitry Vyukov
2018-01-30 15:36 ` Will Deacon [this message]
2018-01-31 7:28 ` Ingo Molnar
2018-01-31 8:53 ` Dmitry Vyukov
2018-01-31 16:17 ` Will Deacon
2018-02-07 14:17 ` Dmitry Vyukov
2018-02-20 10:40 ` Dmitry Vyukov
2018-02-26 12:52 ` Dmitry Vyukov
-- strict thread matches above, loose matches on Subject: below --
2017-06-17 9:15 [PATCH v4 0/7] " Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 1/7] x86: un-macro-ify atomic ops implementation Dmitry Vyukov
2017-06-22 11:04 ` [tip:locking/core] locking/atomic/x86: Un-macro-ify " tip-bot for Dmitry Vyukov
2017-07-25 13:54 ` tip-bot for Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 2/7] x86: use s64* for old arg of atomic64_try_cmpxchg() Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-22 11:04 ` [tip:locking/core] locking/atomic/x86: Use 's64 *' for 'old' argument " tip-bot for Dmitry Vyukov
2017-07-25 13:55 ` tip-bot for Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 3/7] asm-generic: add atomic-instrumented.h Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:50 ` Mark Rutland
2017-06-19 10:50 ` Mark Rutland
2017-06-22 11:05 ` [tip:locking/core] locking/atomic: Add asm-generic/atomic-instrumented.h tip-bot for Dmitry Vyukov
2018-03-12 12:23 ` [tip:locking/core] locking/atomic, asm-generic: " tip-bot for Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 4/7] x86: switch atomic.h to use atomic-instrumented.h Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 5/7] kasan: allow kasan_check_read/write() to accept pointers to volatiles Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:50 ` Mark Rutland
2017-06-19 10:50 ` Mark Rutland
2017-06-19 13:11 ` Dmitry Vyukov
2017-06-19 13:11 ` Dmitry Vyukov
2017-06-22 8:25 ` Ingo Molnar
2017-06-22 8:25 ` Ingo Molnar
2017-06-22 14:15 ` Dmitry Vyukov
2017-06-22 14:15 ` Dmitry Vyukov
2017-06-17 9:15 ` [PATCH v4 6/7] asm-generic: add KASAN instrumentation to atomic operations Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:51 ` Mark Rutland
2017-06-19 10:51 ` Mark Rutland
2017-06-17 9:15 ` [PATCH v4 7/7] asm-generic, x86: add comments for atomic instrumentation Dmitry Vyukov
2017-06-17 9:15 ` Dmitry Vyukov
2017-06-19 10:54 ` Mark Rutland
2017-06-19 10:54 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180130153609.GA10917@arm.com \
--to=will.deacon@arm.com \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=hpa@zytor.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.