From: Peter Zijlstra <peterz@infradead.org>
To: Nick Desaulniers <ndesaulniers@google.com>
Cc: jpoimboe@redhat.com,
Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
Wolfram Sang <wsa@the-dreams.de>,
Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>,
Raphael Gault <raphael.gault@arm.com>,
linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com
Subject: Re: [PATCH] objtool: Documentation: document UACCESS warnings
Date: Tue, 24 Mar 2020 13:52:32 +0100 [thread overview]
Message-ID: <20200324125232.GP20696@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <20200324001321.39562-1-ndesaulniers@google.com>
On Mon, Mar 23, 2020 at 05:13:20PM -0700, Nick Desaulniers wrote:
> Compiling with Clang and CONFIG_KASAN=y was exposing a few warnings:
> call to memset() with UACCESS enabled
>
> Document how to fix these for future travelers.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/876
> Suggested-by: Peter Zijlstra <peterz@infradead.org>
> Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
> ---
> .../Documentation/stack-validation.txt | 20 +++++++++++++++++++
> 1 file changed, 20 insertions(+)
>
> diff --git a/tools/objtool/Documentation/stack-validation.txt b/tools/objtool/Documentation/stack-validation.txt
> index de094670050b..156fee13ba02 100644
> --- a/tools/objtool/Documentation/stack-validation.txt
> +++ b/tools/objtool/Documentation/stack-validation.txt
> @@ -289,6 +289,26 @@ they mean, and suggestions for how to fix them.
> might be corrupt due to a gcc bug. For more details, see:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70646
>
> +9. file.o: warning: objtool: funcA() call to funcB() with UACCESS enabled
> +
> + This means that an unexpected call to a non-whitelisted function exists
> + outside of arch-specific guards.
> + X86: SMAP (stac/clac): __uaccess_begin()/__uaccess_end()
> + ARM: PAN: uaccess_enable()/uaccess_enable()
> +
> + These functions should called to denote a minimal critical section around
> + access to __user variables. See also: https://lwn.net/Articles/517475/
> +
> + The intention of the warning is to prevent calls to funcB() from eventually
> + calling schedule(), potentially leaking the AC flags state, and not
> + restoring them correctly.
> +
> + To fix, either:
> + 1) add the correct guards before and after calls to low level functions like
> + __get_user_size()/__put_user_size().
> + 2) add funcB to uaccess_safe_builtin whitelist in tools/objtool/check.c, if
> + funcB obviously does not call schedule().
There's sadly nothing obvious about 2); __fentry__ is enough to end up
in schedule() through preempt_enable().
So any function that has function tracing on (mostly everything) is
already disqualified.
next prev parent reply other threads:[~2020-03-24 12:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200323212538.GN2452@worktop.programming.kicks-ass.net>
2020-03-24 0:13 ` [PATCH] objtool: Documentation: document UACCESS warnings Nick Desaulniers
2020-03-24 1:12 ` Randy Dunlap
2020-03-24 8:41 ` Kamalesh Babulal
2020-03-24 12:52 ` Peter Zijlstra [this message]
2020-03-26 13:47 ` Matt Helsley
2020-03-26 18:37 ` [PATCH v2] " Nick Desaulniers
2020-04-03 16:20 ` Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200324125232.GP20696@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=clang-built-linux@googlegroups.com \
--cc=corbet@lwn.net \
--cc=jpoimboe@redhat.com \
--cc=kamalesh@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab+samsung@kernel.org \
--cc=ndesaulniers@google.com \
--cc=raphael.gault@arm.com \
--cc=wsa@the-dreams.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.