From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Alexander Gordeev <agordeev@linux.ibm.com>,
Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Christoph Lameter <cl@linux.com>,
David Rientjes <rientjes@google.com>,
Heiko Carstens <hca@linux.ibm.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Marco Elver <elver@google.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Pekka Enberg <penberg@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Vasily Gorbik <gor@linux.ibm.com>,
Vlastimil Babka <vbabka@suse.cz>
Cc: Christian Borntraeger <borntraeger@linux.ibm.com>,
Dmitry Vyukov <dvyukov@google.com>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-s390@vger.kernel.org,
linux-trace-kernel@vger.kernel.org,
Mark Rutland <mark.rutland@arm.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Sven Schnelle <svens@linux.ibm.com>,
Ilya Leoshkevich <iii@linux.ibm.com>
Subject: [PATCH v5 11/37] kmsan: Allow disabling KMSAN checks for the current task
Date: Wed, 19 Jun 2024 17:43:46 +0200 [thread overview]
Message-ID: <20240619154530.163232-12-iii@linux.ibm.com> (raw)
In-Reply-To: <20240619154530.163232-1-iii@linux.ibm.com>
Like for KASAN, it's useful to temporarily disable KMSAN checks around,
e.g., redzone accesses. Introduce kmsan_disable_current() and
kmsan_enable_current(), which are similar to their KASAN counterparts.
Make them reentrant in order to handle memory allocations in interrupt
context. Repurpose the allow_reporting field for this.
Reviewed-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
Documentation/dev-tools/kmsan.rst | 11 +++++++++--
include/linux/kmsan.h | 24 ++++++++++++++++++++++++
include/linux/kmsan_types.h | 2 +-
mm/kmsan/core.c | 1 -
mm/kmsan/hooks.c | 18 +++++++++++++++---
mm/kmsan/report.c | 7 ++++---
tools/objtool/check.c | 2 ++
7 files changed, 55 insertions(+), 10 deletions(-)
diff --git a/Documentation/dev-tools/kmsan.rst b/Documentation/dev-tools/kmsan.rst
index 323eedad53cd..6a48d96c5c85 100644
--- a/Documentation/dev-tools/kmsan.rst
+++ b/Documentation/dev-tools/kmsan.rst
@@ -110,6 +110,13 @@ in the Makefile. Think of this as applying ``__no_sanitize_memory`` to every
function in the file or directory. Most users won't need KMSAN_SANITIZE, unless
their code gets broken by KMSAN (e.g. runs at early boot time).
+KMSAN checks can also be temporarily disabled for the current task using
+``kmsan_disable_current()`` and ``kmsan_enable_current()`` calls. Each
+``kmsan_enable_current()`` call must be preceded by a
+``kmsan_disable_current()`` call; these call pairs may be nested. One needs to
+be careful with these calls, keeping the regions short and preferring other
+ways to disable instrumentation, where possible.
+
Support
=======
@@ -338,11 +345,11 @@ Per-task KMSAN state
~~~~~~~~~~~~~~~~~~~~
Every task_struct has an associated KMSAN task state that holds the KMSAN
-context (see above) and a per-task flag disallowing KMSAN reports::
+context (see above) and a per-task counter disallowing KMSAN reports::
struct kmsan_context {
...
- bool allow_reporting;
+ unsigned int depth;
struct kmsan_context_state cstate;
...
}
diff --git a/include/linux/kmsan.h b/include/linux/kmsan.h
index fe6c2212bdb1..23de1b3d6aee 100644
--- a/include/linux/kmsan.h
+++ b/include/linux/kmsan.h
@@ -239,6 +239,22 @@ void kmsan_unpoison_entry_regs(const struct pt_regs *regs);
*/
void *kmsan_get_metadata(void *addr, bool is_origin);
+/*
+ * kmsan_enable_current(): Enable KMSAN for the current task.
+ *
+ * Each kmsan_enable_current() current call must be preceded by a
+ * kmsan_disable_current() call. These call pairs may be nested.
+ */
+void kmsan_enable_current(void);
+
+/*
+ * kmsan_disable_current(): Disable KMSAN for the current task.
+ *
+ * Each kmsan_disable_current() current call must be followed by a
+ * kmsan_enable_current() call. These call pairs may be nested.
+ */
+void kmsan_disable_current(void);
+
#else
static inline void kmsan_init_shadow(void)
@@ -338,6 +354,14 @@ static inline void kmsan_unpoison_entry_regs(const struct pt_regs *regs)
{
}
+static inline void kmsan_enable_current(void)
+{
+}
+
+static inline void kmsan_disable_current(void)
+{
+}
+
#endif
#endif /* _LINUX_KMSAN_H */
diff --git a/include/linux/kmsan_types.h b/include/linux/kmsan_types.h
index 929287981afe..dfc59918b3c0 100644
--- a/include/linux/kmsan_types.h
+++ b/include/linux/kmsan_types.h
@@ -31,7 +31,7 @@ struct kmsan_context_state {
struct kmsan_ctx {
struct kmsan_context_state cstate;
int kmsan_in_runtime;
- bool allow_reporting;
+ unsigned int depth;
};
#endif /* _LINUX_KMSAN_TYPES_H */
diff --git a/mm/kmsan/core.c b/mm/kmsan/core.c
index 95f859e38c53..81b22220711a 100644
--- a/mm/kmsan/core.c
+++ b/mm/kmsan/core.c
@@ -43,7 +43,6 @@ void kmsan_internal_task_create(struct task_struct *task)
struct thread_info *info = current_thread_info();
__memset(ctx, 0, sizeof(*ctx));
- ctx->allow_reporting = true;
kmsan_internal_unpoison_memory(info, sizeof(*info), false);
}
diff --git a/mm/kmsan/hooks.c b/mm/kmsan/hooks.c
index b408714f9ba3..267d0afa2e8b 100644
--- a/mm/kmsan/hooks.c
+++ b/mm/kmsan/hooks.c
@@ -39,12 +39,10 @@ void kmsan_task_create(struct task_struct *task)
void kmsan_task_exit(struct task_struct *task)
{
- struct kmsan_ctx *ctx = &task->kmsan_ctx;
-
if (!kmsan_enabled || kmsan_in_runtime())
return;
- ctx->allow_reporting = false;
+ kmsan_disable_current();
}
void kmsan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags)
@@ -424,3 +422,17 @@ void kmsan_check_memory(const void *addr, size_t size)
REASON_ANY);
}
EXPORT_SYMBOL(kmsan_check_memory);
+
+void kmsan_enable_current(void)
+{
+ KMSAN_WARN_ON(current->kmsan_ctx.depth == 0);
+ current->kmsan_ctx.depth--;
+}
+EXPORT_SYMBOL(kmsan_enable_current);
+
+void kmsan_disable_current(void)
+{
+ current->kmsan_ctx.depth++;
+ KMSAN_WARN_ON(current->kmsan_ctx.depth == 0);
+}
+EXPORT_SYMBOL(kmsan_disable_current);
diff --git a/mm/kmsan/report.c b/mm/kmsan/report.c
index c79d3b0d2d0d..92e73ec61435 100644
--- a/mm/kmsan/report.c
+++ b/mm/kmsan/report.c
@@ -8,6 +8,7 @@
*/
#include <linux/console.h>
+#include <linux/kmsan.h>
#include <linux/moduleparam.h>
#include <linux/stackdepot.h>
#include <linux/stacktrace.h>
@@ -158,12 +159,12 @@ void kmsan_report(depot_stack_handle_t origin, void *address, int size,
if (!kmsan_enabled)
return;
- if (!current->kmsan_ctx.allow_reporting)
+ if (current->kmsan_ctx.depth)
return;
if (!origin)
return;
- current->kmsan_ctx.allow_reporting = false;
+ kmsan_disable_current();
ua_flags = user_access_save();
raw_spin_lock(&kmsan_report_lock);
pr_err("=====================================================\n");
@@ -216,5 +217,5 @@ void kmsan_report(depot_stack_handle_t origin, void *address, int size,
if (panic_on_kmsan)
panic("kmsan.panic set ...\n");
user_access_restore(ua_flags);
- current->kmsan_ctx.allow_reporting = true;
+ kmsan_enable_current();
}
diff --git a/tools/objtool/check.c b/tools/objtool/check.c
index 0a33d9195b7a..01237d167223 100644
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -1202,6 +1202,8 @@ static const char *uaccess_safe_builtin[] = {
"__sanitizer_cov_trace_switch",
/* KMSAN */
"kmsan_copy_to_user",
+ "kmsan_disable_current",
+ "kmsan_enable_current",
"kmsan_report",
"kmsan_unpoison_entry_regs",
"kmsan_unpoison_memory",
--
2.45.1
next prev parent reply other threads:[~2024-06-19 15:46 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-19 15:43 [PATCH v5 00/37] kmsan: Enable on s390 Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 01/37] ftrace: Unpoison ftrace_regs in ftrace_ops_list_func() Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 02/37] kmsan: Make the tests compatible with kmsan.panic=1 Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 03/37] kmsan: Disable KMSAN when DEFERRED_STRUCT_PAGE_INIT is enabled Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 04/37] kmsan: Increase the maximum store size to 4096 Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 05/37] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 06/37] kmsan: Fix kmsan_copy_to_user() " Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 07/37] kmsan: Remove a useless assignment from kmsan_vmap_pages_range_noflush() Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 08/37] kmsan: Remove an x86-specific #include from kmsan.h Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 09/37] kmsan: Expose kmsan_get_metadata() Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 10/37] kmsan: Export panic_on_kmsan Ilya Leoshkevich
2024-06-19 15:43 ` Ilya Leoshkevich [this message]
2024-06-19 15:43 ` [PATCH v5 12/37] kmsan: Introduce memset_no_sanitize_memory() Ilya Leoshkevich
2024-06-20 8:14 ` Alexander Potapenko
2024-06-19 15:43 ` [PATCH v5 13/37] kmsan: Support SLAB_POISON Ilya Leoshkevich
2024-06-20 14:58 ` Alexander Potapenko
2024-06-19 15:43 ` [PATCH v5 14/37] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata() Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 15/37] kmsan: Do not round up pg_data_t size Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 16/37] mm: slub: Let KMSAN access metadata Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 17/37] mm: slub: Disable KMSAN when checking the padding bytes Ilya Leoshkevich
2024-06-20 9:00 ` Alexander Potapenko
2024-06-19 15:43 ` [PATCH v5 18/37] mm: kfence: Disable KMSAN when checking the canary Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 19/37] lib/zlib: Unpoison DFLTCC output buffers Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 20/37] kmsan: Accept ranges starting with 0 on s390 Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 21/37] s390/boot: Turn off KMSAN Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 22/37] s390: Use a larger stack for KMSAN Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 23/37] s390/boot: Add the KMSAN runtime stub Ilya Leoshkevich
2024-06-19 15:43 ` [PATCH v5 24/37] s390/checksum: Add a KMSAN check Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 25/37] s390/cpacf: Unpoison the results of cpacf_trng() Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 26/37] s390/cpumf: Unpoison STCCTM output buffer Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 27/37] s390/diag: Unpoison diag224() " Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 28/37] s390/ftrace: Unpoison ftrace_regs in kprobe_ftrace_handler() Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 29/37] s390/irqflags: Do not instrument arch_local_irq_*() with KMSAN Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 30/37] s390/mm: Define KMSAN metadata for vmalloc and modules Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 31/37] s390/string: Add KMSAN support Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 32/37] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user() Ilya Leoshkevich
2024-06-20 8:36 ` Alexander Potapenko
2024-06-20 11:19 ` Ilya Leoshkevich
2024-06-20 11:46 ` Alexander Potapenko
2024-06-20 17:05 ` Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 34/37] s390/uaccess: Add the missing linux/instrumented.h #include Ilya Leoshkevich
2024-06-20 8:15 ` Alexander Potapenko
2024-06-19 15:44 ` [PATCH v5 35/37] s390/unwind: Disable KMSAN checks Ilya Leoshkevich
2024-06-19 15:44 ` [PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions Ilya Leoshkevich
2024-06-20 9:25 ` Alexander Gordeev
2024-06-20 13:38 ` Ilya Leoshkevich
2024-06-20 14:18 ` Alexander Potapenko
2024-06-20 14:19 ` Alexander Potapenko
2024-06-20 13:59 ` Alexander Gordeev
2024-06-19 15:44 ` [PATCH v5 37/37] kmsan: Enable on s390 Ilya Leoshkevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240619154530.163232-12-iii@linux.ibm.com \
--to=iii@linux.ibm.com \
--cc=42.hyeyoo@gmail.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=borntraeger@linux.ibm.com \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mhiramat@kernel.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=rostedt@goodmis.org \
--cc=svens@linux.ibm.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.