Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chen Gang <chengang@emindsoft.com.cn>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Alexander Potapenko <glider@google.com>,
	kasan-dev <kasan-dev@googlegroups.com>,
	LKML <linux-kernel@vger.kernel.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	Chen Gang <gang.chen.5i5j@gmail.com>
Subject: Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()
Date: Mon, 02 May 2016 20:27:46 +0800	[thread overview]
Message-ID: <572747C2.5040009@emindsoft.com.cn> (raw)
In-Reply-To: <CACT4Y+Yrq4mt6c8wQKU7WcTnN7k28T3hM1V6_DWF-NpmuMH7Gw@mail.gmail.com>

On 5/2/16 19:21, Dmitry Vyukov wrote:
> On Mon, May 2, 2016 at 1:11 PM, Chen Gang <chengang@emindsoft.com.cn> wrote:
>> On 5/2/16 16:26, Dmitry Vyukov wrote:
>>> If you want to improve kasan_depth handling, then please fix the
>>> comments and make disable increment and enable decrement (potentially
>>> with WARNING on overflow/underflow). It's better to produce a WARNING
>>> rather than silently ignore the error. We've ate enough unmatched
>>> annotations in user space (e.g. enable is skipped on an error path).
>>> These unmatched annotations are hard to notice (they suppress
>>> reports). So in user space we bark loudly on overflows/underflows and
>>> also check that a thread does not exit with enabled suppressions.
>>>
>>
>> For me, when WARNING on something, it will dummy the related feature
>> which should be used (may let user's hope fail), but should not get the
>> negative result (hurt user's original work). So in our case:
>>
>>  - When caller calls kasan_report_enabled(), kasan_depth-- to 0,
>>
>>  - When a caller calls kasan_report_enabled() again, the caller will get
>>    a warning, and notice about this calling is failed, but it is still
>>    in enable state, should not change to disable state automatically.
>>
>>  - If we report an warning, but still kasan_depth--, it will let things
>>    much complex.
>>
>> And for me, another improvements can be done:
>>
>>  - signed int kasan_depth may be a little better. When kasan_depth > 0,
>>    it is in disable state, else in enable state. It will be much harder
>>    to generate overflow than unsigned int kasan_depth.
>>
>>  - Let kasan_[en|dis]able_current() return Boolean value to notify the
>>    caller whether the calling succeeds or fails.
> 
> Signed counter looks good to me.

Oh, sorry, it seems a little mess (originally, I need let the 2 patches
in one patch set).

If what Alexander's idea is OK (if I did not misunderstand), I guess,
unsigned counter is still necessary.

> We can both issue a WARNING and prevent the actual overflow/underflow.
> But I don't think that there is any sane way to handle the bug (other
> than just fixing the unmatched disable/enable). If we ignore an
> excessive disable, then we can end up with ignores enabled
> permanently. If we ignore an excessive enable, then we can end up with
> ignores enabled when they should not be enabled. The main point here
> is to bark loudly, so that the unmatched annotations are noticed and
> fixed.
> 

How about BUG_ON()?


Thanks.
-- 
Chen Gang (e??a??)

Managing Natural Environments is the Duty of Human Beings.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

WARNING: multiple messages have this Message-ID (diff)

From: Chen Gang <chengang@emindsoft.com.cn>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Alexander Potapenko <glider@google.com>,
	kasan-dev <kasan-dev@googlegroups.com>,
	LKML <linux-kernel@vger.kernel.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	Chen Gang <gang.chen.5i5j@gmail.com>
Subject: Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()
Date: Mon, 02 May 2016 20:27:46 +0800	[thread overview]
Message-ID: <572747C2.5040009@emindsoft.com.cn> (raw)
In-Reply-To: <CACT4Y+Yrq4mt6c8wQKU7WcTnN7k28T3hM1V6_DWF-NpmuMH7Gw@mail.gmail.com>

On 5/2/16 19:21, Dmitry Vyukov wrote:
> On Mon, May 2, 2016 at 1:11 PM, Chen Gang <chengang@emindsoft.com.cn> wrote:
>> On 5/2/16 16:26, Dmitry Vyukov wrote:
>>> If you want to improve kasan_depth handling, then please fix the
>>> comments and make disable increment and enable decrement (potentially
>>> with WARNING on overflow/underflow). It's better to produce a WARNING
>>> rather than silently ignore the error. We've ate enough unmatched
>>> annotations in user space (e.g. enable is skipped on an error path).
>>> These unmatched annotations are hard to notice (they suppress
>>> reports). So in user space we bark loudly on overflows/underflows and
>>> also check that a thread does not exit with enabled suppressions.
>>>
>>
>> For me, when WARNING on something, it will dummy the related feature
>> which should be used (may let user's hope fail), but should not get the
>> negative result (hurt user's original work). So in our case:
>>
>>  - When caller calls kasan_report_enabled(), kasan_depth-- to 0,
>>
>>  - When a caller calls kasan_report_enabled() again, the caller will get
>>    a warning, and notice about this calling is failed, but it is still
>>    in enable state, should not change to disable state automatically.
>>
>>  - If we report an warning, but still kasan_depth--, it will let things
>>    much complex.
>>
>> And for me, another improvements can be done:
>>
>>  - signed int kasan_depth may be a little better. When kasan_depth > 0,
>>    it is in disable state, else in enable state. It will be much harder
>>    to generate overflow than unsigned int kasan_depth.
>>
>>  - Let kasan_[en|dis]able_current() return Boolean value to notify the
>>    caller whether the calling succeeds or fails.
> 
> Signed counter looks good to me.

Oh, sorry, it seems a little mess (originally, I need let the 2 patches
in one patch set).

If what Alexander's idea is OK (if I did not misunderstand), I guess,
unsigned counter is still necessary.

> We can both issue a WARNING and prevent the actual overflow/underflow.
> But I don't think that there is any sane way to handle the bug (other
> than just fixing the unmatched disable/enable). If we ignore an
> excessive disable, then we can end up with ignores enabled
> permanently. If we ignore an excessive enable, then we can end up with
> ignores enabled when they should not be enabled. The main point here
> is to bark loudly, so that the unmatched annotations are noticed and
> fixed.
> 

How about BUG_ON()?


Thanks.
-- 
Chen Gang (陈刚)

Managing Natural Environments is the Duty of Human Beings.

next prev parent reply	other threads:[~2016-05-02 12:22 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-02  5:36 [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled() chengang
2016-05-02  5:36 ` chengang
2016-05-02  8:26 ` Dmitry Vyukov
2016-05-02  8:26   ` Dmitry Vyukov
2016-05-02 11:11   ` Chen Gang
2016-05-02 11:11     ` Chen Gang
2016-05-02 11:21     ` Dmitry Vyukov
2016-05-02 11:21       ` Dmitry Vyukov
2016-05-02 12:27       ` Chen Gang [this message]
2016-05-02 12:27         ` Chen Gang
2016-05-02 12:42         ` Alexander Potapenko
2016-05-02 12:42           ` Alexander Potapenko
2016-05-02 13:51           ` Chen Gang
2016-05-02 13:51             ` Chen Gang
2016-05-02 14:23             ` Alexander Potapenko
2016-05-02 14:23               ` Alexander Potapenko
2016-05-02 15:13               ` Chen Gang
2016-05-02 15:13                 ` Chen Gang
2016-05-02 15:35                 ` Alexander Potapenko
2016-05-02 15:35                   ` Alexander Potapenko
2016-05-02 16:23                   ` Chen Gang
2016-05-02 16:23                     ` Chen Gang
2016-05-02 16:38                     ` Chen Gang
2016-05-02 16:38                       ` Chen Gang
2016-05-14  3:30                       ` Chen Gang
2016-05-14  3:30                         ` Chen Gang
2016-05-14 10:34                         ` Alexander Potapenko
2016-05-02 11:34 ` Alexander Potapenko
2016-05-02 11:34   ` Alexander Potapenko
2016-05-02 12:09   ` Chen Gang
2016-05-02 12:09     ` Chen Gang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=572747C2.5040009@emindsoft.com.cn \
    --to=chengang@emindsoft.com.cn \
    --cc=akpm@linux-foundation.org \
    --cc=aryabinin@virtuozzo.com \
    --cc=dvyukov@google.com \
    --cc=gang.chen.5i5j@gmail.com \
    --cc=glider@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.