Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chen Gang <chengang@emindsoft.com.cn>
To: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	kasan-dev <kasan-dev@googlegroups.com>,
	LKML <linux-kernel@vger.kernel.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	Chen Gang <gang.chen.5i5j@gmail.com>
Subject: Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()
Date: Mon, 02 May 2016 21:51:45 +0800	[thread overview]
Message-ID: <57275B71.8000907@emindsoft.com.cn> (raw)
In-Reply-To: <CAG_fn=VGJAGb71HU4rC9MNboqPqPs4EPgcWBfaiBpcgNQ2qFqA@mail.gmail.com>

On 5/2/16 20:42, Alexander Potapenko wrote:
> On Mon, May 2, 2016 at 2:27 PM, Chen Gang <chengang@emindsoft.com.cn> wrote:
>> On 5/2/16 19:21, Dmitry Vyukov wrote:
>>>
>>> Signed counter looks good to me.
>>
>> Oh, sorry, it seems a little mess (originally, I need let the 2 patches
>> in one patch set).
>>
>> If what Alexander's idea is OK (if I did not misunderstand), I guess,
>> unsigned counter is still necessary.
> I don't think it's critical for us to use an unsigned counter.
> If we increment the counter in kasan_disable_current() and decrement
> it in kasan_enable_current(), as Dmitry suggested, we'll be naturally
> using only positive integers for the counter.
> If the counter drops below zero, or exceeds a certain number (say,
> 20), we can immediately issue a warning.
> 

OK, thanks.

And for "kasan_depth == 1", I guess, its meaning is related with
kasan_depth[++|--] in kasan_[en|dis]able_current():

 - If kasan_depth++ in kasan_enable_current() with preventing overflow/
   underflow, it means "we always want to disable KASAN, if CONFIG_KASAN
   is not under arm64 or x86_64".

 - If kasan_depth-- in kasan_enable_current() with preventing overflow/
   underflow, it means "we can enable KASAN if CONFIG_KASAN, but firstly
   we disable it, if it is not under arm64 or x86_64".

For me, I don't know which one is correct (or my whole 'guess' is
incorrect). Could any members provide your ideas?

>>> We can both issue a WARNING and prevent the actual overflow/underflow.
>>> But I don't think that there is any sane way to handle the bug (other
>>> than just fixing the unmatched disable/enable). If we ignore an
>>> excessive disable, then we can end up with ignores enabled
>>> permanently. If we ignore an excessive enable, then we can end up with
>>> ignores enabled when they should not be enabled. The main point here
>>> is to bark loudly, so that the unmatched annotations are noticed and
>>> fixed.
>>>
>>
>> How about BUG_ON()?
> As noted by Dmitry in an offline discussion, we shouldn't bail out as
> long as it's possible to proceed, otherwise the kernel may become very
> hard to debug.
> A mismatching annotation isn't a case in which we can't proceed with
> the execution.

OK, thanks.

I guess, we are agree with each other: "We can both issue a WARNING and
prevent the actual overflow/underflow.".

Thanks.
-- 
Chen Gang (e??a??)

Managing Natural Environments is the Duty of Human Beings.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

WARNING: multiple messages have this Message-ID (diff)

From: Chen Gang <chengang@emindsoft.com.cn>
To: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	kasan-dev <kasan-dev@googlegroups.com>,
	LKML <linux-kernel@vger.kernel.org>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	Chen Gang <gang.chen.5i5j@gmail.com>
Subject: Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()
Date: Mon, 02 May 2016 21:51:45 +0800	[thread overview]
Message-ID: <57275B71.8000907@emindsoft.com.cn> (raw)
In-Reply-To: <CAG_fn=VGJAGb71HU4rC9MNboqPqPs4EPgcWBfaiBpcgNQ2qFqA@mail.gmail.com>

On 5/2/16 20:42, Alexander Potapenko wrote:
> On Mon, May 2, 2016 at 2:27 PM, Chen Gang <chengang@emindsoft.com.cn> wrote:
>> On 5/2/16 19:21, Dmitry Vyukov wrote:
>>>
>>> Signed counter looks good to me.
>>
>> Oh, sorry, it seems a little mess (originally, I need let the 2 patches
>> in one patch set).
>>
>> If what Alexander's idea is OK (if I did not misunderstand), I guess,
>> unsigned counter is still necessary.
> I don't think it's critical for us to use an unsigned counter.
> If we increment the counter in kasan_disable_current() and decrement
> it in kasan_enable_current(), as Dmitry suggested, we'll be naturally
> using only positive integers for the counter.
> If the counter drops below zero, or exceeds a certain number (say,
> 20), we can immediately issue a warning.
> 

OK, thanks.

And for "kasan_depth == 1", I guess, its meaning is related with
kasan_depth[++|--] in kasan_[en|dis]able_current():

 - If kasan_depth++ in kasan_enable_current() with preventing overflow/
   underflow, it means "we always want to disable KASAN, if CONFIG_KASAN
   is not under arm64 or x86_64".

 - If kasan_depth-- in kasan_enable_current() with preventing overflow/
   underflow, it means "we can enable KASAN if CONFIG_KASAN, but firstly
   we disable it, if it is not under arm64 or x86_64".

For me, I don't know which one is correct (or my whole 'guess' is
incorrect). Could any members provide your ideas?

>>> We can both issue a WARNING and prevent the actual overflow/underflow.
>>> But I don't think that there is any sane way to handle the bug (other
>>> than just fixing the unmatched disable/enable). If we ignore an
>>> excessive disable, then we can end up with ignores enabled
>>> permanently. If we ignore an excessive enable, then we can end up with
>>> ignores enabled when they should not be enabled. The main point here
>>> is to bark loudly, so that the unmatched annotations are noticed and
>>> fixed.
>>>
>>
>> How about BUG_ON()?
> As noted by Dmitry in an offline discussion, we shouldn't bail out as
> long as it's possible to proceed, otherwise the kernel may become very
> hard to debug.
> A mismatching annotation isn't a case in which we can't proceed with
> the execution.

OK, thanks.

I guess, we are agree with each other: "We can both issue a WARNING and
prevent the actual overflow/underflow.".

Thanks.
-- 
Chen Gang (陈刚)

Managing Natural Environments is the Duty of Human Beings.

next prev parent reply	other threads:[~2016-05-02 13:46 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-02  5:36 [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled() chengang
2016-05-02  5:36 ` chengang
2016-05-02  8:26 ` Dmitry Vyukov
2016-05-02  8:26   ` Dmitry Vyukov
2016-05-02 11:11   ` Chen Gang
2016-05-02 11:11     ` Chen Gang
2016-05-02 11:21     ` Dmitry Vyukov
2016-05-02 11:21       ` Dmitry Vyukov
2016-05-02 12:27       ` Chen Gang
2016-05-02 12:27         ` Chen Gang
2016-05-02 12:42         ` Alexander Potapenko
2016-05-02 12:42           ` Alexander Potapenko
2016-05-02 13:51           ` Chen Gang [this message]
2016-05-02 13:51             ` Chen Gang
2016-05-02 14:23             ` Alexander Potapenko
2016-05-02 14:23               ` Alexander Potapenko
2016-05-02 15:13               ` Chen Gang
2016-05-02 15:13                 ` Chen Gang
2016-05-02 15:35                 ` Alexander Potapenko
2016-05-02 15:35                   ` Alexander Potapenko
2016-05-02 16:23                   ` Chen Gang
2016-05-02 16:23                     ` Chen Gang
2016-05-02 16:38                     ` Chen Gang
2016-05-02 16:38                       ` Chen Gang
2016-05-14  3:30                       ` Chen Gang
2016-05-14  3:30                         ` Chen Gang
2016-05-14 10:34                         ` Alexander Potapenko
2016-05-02 11:34 ` Alexander Potapenko
2016-05-02 11:34   ` Alexander Potapenko
2016-05-02 12:09   ` Chen Gang
2016-05-02 12:09     ` Chen Gang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57275B71.8000907@emindsoft.com.cn \
    --to=chengang@emindsoft.com.cn \
    --cc=akpm@linux-foundation.org \
    --cc=aryabinin@virtuozzo.com \
    --cc=dvyukov@google.com \
    --cc=gang.chen.5i5j@gmail.com \
    --cc=glider@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.