Re: [PATCH] mm/kasan/kasan.h: Fix boolean checking issue for kasan_report_enabled()

[Chen Gang <chengang@emindsoft.com.cn>]

On 5/2/16 23:35, Alexander Potapenko wrote:
> On Mon, May 2, 2016 at 5:13 PM, Chen Gang <chengang@emindsoft.com.cn> wrote:
>>
>> OK. But it does not look quite easy to use kasan_disable_current() for
>> INIT_KASAN which is used in INIT_TASK.
>>
>> If we have to set "kasan_depth == 1", we have to use kasan_depth-- in
>> kasan_enable_current().
> Agreed, decrementing the counter in kasan_enable_current() is more natural.
> I can fix this together with the comments.

OK, thanks. And need I also send patch v2 for include/linux/kasan.h? (or
you will fix them together).

>>
>> If we don't prevent the overflow, it will have negative effect with the
>> caller. When we issue an warning, it means the caller's hope fail, but
>> can not destroy the caller's original work. In our case:
>>
>>  - Assume "kasan_depth-- for kasan_enable_current()", the first enable
>>    will let kasan_depth be 0.
> Sorry, I'm not sure I follow.
> If we start with kasan_depth=0 (which is the default case for every
> task except for the init, which also gets kasan_depth=0 short after
> the kernel starts),
> then the first call to kasan_disable_current() will make kasan_depth
> nonzero and will disable KASAN.
> The subsequent call to kasan_enable_current() will enable KASAN back.
> 
> There indeed is a problem when someone calls kasan_enable_current()
> without previously calling kasan_disable_current().
> In this case we need to check that kasan_depth was zero and print a
> warning if it was.
> It actually does not matter whether we modify kasan_depth after that
> warning or not, because we are already in inconsistent state.
> But I think we should modify kasan_depth anyway to ease the debugging.
> 

For me, BUG_ON() will be better for debugging, but it is really not well
for using.  For WARN_ON(), it already print warnings, so I am not quite
sure "always modifying kasan_depth will be ease the debugging".

When we are in inconsistent state, for me, what we can do is:

 - Still try to do correct things within our control: "when the caller
   make a mistake, if kasan_enable_current() notices about it, it need
   issue warning, and prevent itself to make mistake (causing disable).

 - "try to let negative effect smaller to user", e.g. let users "loose
   hope" (call enable has no effect) instead of destroying users'
   original work (call enable, but get disable).

Thanks.
-- 
Chen Gang (e??a??)

Managing Natural Environments is the Duty of Human Beings.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>