From: Thomas Gleixner <tglx@linutronix.de>
To: Dave Hansen <dave.hansen@intel.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
LKML <linux-kernel@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>
Cc: Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH v2] x86: disable non-instrumented version of copy_mc when KMSAN is enabled
Date: Tue, 05 Mar 2024 17:50:51 +0100 [thread overview]
Message-ID: <87jzmgvd04.ffs@tglx> (raw)
In-Reply-To: <74d900cf-ab90-49ea-ba55-380d7df59526@intel.com>
On Tue, Mar 05 2024 at 07:21, Dave Hansen wrote:
> On 3/1/24 14:52, Tetsuo Handa wrote:
>> - if (static_cpu_has(X86_FEATURE_ERMS)) {
>> + if (!IS_ENABLED(CONFIG_KMSAN) && static_cpu_has(X86_FEATURE_ERMS)) {
>> __uaccess_begin();
>> ret = copy_mc_enhanced_fast_string((__force void *)dst, src, len);
>> __uaccess_end();
>
> Where does the false positive _come_ from? Can we fix copy_mc_fragile()
> and copy_mc_enhanced_fast_string() instead of just not using them?
All it takes is a variant of __msan_memcpy() which uses a variant of
copy_mc_to_kernel() instead of __memcpy(). It's not rocket science.
Aside of that, this:
@@ -74,14 +74,14 @@ unsigned long __must_check copy_mc_to_user(void __user *dst, const void *src, un
{
unsigned long ret;
- if (copy_mc_fragile_enabled) {
+ if (!IS_ENABLED(CONFIG_KMSAN) && copy_mc_fragile_enabled) {
__uaccess_begin();
is completely bogus. copy_user_generic() is not at all covered by
KMSAN. So why fiddling with it in the first place? Just because it has
the same pattern as copy_mc_to_kernel()?
> The three enable_copy_mc_fragile() are presumably doing so for a
> reason.
Very much so. It's for MCE recovery purposes.
And yes, the changelog and the non-existing comments should explain why
this is "correct" when KMSAN is enabled. Hint: It is NOT.
Thanks,
tglx
prev parent reply other threads:[~2024-03-05 16:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-01 22:52 [PATCH v2] x86: disable non-instrumented version of copy_mc when KMSAN is enabled Tetsuo Handa
2024-03-05 11:31 ` Tetsuo Handa
2024-03-05 16:22 ` Thomas Gleixner
2024-03-05 17:57 ` Linus Torvalds
2024-03-06 22:08 ` Tetsuo Handa
2024-03-07 0:09 ` Linus Torvalds
2024-03-19 12:38 ` Alexander Potapenko
2024-03-06 9:16 ` Ingo Molnar
2024-03-06 10:12 ` Tetsuo Handa
2024-03-05 15:21 ` Dave Hansen
2024-03-05 16:50 ` Thomas Gleixner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87jzmgvd04.ffs@tglx \
--to=tglx@linutronix.de \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.