From: Peter Zijlstra <peterz@infradead.org>
To: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
rostedt@goodmis.org
Cc: peterz@infradead.org, mingo@kernel.org, joel@joelfernandes.org,
gregkh@linuxfoundation.org, gustavo@embeddedor.com,
tglx@linutronix.de, paulmck@kernel.org, josh@joshtriplett.org,
mathieu.desnoyers@efficios.com, jiangshanlai@gmail.com,
luto@kernel.org, tony.luck@intel.com, frederic@kernel.org,
dan.carpenter@oracle.com, mhiramat@kernel.org,
Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>
Subject: [PATCH v3 22/22] x86/int3: Ensure that poke_int3_handler() is not sanitized
Date: Wed, 19 Feb 2020 15:47:46 +0100 [thread overview]
Message-ID: <20200219150745.651901321@infradead.org> (raw)
In-Reply-To: 20200219144724.800607165@infradead.org
In order to ensure poke_int3_handler() is completely self contained --
we call this while we're modifying other text, imagine the fun of
hitting another INT3 -- ensure that everything is without sanitize
crud.
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
arch/x86/kernel/alternative.c | 4 ++--
arch/x86/kernel/traps.c | 2 +-
include/linux/compiler-clang.h | 7 +++++++
include/linux/compiler-gcc.h | 6 ++++++
include/linux/compiler.h | 5 +++++
include/linux/compiler_attributes.h | 1 +
lib/bsearch.c | 2 +-
7 files changed, 23 insertions(+), 4 deletions(-)
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -979,7 +979,7 @@ static __always_inline void *text_poke_a
return _stext + tp->rel_addr;
}
-static int notrace patch_cmp(const void *key, const void *elt)
+static int notrace __no_sanitize patch_cmp(const void *key, const void *elt)
{
struct text_poke_loc *tp = (struct text_poke_loc *) elt;
@@ -991,7 +991,7 @@ static int notrace patch_cmp(const void
}
NOKPROBE_SYMBOL(patch_cmp);
-int notrace poke_int3_handler(struct pt_regs *regs)
+int notrace __no_sanitize poke_int3_handler(struct pt_regs *regs)
{
struct bp_patching_desc *desc;
struct text_poke_loc *tp;
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -496,7 +496,7 @@ dotraplinkage void do_general_protection
}
NOKPROBE_SYMBOL(do_general_protection);
-dotraplinkage void notrace do_int3(struct pt_regs *regs, long error_code)
+dotraplinkage void notrace __no_sanitize do_int3(struct pt_regs *regs, long error_code)
{
if (poke_int3_handler(regs))
return;
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@@ -24,6 +24,13 @@
#define __no_sanitize_address
#endif
+#if __has_feature(undefined_sanitizer)
+#define __no_sanitize_undefined \
+ __atribute__((no_sanitize("undefined")))
+#else
+#define __no_sanitize_undefined
+#endif
+
/*
* Not all versions of clang implement the the type-generic versions
* of the builtin overflow checkers. Fortunately, clang implements
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -145,6 +145,12 @@
#define __no_sanitize_address
#endif
+#if __has_attribute(__no_sanitize_undefined__)
+#define __no_sanitize_undefined __attribute__((no_sanitize_undefined))
+#else
+#define __no_sanitize_undefined
+#endif
+
#if GCC_VERSION >= 50100
#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
#endif
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -199,6 +199,7 @@ void __read_once_size(const volatile voi
__READ_ONCE_SIZE;
}
+#define __no_kasan __no_sanitize_address
#ifdef CONFIG_KASAN
/*
* We can't declare function 'inline' because __no_sanitize_address confilcts
@@ -274,6 +275,10 @@ static __always_inline void __write_once
*/
#define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
+#define __no_ubsan __no_sanitize_undefined
+
+#define __no_sanitize __no_kasan __no_ubsan
+
static __no_kasan_or_inline
unsigned long read_word_at_a_time(const void *addr)
{
--- a/include/linux/compiler_attributes.h
+++ b/include/linux/compiler_attributes.h
@@ -41,6 +41,7 @@
# define __GCC4_has_attribute___nonstring__ 0
# define __GCC4_has_attribute___no_sanitize_address__ (__GNUC_MINOR__ >= 8)
# define __GCC4_has_attribute___fallthrough__ 0
+# define __GCC4_has_attribute___no_sanitize_undefined__ (__GNUC_MINOR__ >= 9)
#endif
/*
--- a/lib/bsearch.c
+++ b/lib/bsearch.c
@@ -28,7 +28,7 @@
* the key and elements in the array are of the same type, you can use
* the same comparison function for both sort() and bsearch().
*/
-void *bsearch(const void *key, const void *base, size_t num, size_t size,
+void __no_sanitize *bsearch(const void *key, const void *base, size_t num, size_t size,
cmp_func_t cmp)
{
const char *pivot;
next prev parent reply other threads:[~2020-02-19 14:47 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-19 14:47 [PATCH v3 00/22] tracing vs world Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 01/22] hardirq/nmi: Allow nested nmi_enter() Peter Zijlstra
2020-02-19 15:31 ` Steven Rostedt
2020-02-19 16:56 ` Borislav Petkov
2020-02-19 16:56 ` Borislav Petkov
2020-02-19 17:07 ` Peter Zijlstra
2020-02-20 8:41 ` Will Deacon
2020-02-20 9:19 ` Marc Zyngier
2020-02-20 13:18 ` Petr Mladek
2020-02-19 14:47 ` [PATCH v3 02/22] x86,mce: Delete ist_begin_non_atomic() Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 17:13 ` Borislav Petkov
2020-02-19 17:21 ` Andy Lutomirski
2020-02-19 17:33 ` Peter Zijlstra
2020-02-19 22:12 ` Andy Lutomirski
2020-02-19 22:12 ` Andy Lutomirski
2020-02-19 22:33 ` Luck, Tony
2020-02-19 22:48 ` Andy Lutomirski
2020-02-20 7:39 ` Peter Zijlstra
2020-02-19 17:42 ` Borislav Petkov
2020-02-19 17:46 ` Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 03/22] x86: Replace ist_enter() with nmi_enter() Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-20 10:54 ` Borislav Petkov
2020-02-20 12:11 ` Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 04/22] x86/doublefault: Make memmove() notrace/NOKPROBE Peter Zijlstra
2020-02-19 15:36 ` Steven Rostedt
2020-02-19 15:40 ` Peter Zijlstra
2020-02-19 15:55 ` Steven Rostedt
2020-02-19 15:57 ` Peter Zijlstra
2020-02-19 15:57 ` Peter Zijlstra
2020-02-19 16:04 ` Peter Zijlstra
2020-02-19 16:12 ` Steven Rostedt
2020-02-19 16:27 ` Paul E. McKenney
2020-02-19 16:34 ` Peter Zijlstra
2020-02-19 16:34 ` Peter Zijlstra
2020-02-19 16:46 ` Paul E. McKenney
2020-02-19 17:05 ` Steven Rostedt
2020-02-20 12:17 ` Borislav Petkov
2020-02-20 12:37 ` Peter Zijlstra
2020-02-20 12:37 ` Peter Zijlstra
2020-02-19 15:47 ` Steven Rostedt
2020-02-19 14:47 ` [PATCH v3 05/22] rcu: Make RCU IRQ enter/exit functions rely on in_nmi() Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 16:31 ` Paul E. McKenney
2020-02-19 16:31 ` Paul E. McKenney
2020-02-19 16:37 ` Peter Zijlstra
2020-02-19 16:45 ` Paul E. McKenney
2020-02-19 17:03 ` Peter Zijlstra
2020-02-19 17:42 ` Paul E. McKenney
2020-02-19 17:16 ` [PATCH] rcu/kprobes: Comment why rcu_nmi_enter() is marked NOKPROBE Steven Rostedt
2020-02-19 17:18 ` Joel Fernandes
2020-02-19 17:41 ` Paul E. McKenney
2020-02-20 5:54 ` Masami Hiramatsu
2020-02-19 14:47 ` [PATCH v3 06/22] rcu: Rename rcu_irq_{enter,exit}_irqson() Peter Zijlstra
2020-02-19 16:38 ` Paul E. McKenney
2020-02-19 14:47 ` [PATCH v3 07/22] rcu: Mark rcu_dynticks_curr_cpu_in_eqs() inline Peter Zijlstra
2020-02-19 16:39 ` Paul E. McKenney
2020-02-19 17:19 ` Steven Rostedt
2020-02-19 14:47 ` [PATCH v3 08/22] rcu,tracing: Create trace_rcu_{enter,exit}() Peter Zijlstra
2020-02-19 15:49 ` Steven Rostedt
2020-02-19 15:58 ` Peter Zijlstra
2020-02-19 16:15 ` Steven Rostedt
2020-02-19 16:35 ` Peter Zijlstra
2020-02-19 16:35 ` Peter Zijlstra
2020-02-19 16:44 ` Paul E. McKenney
2020-02-20 10:34 ` Peter Zijlstra
2020-02-20 13:58 ` Paul E. McKenney
2020-02-20 13:58 ` Paul E. McKenney
2020-02-19 14:47 ` [PATCH v3 09/22] sched,rcu,tracing: Avoid tracing before in_nmi() is correct Peter Zijlstra
2020-02-19 15:50 ` Steven Rostedt
2020-02-19 15:50 ` Steven Rostedt
2020-02-19 14:47 ` [PATCH v3 10/22] x86,tracing: Add comments to do_nmi() Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 15:51 ` Steven Rostedt
2020-02-19 14:47 ` [PATCH v3 11/22] perf,tracing: Prepare the perf-trace interface for RCU changes Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 12/22] tracing: Employ trace_rcu_{enter,exit}() Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 15:52 ` Steven Rostedt
2020-02-19 14:47 ` [PATCH v3 13/22] tracing: Remove regular RCU context for _rcuidle tracepoints (again) Peter Zijlstra
2020-02-19 15:53 ` Steven Rostedt
2020-02-19 16:43 ` Paul E. McKenney
2020-02-19 16:43 ` Paul E. McKenney
2020-02-19 16:47 ` Peter Zijlstra
2020-02-19 17:05 ` Peter Zijlstra
2020-02-19 17:21 ` Steven Rostedt
2020-02-19 17:40 ` Paul E. McKenney
2020-02-19 18:00 ` Steven Rostedt
2020-02-19 18:00 ` Steven Rostedt
2020-02-19 19:05 ` Paul E. McKenney
2020-02-19 14:47 ` [PATCH v3 14/22] perf,tracing: Allow function tracing when !RCU Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 15/22] x86/int3: Ensure that poke_int3_handler() is not traced Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 16/22] locking/atomics, kcsan: Add KCSAN instrumentation Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 15:46 ` Steven Rostedt
2020-02-19 16:03 ` Peter Zijlstra
2020-02-19 16:03 ` Peter Zijlstra
2020-02-19 16:50 ` Paul E. McKenney
2020-02-19 16:54 ` Peter Zijlstra
2020-02-19 16:54 ` Peter Zijlstra
2020-02-19 17:36 ` Paul E. McKenney
2020-02-19 14:47 ` [PATCH v3 17/22] asm-generic/atomic: Use __always_inline for pure wrappers Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 18/22] asm-generic/atomic: Use __always_inline for fallback wrappers Peter Zijlstra
2020-02-19 16:55 ` Paul E. McKenney
2020-02-19 16:55 ` Paul E. McKenney
2020-02-19 17:06 ` Peter Zijlstra
2020-02-19 17:35 ` Paul E. McKenney
2020-02-19 14:47 ` [PATCH v3 19/22] compiler: Simple READ/WRITE_ONCE() implementations Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 20/22] locking/atomics: Flip fallbacks and instrumentation Peter Zijlstra
2020-02-19 14:47 ` [PATCH v3 21/22] x86/int3: Avoid atomic instrumentation Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra
2020-02-19 14:47 ` Peter Zijlstra [this message]
2020-02-19 14:47 ` [PATCH v3 22/22] x86/int3: Ensure that poke_int3_handler() is not sanitized Peter Zijlstra
2020-02-19 16:06 ` Dmitry Vyukov
2020-02-19 16:06 ` Dmitry Vyukov
2020-02-19 16:30 ` Peter Zijlstra
2020-02-19 16:51 ` Peter Zijlstra
2020-02-19 17:20 ` Peter Zijlstra
2020-02-20 10:37 ` Dmitry Vyukov
2020-02-20 12:06 ` Peter Zijlstra
2020-02-20 16:22 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200219150745.651901321@infradead.org \
--to=peterz@infradead.org \
--cc=aryabinin@virtuozzo.com \
--cc=dan.carpenter@oracle.com \
--cc=dvyukov@google.com \
--cc=frederic@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=gustavo@embeddedor.com \
--cc=jiangshanlai@gmail.com \
--cc=joel@joelfernandes.org \
--cc=josh@joshtriplett.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=mingo@kernel.org \
--cc=paulmck@kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).