[PATCH v4 05/11] arm64: csum: Disable KASAN for do_csum()

linux-arch.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Will Deacon <will@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org, kernel-team@android.com,
	Will Deacon <will@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Michael Ellerman <mpe@ellerman.id.au>,
	Peter Zijlstra <peterz@infradead.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Segher Boessenkool <segher@kernel.crashing.org>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
	Arnd Bergmann <arnd@arndb.de>,
	Peter Oberparleiter <oberpar@linux.ibm.com>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Robin Murphy <robin.murphy@arm.com>
Subject: [PATCH v4 05/11] arm64: csum: Disable KASAN for do_csum()
Date: Tue, 21 Apr 2020 16:15:31 +0100	[thread overview]
Message-ID: <20200421151537.19241-6-will@kernel.org> (raw)
In-Reply-To: <20200421151537.19241-1-will@kernel.org>

do_csum() over-reads the source buffer and therefore abuses
READ_ONCE_NOCHECK() to avoid tripping up KASAN. In preparation for
READ_ONCE_NOCHECK() becoming a macro, and therefore losing its
'__no_sanitize_address' annotation, just annotate do_csum() explicitly
and fall back to normal loads.

Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
---
 arch/arm64/lib/csum.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/arch/arm64/lib/csum.c b/arch/arm64/lib/csum.c
index 60eccae2abad..78b87a64ca0a 100644
--- a/arch/arm64/lib/csum.c
+++ b/arch/arm64/lib/csum.c
@@ -14,7 +14,11 @@ static u64 accumulate(u64 sum, u64 data)
 	return tmp + (tmp >> 64);
 }
 
-unsigned int do_csum(const unsigned char *buff, int len)
+/*
+ * We over-read the buffer and this makes KASAN unhappy. Instead, disable
+ * instrumentation and call kasan explicitly.
+ */
+unsigned int __no_sanitize_address do_csum(const unsigned char *buff, int len)
 {
 	unsigned int offset, shift, sum;
 	const u64 *ptr;
@@ -42,7 +46,7 @@ unsigned int do_csum(const unsigned char *buff, int len)
 	 * odd/even alignment, and means we can ignore it until the very end.
 	 */
 	shift = offset * 8;
-	data = READ_ONCE_NOCHECK(*ptr++);
+	data = *ptr++;
 #ifdef __LITTLE_ENDIAN
 	data = (data >> shift) << shift;
 #else
@@ -58,10 +62,10 @@ unsigned int do_csum(const unsigned char *buff, int len)
 	while (unlikely(len > 64)) {
 		__uint128_t tmp1, tmp2, tmp3, tmp4;
 
-		tmp1 = READ_ONCE_NOCHECK(*(__uint128_t *)ptr);
-		tmp2 = READ_ONCE_NOCHECK(*(__uint128_t *)(ptr + 2));
-		tmp3 = READ_ONCE_NOCHECK(*(__uint128_t *)(ptr + 4));
-		tmp4 = READ_ONCE_NOCHECK(*(__uint128_t *)(ptr + 6));
+		tmp1 = *(__uint128_t *)ptr;
+		tmp2 = *(__uint128_t *)(ptr + 2);
+		tmp3 = *(__uint128_t *)(ptr + 4);
+		tmp4 = *(__uint128_t *)(ptr + 6);
 
 		len -= 64;
 		ptr += 8;
@@ -85,7 +89,7 @@ unsigned int do_csum(const unsigned char *buff, int len)
 		__uint128_t tmp;
 
 		sum64 = accumulate(sum64, data);
-		tmp = READ_ONCE_NOCHECK(*(__uint128_t *)ptr);
+		tmp = *(__uint128_t *)ptr;
 
 		len -= 16;
 		ptr += 2;
@@ -100,7 +104,7 @@ unsigned int do_csum(const unsigned char *buff, int len)
 	}
 	if (len > 0) {
 		sum64 = accumulate(sum64, data);
-		data = READ_ONCE_NOCHECK(*ptr);
+		data = *ptr;
 		len -= 8;
 	}
 	/*
-- 
2.26.1.301.g55bc3eb7cb9-goog

next prev parent reply	other threads:[~2020-04-21 15:15 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-21 15:15 [PATCH v4 00/11] Rework READ_ONCE() to improve codegen Will Deacon
2020-04-21 15:15 ` [PATCH v4 01/11] compiler/gcc: Raise minimum GCC version for kernel builds to 4.8 Will Deacon
2020-04-21 17:15   ` Masahiro Yamada
2020-04-21 15:15 ` [PATCH v4 02/11] netfilter: Avoid assigning 'const' pointer to non-const pointer Will Deacon
2020-04-21 15:15 ` [PATCH v4 03/11] net: tls: " Will Deacon
2020-04-21 15:15 ` [PATCH v4 04/11] fault_inject: Don't rely on "return value" from WRITE_ONCE() Will Deacon
2020-04-21 15:15 ` Will Deacon [this message]
2020-04-21 15:15   ` [PATCH v4 05/11] arm64: csum: Disable KASAN for do_csum() Will Deacon
2020-04-22  9:49   ` Mark Rutland
2020-04-22  9:49     ` Mark Rutland
2020-04-22 10:41     ` Will Deacon
2020-04-22 11:01       ` Robin Murphy
2020-04-24  9:41         ` David Laight
2020-04-24 11:00           ` Robin Murphy
2020-04-24 13:04             ` David Laight
2020-04-24 13:04               ` David Laight
2020-04-21 15:15 ` [PATCH v4 06/11] READ_ONCE: Simplify implementations of {READ,WRITE}_ONCE() Will Deacon
2020-04-21 15:15   ` Will Deacon
2020-04-22  9:51   ` Mark Rutland
2020-04-21 15:15 ` [PATCH v4 07/11] READ_ONCE: Enforce atomicity for {READ,WRITE}_ONCE() memory accesses Will Deacon
2020-04-21 15:15   ` Will Deacon
2020-04-24 16:31   ` Jann Horn
2020-04-24 17:11     ` Will Deacon
2020-04-24 17:43       ` Peter Zijlstra
2020-04-21 15:15 ` [PATCH v4 08/11] READ_ONCE: Drop pointer qualifiers when reading from scalar types Will Deacon
2020-04-21 15:15   ` Will Deacon
2020-04-22 10:25   ` Rasmus Villemoes
2020-04-22 11:48     ` Segher Boessenkool
2020-04-22 11:48       ` Segher Boessenkool
2020-04-22 13:11       ` Will Deacon
2020-04-22 13:11         ` Will Deacon
2020-04-22 14:54   ` Will Deacon
2020-04-21 15:15 ` [PATCH v4 09/11] locking/barriers: Use '__unqual_scalar_typeof' for load-acquire macros Will Deacon
2020-04-21 15:15   ` Will Deacon
2020-04-21 15:15 ` [PATCH v4 10/11] arm64: barrier: Use '__unqual_scalar_typeof' for acquire/release macros Will Deacon
2020-04-21 15:15 ` [PATCH v4 11/11] gcov: Remove old GCC 3.4 support Will Deacon
2020-04-21 15:15   ` Will Deacon
2020-04-21 17:19   ` Masahiro Yamada
2020-04-21 18:42 ` [PATCH v4 00/11] Rework READ_ONCE() to improve codegen Linus Torvalds
2020-04-21 18:42   ` Linus Torvalds
2020-04-22  8:18   ` Will Deacon
2020-04-22 11:37     ` Peter Zijlstra
2020-04-22 12:26       ` Will Deacon
2020-04-24 13:42         ` Will Deacon
2020-04-24 15:54           ` Marco Elver
2020-04-24 16:52             ` Will Deacon

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:60eccae2aba dfblob:78b87a64ca0 )
 OR (
bs:"[PATCH v4 05/11] arm64: csum: Disable KASAN for do_csum()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200421151537.19241-6-will@kernel.org \
    --to=will@kernel.org \
    --cc=arnd@arndb.de \
    --cc=borntraeger@de.ibm.com \
    --cc=kernel-team@android.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luc.vanoostenryck@gmail.com \
    --cc=mark.rutland@arm.com \
    --cc=masahiroy@kernel.org \
    --cc=mpe@ellerman.id.au \
    --cc=ndesaulniers@google.com \
    --cc=oberpar@linux.ibm.com \
    --cc=peterz@infradead.org \
    --cc=robin.murphy@arm.com \
    --cc=segher@kernel.crashing.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).