From: Alexander Potapenko <glider@google.com>
To: glider@google.com
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Alexei Starovoitov <ast@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Andrey Konovalov <andreyknvl@google.com>,
Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Borislav Petkov <bp@alien8.de>, Christoph Hellwig <hch@lst.de>,
Christoph Lameter <cl@linux.com>,
David Rientjes <rientjes@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Eric Biggers <ebiggers@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ilya Leoshkevich <iii@linux.ibm.com>,
Ingo Molnar <mingo@redhat.com>, Jens Axboe <axboe@kernel.dk>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Kees Cook <keescook@chromium.org>, Marco Elver <elver@google.com>,
Mark Rutland <mark.rutland@arm.com>,
Matthew Wilcox <willy@infradead.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Pekka Enberg <penberg@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Petr Mladek <pmladek@suse.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Steven Rostedt <rostedt@goodmis.org>,
Thomas Gleixner <tglx@linutronix.de>,
Vasily Gorbik <gor@linux.ibm.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>,
kasan-dev@googlegroups.com, linux-mm@kvack.org,
linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v7 40/43] entry: kmsan: introduce kmsan_unpoison_entry_regs()
Date: Thu, 15 Sep 2022 17:04:14 +0200 [thread overview]
Message-ID: <20220915150417.722975-41-glider@google.com> (raw)
In-Reply-To: <20220915150417.722975-1-glider@google.com>
struct pt_regs passed into IRQ entry code is set up by uninstrumented
asm functions, therefore KMSAN may not notice the registers are
initialized.
kmsan_unpoison_entry_regs() unpoisons the contents of struct pt_regs,
preventing potential false positives. Unlike kmsan_unpoison_memory(),
it can be called under kmsan_in_runtime(), which is often the case in
IRQ entry code.
Signed-off-by: Alexander Potapenko <glider@google.com>
---
Link: https://linux-review.googlesource.com/id/Ibfd7018ac847fd8e5491681f508ba5d14e4669cf
---
include/linux/kmsan.h | 15 +++++++++++++++
kernel/entry/common.c | 5 +++++
mm/kmsan/hooks.c | 26 ++++++++++++++++++++++++++
3 files changed, 46 insertions(+)
diff --git a/include/linux/kmsan.h b/include/linux/kmsan.h
index c473e0e21683c..e38ae3c346184 100644
--- a/include/linux/kmsan.h
+++ b/include/linux/kmsan.h
@@ -214,6 +214,17 @@ void kmsan_handle_dma_sg(struct scatterlist *sg, int nents,
*/
void kmsan_handle_urb(const struct urb *urb, bool is_out);
+/**
+ * kmsan_unpoison_entry_regs() - Handle pt_regs in low-level entry code.
+ * @regs: struct pt_regs pointer received from assembly code.
+ *
+ * KMSAN unpoisons the contents of the passed pt_regs, preventing potential
+ * false positive reports. Unlike kmsan_unpoison_memory(),
+ * kmsan_unpoison_entry_regs() can be called from the regions where
+ * kmsan_in_runtime() returns true, which is the case in early entry code.
+ */
+void kmsan_unpoison_entry_regs(const struct pt_regs *regs);
+
#else
static inline void kmsan_init_shadow(void)
@@ -310,6 +321,10 @@ static inline void kmsan_handle_urb(const struct urb *urb, bool is_out)
{
}
+static inline void kmsan_unpoison_entry_regs(const struct pt_regs *regs)
+{
+}
+
#endif
#endif /* _LINUX_KMSAN_H */
diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index 063068a9ea9b3..846add8394c41 100644
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -5,6 +5,7 @@
#include <linux/resume_user_mode.h>
#include <linux/highmem.h>
#include <linux/jump_label.h>
+#include <linux/kmsan.h>
#include <linux/livepatch.h>
#include <linux/audit.h>
#include <linux/tick.h>
@@ -24,6 +25,7 @@ static __always_inline void __enter_from_user_mode(struct pt_regs *regs)
user_exit_irqoff();
instrumentation_begin();
+ kmsan_unpoison_entry_regs(regs);
trace_hardirqs_off_finish();
instrumentation_end();
}
@@ -352,6 +354,7 @@ noinstr irqentry_state_t irqentry_enter(struct pt_regs *regs)
lockdep_hardirqs_off(CALLER_ADDR0);
ct_irq_enter();
instrumentation_begin();
+ kmsan_unpoison_entry_regs(regs);
trace_hardirqs_off_finish();
instrumentation_end();
@@ -367,6 +370,7 @@ noinstr irqentry_state_t irqentry_enter(struct pt_regs *regs)
*/
lockdep_hardirqs_off(CALLER_ADDR0);
instrumentation_begin();
+ kmsan_unpoison_entry_regs(regs);
rcu_irq_enter_check_tick();
trace_hardirqs_off_finish();
instrumentation_end();
@@ -452,6 +456,7 @@ irqentry_state_t noinstr irqentry_nmi_enter(struct pt_regs *regs)
ct_nmi_enter();
instrumentation_begin();
+ kmsan_unpoison_entry_regs(regs);
trace_hardirqs_off_finish();
ftrace_nmi_enter();
instrumentation_end();
diff --git a/mm/kmsan/hooks.c b/mm/kmsan/hooks.c
index 79d7e73e2cfd8..35f6b6e6a908c 100644
--- a/mm/kmsan/hooks.c
+++ b/mm/kmsan/hooks.c
@@ -348,6 +348,32 @@ void kmsan_unpoison_memory(const void *address, size_t size)
}
EXPORT_SYMBOL(kmsan_unpoison_memory);
+/*
+ * Version of kmsan_unpoison_memory() that can be called from within the KMSAN
+ * runtime.
+ *
+ * Non-instrumented IRQ entry functions receive struct pt_regs from assembly
+ * code. Those regs need to be unpoisoned, otherwise using them will result in
+ * false positives.
+ * Using kmsan_unpoison_memory() is not an option in entry code, because the
+ * return value of in_task() is inconsistent - as a result, certain calls to
+ * kmsan_unpoison_memory() are ignored. kmsan_unpoison_entry_regs() ensures that
+ * the registers are unpoisoned even if kmsan_in_runtime() is true in the early
+ * entry code.
+ */
+void kmsan_unpoison_entry_regs(const struct pt_regs *regs)
+{
+ unsigned long ua_flags;
+
+ if (!kmsan_enabled)
+ return;
+
+ ua_flags = user_access_save();
+ kmsan_internal_unpoison_memory((void *)regs, sizeof(*regs),
+ KMSAN_POISON_NOCHECK);
+ user_access_restore(ua_flags);
+}
+
void kmsan_check_memory(const void *addr, size_t size)
{
if (!kmsan_enabled)
--
2.37.2.789.g6183377224-goog
next prev parent reply other threads:[~2022-09-15 15:12 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-15 15:03 [PATCH v7 00/43] Add KernelMemorySanitizer infrastructure Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 01/43] x86: add missing include to sparsemem.h Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 02/43] stackdepot: reserve 5 extra bits in depot_stack_handle_t Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 03/43] instrumented.h: allow instrumenting both sides of copy_from_user() Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 04/43] x86: asm: instrument usercopy in get_user() and put_user() Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 05/43] asm-generic: instrument usercopy in cacheflush.h Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 06/43] kmsan: add ReST documentation Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 07/43] kmsan: introduce __no_sanitize_memory and __no_kmsan_checks Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 08/43] kmsan: mark noinstr as __no_sanitize_memory Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 09/43] x86: kmsan: pgtable: reduce vmalloc space Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 10/43] libnvdimm/pfn_dev: increase MAX_STRUCT_PAGE_SIZE Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 11/43] kmsan: add KMSAN runtime core Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 12/43] kmsan: disable instrumentation of unsupported common kernel code Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 13/43] MAINTAINERS: add entry for KMSAN Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 14/43] mm: kmsan: maintain KMSAN metadata for page operations Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 15/43] mm: kmsan: call KMSAN hooks from SLUB code Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 16/43] kmsan: handle task creation and exiting Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 17/43] init: kmsan: call KMSAN initialization routines Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 18/43] instrumented.h: add KMSAN support Alexander Potapenko
[not found] ` <20221019173620.10167-1-youling257@gmail.com>
[not found] ` <CAOzgRda_CToTVicwxx86E7YcuhDTcayJR=iQtWQ3jECLLhHzcg@mail.gmail.com>
2022-10-19 17:58 ` Marco Elver
2022-10-19 19:29 ` youling 257
2022-10-19 20:00 ` Marco Elver
2022-10-19 20:07 ` youling 257
2022-10-19 21:36 ` Marco Elver
[not found] ` <CAG_fn=WLRN=C1rKrpq4=d=AO9dBaGxoa6YsG7+KrqAck5Bty0Q@mail.gmail.com>
2022-10-21 5:55 ` youling 257
2022-10-21 6:16 ` Marco Elver
2022-10-21 6:39 ` youling 257
2022-10-21 7:37 ` Marco Elver
2022-10-21 15:19 ` youling 257
[not found] ` <CAG_fn=VE4qrXhLzEkNR_8PcO9N4AYYhNaXYvZNffvVEo7AHr-A@mail.gmail.com>
2022-10-21 17:21 ` Kees Cook
[not found] ` <CAG_fn=UVARRueXn4mU51TkzLTpZ=2fKNL7NAB3YH7mGP71ZhUQ@mail.gmail.com>
2022-10-22 6:24 ` youling 257
2022-10-19 21:44 ` Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 19/43] kmsan: add iomap support Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 20/43] Input: libps2: mark data received in __ps2_command() as initialized Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 21/43] dma: kmsan: unpoison DMA mappings Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 22/43] virtio: kmsan: check/unpoison scatterlist in vring_map_one_sg() Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 23/43] kmsan: handle memory sent to/from USB Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 24/43] kmsan: add tests for KMSAN Alexander Potapenko
2022-09-15 15:03 ` [PATCH v7 25/43] kmsan: disable strscpy() optimization under KMSAN Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 26/43] crypto: kmsan: disable accelerated configs " Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 27/43] kmsan: disable physical page merging in biovec Alexander Potapenko
2022-09-15 20:58 ` Andrew Morton
2022-09-16 9:12 ` Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 28/43] block: kmsan: skip bio block merging logic for KMSAN Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 29/43] kcov: kmsan: unpoison area->list in kcov_remote_area_put() Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 30/43] security: kmsan: fix interoperability with auto-initialization Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 31/43] objtool: kmsan: list KMSAN API functions as uaccess-safe Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 32/43] x86: kmsan: disable instrumentation of unsupported code Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 33/43] x86: kmsan: skip shadow checks in __switch_to() Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 34/43] x86: kmsan: handle open-coded assembly in lib/iomem.c Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 35/43] x86: kmsan: use __msan_ string functions where possible Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 36/43] x86: kmsan: sync metadata pages on page fault Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 37/43] x86: kasan: kmsan: support CONFIG_GENERIC_CSUM on x86, enable it for KASAN/KMSAN Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 38/43] x86: fs: kmsan: disable CONFIG_DCACHE_WORD_ACCESS Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 39/43] x86: kmsan: don't instrument stack walking functions Alexander Potapenko
2022-09-15 15:04 ` Alexander Potapenko [this message]
2022-09-15 15:04 ` [PATCH v7 41/43] bpf: kmsan: initialize BPF registers with zeroes Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 42/43] mm: fs: initialize fsdata passed to write_begin/write_end interface Alexander Potapenko
2022-09-15 15:04 ` [PATCH v7 43/43] x86: kmsan: enable KMSAN builds for x86 Alexander Potapenko
2022-09-15 21:05 ` [PATCH v7 00/43] Add KernelMemorySanitizer infrastructure Andrew Morton
2022-09-15 21:07 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220915150417.722975-41-glider@google.com \
--to=glider@google.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=arnd@arndb.de \
--cc=ast@kernel.org \
--cc=axboe@kernel.dk \
--cc=bp@alien8.de \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=elver@google.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=iamjoonsoo.kim@lge.com \
--cc=iii@linux.ibm.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=penberg@kernel.org \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=rientjes@google.com \
--cc=rostedt@goodmis.org \
--cc=sfr@canb.auug.org.au \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=vegard.nossum@oracle.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).