From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751648AbbJGHWn (ORCPT ); Wed, 7 Oct 2015 03:22:43 -0400 Received: from mail-wi0-f173.google.com ([209.85.212.173]:37613 "EHLO mail-wi0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751517AbbJGHWm (ORCPT ); Wed, 7 Oct 2015 03:22:42 -0400 Date: Wed, 7 Oct 2015 09:22:37 +0200 From: Ingo Molnar To: Andy Lutomirski Cc: Andrey Ryabinin , Andi Kleen , Dmitry Vyukov , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , "x86@kernel.org" , LKML , Andrey Konovalov , Kostya Serebryany , Alexander Potapenko , kasan-dev , Borislav Petkov , Denys Vlasenko , Sasha Levin , Wolfram Gloger , Linus Torvalds , Andrew Morton Subject: Re: [PATCH] x86/process: Silence KASAN warnings in get_wchan() Message-ID: <20151007072237.GE7837@gmail.com> References: <1444040906-6788-1-git-send-email-aryabinin@virtuozzo.com> <20151005112341.GA1101@gmail.com> <56126316.3030901@virtuozzo.com> <20151005163906.GE26924@tassilo.jf.intel.com> <5612AC7A.9080502@virtuozzo.com> <20151006072655.GB10672@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Andy Lutomirski wrote: > On Tue, Oct 6, 2015 at 12:26 AM, Ingo Molnar wrote: > > > > * Andrey Ryabinin wrote: > > > >> On 10/05/2015 07:39 PM, Andi Kleen wrote: > >> >> But, I think I have the solution. > >> >> We could have some blacklist - list of function names which we should be ignored. > >> >> In kasan_report() we could resolve return address to function name and compare it with name in list. > >> >> If name in list -> ignore report. > >> > > >> > I think annotating statements is cleaner than functions, even if it > >> > is more code. Much better documentation > >> > > >> > >> I agree with that, that's why I suggested to add READ_ONCE_NOCHECK(): > >> READ_ONCE_NOCHECK() > >> { > >> kasan_disable_current(); > >> READ_ONCE(); > >> kasan_enable_current(); > >> } > >> > >> Anywone objects? > > > > Sounds good to me! As long as it's hidden from plain .c files I'm a happy camper. > > > > This should probably also be faster for KASAN than triggering a warning and having > > to parse a blacklist, right? > > > >> > If disabling with an attribute doesn't work, you could put it into a special > >> > section with __attribute__((section ...)) and check the start/end symbol > >> > before reporting. That's how kprobes solves similar issues. It also has the > >> > advantage that it stops inlining. > >> > >> Yes, it might be better. Although, because of broken -fconserve-stack, this may > >> not work in some cases - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63533 > >> Function splitter may split original function into two parts and it always puts > >> one split part in default .text section. > > > > We do a _ton_ of such section tricks in the kernel (all of exception handling is > > based on that) - if that's broken by -fconserve-stack then the kernel is broken > > much more widely. > > > > So unless KASAN wants to do something special here you can rely on sections just > > fine. > > Kprobes is moving away from a section approach for some reason (not > sure why), but the kprobe approach should work, too. Do you mean NOKPROBE_SYMBOL() vs __kprobes? So one concern is with functions being in multiple blacklists, so yeah, the NOKPROBE_SYMBOL() approach might be more robust than __kprobes. But note that NOKPROBE_SYMBOL() itself is still section based: #define __NOKPROBE_SYMBOL(fname) \ static unsigned long __used \ __attribute__((section("_kprobe_blacklist"))) \ _kbl_addr_##fname = (unsigned long)fname; Thanks, Ingo