From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754227AbbJPKyq (ORCPT <rfc822;w@1wt.eu>);
	Fri, 16 Oct 2015 06:54:46 -0400
Received: from mx2.parallels.com ([199.115.105.18]:57303 "EHLO
	mx2.parallels.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932232AbbJPKyn (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 16 Oct 2015 06:54:43 -0400
Subject: Re: [PATCH v4 1/2] compiler, atomics: Provide READ_ONCE_NOKSAN()
To: Peter Zijlstra <peterz@infradead.org>
References: <1444739750-29241-1-git-send-email-aryabinin@virtuozzo.com>
 <1444988694-26043-1-git-send-email-aryabinin@virtuozzo.com>
 <1444988694-26043-2-git-send-email-aryabinin@virtuozzo.com>
 <20151016100021.GR3816@twins.programming.kicks-ass.net>
CC: <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>, "H. Peter Anvin" <hpa@zytor.com>,
        <x86@kernel.org>, Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@amacapital.net>,
        Andrey Konovalov <andreyknvl@google.com>,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>,
        kasan-dev <kasan-dev@googlegroups.com>, Borislav Petkov <bp@alien8.de>,
        Denys Vlasenko <dvlasenk@redhat.com>, Andi Kleen <ak@linux.intel.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Sasha Levin <sasha.levin@oracle.com>,
        Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
Message-ID: <5620D774.6000604@virtuozzo.com>
Date: Fri, 16 Oct 2015 13:54:44 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <20151016100021.GR3816@twins.programming.kicks-ass.net>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: US-EXCH.sw.swsoft.com (10.255.249.47) To
 US-EXCH.sw.swsoft.com (10.255.249.47)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/16/2015 01:00 PM, Peter Zijlstra wrote:
> On Fri, Oct 16, 2015 at 12:44:53PM +0300, Andrey Ryabinin wrote:
>> Some code may perform racy by design memory reads. This could be
>> harmless, yet such code may produce KASAN warnings.
>>
>> To hide such accesses from KASAN this patch introduces
>> READ_ONCE_NOKSAN() macro. KASAN will not check the memory
>> accessed by READ_ONCE_NOKSAN(). The KernelThreadSanitizer (KTSAN)
>> is going to ignore it as well.
>>
>> This patch creates __read_once_size_noksan() a clone of
>> __read_once_size(). The only difference between them is
>> 'no_sanitized_address' attribute appended to '*_nokasan' function.
>> This attribute tells the compiler that instrumentation of memory
>> accesses should not be applied to that function. We declare it as
>> static '__maybe_unsed' because GCC is not capable to inline such
>> function: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67368
>>
>> With KASAN=n READ_ONCE_NOKSAN() is just a clone of READ_ONCE().
> 
> Would we need a similar annotation for things like
> mutex_spin_on_owner()'s dereference of owner, or is that considered safe
> by KASAN?
> 
> (its not actually safe; as I remember we have a problem with using
> rcu_read_lock for tasks like that)
> 

How exactly it's not safe? If we could dereference freed owner, I'd say we need to fix this,
but not hide.
I've seen use-after-free in mutex_spin_on_owner() once, but it was caused
by GPF in kernel which killed some task while it was holding mutex. So the next
time we tried to grab that mutex, lock->owner was already dead.
But normally we should release all locks before we able to kill task, so this won't happen.