[PATCH 25/43] kmsan: skip shadow checks in files doing context switches

From: Alexander Potapenko
Date: Tue Dec 14 2021 - 11:23:35 EST

Next message: Alexander Potapenko: "[PATCH 26/43] kmsan: virtio: check/unpoison scatterlist in vring_map_one_sg()"
Previous message: David Heidelberg: "Re: [PATCH] dt-bindings: rtc: qcom-pm8xxx-rtc: update register numbers"
In reply to: Mark Rutland: "Re: [PATCH 24/43] kmsan: disable KMSAN instrumentation for certain kernel parts"
Next in thread: Mark Rutland: "Re: [PATCH 25/43] kmsan: skip shadow checks in files doing context switches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When instrumenting functions, KMSAN obtains the per-task state (mostly
pointers to metadata for function arguments and return values) once per
function at its beginning.

If a function performs a context switch, instrumented code won't notice
that, and will still refer to the old state, possibly corrupting it or
using stale data. This may result in false positive reports.

To deal with that, we need to apply __no_kmsan_checks to the functions
performing context switching - this will result in skipping all KMSAN
shadow checks and marking newly created values as initialized,
preventing all false positive reports in those functions. False negatives
are still possible, but we expect them to be rare and impersistent.

To improve maintainability, we choose to apply __no_kmsan_checks not
just to a handful of functions, but to the whole files that may perform
context switching - this is done via KMSAN_ENABLE_CHECKS:=n.
This decision can be reconsidered in the future, when KMSAN won't need
so much attention.

Suggested-by: Marco Elver <elver@xxxxxxxxxx>
Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
---
Link: https://linux-review.googlesource.com/id/Id40563d36792b4482534c9a0134965d77a5581fa
---
arch/x86/kernel/Makefile | 4 ++++
kernel/sched/Makefile | 4 ++++
2 files changed, 8 insertions(+)

diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 0b9fc3ecce2de..308d4d0323263 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -38,6 +38,10 @@ KCSAN_SANITIZE := n
KMSAN_SANITIZE_head$(BITS).o := n
KMSAN_SANITIZE_nmi.o := n

+# Some functions in process_64.c perform context switching.
+# Apply __no_kmsan_checks to the whole file to avoid false positives.
+KMSAN_ENABLE_CHECKS_process_64.o := n
+
OBJECT_FILES_NON_STANDARD_test_nx.o := y

ifdef CONFIG_FRAME_POINTER
diff --git a/kernel/sched/Makefile b/kernel/sched/Makefile
index c7421f2d05e15..d9bf8223a064a 100644
--- a/kernel/sched/Makefile
+++ b/kernel/sched/Makefile
@@ -17,6 +17,10 @@ KCOV_INSTRUMENT := n
# eventually.
KCSAN_SANITIZE := n

+# Some functions in core.c perform context switching. Apply __no_kmsan_checks
+# to the whole file to avoid false positives.
+KMSAN_ENABLE_CHECKS_core.o := n
+
ifneq ($(CONFIG_SCHED_OMIT_FRAME_POINTER),y)
# According to Alan Modra <alan@xxxxxxxxxxxxxxxx>, the -fno-omit-frame-pointer is
# needed for x86 only. Why this used to be enabled for all architectures is beyond
--
2.34.1.173.g76aa8bc2d0-goog

Next message: Alexander Potapenko: "[PATCH 26/43] kmsan: virtio: check/unpoison scatterlist in vring_map_one_sg()"
Previous message: David Heidelberg: "Re: [PATCH] dt-bindings: rtc: qcom-pm8xxx-rtc: update register numbers"
In reply to: Mark Rutland: "Re: [PATCH 24/43] kmsan: disable KMSAN instrumentation for certain kernel parts"
Next in thread: Mark Rutland: "Re: [PATCH 25/43] kmsan: skip shadow checks in files doing context switches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]