Re: [syzbot] [kernel?] upstream test error: KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt

[Alexander Potapenko]

>
> Hi Thomas,
>
> I have a draft Clang patch implementing the following intrinsics at
> https://github.com/llvm/llvm-project/pull/202603:
> - llvm.kmsan.instrumentation.begin
> - llvm.kmsan.instrumentation.end
> - llvm.kmsan.instrumentation.update.context (to reload the context
> pointer; I am not using it yet).

For the record, Marco Elver has an alternative proposal: modify
__kmsan_get_context() to take _RET_IP_ from the caller.
Then, if noinstr function A calls an instrumented function B, B will
pass the return address belonging to A to __kmsan_get_context(), and
the latter can check that return address and wipe out the argument
shadow if it belongs to the noinstr function.

This solution is quite elegant; it requires only minor compiler
changes, and won't require any kernel annotations.
However, there are downsides:
- We are slowing down each call, including those between instrumented functions.
- For noinstr calls from modules, we'll need complex lookups involving
RCU, with a potential for infinite recursion.




> Below is the kernel patch that I am applying to insert these
> intrinsics into the instrumentation regions.
> I thought it would be a good idea to warn if
> llvm.kmsan.instrumentation.{begin,end} are called from functions that
> are fully instrumented or have `no_sanitize("memory")` (aka
> __no_kmsan_checks), but surprisingly, there were loads of such
> functions.
>
> It turned out that WARN() and BUG() unconditionally invoke
> instrumentation_begin() and instrumentation_end(), even for
> instrumented functions.
> Was there any long-term plan to fix that, or is my warning useless by design?
>