From: glider@google.com
To: Alexander Potapenko <glider@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Andy Lutomirski <luto@kernel.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Arnd Bergmann <arnd@arndb.de>, Christoph Hellwig <hch@lst.de>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Eric Dumazet <edumazet@google.com>,
Eric Van Hensbergen <ericvh@gmail.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Harry Wentland <harry.wentland@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ingo Molnar <mingo@elte.hu>, Jens Axboe <axboe@kernel.dk>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Michal Simek <monstr@monstr.eu>, Petr Mladek <pmladek@suse.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Takashi Iwai <tiwai@suse.com>, "Theodore Ts'o" <tytso@mit.edu>,
Thomas Gleixner <tglx@linutronix.de>,
Vegard Nossum <vegard.nossum@oracle.com>,
Wolfram Sang <wsa@the-dreams.de>,
Vasily Gorbik <gor@linux.ibm.com>,
Ilya Leoshkevich <iii@linux.ibm.com>,
Mark Rutland <mark.rutland@arm.com>,
linux-mm@kvack.org
Subject: [PATCH RFC v1 00/26] Add KernelMemorySanitizer infrastructure
Date: Fri, 18 Oct 2019 11:42:38 +0200 [thread overview]
Message-ID: <20191018094304.37056-1-glider@google.com> (raw)
KernelMemorySanitizer (KMSAN) is a detector of errors related to uses of
uninitialized memory. It relies on compile-time Clang instrumentation
(similar to MSan: https://clang.llvm.org/docs/MemorySanitizer.html)
and tracks the state of every bit of kernel memory, being able to report
an error if uninitialized value is used in a condition, dereferenced or
copied to userspace, USB or network.
KMSAN has reported more than 200 bugs in the past two years, most of
them with the help of syzkaller (http://syzkaller.appspot.com).
The proposed patchset contains KMSAN runtime implementation together
with small changes to other subsystems needed to make KMSAN work.
The latter changes fall into several categories:
- nice-to-have features that are independent from KMSAN but simplify
its implementation (stackdepot changes, CONFIG_GENERIC_CSUM etc.);
- Kconfig changes that prohibit options incompatible with KMSAN;
- calls to KMSAN runtime functions that help KMSAN do the bookkeeping
(e.g. tell it to allocate, copy or delete the metadata);
- calls to KMSAN runtime functions that tell KMSAN to check memory
escaping the kernel for uninitialized values. These are required to
increase the number of true positive error reports;
- calls to runtime functions that tell KMSAN to ignore certain memory
ranges to avoid false negative reports. Most certainly there can be
better ways to deal with every such report.
This patchset allows one to boot and run a defconfig+KMSAN kernel on a QEMU
without known major false positives. It however doesn't guarantee there
are no false positives in drivers of certain devices or less tested
subsystems, although KMSAN is actively tested on syzbot with quite a
rich config.
One may find it handy to review these patches in Gerrit:
https://linux-review.googlesource.com/c/linux/kernel/git/torvalds/linux/+/1081
I've ensured the Change-Id: tags stay away from commit descriptions.
Note: checkpatch.pl complains a lot about the use of BUG_ON in KMSAN
source. I don't have a strong opinion on this, but KMSAN is a debugging
tool, so any runtime invariant violation in it renders the tool useless.
Therefore it doesn't make much sense to not terminate after a bug in
KMSAN.
Alexander Potapenko (26):
stackdepot: check depot_index before accessing the stack slab
stackdepot: prevent Clang from optimizing away stackdepot_memcmp()
kasan: stackdepot: move filter_irq_stacks() to stackdepot.c
stackdepot: reserve 5 extra bits in depot_stack_handle_t
printk_safe: externalize printk_context
kasan: compiler.h: rename __no_kasan_or_inline into
__no_memory_tool_or_inline
kmsan: add ReST documentation
kmsan: gfp: introduce __GFP_NO_KMSAN_SHADOW
kmsan: introduce __no_sanitize_memory and __SANITIZE_MEMORY__
kmsan: reduce vmalloc space
kmsan: add KMSAN runtime
kmsan: x86: sync metadata pages on page fault
kmsan: add tests for KMSAN
kmsan: make READ_ONCE_TASK_STACK() return initialized values
kmsan: Kconfig changes to disable options incompatible with KMSAN
kmsan: Changing existing files to enable KMSAN builds
kmsan: disable KMSAN instrumentation for certain kernel parts
kmsan: mm: call KMSAN hooks from SLUB code
kmsan: call KMSAN hooks where needed
kmsan: disable instrumentation of certain functions
kmsan: unpoison |tlb| in arch_tlb_gather_mmu()
kmsan: use __msan_memcpy() where possible.
kmsan: unpoisoning buffers from devices etc.
kmsan: hooks for copy_to_user() and friends
kmsan: disable strscpy() optimization under KMSAN
net: kasan: kmsan: support CONFIG_GENERIC_CSUM on x86, enable it for
KASAN/KMSAN
To: Alexander Potapenko <glider@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Harry Wentland <harry.wentland@amd.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Wolfram Sang <wsa@the-dreams.de>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: linux-mm@kvack.org
Documentation/dev-tools/index.rst | 1 +
Documentation/dev-tools/kmsan.rst | 418 +++++++++++++++++
Makefile | 3 +-
arch/Kconfig | 2 +-
arch/s390/include/asm/processor.h | 4 +-
arch/x86/Kconfig | 7 +
arch/x86/Kconfig.debug | 3 +
arch/x86/boot/Makefile | 2 +
arch/x86/boot/compressed/Makefile | 2 +
arch/x86/boot/compressed/misc.h | 1 +
arch/x86/entry/common.c | 1 +
arch/x86/entry/entry_64.S | 18 +
arch/x86/entry/vdso/Makefile | 3 +
arch/x86/include/asm/checksum.h | 10 +-
arch/x86/include/asm/irq_regs.h | 1 +
arch/x86/include/asm/kmsan.h | 129 ++++++
arch/x86/include/asm/page_64.h | 13 +
arch/x86/include/asm/page_64_types.h | 12 +-
arch/x86/include/asm/pgtable_64_types.h | 15 +
arch/x86/include/asm/string_64.h | 9 +-
arch/x86/include/asm/syscall_wrapper.h | 1 +
arch/x86/include/asm/uaccess.h | 12 +
arch/x86/include/asm/unwind.h | 9 +-
arch/x86/kernel/Makefile | 4 +
arch/x86/kernel/apic/apic.c | 2 +
arch/x86/kernel/cpu/Makefile | 1 +
arch/x86/kernel/dumpstack_64.c | 1 +
arch/x86/kernel/process_64.c | 5 +
arch/x86/kernel/traps.c | 12 +-
arch/x86/kernel/uprobes.c | 7 +-
arch/x86/lib/Makefile | 2 +
arch/x86/mm/Makefile | 2 +
arch/x86/mm/fault.c | 20 +
arch/x86/mm/ioremap.c | 3 +
arch/x86/realmode/rm/Makefile | 2 +
block/bio.c | 20 +
block/blk.h | 7 +
block/partition-generic.c | 9 +-
crypto/Kconfig | 26 ++
drivers/char/random.c | 2 +
drivers/firmware/efi/libstub/Makefile | 1 +
drivers/gpu/drm/amd/display/Kconfig | 2 +-
drivers/i2c/i2c-core-base.c | 2 +
drivers/input/serio/libps2.c | 6 +-
drivers/scsi/scsi_lib.c | 4 +
drivers/usb/core/message.c | 6 +-
drivers/usb/core/urb.c | 2 +
drivers/virtio/virtio_ring.c | 14 +
fs/buffer.c | 7 +-
include/asm-generic/cacheflush.h | 7 +-
include/asm-generic/uaccess.h | 12 +-
include/linux/compiler-clang.h | 8 +
include/linux/compiler-gcc.h | 5 +
include/linux/compiler.h | 21 +-
include/linux/dma-mapping.h | 2 +
include/linux/gfp.h | 4 +-
include/linux/highmem.h | 4 +
include/linux/kmsan-checks.h | 123 +++++
include/linux/kmsan.h | 143 ++++++
include/linux/mm_types.h | 9 +
include/linux/sched.h | 5 +
include/linux/skbuff.h | 5 +-
include/linux/stackdepot.h | 10 +
include/linux/string.h | 2 +
include/linux/uaccess.h | 32 +-
init/main.c | 3 +
kernel/Makefile | 1 +
kernel/exit.c | 2 +
kernel/fork.c | 2 +
kernel/kthread.c | 2 +
kernel/printk/printk.c | 8 +-
kernel/printk/printk_safe.c | 2 +-
kernel/profile.c | 1 +
kernel/sched/core.c | 11 +
kernel/softirq.c | 5 +
lib/Kconfig.debug | 5 +
lib/Kconfig.kmsan | 22 +
lib/Makefile | 2 +
lib/ioremap.c | 5 +
lib/iov_iter.c | 6 +
lib/stackdepot.c | 72 ++-
lib/string.c | 5 +-
lib/test_kmsan.c | 221 +++++++++
lib/usercopy.c | 6 +-
mm/Makefile | 1 +
mm/compaction.c | 9 +
mm/filemap.c | 3 +
mm/gup.c | 3 +
mm/kasan/common.c | 23 -
mm/kmsan/Makefile | 4 +
mm/kmsan/kmsan.c | 570 ++++++++++++++++++++++++
mm/kmsan/kmsan.h | 147 ++++++
mm/kmsan/kmsan_entry.c | 130 ++++++
mm/kmsan/kmsan_hooks.c | 416 +++++++++++++++++
mm/kmsan/kmsan_init.c | 88 ++++
mm/kmsan/kmsan_instr.c | 259 +++++++++++
mm/kmsan/kmsan_report.c | 135 ++++++
mm/kmsan/kmsan_shadow.c | 543 ++++++++++++++++++++++
mm/kmsan/kmsan_shadow.h | 30 ++
mm/memory.c | 2 +
mm/mmu_gather.c | 10 +
mm/page_alloc.c | 16 +
mm/readahead.c | 6 +
mm/slub.c | 37 +-
mm/vmalloc.c | 23 +-
net/9p/protocol.c | 2 +
net/sched/sch_generic.c | 2 +
scripts/Makefile.kmsan | 12 +
scripts/Makefile.lib | 6 +
sound/core/oss/pcm_oss.c | 7 +
110 files changed, 4022 insertions(+), 80 deletions(-)
create mode 100644 Documentation/dev-tools/kmsan.rst
create mode 100644 arch/x86/include/asm/kmsan.h
create mode 100644 include/linux/kmsan-checks.h
create mode 100644 include/linux/kmsan.h
create mode 100644 lib/Kconfig.kmsan
create mode 100644 lib/test_kmsan.c
create mode 100644 mm/kmsan/Makefile
create mode 100644 mm/kmsan/kmsan.c
create mode 100644 mm/kmsan/kmsan.h
create mode 100644 mm/kmsan/kmsan_entry.c
create mode 100644 mm/kmsan/kmsan_hooks.c
create mode 100644 mm/kmsan/kmsan_init.c
create mode 100644 mm/kmsan/kmsan_instr.c
create mode 100644 mm/kmsan/kmsan_report.c
create mode 100644 mm/kmsan/kmsan_shadow.c
create mode 100644 mm/kmsan/kmsan_shadow.h
create mode 100644 scripts/Makefile.kmsan
--
2.23.0.866.gb869b98d4c-goog
next reply other threads:[~2019-10-18 9:43 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-18 9:42 glider [this message]
2019-10-18 9:42 ` [PATCH RFC v1 01/26] stackdepot: check depot_index before accessing the stack slab glider
2019-10-18 9:42 ` [PATCH RFC v1 02/26] stackdepot: prevent Clang from optimizing away stackdepot_memcmp() glider
2019-10-18 9:42 ` [PATCH RFC v1 03/26] kasan: stackdepot: move filter_irq_stacks() to stackdepot.c glider
2019-10-18 9:42 ` [PATCH RFC v1 04/26] stackdepot: reserve 5 extra bits in depot_stack_handle_t glider
2019-10-18 9:42 ` [PATCH RFC v1 05/26] printk_safe: externalize printk_context glider
2019-10-21 9:09 ` Petr Mladek
2019-10-23 17:57 ` Alexander Potapenko
2019-10-23 18:00 ` Alexander Potapenko
2019-10-24 12:46 ` Petr Mladek
2019-10-28 13:09 ` Alexander Potapenko
2019-10-29 12:02 ` Petr Mladek
2019-10-29 12:45 ` Alexander Potapenko
2019-10-18 9:42 ` [PATCH RFC v1 06/26] kasan: compiler.h: rename __no_kasan_or_inline into __no_memory_tool_or_inline glider
2019-10-18 9:42 ` [PATCH RFC v1 07/26] kmsan: add ReST documentation glider
2019-10-18 9:42 ` [PATCH RFC v1 08/26] kmsan: gfp: introduce __GFP_NO_KMSAN_SHADOW glider
2019-10-18 9:42 ` [PATCH RFC v1 09/26] kmsan: introduce __no_sanitize_memory and __SANITIZE_MEMORY__ glider
2019-10-18 9:42 ` [PATCH RFC v1 10/26] kmsan: reduce vmalloc space glider
2019-10-18 9:42 ` [PATCH RFC v1 11/26] kmsan: add KMSAN runtime glider
2019-10-18 9:42 ` [PATCH RFC v1 12/26] kmsan: x86: sync metadata pages on page fault glider
2019-10-18 9:42 ` [PATCH RFC v1 13/26] kmsan: add tests for KMSAN glider
2019-10-18 9:42 ` [PATCH RFC v1 14/26] kmsan: make READ_ONCE_TASK_STACK() return initialized values glider
2019-10-18 9:42 ` [PATCH RFC v1 15/26] kmsan: Kconfig changes to disable options incompatible with KMSAN glider
2019-10-21 14:11 ` Harry Wentland
2019-10-18 9:42 ` [PATCH RFC v1 16/26] kmsan: Changing existing files to enable KMSAN builds glider
2019-10-18 9:42 ` [PATCH RFC v1 17/26] kmsan: disable KMSAN instrumentation for certain kernel parts glider
2019-10-18 9:42 ` [PATCH RFC v1 18/26] kmsan: mm: call KMSAN hooks from SLUB code glider
2019-10-18 13:22 ` Qian Cai
2019-10-18 13:33 ` Alexander Potapenko
2019-10-18 13:41 ` Qian Cai
2019-10-18 13:55 ` Alexander Potapenko
2019-10-18 14:42 ` Qian Cai
2019-10-18 14:54 ` Alexander Potapenko
2019-10-18 15:13 ` Qian Cai
2019-10-18 15:30 ` Alexander Potapenko
2019-10-18 16:08 ` Qian Cai
2019-10-18 9:42 ` [PATCH RFC v1 19/26] kmsan: call KMSAN hooks where needed glider
2019-10-18 15:02 ` Qian Cai
2019-10-29 14:09 ` Alexander Potapenko
2019-10-29 14:56 ` Qian Cai
2019-10-21 9:25 ` Petr Mladek
2019-10-29 13:59 ` Alexander Potapenko
2019-10-18 9:42 ` [PATCH RFC v1 20/26] kmsan: disable instrumentation of certain functions glider
2019-10-18 9:42 ` [PATCH RFC v1 21/26] kmsan: unpoison |tlb| in arch_tlb_gather_mmu() glider
2019-10-18 9:43 ` [PATCH RFC v1 22/26] kmsan: use __msan_memcpy() where possible glider
2019-10-18 9:43 ` [PATCH RFC v1 23/26] kmsan: unpoisoning buffers from devices etc glider
2019-10-18 15:27 ` Christoph Hellwig
2019-10-18 16:22 ` Matthew Wilcox
2019-10-29 14:45 ` Alexander Potapenko
2019-10-30 12:43 ` Alexander Potapenko
2019-10-18 9:43 ` [PATCH RFC v1 24/26] kmsan: hooks for copy_to_user() and friends glider
2019-10-18 9:43 ` [PATCH RFC v1 25/26] kmsan: disable strscpy() optimization under KMSAN glider
2019-10-18 9:43 ` [PATCH RFC v1 26/26] net: kasan: kmsan: support CONFIG_GENERIC_CSUM on x86, enable it for KASAN/KMSAN glider
2019-10-19 3:20 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191018094304.37056-1-glider@google.com \
--to=glider@google.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=axboe@kernel.dk \
--cc=dmitry.torokhov@gmail.com \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=ericvh@gmail.com \
--cc=gor@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=harry.wentland@amd.com \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=iii@linux.ibm.com \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=martin.petersen@oracle.com \
--cc=mingo@elte.hu \
--cc=monstr@monstr.eu \
--cc=mst@redhat.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=schwidefsky@de.ibm.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=tglx@linutronix.de \
--cc=tiwai@suse.com \
--cc=tytso@mit.edu \
--cc=vegard.nossum@oracle.com \
--cc=viro@zeniv.linux.org.uk \
--cc=wsa@the-dreams.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.