From: Christophe Leroy <christophe.leroy@c-s.fr>
To: Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
Alexander Potapenko <glider@google.com>,
LKML <linux-kernel@vger.kernel.org>,
linuxppc-dev@lists.ozlabs.org,
kasan-dev <kasan-dev@googlegroups.com>,
Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH v3 1/3] powerpc/mm: prepare kernel for KAsan on PPC32
Date: Tue, 15 Jan 2019 18:25:35 +0100 [thread overview]
Message-ID: <301f5826-64ab-1cf4-7e7e-cd026de77bca@c-s.fr> (raw)
In-Reply-To: <CACT4Y+ajgTdDyFFWCp0oRSPKZh9ercDpq3pAq2-ZSx7ouAvZYQ@mail.gmail.com>
Le 15/01/2019 à 18:10, Dmitry Vyukov a écrit :
> On Tue, Jan 15, 2019 at 6:06 PM Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
>>
>>
>>
>> On 1/15/19 2:14 PM, Dmitry Vyukov wrote:
>>> On Tue, Jan 15, 2019 at 8:27 AM Christophe Leroy
>>> <christophe.leroy@c-s.fr> wrote:
>>>> On 01/14/2019 09:34 AM, Dmitry Vyukov wrote:
>>>>> On Sat, Jan 12, 2019 at 12:16 PM Christophe Leroy
>>>>> <christophe.leroy@c-s.fr> wrote:
>>>>> >
>>>>> > In kernel/cputable.c, explicitly use memcpy() in order
>>>>> > to allow GCC to replace it with __memcpy() when KASAN is
>>>>> > selected.
>>>>> >
>>>>> > Since commit 400c47d81ca38 ("powerpc32: memset: only use dcbz once cache is
>>>>> > enabled"), memset() can be used before activation of the cache,
>>>>> > so no need to use memset_io() for zeroing the BSS.
>>>>> >
>>>>> > Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
>>>>> > ---
>>>>> > arch/powerpc/kernel/cputable.c | 4 ++--
>>>>> > arch/powerpc/kernel/setup_32.c | 6 ++----
>>>>> > 2 files changed, 4 insertions(+), 6 deletions(-)
>>>>> >
>>>>> > diff --git a/arch/powerpc/kernel/cputable.c
>>>>> b/arch/powerpc/kernel/cputable.c
>>>>> > index 1eab54bc6ee9..84814c8d1bcb 100644
>>>>> > --- a/arch/powerpc/kernel/cputable.c
>>>>> > +++ b/arch/powerpc/kernel/cputable.c
>>>>> > @@ -2147,7 +2147,7 @@ void __init set_cur_cpu_spec(struct cpu_spec *s)
>>>>> > struct cpu_spec *t = &the_cpu_spec;
>>>>> >
>>>>> > t = PTRRELOC(t);
>>>>> > - *t = *s;
>>>>> > + memcpy(t, s, sizeof(*t));
>>>>>
>>>>> Hi Christophe,
>>>>>
>>>>> I understand why you are doing this, but this looks a bit fragile and
>>>>> non-scalable. This may not work with the next version of compiler,
>>>>> just different than yours version of compiler, clang, etc.
>>>>
>>>> My felling would be that this change makes it more solid.
>>>>
>>>> My understanding is that when you do *t = *s, the compiler can use
>>>> whatever way it wants to do the copy.
>>>> When you do memcpy(), you ensure it will do it that way and not another
>>>> way, don't you ?
>>>
>>> It makes this single line more deterministic wrt code-gen (though,
>>> strictly saying compiler can turn memcpy back into inlines
>>> instructions, it knows memcpy semantics anyway).
>>> But the problem I meant is that the set of places that are subject to
>>> this problem is not deterministic. So if we go with this solution,
>>> after this change it's in the status "works on your machine" and we
>>> either need to commit to not using struct copies and zeroing
>>> throughout kernel code or potentially have a long tail of other
>>> similar cases, and since they can be triggered by another compiler
>>> version, we may need to backport these changes to previous releases
>>> too. Whereas if we would go with compiler flags, it would prevent the
>>> problem in all current and future places and with other past/future
>>> versions of compilers.
>>>
>>
>> The patch will work for any compiler. The point of this patch is to make
>> memcpy() visible to the preprocessor which will replace it with __memcpy().
>
> For this single line, yes. But it does not mean that KASAN will work.
>
>> After preprocessor's work, compiler will see just __memcpy() call here.
This problem can affect any arch I believe. Maybe the 'solution' would
be to run a generic script similar to
arch/powerpc/kernel/prom_init_check.sh on all objects compiled with
KASAN_SANITIZE_object.o := n don't include any reference to memcpy()
memset() or memmove() ?
Christophe
WARNING: multiple messages have this Message-ID (diff)
From: Christophe Leroy <christophe.leroy@c-s.fr>
To: Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Nicholas Piggin <npiggin@gmail.com>,
Linux-MM <linux-mm@kvack.org>,
Alexander Potapenko <glider@google.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>,
Paul Mackerras <paulus@samba.org>,
kasan-dev <kasan-dev@googlegroups.com>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v3 1/3] powerpc/mm: prepare kernel for KAsan on PPC32
Date: Tue, 15 Jan 2019 18:25:35 +0100 [thread overview]
Message-ID: <301f5826-64ab-1cf4-7e7e-cd026de77bca@c-s.fr> (raw)
In-Reply-To: <CACT4Y+ajgTdDyFFWCp0oRSPKZh9ercDpq3pAq2-ZSx7ouAvZYQ@mail.gmail.com>
Le 15/01/2019 à 18:10, Dmitry Vyukov a écrit :
> On Tue, Jan 15, 2019 at 6:06 PM Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
>>
>>
>>
>> On 1/15/19 2:14 PM, Dmitry Vyukov wrote:
>>> On Tue, Jan 15, 2019 at 8:27 AM Christophe Leroy
>>> <christophe.leroy@c-s.fr> wrote:
>>>> On 01/14/2019 09:34 AM, Dmitry Vyukov wrote:
>>>>> On Sat, Jan 12, 2019 at 12:16 PM Christophe Leroy
>>>>> <christophe.leroy@c-s.fr> wrote:
>>>>> >
>>>>> > In kernel/cputable.c, explicitly use memcpy() in order
>>>>> > to allow GCC to replace it with __memcpy() when KASAN is
>>>>> > selected.
>>>>> >
>>>>> > Since commit 400c47d81ca38 ("powerpc32: memset: only use dcbz once cache is
>>>>> > enabled"), memset() can be used before activation of the cache,
>>>>> > so no need to use memset_io() for zeroing the BSS.
>>>>> >
>>>>> > Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
>>>>> > ---
>>>>> > arch/powerpc/kernel/cputable.c | 4 ++--
>>>>> > arch/powerpc/kernel/setup_32.c | 6 ++----
>>>>> > 2 files changed, 4 insertions(+), 6 deletions(-)
>>>>> >
>>>>> > diff --git a/arch/powerpc/kernel/cputable.c
>>>>> b/arch/powerpc/kernel/cputable.c
>>>>> > index 1eab54bc6ee9..84814c8d1bcb 100644
>>>>> > --- a/arch/powerpc/kernel/cputable.c
>>>>> > +++ b/arch/powerpc/kernel/cputable.c
>>>>> > @@ -2147,7 +2147,7 @@ void __init set_cur_cpu_spec(struct cpu_spec *s)
>>>>> > struct cpu_spec *t = &the_cpu_spec;
>>>>> >
>>>>> > t = PTRRELOC(t);
>>>>> > - *t = *s;
>>>>> > + memcpy(t, s, sizeof(*t));
>>>>>
>>>>> Hi Christophe,
>>>>>
>>>>> I understand why you are doing this, but this looks a bit fragile and
>>>>> non-scalable. This may not work with the next version of compiler,
>>>>> just different than yours version of compiler, clang, etc.
>>>>
>>>> My felling would be that this change makes it more solid.
>>>>
>>>> My understanding is that when you do *t = *s, the compiler can use
>>>> whatever way it wants to do the copy.
>>>> When you do memcpy(), you ensure it will do it that way and not another
>>>> way, don't you ?
>>>
>>> It makes this single line more deterministic wrt code-gen (though,
>>> strictly saying compiler can turn memcpy back into inlines
>>> instructions, it knows memcpy semantics anyway).
>>> But the problem I meant is that the set of places that are subject to
>>> this problem is not deterministic. So if we go with this solution,
>>> after this change it's in the status "works on your machine" and we
>>> either need to commit to not using struct copies and zeroing
>>> throughout kernel code or potentially have a long tail of other
>>> similar cases, and since they can be triggered by another compiler
>>> version, we may need to backport these changes to previous releases
>>> too. Whereas if we would go with compiler flags, it would prevent the
>>> problem in all current and future places and with other past/future
>>> versions of compilers.
>>>
>>
>> The patch will work for any compiler. The point of this patch is to make
>> memcpy() visible to the preprocessor which will replace it with __memcpy().
>
> For this single line, yes. But it does not mean that KASAN will work.
>
>> After preprocessor's work, compiler will see just __memcpy() call here.
This problem can affect any arch I believe. Maybe the 'solution' would
be to run a generic script similar to
arch/powerpc/kernel/prom_init_check.sh on all objects compiled with
KASAN_SANITIZE_object.o := n don't include any reference to memcpy()
memset() or memmove() ?
Christophe
next prev parent reply other threads:[~2019-01-15 17:25 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-12 11:16 [PATCH v3 0/3] KASAN for powerpc/32 Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-12 11:16 ` [PATCH v3 1/3] powerpc/mm: prepare kernel for KAsan on PPC32 Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-14 9:34 ` Dmitry Vyukov
2019-01-14 9:34 ` Dmitry Vyukov
2019-01-14 9:34 ` Dmitry Vyukov
2019-01-15 7:27 ` Christophe Leroy
2019-01-15 7:27 ` Christophe Leroy
2019-01-15 11:14 ` Dmitry Vyukov
2019-01-15 11:14 ` Dmitry Vyukov
2019-01-15 11:14 ` Dmitry Vyukov
2019-01-15 17:07 ` Andrey Ryabinin
2019-01-15 17:07 ` Andrey Ryabinin
2019-01-15 17:10 ` Dmitry Vyukov
2019-01-15 17:10 ` Dmitry Vyukov
2019-01-15 17:10 ` Dmitry Vyukov
2019-01-15 17:25 ` Christophe Leroy [this message]
2019-01-15 17:25 ` Christophe Leroy
2019-01-16 10:03 ` Dmitry Vyukov
2019-01-16 10:03 ` Dmitry Vyukov
2019-01-16 10:03 ` Dmitry Vyukov
2019-01-12 11:16 ` [PATCH v3 2/3] powerpc/32: Move early_init() in a separate file Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-12 11:16 ` [PATCH v3 3/3] powerpc/32: Add KASAN support Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-12 11:16 ` Christophe Leroy
2019-01-15 17:23 ` Andrey Ryabinin
2019-01-15 17:23 ` Andrey Ryabinin
2019-01-21 7:17 ` Christophe Leroy
2019-01-21 7:17 ` Christophe Leroy
2019-01-21 8:30 ` Dmitry Vyukov
2019-01-21 8:30 ` Dmitry Vyukov
2019-01-21 8:30 ` Dmitry Vyukov
2019-01-21 8:37 ` Christophe Leroy
2019-01-21 8:37 ` Christophe Leroy
2019-01-21 9:24 ` Dmitry Vyukov
2019-01-21 9:24 ` Dmitry Vyukov
2019-01-21 9:24 ` Dmitry Vyukov
2019-01-21 9:30 ` Christophe Leroy
2019-01-21 9:30 ` Christophe Leroy
2019-01-21 10:36 ` Christophe Leroy
2019-01-21 10:36 ` Christophe Leroy
2019-01-21 12:33 ` Dmitry Vyukov
2019-01-21 12:33 ` Dmitry Vyukov
2019-01-21 12:33 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=301f5826-64ab-1cf4-7e7e-cd026de77bca@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=aneesh.kumar@linux.ibm.com \
--cc=aryabinin@virtuozzo.com \
--cc=benh@kernel.crashing.org \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=npiggin@gmail.com \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.