From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59FA0C433FE for ; Tue, 26 Apr 2022 16:44:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E88986B0083; Tue, 26 Apr 2022 12:44:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E12886B0085; Tue, 26 Apr 2022 12:44:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CB0E46B0087; Tue, 26 Apr 2022 12:44:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.27]) by kanga.kvack.org (Postfix) with ESMTP id BE6996B0083 for ; Tue, 26 Apr 2022 12:44:42 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay11.hostedemail.com (Postfix) with ESMTP id 89A9880ABE for ; Tue, 26 Apr 2022 16:44:42 +0000 (UTC) X-FDA: 79399604004.03.DBFC14C Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com [209.85.218.74]) by imf07.hostedemail.com (Postfix) with ESMTP id 12B2940050 for ; Tue, 26 Apr 2022 16:44:39 +0000 (UTC) Received: by mail-ej1-f74.google.com with SMTP id qw33-20020a1709066a2100b006f001832229so9338259ejc.4 for ; Tue, 26 Apr 2022 09:44:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=/0H5A8X92xIp0p19j3P2M66qBbmfiGtveehlyZCJw24=; b=FvkMkIGRscjUzYZMvLVFQr9H/QRVOHYZw4hHknosvP6NOZtQxpNsZd0RtzhJXelcRc z988hAfskDDmoJnPIiI0jXNGvUulB8rFxBfA8ab5Sms91LUTaW4M13z8UFY9KvIBTi0U mydviyOj8aDprvPJfYeUMhjCpbeC8rH4hZxCn8OWbU3YolhExGVHn2JyusklOjF/6sO4 vYyxMokIMpAW+3L8FTBFk9+HgjrICCnt0AsWcRVYbtUA2ELiqXnXSxBNwEJZcwS3tI4o 91Z59BTGhx3wH4FUgP2JaAvwZ5iQeqRkzHHrNtLbtKEtxaZ4rzTmakhpwXtIFjy1dzme JxoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=/0H5A8X92xIp0p19j3P2M66qBbmfiGtveehlyZCJw24=; b=vdxQusq43UX+yp7Lu5WBiE1Ic/mY7xNDEq6+bYKtdYkFZOOgLRLB3ADyqXsHBvdZqD GQQULGGJ1mCUhu06jMvYUOTBX3tsEW7f1sJbE+7FJ30P3iBOQoMTJRSWb+1xjrWjCgil KlNMqaBsRPyObS1vQjthJhpdqPN78Y2EqY6YNXZjQFgZAKC5ji7IYXdiVmGHh1eQBALh SV7ZxS3rLLw1GimpqX134Wwybfr5fn7mitLxc2Bv2J5udUtbkdP/QXUgJnthC0UKtzuG qQ9fF+b8M/7ZuMMuNHq5rWir+2huNy4qsK74PX1CahRC5lkC/ahSoetwhF2u6YKAa2d7 7CTg== X-Gm-Message-State: AOAM5315PQy0E2XAyU6tCMnavVPFvPrBh5YVlTUSZJIT0vDuxwKAopKb c0JKecZ2J6/9BoQgggam5PsjMGwqFdE= X-Google-Smtp-Source: ABdhPJyznSX2i8WSeLQTTkki2cbZTho3ac9KkIH//+BcoF3wC20oGterW7mlNzbNsl8P2+ms/2tHQUoo1l8= X-Received: from glider.muc.corp.google.com ([2a00:79e0:15:13:d580:abeb:bf6d:5726]) (user=glider job=sendgmr) by 2002:aa7:d310:0:b0:425:f22f:763f with SMTP id p16-20020aa7d310000000b00425f22f763fmr9236955edq.163.1650991480781; Tue, 26 Apr 2022 09:44:40 -0700 (PDT) Date: Tue, 26 Apr 2022 18:42:37 +0200 In-Reply-To: <20220426164315.625149-1-glider@google.com> Message-Id: <20220426164315.625149-9-glider@google.com> Mime-Version: 1.0 References: <20220426164315.625149-1-glider@google.com> X-Mailer: git-send-email 2.36.0.rc2.479.g8af0fa9b8e-goog Subject: [PATCH v3 08/46] kmsan: introduce __no_sanitize_memory and __no_kmsan_checks From: Alexander Potapenko To: glider@google.com Cc: Alexander Viro , Andrew Morton , Andrey Konovalov , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Christoph Hellwig , Christoph Lameter , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Herbert Xu , Ilya Leoshkevich , Ingo Molnar , Jens Axboe , Joonsoo Kim , Kees Cook , Marco Elver , Mark Rutland , Matthew Wilcox , "Michael S. Tsirkin" , Pekka Enberg , Peter Zijlstra , Petr Mladek , Steven Rostedt , Thomas Gleixner , Vasily Gorbik , Vegard Nossum , Vlastimil Babka , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 12B2940050 X-Stat-Signature: i7bdn1eqxh56mfsgtc3ehnxxsu1jxyx8 Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=FvkMkIGR; spf=pass (imf07.hostedemail.com: domain of 3eCFoYgYKCHUZebWXkZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--glider.bounces.google.com designates 209.85.218.74 as permitted sender) smtp.mailfrom=3eCFoYgYKCHUZebWXkZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--glider.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com X-HE-Tag: 1650991479-807580 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: __no_sanitize_memory is a function attribute that instructs KMSAN to skip a function during instrumentation. This is needed to e.g. implement the noinstr functions. __no_kmsan_checks is a function attribute that makes KMSAN ignore the uninitialized values coming from the function's inputs, and initialize the function's outputs. Functions marked with this attribute can't be inlined into functions not marked with it, and vice versa. This behavior is overridden by __always_inline. __SANITIZE_MEMORY__ is a macro that's defined iff the file is instrumented with KMSAN. This is not the same as CONFIG_KMSAN, which is defined for every file. Signed-off-by: Alexander Potapenko --- Link: https://linux-review.googlesource.com/id/I004ff0360c918d3cd8b18767ddd1381c6d3281be --- include/linux/compiler-clang.h | 23 +++++++++++++++++++++++ include/linux/compiler-gcc.h | 6 ++++++ 2 files changed, 29 insertions(+) diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index babb1347148c5..c561064921449 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -51,6 +51,29 @@ #define __no_sanitize_undefined #endif +#if __has_feature(memory_sanitizer) +#define __SANITIZE_MEMORY__ +/* + * Unlike other sanitizers, KMSAN still inserts code into functions marked with + * no_sanitize("kernel-memory"). Using disable_sanitizer_instrumentation + * provides the behavior consistent with other __no_sanitize_ attributes, + * guaranteeing that __no_sanitize_memory functions remain uninstrumented. + */ +#define __no_sanitize_memory __disable_sanitizer_instrumentation + +/* + * The __no_kmsan_checks attribute ensures that a function does not produce + * false positive reports by: + * - initializing all local variables and memory stores in this function; + * - skipping all shadow checks; + * - passing initialized arguments to this function's callees. + */ +#define __no_kmsan_checks __attribute__((no_sanitize("kernel-memory"))) +#else +#define __no_sanitize_memory +#define __no_kmsan_checks +#endif + /* * Support for __has_feature(coverage_sanitizer) was added in Clang 13 together * with no_sanitize("coverage"). Prior versions of Clang support coverage diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index 52299c957c98e..f1a7ce3f6e6fd 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -133,6 +133,12 @@ #define __SANITIZE_ADDRESS__ #endif +/* + * GCC does not support KMSAN. + */ +#define __no_sanitize_memory +#define __no_kmsan_checks + /* * Turn individual warnings and errors on and off locally, depending * on version. -- 2.36.0.rc2.479.g8af0fa9b8e-goog