From: Peter Zijlstra <peterz@infradead.org>
To: peterz@infradead.org
Cc: juri.lelli@redhat.com,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
rafael@kernel.org, catalin.marinas@arm.com,
linus.walleij@linaro.org, nsekhar@ti.com, bsegall@google.com,
guoren@kernel.org, pavel@ucw.cz, agordeev@linux.ibm.com,
srivatsa@csail.mit.edu, linux-arch@vger.kernel.org,
linux-samsung-soc@vger.kernel.org, vincent.guittot@linaro.org,
chenhuacai@kernel.org, linux-acpi@vger.kernel.org,
agross@kernel.org, geert@linux-m68k.org, linux-imx@nxp.com,
vgupta@kernel.org, mattst88@gmail.com, borntraeger@linux.ibm.com,
mturquette@baylibre.com, sammy@sammy.net, pmladek@suse.com,
linux-pm@vger.kernel.org, Sascha Hauer <s.hauer@pengutronix.de>,
linux-um@lists.infradead.org, npiggin@gmail.com,
tglx@linutronix.de, linux-omap@vger.kernel.org,
dietmar.eggemann@arm.com, andreyknvl@gmail.com,
gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
linux-perf-users@vger.kernel.org, senozhatsky@chromium.org,
svens@linux.ibm.com, jolsa@kernel.org, tj@kernel.org,
Andrew Morton <akpm@linu x-foundation.org>,
linux-trace-kernel@vger.kernel.org, mark.rutland@arm.com,
linux-ia64@vger.kernel.org, alim.akhtar@samsung.com,
dave.hansen@linux.intel.com,
virtualization@lists.linux-foundation.org,
James.Bottomley@HansenPartnership.com, jcmvbkbc@gmail.com,
thierry.reding@gmail.com, kernel@xen0n.name, cl@linux.com,
linux-s390@vger.kernel.org, vschneid@redhat.com,
john.ogness@linutronix.de, ysato@users.sourceforge.jp,
linux-sh@vger.kernel.org, will@kernel.org, brgl@bgdev.pl,
daniel.lezcano@linaro.org, jonathanh@nvidia.com,
dennis@kernel.org, frederic@kernel.org, lenb@kernel.org,
linux-xtensa@linux-xtensa.org, kernel@pengutronix.de,
gor@linux.ibm.com, linux-arm-msm@vger.kernel.org,
linux-alpha@vger.kernel.org, linux-m68k@lists.linux-m68k.org,
loongarch@lists.linux.dev, shorne@gmail.com, chris@zankel.net,
sboyd@kernel.org, dinguyen@kernel.org, bristot@redhat.com,
Ulf Hansson <ulf.hansson@linaro.org>,
alexander.shishkin@linux.intel.com, lpieralisi@kernel.org,
atishp@atishpatra.org, l inux@rasmusvillemoes.dk,
kasan-dev@googlegroups.com, festevam@gmail.com,
boris.ostrovsky@oracle.com, khilman@kernel.org,
linux-csky@vger.kernel.org, pv-drivers@vmware.com,
linux-snps-arc@lists.infradead.org, mgorman@suse.de,
jacob.jun.pan@linux.intel.com, Arnd Bergmann <arnd@arndb.de>,
ulli.kroll@googlemail.com, linux-clk@vger.kernel.org,
rostedt@goodmis.org, ink@jurassic.park.msu.ru, bcain@quicinc.com,
tsbogend@alpha.franken.de, linux-parisc@vger.kernel.org,
konrad.dybcio@linaro.org, ryabinin.a.a@gmail.com,
sudeep.holla@arm.com, shawnguo@kernel.org, davem@davemloft.net,
dalias@libc.org, tony@atomide.com, amakhalov@vmware.com,
linux-mm@kvack.org, glider@google.com, hpa@zytor.com,
sparclinux@vger.kernel.org, linux-hexagon@vger.kernel.org,
linux-riscv@lists.infradead.org, vincenzo.frascino@arm.com,
anton.ivanov@cambridgegreys.com, jonas@southpole.se,
yury.norov@gmail.com, richard@nod.at, x86@kernel.org,
linux@armlinux.org.uk, mingo@redhat.com, mhiramat@kernel.org,
aou@eecs.berkeley.ed u, paulmck@kernel.org, hca@linux.ibm.com,
richard.henderson@linaro.org, stefan.kristiansson@saunalahti.fi,
openrisc@lists.librecores.org, acme@kernel.org,
paul.walmsley@sifive.com, linux-tegra@vger.kernel.org,
namhyung@kernel.org, andriy.shevchenko@linux.intel.com,
jpoimboe@kernel.org, dvyukov@google.com, jgross@suse.com,
monstr@monstr.eu, andersson@kernel.org,
linux-mips@vger.kernel.org, krzysztof.kozlowski@linaro.org,
palmer@dabbelt.com, anup@brainfault.org, bp@alien8.de,
johannes@sipsolutions.net, linuxppc-dev@lists.ozlabs.org,
deller@gmx.de
Subject: [PATCH v3 44/51] entry,kasan,x86: Disallow overriding mem*() functions
Date: Thu, 12 Jan 2023 20:43:58 +0100 [thread overview]
Message-ID: <20230112195542.028523143@infradead.org> (raw)
In-Reply-To: 20230112194314.845371875@infradead.org
KASAN cannot just hijack the mem*() functions, it needs to emit
__asan_mem*() variants if it wants instrumentation (other sanitizers
already do this).
vmlinux.o: warning: objtool: sync_regs+0x24: call to memcpy() leaves .noinstr.text section
vmlinux.o: warning: objtool: vc_switch_off_ist+0xbe: call to memcpy() leaves .noinstr.text section
vmlinux.o: warning: objtool: fixup_bad_iret+0x36: call to memset() leaves .noinstr.text section
vmlinux.o: warning: objtool: __sev_get_ghcb+0xa0: call to memcpy() leaves .noinstr.text section
vmlinux.o: warning: objtool: __sev_put_ghcb+0x35: call to memcpy() leaves .noinstr.text section
Remove the weak aliases to ensure nobody hijacks these functions and
add them to the noinstr section.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Frederic Weisbecker <frederic@kernel.org>
Tested-by: Tony Lindgren <tony@atomide.com>
Tested-by: Ulf Hansson <ulf.hansson@linaro.org>
---
arch/x86/lib/memcpy_64.S | 5 ++---
arch/x86/lib/memmove_64.S | 4 +++-
arch/x86/lib/memset_64.S | 4 +++-
mm/kasan/kasan.h | 4 ++++
mm/kasan/shadow.c | 38 ++++++++++++++++++++++++++++++++++++++
tools/objtool/check.c | 3 +++
6 files changed, 53 insertions(+), 5 deletions(-)
--- a/arch/x86/lib/memcpy_64.S
+++ b/arch/x86/lib/memcpy_64.S
@@ -7,7 +7,7 @@
#include <asm/alternative.h>
#include <asm/export.h>
-.pushsection .noinstr.text, "ax"
+.section .noinstr.text, "ax"
/*
* We build a jump to memcpy_orig by default which gets NOPped out on
@@ -42,7 +42,7 @@ SYM_FUNC_START(__memcpy)
SYM_FUNC_END(__memcpy)
EXPORT_SYMBOL(__memcpy)
-SYM_FUNC_ALIAS_WEAK(memcpy, __memcpy)
+SYM_FUNC_ALIAS(memcpy, __memcpy)
EXPORT_SYMBOL(memcpy)
/*
@@ -183,4 +183,3 @@ SYM_FUNC_START_LOCAL(memcpy_orig)
RET
SYM_FUNC_END(memcpy_orig)
-.popsection
--- a/arch/x86/lib/memmove_64.S
+++ b/arch/x86/lib/memmove_64.S
@@ -13,6 +13,8 @@
#undef memmove
+.section .noinstr.text, "ax"
+
/*
* Implement memmove(). This can handle overlap between src and dst.
*
@@ -213,5 +215,5 @@ SYM_FUNC_START(__memmove)
SYM_FUNC_END(__memmove)
EXPORT_SYMBOL(__memmove)
-SYM_FUNC_ALIAS_WEAK(memmove, __memmove)
+SYM_FUNC_ALIAS(memmove, __memmove)
EXPORT_SYMBOL(memmove)
--- a/arch/x86/lib/memset_64.S
+++ b/arch/x86/lib/memset_64.S
@@ -6,6 +6,8 @@
#include <asm/alternative.h>
#include <asm/export.h>
+.section .noinstr.text, "ax"
+
/*
* ISO C memset - set a memory block to a byte value. This function uses fast
* string to get better performance than the original function. The code is
@@ -43,7 +45,7 @@ SYM_FUNC_START(__memset)
SYM_FUNC_END(__memset)
EXPORT_SYMBOL(__memset)
-SYM_FUNC_ALIAS_WEAK(memset, __memset)
+SYM_FUNC_ALIAS(memset, __memset)
EXPORT_SYMBOL(memset)
/*
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -551,6 +551,10 @@ void __asan_set_shadow_f3(const void *ad
void __asan_set_shadow_f5(const void *addr, size_t size);
void __asan_set_shadow_f8(const void *addr, size_t size);
+void *__asan_memset(void *addr, int c, size_t len);
+void *__asan_memmove(void *dest, const void *src, size_t len);
+void *__asan_memcpy(void *dest, const void *src, size_t len);
+
void __hwasan_load1_noabort(unsigned long addr);
void __hwasan_store1_noabort(unsigned long addr);
void __hwasan_load2_noabort(unsigned long addr);
--- a/mm/kasan/shadow.c
+++ b/mm/kasan/shadow.c
@@ -38,6 +38,12 @@ bool __kasan_check_write(const volatile
}
EXPORT_SYMBOL(__kasan_check_write);
+#ifndef CONFIG_GENERIC_ENTRY
+/*
+ * CONFIG_GENERIC_ENTRY relies on compiler emitted mem*() calls to not be
+ * instrumented. KASAN enabled toolchains should emit __asan_mem*() functions
+ * for the sites they want to instrument.
+ */
#undef memset
void *memset(void *addr, int c, size_t len)
{
@@ -68,6 +74,38 @@ void *memcpy(void *dest, const void *src
return __memcpy(dest, src, len);
}
+#endif
+
+void *__asan_memset(void *addr, int c, size_t len)
+{
+ if (!kasan_check_range((unsigned long)addr, len, true, _RET_IP_))
+ return NULL;
+
+ return __memset(addr, c, len);
+}
+EXPORT_SYMBOL(__asan_memset);
+
+#ifdef __HAVE_ARCH_MEMMOVE
+void *__asan_memmove(void *dest, const void *src, size_t len)
+{
+ if (!kasan_check_range((unsigned long)src, len, false, _RET_IP_) ||
+ !kasan_check_range((unsigned long)dest, len, true, _RET_IP_))
+ return NULL;
+
+ return __memmove(dest, src, len);
+}
+EXPORT_SYMBOL(__asan_memmove);
+#endif
+
+void *__asan_memcpy(void *dest, const void *src, size_t len)
+{
+ if (!kasan_check_range((unsigned long)src, len, false, _RET_IP_) ||
+ !kasan_check_range((unsigned long)dest, len, true, _RET_IP_))
+ return NULL;
+
+ return __memcpy(dest, src, len);
+}
+EXPORT_SYMBOL(__asan_memcpy);
void kasan_poison(const void *addr, size_t size, u8 value, bool init)
{
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
@@ -956,6 +956,9 @@ static const char *uaccess_safe_builtin[
"__asan_store16_noabort",
"__kasan_check_read",
"__kasan_check_write",
+ "__asan_memset",
+ "__asan_memmove",
+ "__asan_memcpy",
/* KASAN in-line */
"__asan_report_load_n_noabort",
"__asan_report_load1_noabort",
next prev parent reply other threads:[~2023-01-12 21:28 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-12 19:43 [PATCH v3 00/51] cpuidle,rcu: Clean up the mess Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 01/51] x86/perf/amd: Remove tracing from perf_lopwr_cb() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 02/51] x86/idle: Replace x86_idle with a static_call Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 03/51] cpuidle/poll: Ensure IRQ state is invariant Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 04/51] cpuidle: Move IRQ state validation Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 05/51] cpuidle,riscv: Push RCU-idle into driver Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 06/51] cpuidle,tegra: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 07/51] cpuidle,psci: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 08/51] cpuidle,imx6: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 09/51] cpuidle,omap3: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 10/51] cpuidle,armada: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 11/51] cpuidle,omap4: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 12/51] cpuidle,dt: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 13/51] cpuidle: Fix ct_idle_*() usage Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 14/51] cpuidle,cpu_pm: Remove RCU fiddling from cpu_pm_{enter,exit}() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 15/51] acpi_idle: Remove tracing Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 16/51] cpuidle: Annotate poll_idle() Peter Zijlstra
2023-01-20 9:56 ` Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 17/51] objtool/idle: Validate __cpuidle code as noinstr Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 18/51] cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again* Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 19/51] cpuidle,intel_idle: Fix CPUIDLE_FLAG_INIT_XSTATE Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 20/51] cpuidle,intel_idle: Fix CPUIDLE_FLAG_IBRS Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 21/51] arch/idle: Change arch_cpu_idle() IRQ behaviour Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 22/51] x86/tdx: Remove TDX_HCALL_ISSUE_STI Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 23/51] arm,smp: Remove trace_.*_rcuidle() usage Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 24/51] arm64,smp: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 25/51] printk: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 26/51] time/tick-broadcast: Remove RCU_NONIDLE usage Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 27/51] cpuidle,sched: Remove annotations from TIF_{POLLING_NRFLAG,NEED_RESCHED} Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 28/51] cpuidle,mwait: Make noinstr clean Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 29/51] cpuidle,tdx: Make tdx " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 30/51] cpuidle,xenpv: Make more PARAVIRT_XXL " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 31/51] cpuidle,nospec: Make " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 32/51] cpuidle,acpi: " Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 33/51] trace: Remove trace_hardirqs_{on,off}_caller() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 34/51] trace: WARN on rcuidle Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 35/51] trace,hardirq: No moar _rcuidle() tracing Peter Zijlstra
2023-01-17 4:24 ` Masami Hiramatsu
2023-01-17 8:53 ` Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 36/51] cpuidle,omap3: Use WFI for omap3_pm_idle() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 37/51] cpuidle,omap3: Push RCU-idle into omap_sram_idle() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 38/51] cpuidle,omap4: Push RCU-idle into omap4_enter_lowpower() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 39/51] arm,omap2: Use WFI for omap2_pm_idle() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 40/51] cpuidle,powerdomain: Remove trace_.*_rcuidle() Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 41/51] cpuidle,clk: " Peter Zijlstra
2023-01-12 20:28 ` Stephen Boyd
2023-01-12 19:43 ` [PATCH v3 42/51] ubsan: Fix objtool UACCESS warns Peter Zijlstra
2023-01-12 19:43 ` [PATCH v3 43/51] intel_idle: Add force_irq_on module param Peter Zijlstra
2023-01-12 19:43 ` Peter Zijlstra [this message]
2023-01-12 19:43 ` [PATCH v3 45/51] sched: Always inline __this_cpu_preempt_check() Peter Zijlstra
2023-01-12 19:44 ` [PATCH v3 46/51] arm64,riscv,perf: Remove RCU_NONIDLE() usage Peter Zijlstra
2023-01-12 19:44 ` [PATCH v3 47/51] cpuidle: Ensure ct_cpuidle_enter() is always called from noinstr/__cpuidle Peter Zijlstra
2023-01-12 19:44 ` [PATCH v3 48/51] cpuidle,arch: Mark all ct_cpuidle_enter() callers __cpuidle Peter Zijlstra
2023-01-12 19:44 ` [PATCH v3 49/51] cpuidle,arch: Mark all regular cpuidle_state::enter methods __cpuidle Peter Zijlstra
2023-01-12 19:44 ` [PATCH v3 50/51] cpuidle: Comments about noinstr/__cpuidle Peter Zijlstra
2023-01-12 19:44 ` [PATCH v3 51/51] context_tracking: Fix noinstr vs KASAN Peter Zijlstra
2023-01-13 18:06 ` [PATCH v3 00/51] cpuidle,rcu: Clean up the mess Paul E. McKenney
2023-01-16 16:59 ` Mark Rutland
2023-01-17 10:26 ` Peter Zijlstra
2023-01-17 12:39 ` Sudeep Holla
2023-01-17 13:16 ` Mark Rutland
2023-01-17 14:21 ` Sudeep Holla
2023-01-17 15:35 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230112195542.028523143@infradead.org \
--to=peterz@infradead.org \
--cc=agordeev@linux.ibm.com \
--cc=agross@kernel.org \
--cc=akpm@linu \
--cc=andreyknvl@gmail.com \
--cc=borntraeger@linux.ibm.com \
--cc=bsegall@google.com \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=dietmar.eggemann@arm.com \
--cc=geert@linux-m68k.org \
--cc=gregkh@linuxfoundation.org \
--cc=guoren@kernel.org \
--cc=jolsa@kernel.org \
--cc=juri.lelli@redhat.com \
--cc=linus.walleij@linaro.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-imx@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-omap@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-samsung-soc@vger.kernel.org \
--cc=linux-um@lists.infradead.org \
--cc=mattst88@gmail.com \
--cc=mturquette@baylibre.com \
--cc=npiggin@gmail.com \
--cc=nsekhar@ti.com \
--cc=pavel@ucw.cz \
--cc=pmladek@suse.com \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=s.hauer@pengutronix.de \
--cc=sammy@sammy.net \
--cc=senozhatsky@chromium.org \
--cc=srivatsa@csail.mit.edu \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=vgupta@kernel.org \
--cc=vincent.guittot@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).