From: Dmitry Vyukov <dvyukov@google.com>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Rasmus Villemoes <rasmus.villemoes@prevas.dk>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Kees Cook <keescook@chromium.org>, Eryu Guan <eguan@redhat.com>,
Alexander Potapenko <glider@google.com>,
Chris Metcalf <metcalf@alum.mit.edu>,
David Laight <David.Laight@aculab.com>,
stable <stable@vger.kernel.org>,
kasan-dev <kasan-dev@googlegroups.com>
Subject: Re: [PATCH] lib/strscpy: remove word-at-a-time optimization.
Date: Tue, 30 Jan 2018 10:12:14 +0100 [thread overview]
Message-ID: <CACT4Y+a0B=siu1Mk3dS1SdY8Qj240hhUYPcPNM+29aeqQ+PwxQ@mail.gmail.com> (raw)
In-Reply-To: <0c502342-a4c5-846e-8ca1-ea5cb68f382c@virtuozzo.com>
On Thu, Jan 25, 2018 at 8:13 PM, Andrey Ryabinin
<aryabinin@virtuozzo.com> wrote:
> On 01/25/2018 08:55 PM, Linus Torvalds wrote:
>> On Thu, Jan 25, 2018 at 12:32 AM, Dmitry Vyukov <dvyukov@google.com> wrote:
>>> On Wed, Jan 24, 2018 at 6:52 PM, Linus Torvalds
>>> <torvalds@linux-foundation.org> wrote:
>>>>
>>>> So I'd *much* rather have some way to tell KASAN that word-at-a-time
>>>> is going on. Because that approach definitely makes a difference in
>>>> other places.
>>>
>>> The other option was to use READ_ONCE_NOCHECK().
>>
>> How about just using the same accessor that we do for the dcache case.
>> That gives a reasonable example of the whole word-at-a-time model, and
>> should be good.
>>
>
> If we also instrument load_unaligned_zeropad() with kasan_check_read(addr, 1),
> than it should be fine. We don't want completely unchecked read of a source string.
>
> But I also would like to revert df4c0e36f1b1 ("fs: dcache: manually unpoison dname after allocation to shut up kasan's reports")
> So I was going to send something like the hunk bellow (split in several patches).
>
> Or we could just use instrumented load_unalingned_zeropad() everywhere, but it seems wrong
> to use it to load *cs only to shut up KASAN.
>
>
> ---
> fs/dcache.c | 2 +-
> include/linux/compiler.h | 11 +++++++++++
> lib/string.c | 2 +-
> 3 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/fs/dcache.c b/fs/dcache.c
> index 5c7df1df81ff..6aa7be55a96d 100644
> --- a/fs/dcache.c
> +++ b/fs/dcache.c
> @@ -195,7 +195,7 @@ static inline int dentry_string_cmp(const unsigned char *cs, const unsigned char
> unsigned long a,b,mask;
>
> for (;;) {
> - a = *(unsigned long *)cs;
> + a = READ_PARTIAL_CHECK(*(unsigned long *)cs);
> b = load_unaligned_zeropad(ct);
> if (tcount < sizeof(unsigned long))
> break;
> diff --git a/include/linux/compiler.h b/include/linux/compiler.h
> index 52e611ab9a6c..85b63c2e196e 100644
> --- a/include/linux/compiler.h
> +++ b/include/linux/compiler.h
> @@ -240,6 +240,7 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
> * required ordering.
> */
> #include <asm/barrier.h>
> +#include <linux/kasan-checks.h>
>
> #define __READ_ONCE(x, check) \
> ({ \
> @@ -259,6 +260,16 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
> */
> #define READ_ONCE_NOCHECK(x) __READ_ONCE(x, 0)
>
> +#ifdef CONFIG_KASAN
> +#define READ_PARTIAL_CHECK(x) \
> +({ \
> + kasan_check_read(&(x), 1); \
> + READ_ONCE_NOCHECK(x); \
> +})
> +#else
> +#define READ_PARTIAL_CHECK(x) (x)
> +#endif
> +
> #define WRITE_ONCE(x, val) \
> ({ \
> union { typeof(x) __val; char __c[1]; } __u = \
> diff --git a/lib/string.c b/lib/string.c
> index 64a9e33f1daa..2396856e4c56 100644
> --- a/lib/string.c
> +++ b/lib/string.c
> @@ -203,7 +203,7 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
> while (max >= sizeof(unsigned long)) {
> unsigned long c, data;
>
> - c = *(unsigned long *)(src+res);
> + c = READ_PARTIAL_CHECK(*(unsigned long *)(src+res));
> if (has_zero(c, &data, &constants)) {
> data = prep_zero_mask(c, data, &constants);
> data = create_zero_mask(data);
Looks good to me a general way to support word-at-a-time pattern.
This will also get rid of this in fs/dcache.c:
if (IS_ENABLED(CONFIG_DCACHE_WORD_ACCESS))
kasan_unpoison_shadow(dname,
round_up(name->len + 1, sizeof(unsigned long)));
next prev parent reply other threads:[~2018-01-30 9:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-09 16:37 [PATCH] lib/strscpy: remove word-at-a-time optimization Andrey Ryabinin
2018-01-09 16:47 ` Andrey Ryabinin
2018-01-24 8:54 ` Rasmus Villemoes
2018-01-24 17:52 ` Linus Torvalds
2018-01-25 8:32 ` Dmitry Vyukov
2018-01-25 8:42 ` David Laight
2018-01-25 9:08 ` Dmitry Vyukov
2018-01-25 17:55 ` Linus Torvalds
2018-01-25 19:13 ` Andrey Ryabinin
2018-01-30 9:12 ` Dmitry Vyukov [this message]
2018-01-24 8:47 ` Rasmus Villemoes
2018-01-24 15:53 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACT4Y+a0B=siu1Mk3dS1SdY8Qj240hhUYPcPNM+29aeqQ+PwxQ@mail.gmail.com' \
--to=dvyukov@google.com \
--cc=David.Laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=eguan@redhat.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=metcalf@alum.mit.edu \
--cc=rasmus.villemoes@prevas.dk \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).