From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753915AbdCFQrE (ORCPT ); Mon, 6 Mar 2017 11:47:04 -0500 Received: from mail-he1eur01on0115.outbound.protection.outlook.com ([104.47.0.115]:56832 "EHLO EUR01-HE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932183AbdCFQqz (ORCPT ); Mon, 6 Mar 2017 11:46:55 -0500 Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=virtuozzo.com; Subject: Re: [PATCH] x86, kasan: add KASAN checks to atomic operations To: Dmitry Vyukov , Peter Zijlstra References: <20170306124254.77615-1-dvyukov@google.com> <20170306125851.GL6500@twins.programming.kicks-ass.net> <20170306130107.GK6536@twins.programming.kicks-ass.net> CC: Andrew Morton , Ingo Molnar , kasan-dev , "linux-mm@kvack.org" , LKML , "x86@kernel.org" , Mark Rutland From: Andrey Ryabinin Message-ID: Date: Mon, 6 Mar 2017 19:48:00 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: AM4PR0802CA0021.eurprd08.prod.outlook.com (10.172.214.31) To HE1PR0801MB2060.eurprd08.prod.outlook.com (10.168.95.136) X-MS-Office365-Filtering-Correlation-Id: 5c33877e-cb7a-4b28-5072-08d464b06460 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:HE1PR0801MB2060; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB2060;3:UM8SaCb88kOau/hYiZq5V2OrwMxunl5le0ZNR+hBTYyzl2GcB9KuXFAPAQoRasOhM3tnB7nbQmhVbdl+1CV/DhnuefbvSXJhS3eWXq6/KjDQ/a8tan0H+ac0dPyLLXOZTvVal/3LGGYHEIT3RLRp27ib2vFVig7hmfGvlXfkO7q9FiH7tL7AIe2pdgXYC5z36wbHKxFLBzILUWwsBjIbVFyt6WAljXExRVMisC+Kj+gtcKQOi1tyfVzJXmRTAD7+W8LrkOjpiSxTwcH+kipPKw==;25:Uf33eGWmmRdvuGbsnDlxU0q9blNXKvZkX/ugrcVTRQqkr1B7jWygAovt7ZWFncDKlS28ujtKhTmHNNEadLH7cAQmkQULDjUPo+UJc2XpqO8RT1haLQkshtfYnEMyBUZ7zSiBdCamuirNTp/OmJcJ99g0ftTqJ/xWQ+SudlLDAClLcYiBjgyxYtDLN8geNOb3A0z7JA6/dn4fM8drfLMmqrqCN15UqLvGgpjdnbE4P9uizh5JKlg5+6txhx9fm6OvI1tltXrMNT9WigSte5yG60NU3+5LnTnqkkRGpfTpgXv1Oy37UmxfOe8v7vrzW+pkcexV2Np1I0vVpxQxNRFxsMVSNO9Xv+uidlMCKJfRuujr+p75Jmp4sSd4ZMMcovmW96YKfZAiZlKNcHbeZs34UvxPFdRNWPrdlqzUyz3HO/H7dHcZqdMFBhNJ8DfeHDkN+BtTEx2GTsjgoZ9qitsNvQ== X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB2060;31:qEik9JqRpMGjkCZDRFg22n4n4p5x2GVA/AekyM89enyaWXJ1uLKxB5Vu3LNGRhDSbMlv2jVSqh9WLdr4PMdVTb5qM6IO2BtTLOijWbWi83zQlT6b/II5mN5r2SZYQA8MfE22XXE5Pnwt/mSFFGh2547e6F5EqBfIxsV7tQJhhNN1mlgibKtHrVS9wcHvW2766vkMAfMHP7RYDtbgVaS8Xc+pTk1q35ozMWIQcN3fSunvqeRSzJgSpTdTCJbidQst++j4rPd2zZlsgX8u71x4NNdfISMl7uYoY8f/kxstBtU=;20:vQ0sXrZ0/L+JcqC8BpuukKf6d7WbAxD2XrbMVrT3kq7dVAv6A5BsVpWDfNt589wPs9eh0JQ8UDMbc2x85hiss8gJYif5tNtF1oEdNzjjsvs+qie3AFIWgGoyeorrEW7n/8+fylRTjANkFTAfj72yhK/a6TrYlNb3GhMgnuzCLeNVMrP0xVnnYXOv+3Of5G8RCq/a9pS5y+lG5VHbw5tmc7MkQOFpPJj8Uq+IAqxZA0CNF9rhBXQj9f+i+8D2MJLh9ApczF/nOcnkSUrhTNDevVHo85IoJ6foDx3cQClZapDPIge+O6WkmBjU/f8R52B0o2otbUbxG1F8mK6z+TeENbe3l8O0LPE3uvviKaT7hJNuUCAH0HE9svtPQdkyUwX/oKB2y8XCmrBoV2CJx89P34Js51NEGEsaXlVjhHMKOCc= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(22074186197030)(183786458502308)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041248)(20161123558025)(20161123560025)(20161123564025)(20161123562025)(20161123555025)(6072148);SRVR:HE1PR0801MB2060;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0801MB2060; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB2060;4:2jzDtjjKMMxbNfDEA0a5yfdpYqkL424xQzPwMWOyjeSxKgY9VjOGgn7aNZ6LC7oV6i51seuYC8p+Me7rcvF7sjeRBDGv2q987xoH3tXfCtsxnUjWpjnXUnvziZknyex92YR8lkee3NbOne6ZLccYN39cPjrTjjymAy4IXfliHUw4b6AIiviVATA9BA0Y8K7amXZikZgSc9jmpE79yYjgtpVtxiKKWsNgDDNqlXNPcaS/9ZVzQJdZD1GLNe8rtlorJNcrAwsqiL9bYrEhzFHb2DdAMvDfUN1o7DW0yzaQ2ydza2XE7CquHlvmE0e0xVzjkmLPpU5IdxtpmDL/coSkGiQSYBrhmYGUb9uMJP4JC1KMSsrPeneyr2nCMCRQXlPWstq0h4oM9wTN2F/Pa7kvxffxXhlDdbGZtnSuGKgPN8oNbbeZLR+7/bRw/swj46rtqEa3ZBx3OFiIXP3AJ3Abj0qFfkMaKwWDO+N56jdrouF8pGXLLlx0q72B4BJy3+Rs47Jntm/XGr7OuIz8M62kAAmOb5tQiadkKNgCOj2IoCLoQOf2liBzaktzjXXNKw3w2p7tMKLlMWpb1LV83iDWspmeAZoOYFdKX7WBVVHA8A7W+VzlfcJxZhOy0PMcZYnhHsHPCoyAshBskqT9CAsVk2/r0kfI+Nl7f1HxpWH0S9xpHIYVwN/dD025oa0Xtgl9nE8IueIlqNOTO/ff6sJ9mTIDhS2aHtopMWDnm0/Rue0= X-Forefront-PRVS: 0238AEEDB0 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(7916002)(39410400002)(39830400002)(39450400003)(377454003)(24454002)(65806001)(92566002)(6116002)(31696002)(3846002)(77096006)(81166006)(86362001)(50986999)(4001350100001)(76176999)(54356999)(36756003)(6486002)(2950100002)(6666003)(53936002)(2906002)(33646002)(47776003)(53546006)(23676002)(64126003)(38730400002)(50466002)(83506001)(4326008)(31686004)(6246003)(25786008)(65956001)(66066001)(93886004)(42186005)(90366009)(305945005)(65826007)(5660300001)(8676002)(7736002)(189998001)(54906002)(230700001)(6306002);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0801MB2060;H:[172.16.25.12];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtIRTFQUjA4MDFNQjIwNjA7MjM6MXhHcW5KZ0RFNWZxQzgyMEJDRUQ3WEI5?= =?utf-8?B?RCtxMG9sYWorNzBJVUJuWHBEaGFtRWZDOFN0SjNBaUlRU2FsZk1QNUZTYTJL?= =?utf-8?B?anBUY3daQm9BNmUyOElNY2g0NDdFS1AxejNWcGd4QWJGM092VHRmVFJNVzIv?= =?utf-8?B?RlFVN3BNeWZVRjdYNzB0UVFleldJdVJVZ1pwWXczcUZ0Wkl0Vk12TExOTFRt?= =?utf-8?B?akNXaTFBMUxUNE4zeHp5UWtmU2Rrem5pdm1RUHE1Wit4R0lmdlhZWEduL3F3?= =?utf-8?B?MnNOQ2ZmUVRSblRUSzYzcGdHVElkdC9RMWI3c1NaMFUzcXp6NnBzb2xlRFEv?= =?utf-8?B?MmtKZExZbmFjUjR0Qkt4VCt0RS82Q0psOTFyaUVrS25VWlpEcmNNVTFwY3M3?= =?utf-8?B?K05UR2xNenpRL09kc3dTcVQ1Q0hFY1lsYXg3b2FVTU9EdS9iazVCK09pRG9h?= =?utf-8?B?cGFEN0xwYy91a1piYmlvNllvamZkTlJNVjQ5QlBsdmROTGxkUkRKTGVnZExQ?= =?utf-8?B?ZjJMTjZaTHhCY3BDbUFNcTd5OU9UdmdVaGtqUTJrT1o0S3pzV3R5S1B2bCtC?= =?utf-8?B?SFExYnl3NG9QaUNReUpUY2JsdnZ0cVhUZlRQa3d0Rm5nc2JyT2lETnRRQjFu?= =?utf-8?B?Y2FFYytjankyZWpJNHhXaFhYQkdmOEorcWswa0JvcG1DU0JtVk1uMk1wOGJW?= =?utf-8?B?TGQvdWJmS09MSFY5dXRWSmYrS214TUVCU0psNklUQkYwbHhGd2FEYTlEeWJx?= =?utf-8?B?UE9LdVkzbnU0N0RGU1RoaSt4eTlqYk5XTHE2RXZ6bmxPZnpUZUlxeFhLdnN3?= =?utf-8?B?WWZJY1NkNnZzOExaWG5WRWoyZDFRK1ZXNXVlbVpZSlJPZU0vcDBLemVNL1Z5?= =?utf-8?B?c0o2T2F6TE1oM3ExajkrQ0dkd3JtdnZDZ2hIYUFwNXhKdFVZSzJVYWFHVHdM?= =?utf-8?B?VndycnRxMWxUSnRZTjZCZ2xKaHBoZUZyWXpBb2dhLzZ1MHdJK3B1OVRUelpJ?= =?utf-8?B?ai92K0lic3JpNk9ERERtcURmMjN0YldnaGR2QTZOTVllOTJGN25OMVllVW9s?= =?utf-8?B?OWdpb2N1amtjM2dMU0NVcWQ4ZHpCUWhYc2NOaHMwbUNkeWFhK1h2OXd1aG90?= =?utf-8?B?M0VONEhGaThOTmozYmh5ajMvTVB0Q3RJMWlJN0FoVWV3T2haaU1PQUNubjZP?= =?utf-8?B?Ri9JL3RCUjhwWW5ZRFJNd2NIMmxObGplNXkyYWtRYVRFWFd1VEgxOGxLaVFV?= =?utf-8?B?MEJycjAzdG5meFlTU1hsTFVDYnhFUDhyWEJNc3k1aFl5SndCRVYzSlFNdzFD?= =?utf-8?B?U3I4cGxITE9ja0w4S3pzUWVJVVA5Zm1HdS9TY25QS2xUd2E1eWpPbHV5cFl1?= =?utf-8?B?UXV1bFI3Z3NSWGYrYmpjUFZpUjJTbGRhZUxDN2NGaUQ5VURxSjBVU3NLbEhY?= =?utf-8?B?ajJEdnUwRnN2R0craDVlbmQzdjdaQWJUQ09Teno1NzNpWlBrTm5qRU0va1Zp?= =?utf-8?B?UDR6UlVYS1I2N2RZQUkxU3l5cXJPb1B4emF6NFFVRFB5d2RPNjVHajFld1ly?= =?utf-8?B?QUJZTE9hMjZZUzhYR2VDM0prZy9ZWjFRbFVtT2tSNGY4OS9RMkRMdGJWU2hq?= =?utf-8?B?NmhxQk92N3FjTWU1TnI1YXd4ZEhrTFBJTnhRMjR5ZXFXZUtoLzJIZGNzMWNo?= =?utf-8?B?MzBYSkJNNENqSUNzS2RtUmFlb0FqK0NQWXM3OUZibkVXcUtxcTJhK3czUnVn?= =?utf-8?B?aFVML3lCQnJySGpSTVJNOFVnPT0=?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB2060;6:5w73FAFdDLkBykdGAoNUvJ1o9z7PMhym6cAaxl/35xN9udTigk7qRicPOb0d1oWvxkplikid5H0+E88RrtPvpepr8oakSPhAhyRrXRoZ+zHy6cWyzkS4h7eDBL/nn0s67I88biM0+C6b5B6j8oEX/2JGg2cVoDv03A6ME8ZIQ1FfgiO9DfXc9Gzt2J5NDaBYigiNMvOdkDyzafItMpEe6jKNCkOxST5AycbGMEMLHh3b1tl9oePkVO5m4mG/8L//jMBy66dtOrhG/mvArKrtm2K+1cpztPEI4muVA77BehsxRusteNGccBhMbllPikDMJcLOvPZwH/muiyRppzIvz0GZxFWCddA5AyrO4K6KLjadWdqIe6pq156UQqAlwrraMlA6qMUC2Nf7CwXti8Z05A==;5:RswCWkM/25lOXjw8KUPBpIhv17lMwhELpfvD7IPNiUDBYwbZ9dZEvUKrhH9JmrdlB8lHoZXiFIFfPBfZP3BHvM7nkrHNmm21LarKmNUwrCJ2F2BIfUvnwVa3LD6bdACMcnrksfjgmUXcLwBa9VNsSw==;24:msdEVzcmDcm4UlhZT1ikWkCU5Lzw6RrSa2doOlxhsx10hBsSpNGuvvppbDa1uZ7grSdnZMhxHu0Aowz/YWelHKDtOd4atofH5hY5QFhrzcU= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB2060;7:Zam4xSooKpsp9iZcLg6+zC2iF7hs6FvNsd+sl+FuE/oLAnlq2nk2bY12ImGs3BoFLVqhFTIwqQ8J5dF9unLv3b2+WKQuAX2py31I7rU8WVjDXLIrtuJ3Xaz3RI9/Ja/Pg2RVYJL01c0kyXQX2FCci1c+p8ybHVShrswUdBtAj5IJguueBqPGB2jRXpwR1dA1jw9qq5WTxfZhUk1G8s6NXmoxB5wm4dtSLtrkEyBtx85qMbt2l3Gj8GdtcrtAKRXs2b7khy0J9B4fNTmFXrwYH7/XEGhJ16IXC4NnGR/ETO30v6amBjBFWXKDlszgEwUnK4gfW9WYN/ZRwZRuhRF34w==;20:QjVeLai+O6SRUMHpOulRzTf+uQtgYc6IijsV28vDXDDuzYxw8otBsNhQiNRZZX9Of00v+banlvDTvvKlwVgpciP0qCNRzjYDfqeDjynEOrCZDDNXsHFTZawDtLg6arZx5ylpvkpEgQcuNtU4CZ7TLfS5Puo5J4pb1lX4B6cFjcs= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Mar 2017 16:46:51.9181 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB2060 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/06/2017 05:24 PM, Dmitry Vyukov wrote: > Let me provide more context and design alternatives. > > There are also other archs, at least arm64 for now. > There are also other tools. For KTSAN (race detector) we will > absolutely need to hook into atomic ops. For KMSAN (uses of unit > values) we also need to understand atomic ops at least to some degree. > Both of them will require different instrumentation. > For KASAN we are also more interested in cases where it's more likely > that an object is touched only by an asm, but not by normal memory > accesses (otherwise we would report the bug on the normal access, > which is fine, this makes atomic ops stand out in my opinion). > > We could involve compiler (and by compiler I mean clang, because we > are not going to touch gcc, any volunteers?). We've tried this with gcc about 3 years ago. Here is the patch - https://gcc.gnu.org/ml/gcc-patches/2014-05/msg02447.html The problem is that memory block in "m" constraint doesn't actually mean that inline asm will access it. It only means that asm block *may* access that memory (or part of it). This causes false positives. As I vaguely remember I hit some false-positive in FPU-related code. This problem gave birth to another idea - add a new constraint to strictly mark the memory access inside asm block. See https://gcc.gnu.org/ml/gcc/2014-09/msg00237.html But all ended with nothing. > However, it's unclear if it will be simpler or not. There will > definitely will be a problem with uaccess asm blocks. Currently KASAN > relies of the fact that it does not see uaccess accesses and the user > addresses are considered bad by KASAN. There can also be a problem > with offsets/sizes, it's not possible to figure out what exactly an > asm block touches, we can only assume that it directly dereferences > the passed pointer. However, for example, bitops touch the pointer > with offset. Looking at the current x86 impl, we should be able to > handle it because the offset is computed outside of asm blocks. But > it's unclear if we hit this problem in other places. > > I also see that arm64 bitops are implemented in .S files. And we won't > be able to instrument them in compiler. > There can also be other problems. Is it possible that some asm blocks > accept e.g. physical addresses? KASAN would consider them as bad. >