lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220616164416.GA2130702@paulmck-ThinkPad-P17-Gen-1>
Date:   Thu, 16 Jun 2022 09:44:16 -0700
From:   "Paul E. McKenney" <paulmck@...nel.org>
To:     Marco Elver <elver@...gle.com>
Cc:     kernel test robot <lkp@...el.com>,
        Frederic Weisbecker <frederic@...nel.org>,
        kbuild-all@...ts.01.org,
        GNU/Weeb Mailing List <gwml@...r.gnuweeb.org>,
        linux-kernel@...r.kernel.org, dvyukov@...gle.com
Subject: Re: [ammarfaizi2-block:paulmck/linux-rcu/pmladek.2022.06.15a
 133/140] vmlinux.o: warning: objtool: __ct_user_exit+0x41: call to
 __kasan_check_read() leaves .noinstr.text section

On Thu, Jun 16, 2022 at 06:40:21AM -0700, Paul E. McKenney wrote:
> On Thu, Jun 16, 2022 at 10:19:18AM +0200, Marco Elver wrote:
> > On Wed, 15 Jun 2022 at 23:17, Paul E. McKenney <paulmck@...nel.org> wrote:
> > >
> > > On Wed, Jun 15, 2022 at 01:40:39PM -0700, Paul E. McKenney wrote:
> > > > On Thu, Jun 16, 2022 at 04:26:16AM +0800, kernel test robot wrote:
> > > > > tree:   https://github.com/ammarfaizi2/linux-block paulmck/linux-rcu/pmladek.2022.06.15a
> > > > > head:   0ba7324b44282870af740a5a121add62c7f5f730
> > > > > commit: db21b02f8044e812f8a5e3811f602409290e3ede [133/140] context_tracking: Convert state to atomic_t
> > > > > config: x86_64-randconfig-r003-20220516 (https://download.01.org/0day-ci/archive/20220616/202206160411.v3iL3YC0-lkp@intel.com/config)
> > > > > compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
> > > > > reproduce (this is a W=1 build):
> > > > >         # https://github.com/ammarfaizi2/linux-block/commit/db21b02f8044e812f8a5e3811f602409290e3ede
> > > > >         git remote add ammarfaizi2-block https://github.com/ammarfaizi2/linux-block
> > > > >         git fetch --no-tags ammarfaizi2-block paulmck/linux-rcu/pmladek.2022.06.15a
> > > > >         git checkout db21b02f8044e812f8a5e3811f602409290e3ede
> > > > >         # save the config file
> > > > >         mkdir build_dir && cp config build_dir/.config
> > > > >         make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash
> > > > >
> > > > > If you fix the issue, kindly add following tag where applicable
> > > > > Reported-by: kernel test robot <lkp@...el.com>
> > > > >
> > > > > All warnings (new ones prefixed by >>):
> > > > >
> > > > > >> vmlinux.o: warning: objtool: __ct_user_exit+0x41: call to __kasan_check_read() leaves .noinstr.text section
> > > > > >> vmlinux.o: warning: objtool: __ct_user_enter+0x7f: call to __kasan_check_read() leaves .noinstr.text section
> > > >
> > > > Marco, Dmitry, my guess is that this is due to the ct->active check in
> > > > both functions.  Are we supposed to do something to make this sort of
> > > > thing safe for KASAN?
> > >
> > > This time actually CCing Marco and Dmitry...
> > 
> > It's due to the atomic_read()s within the noinstr function. Within
> > noinstr you can use arch_atomic_read() to avoid the instrumentation.
> 
> Thank you, will fix!

And please see below for an alleged fix.

							Thanx, Paul

------------------------------------------------------------------------

commit 81e24ca26ee9933bcacf67a61e3f6ae41a025442
Author: Paul E. McKenney <paulmck@...nel.org>
Date:   Thu Jun 16 09:30:37 2022 -0700

    context_tracking: Use arch_atomic_read() in __ct_state for KASAN
    
    Context tracking's __ct_state() function can be invoked from noinstr state
    where RCU is not watching.  This means that its use of atomic_read()
    causes KASAN to invoke the non-noinstr __kasan_check_read() function
    from the noinstr function __ct_state().  This is problematic because
    someone tracing the __kasan_check_read() function could get a nasty
    surprise because of RCU not watching.
    
    This commit therefore replaces the __ct_state() function's use of
    atomic_read() with arch_atomic_read(), which KASAN does not attempt to
    add instrumention to.
    
    Signed-off-by: Paul E. McKenney <paulmck@...nel.org>
    Cc: Frederic Weisbecker <frederic@...nel.org>
    Cc: Marco Elver <elver@...gle.com>

diff --git a/include/linux/context_tracking_state.h b/include/linux/context_tracking_state.h
index 0aecc07fb4f50..81c51e5f03143 100644
--- a/include/linux/context_tracking_state.h
+++ b/include/linux/context_tracking_state.h
@@ -49,7 +49,7 @@ DECLARE_PER_CPU(struct context_tracking, context_tracking);
 
 static __always_inline int __ct_state(void)
 {
-	return atomic_read(this_cpu_ptr(&context_tracking.state)) & CT_STATE_MASK;
+	return arch_atomic_read(this_cpu_ptr(&context_tracking.state)) & CT_STATE_MASK;
 }
 #endif
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ