| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DF0JIYFQGFCP.9RDI8V58PFNH@google.com> Date: Wed, 17 Dec 2025 13:53:33 +0000 From: Brendan Jackman <jackmanb@...gle.com> To: Peter Zijlstra <peterz@...radead.org>, Brendan Jackman <jackmanb@...gle.com> Cc: Andrey Ryabinin <ryabinin.a.a@...il.com>, Alexander Potapenko <glider@...gle.com>, Andrey Konovalov <andreyknvl@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, Vincenzo Frascino <vincenzo.frascino@....com>, Marco Elver <elver@...gle.com>, Ard Biesheuvel <ardb@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <nick.desaulniers+lkml@...il.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, <kasan-dev@...glegroups.com>, <linux-kernel@...r.kernel.org>, <llvm@...ts.linux.dev> Subject: Re: [PATCH v3 1/3] kasan: mark !__SANITIZE_ADDRESS__ stubs __always_inline On Tue Dec 16, 2025 at 1:01 PM UTC, Peter Zijlstra wrote: > On Tue, Dec 16, 2025 at 10:16:34AM +0000, Brendan Jackman wrote: >> The x86 instrumented bitops in >> include/asm-generic/bitops/instrumented-non-atomic.h are >> KASAN-instrumented via explicit calls to instrument_* functions from >> include/linux/instrumented.h. >> >> This bitops are used from noinstr code in __sev_es_nmi_complete(). This >> code avoids noinstr violations by disabling __SANITIZE_ADDRESS__ etc for >> the compilation unit. > > Yeah, so don't do that? That's why we use raw_atomic_*() in things like > smp_text_poke_int3_handler(). Right, this was what Ard suggested in [0]: > For the short term, we could avoid this by using arch___set_bit() > directly in the SEV code that triggers this issue today. But for the > longer term, we should get write of those explicit calls to > instrumentation intrinsics, as this is fundamentally incompatible with > per-function overrides. But, I think the longer term solution is actually now coming from what Marco described in [1]. So in the meantime what's the cleanest fix? Going straight to the arch_* calls from SEV seems pretty yucky in its own right. Adding special un-instrumented wrappers in bitops.h seems overblown for a temporary workaround. Meanwhile, disabling __SANITIZE_ADDRESS__ is something the SEV code already relies on as a workaround, so if we can just make that workaround work for this case too, it seems like a reasonable way forward? Anyway, I don't feel too strongly about this, I'm only pushing back for the sake of hysteresis since I already flipflopped a couple of times on this fix. If Ard/Marco agree with just using the arch_ functions directly I'd be fine with that. And in the meantime, I guess patch 3/3 is OK? As it happens, that will already make the current error go away without needing the first 2 patches. So maybe we should just merge that and be done with it? There's probably a good chance no other issues will show up between now and whenever Marco's nice compiler support arrives. [0] https://lore.kernel.org/all/CAMj1kXHiA91hH80tHFCO9QjkkfzEGZ2GJgpHnuKrusKhOULMXA@mail.gmail.com/ [1] https://lore.kernel.org/all/CANpmjNNc9vRJbD2e5DPPR8SWNSYa=MqTzniARp4UWKBUEdhh_Q@mail.gmail.com/
Powered by blists - more mailing lists