[PATCH v3 34/34] kmsan: Enable on s390

Now that everything else is in place, enable KMSAN in Kconfig. Signed-off-by: Ilya Leoshkevich --- arch/s390/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 3bec98d20283..160ad2220c53 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig

[PATCH v3 20/34] s390: Use a larger stack for KMSAN

Adjust the stack size for the KMSAN-enabled kernel like it was done for the KASAN-enabled one in commit 7fef92ccadd7 ("s390/kasan: double the stack size"). Both tools have similar requirements. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya L

[PATCH v3 05/34] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Skip the comparison when this is the case. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff

[PATCH v3 21/34] s390/boot: Add the KMSAN runtime stub

is that it does not disturb the existing KMSAN build logic and call sites don't need to be changed. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 1 + arch/s390/boot/kmsan.c | 6 ++ 2 files changed, 7 insertions(+) create mode 100644 arch/s390/boot

[PATCH v3 28/34] s390/mm: Define KMSAN metadata for vmalloc and modules

, and then take 2/3 of vmalloc for the vmalloc shadow and origins. This ensures that users passing small vmalloc= values on the command line do not cause module metadata collisions. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/startup.c| 8

[PATCH v3 13/34] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata()

Improve the readability by replacing the custom aligning logic with ALIGN_DOWN(). Unlike other places where a similar sequence is used, there is no size parameter that needs to be adjusted, so the standard macro fits. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm

[PATCH v3 31/34] s390/uaccess: Add KMSAN support to put_user() and get_user()

ll. Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 111 +++- 1 file changed, 79 insertions(+), 32 deletions(-) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h index 81ae8a98e7ec..c3c26dd1fc04 10

[PATCH v3 33/34] s390: Implement the architecture-specific kmsan functions

arch_kmsan_get_meta_or_null() finds the lowcore shadow by querying the prefix and calling kmsan_get_metadata() again. kmsan_virt_addr_valid() delegates to virt_addr_valid(). Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/kmsan.h | 43 +++ 1 file

[PATCH v3 27/34] s390/irqflags: Do not instrument arch_local_irq_*() with KMSAN

iving lockdep a chance to see and complain about this discrepancy. KMSAN instrumentation is inserted in order to poison the __mask variable. Disable instrumentation in the respective functions. They are very small and it's easy to see that no important metadata updates are lost because of this.

[PATCH v3 32/34] s390/unwind: Disable KMSAN checks

The unwind code can read uninitialized frames. Furthermore, even in the good case, KMSAN does not emit shadow for backchains. Therefore disable it for the unwinding functions. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/unwind_bc.c | 4 1 file

[PATCH v3 12/34] kmsan: Support SLAB_POISON

after memset() calls. The downside is that init_object() is called from free_debug_processing(), in which case poisoning will erase the distinction between simply uninitialized memory and UAF. Signed-off-by: Ilya Leoshkevich --- mm/kmsan/hooks.c | 2 +- mm/slub.c| 13 + 2

[PATCH v3 30/34] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs

This is normally done by the generic entry code, but the kernel_stack_overflow() flow bypasses it. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/traps.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/s390/kernel/traps.c b/arch/s390/kernel

[PATCH v3 24/34] s390/cpumf: Unpoison STCCTM output buffer

stcctm() uses the "Q" constraint for dest, therefore KMSAN does not understand that it fills multiple doublewords pointed to by dest, not just one. This results in false positives. Unpoison the whole dest manually with kmsan_unpoison_memory(). Reported-by: Alexander Gordeev Signed-of

[PATCH v3 10/34] kmsan: Export panic_on_kmsan

When building the kmsan test as a module, modpost fails with the following error message: ERROR: modpost: "panic_on_kmsan" [mm/kmsan/kmsan_test.ko] undefined! Export panic_on_kmsan in order to improve the KMSAN usability for modules. Reviewed-by: Alexander Potapenko Signed-of

[PATCH v3 29/34] s390/string: Add KMSAN support

, but in the meantime resolve the issues by introducing the IN_BOOT_STRING_C macro, similar to the existing IN_ARCH_STRING_C macro. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/string.c| 16 arch/s390/include/asm/string.h | 20

[PATCH v3 09/34] kmsan: Expose kmsan_get_metadata()

address 0, one needs to resolve metadata for lowcore_ptr[raw_smp_processor_id()]. Expose kmsan_get_metadata() to make it possible to do this from the arch code. Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 9 + mm/kmsan/instrumentation.c | 1 + mm/kmsan/kmsan.h

[PATCH v3 26/34] s390/ftrace: Unpoison ftrace_regs in kprobe_ftrace_handler()

unpoisoning ftrace_regs in kprobe_ftrace_handler(). Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/ftrace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c index c46381ea04ec..3cc5e6d011a9 100644

[PATCH v3 08/34] kmsan: Remove an x86-specific #include from kmsan.h

o Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/kmsan.h | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/kmsan.h b/mm/kmsan/kmsan.h index a14744205435..adf443bcffe8 100644 --- a/mm/kmsan/kmsan.h +++ b/mm/kmsan/kmsan.h

[PATCH v3 25/34] s390/diag: Unpoison diag224() output buffer

Diagnose 224 stores 4k bytes, which cannot be deduced from the inline assembly constraints. This leads to KMSAN false positives. Unpoison the output buffer manually with kmsan_unpoison_memory(). Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/diag.c | 2 ++ 1 file changed, 2 insertions

[PATCH v3 23/34] s390/cpacf: Unpoison the results of cpacf_trng()

Prevent KMSAN from complaining about buffers filled by cpacf_trng() being uninitialized. Tested-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/cpacf.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/s390/include/asm

[PATCH v3 02/34] kmsan: Make the tests compatible with kmsan.panic=1

It's useful to have both tests and kmsan.panic=1 during development, but right now the warnings, that the tests cause, lead to kernel panics. Temporarily set kmsan.panic=0 for the duration of the KMSAN testing. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan

[PATCH v3 22/34] s390/checksum: Add a KMSAN check

Add a KMSAN check to the CKSM inline assembly, similar to how it was done for ASAN in commit e42ac7789df6 ("s390/checksum: always use cksm instruction"). Acked-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/checksum.h

[PATCH v3 18/34] kmsan: Accept ranges starting with 0 on s390

Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index ffedf4dbc49d..7a3df4d359f8 100644 --- a/mm/kmsan/init.c +++ b/mm/kmsan/init.c @@ -33,7 +33,10 @@ static void __init

[PATCH v3 19/34] s390: Turn off KMSAN for boot, vdso and purgatory

All other sanitizers are disabled for these components as well. While at it, add a comment to boot and purgatory. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 2 ++ arch/s390/kernel/vdso32/Makefile | 3

[PATCH v3 17/34] lib/zlib: Unpoison DFLTCC output buffers

://github.com/zlib-ng/zlib-ng/commit/1f5ddcc009ac3511e99fc88736a9e1a6381168c5 Reported-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- lib/zlib_dfltcc/dfltcc.h | 1 + lib/zlib_dfltcc/dfltcc_util.h | 24 2 files changed, 25 insertions(+) diff --git a/lib

[PATCH v3 11/34] kmsan: Allow disabling KMSAN checks for the current task

the allow_reporting field for this. Signed-off-by: Ilya Leoshkevich --- Documentation/dev-tools/kmsan.rst | 4 ++-- include/linux/kmsan.h | 24 include/linux/kmsan_types.h | 2 +- mm/kmsan/core.c | 1 - mm/kmsan/hooks.c

[PATCH v3 16/34] mm: kfence: Disable KMSAN when checking the canary

to ever touch it. Instead, disable KMSAN checks around canary read accesses. Reviewed-by: Alexander Potapenko Tested-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kfence/core.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/mm/kfence/core.c b/mm

[PATCH v3 07/34] kmsan: Remove a useless assignment from kmsan_vmap_pages_range_noflush()

Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/shadow.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/kmsan/shadow.c b/mm/kmsan/shadow.c index b9d05aff313e..2d57408c78ae 100644 --- a/mm/kmsan/shadow.c +++ b/mm/kmsan/shadow.c @@ -243,7 +243,6 @@ int kmsan_vmap_pages_range_noflush(uns

[PATCH v3 15/34] mm: slub: Unpoison the memchr_inv() return value

counterintuitively, the shadow value computed by visitSelectInst() is equal to `(uintptr_t)start`. The intention behind guarding memchr_inv() behind metadata_access_enable() is to touch poisoned metadata without triggering KMSAN, so unpoison its return value. Signed-off-by: Ilya Leoshkevich --- mm

[PATCH v3 14/34] mm: slub: Let KMSAN access metadata

Building the kernel with CONFIG_SLUB_DEBUG and CONFIG_KMSAN causes KMSAN to complain about touching redzones in kfree(). Fix by extending the existing KASAN-related metadata_access_enable() and metadata_access_disable() functions to KMSAN. Acked-by: Vlastimil Babka Signed-off-by: Ilya

[PATCH v3 06/34] kmsan: Fix kmsan_copy_to_user() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Assume that we are handling user memory access in this case. Reported-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/hooks.c | 3 ++- 1 file changed, 2

[PATCH v3 04/34] kmsan: Increase the maximum store size to 4096

The inline assembly block in s390's chsc() stores that much. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/instrumentation.c b/mm/kmsan/instrumentation.c index

[PATCH v3 00/34] kmsan: Enable on s390

t s390 defconfig and debug_defconfig with kmsan.panic=1. The tool found one real s390-specific bug (fixed in master). Best regards, Ilya [1] https://reviews.llvm.org/D148596 Ilya Leoshkevich (34): ftrace: Unpoison ftrace_regs in ftrace_ops_list_func() kmsan: Make the tests compatible with kmsan.p

[PATCH v3 01/34] ftrace: Unpoison ftrace_regs in ftrace_ops_list_func()

assembly code and always unpoisoning ftrace_regs in ftrace_ops_list_func. Acked-by: Steven Rostedt (Google) Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- kernel/trace/ftrace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c

[PATCH v3 03/34] kmsan: Disable KMSAN when DEFERRED_STRUCT_PAGE_INIT is enabled

(), it is considered an error. DEFERRED_STRUCT_PAGE_INIT causes this, so mark it as incompatible with KMSAN. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/Kconfig b/mm/Kconfig index 57cd378c73d6..712bcf5f1d20 100644

Re: [PATCH v2 12/33] kmsan: Allow disabling KMSAN checks for the current task

On Mon, 2023-12-11 at 12:50 +0100, Alexander Potapenko wrote: > On Tue, Nov 21, 2023 at 11:06 PM Ilya Leoshkevich > wrote: > > > > Like for KASAN, it's useful to temporarily disable KMSAN checks > > around, > > e.g., redzone accesses. I

Re: [PATCH v2 13/33] kmsan: Introduce memset_no_sanitize_memory()

On Wed, 2023-12-13 at 02:31 +0100, Ilya Leoshkevich wrote: > On Fri, 2023-12-08 at 16:25 +0100, Alexander Potapenko wrote: > > > A problem with __memset() is that, at least for me, it always > > > ends > > > up being a call. There is a use case where we need to write

Re: [PATCH v2 13/33] kmsan: Introduce memset_no_sanitize_memory()

On Fri, 2023-12-08 at 16:25 +0100, Alexander Potapenko wrote: > > A problem with __memset() is that, at least for me, it always ends > > up being a call. There is a use case where we need to write only 1 > > byte, so I thought that introducing a call there (when compiling > > without KMSAN) would

Re: [PATCH v2 18/33] lib/string: Add KMSAN support to strlcpy() and strlcat()

On Fri, 2023-12-08 at 17:50 +0100, Alexander Potapenko wrote: > On Tue, Nov 21, 2023 at 11:02 PM Ilya Leoshkevich > wrote: > > > > Currently KMSAN does not fully propagate metadata in strlcpy() and > > strlcat(), because they are built with -ffreestan

Re: [PATCH v2 01/33] ftrace: Unpoison ftrace_regs in ftrace_ops_list_func()

On Fri, 2023-12-08 at 09:31 -0500, Steven Rostedt wrote: > On Fri, 8 Dec 2023 15:16:10 +0100 > Alexander Potapenko wrote: > > > On Tue, Nov 21, 2023 at 11:02 PM Ilya Leoshkevich > > wrote: > > > > > > Architectures use assembly code t

Re: [PATCH v2 32/33] s390: Implement the architecture-specific kmsan functions

On Mon, 2023-12-11 at 11:26 +0100, Alexander Potapenko wrote: > > +static inline void *arch_kmsan_get_meta_or_null(void *addr, bool > > is_origin) > > +{ > > +   if (addr >= (void *)_lowcore && > > +   addr < (void *)(_lowcore + 1)) { > > +   /* > > +    *

Re: [PATCH v2 19/33] lib/zlib: Unpoison DFLTCC output buffers

On Fri, 2023-12-08 at 14:32 +0100, Alexander Potapenko wrote: > On Tue, Nov 21, 2023 at 11:07 PM Ilya Leoshkevich > wrote: > > > > The constraints of the DFLTCC inline assembly are not precise: they > > do not communicate the size of the output buffers to the compil

Re: [PATCH v2 13/33] kmsan: Introduce memset_no_sanitize_memory()

On Fri, 2023-12-08 at 14:48 +0100, Alexander Potapenko wrote: > On Tue, Nov 21, 2023 at 11:06 PM Ilya Leoshkevich > wrote: > > > > Add a wrapper for memset() that prevents unpoisoning. > > We have __memset() already, won't it work for this case? A problem with __me

Re: [PATCH v2 33/33] kmsan: Enable on s390

On Wed, 2023-11-29 at 10:19 +0100, Alexander Potapenko wrote: > Hi Ilya, > > Sorry for this taking so long, I'll probably take a closer look next > week. > Overall, the s390 part looks good to me, but I wanted to check the > x86 > behavior once again (and perhaps figure out how to avoid

[PATCH v2 21/33] s390: Turn off KMSAN for boot, vdso and purgatory

All other sanitizers are disabled for these components as well. While at it, add a comment to boot and purgatory. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 2 ++ arch/s390/kernel/vdso32/Makefile | 3

[PATCH v2 27/33] s390/mm: Define KMSAN metadata for vmalloc and modules

, and then take 2/3 of vmalloc for the vmalloc shadow and origins. This ensures that users passing small vmalloc= values on the command line do not cause module metadata collisions. Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/startup.c| 8 arch/s390/include/asm/pgtable.h

[PATCH v2 19/33] lib/zlib: Unpoison DFLTCC output buffers

://github.com/zlib-ng/zlib-ng/commit/1f5ddcc009ac3511e99fc88736a9e1a6381168c5 Reported-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- lib/zlib_dfltcc/dfltcc.h | 1 + lib/zlib_dfltcc/dfltcc_util.h | 23 +++ 2 files changed, 24 insertions(+) diff --git a/lib

[PATCH v2 09/33] kmsan: Introduce kmsan_memmove_metadata()

It is useful to manually copy metadata in order to describe the effects of memmove()-like logic in uninstrumented code or inline asm. Introduce kmsan_memmove_metadata() for this purpose. Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan-checks.h | 14 ++ mm/kmsan/hooks.c

[PATCH v2 04/33] kmsan: Increase the maximum store size to 4096

The inline assembly block in s390's chsc() stores that much. Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/instrumentation.c b/mm/kmsan/instrumentation.c index cc3907a9c33a..470b0b4afcc4 100644

[PATCH v2 12/33] kmsan: Allow disabling KMSAN checks for the current task

behavior. Repurpose the allow_reporting field for this. Signed-off-by: Ilya Leoshkevich --- Documentation/dev-tools/kmsan.rst | 4 ++-- include/linux/kmsan-checks.h | 12 include/linux/kmsan_types.h | 2 +- mm/kmsan/core.c | 2 +- mm/kmsan/hooks.c

[PATCH v2 06/33] kmsan: Fix kmsan_copy_to_user() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Assume that we are handling user memory access in this case. Reported-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/hooks.c | 3 ++- 1 file changed, 2

[PATCH v2 13/33] kmsan: Introduce memset_no_sanitize_memory()

Add a wrapper for memset() that prevents unpoisoning. This is useful for filling memory allocator redzones. Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 9 + 1 file changed, 9 insertions(+) diff --git a/include/linux/kmsan.h b/include/linux/kmsan.h index ff8fd95733fa

[PATCH v2 30/33] s390/uaccess: Add KMSAN support to put_user() and get_user()

ll. Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 110 ++-- 1 file changed, 78 insertions(+), 32 deletions(-) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h index 81ae8a98e7ec..b0715b88b55a 10

[PATCH v2 29/33] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs

This is normally done by the generic entry code, but the kernel_stack_overflow() flow bypasses it. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/traps.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/s390/kernel/traps.c b/arch/s390/kernel

[PATCH v2 32/33] s390: Implement the architecture-specific kmsan functions

arch_kmsan_get_meta_or_null() finds the lowcore shadow by querying the prefix and calling kmsan_get_metadata() again. kmsan_virt_addr_valid() delegates to virt_addr_valid(). Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/kmsan.h | 36 +++ 1 file

[PATCH v2 33/33] kmsan: Enable on s390

Now that everything else is in place, enable KMSAN in Kconfig. Signed-off-by: Ilya Leoshkevich --- arch/s390/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 3bec98d20283..160ad2220c53 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig

[PATCH v2 31/33] s390/unwind: Disable KMSAN checks

The unwind code can read uninitialized frames. Furthermore, even in the good case, KMSAN does not emit shadow for backchains. Therefore disable it for the unwinding functions. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/unwind_bc.c | 4 1 file

[PATCH v2 25/33] s390/cpacf: Unpoison the results of cpacf_trng()

Prevent KMSAN from complaining about buffers filled by cpacf_trng() being uninitialized. Tested-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/cpacf.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/include/asm/cpacf.h b/arch/s390/include/asm

[PATCH v2 26/33] s390/ftrace: Unpoison ftrace_regs in kprobe_ftrace_handler()

unpoisoning ftrace_regs in kprobe_ftrace_handler(). Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/ftrace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c index c46381ea04ec..3bad34eaa51e 100644 --- a/arch/s390/kernel/ftrace.c +++ b/arch

[PATCH v2 28/33] s390/string: Add KMSAN support

, but in the meantime resolve the issues by introducing the IN_BOOT_STRING_C macro, similar to the existing IN_ARCH_STRING_C macro. Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/string.c| 16 arch/s390/include/asm/string.h | 20 +++- 2 files changed, 31

[PATCH v2 23/33] s390/boot: Add the KMSAN runtime stub

is that it does not disturb the existing KMSAN build logic and call sites don't need to be changed. Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 1 + arch/s390/boot/kmsan.c | 6 ++ 2 files changed, 7 insertions(+) create mode 100644 arch/s390/boot/kmsan.c diff --git a/arch/s390/boot

[PATCH v2 24/33] s390/checksum: Add a KMSAN check

Add a KMSAN check to the CKSM inline assembly, similar to how it was done for ASAN in commit e42ac7789df6 ("s390/checksum: always use cksm instruction"). Acked-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/checksum.h | 2 ++ 1 file changed, 2

[PATCH v2 22/33] s390: Use a larger stack for KMSAN

Adjust the stack size for the KMSAN-enabled kernel like it was done for the KASAN-enabled one in commit 7fef92ccadd7 ("s390/kasan: double the stack size"). Both tools have similar requirements. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya L

[PATCH v2 00/33] kmsan: Enable on s390

und one real s390-specific bug (fixed in master). Best regards, Ilya [1] https://reviews.llvm.org/D148596 Ilya Leoshkevich (33): ftrace: Unpoison ftrace_regs in ftrace_ops_list_func() kmsan: Make the tests compatible with kmsan.panic=1 kmsan: Disable KMSAN when DEFERRED_STRUCT_PAGE_I

[PATCH v2 03/33] kmsan: Disable KMSAN when DEFERRED_STRUCT_PAGE_INIT is enabled

(), it is considered an error. DEFERRED_STRUCT_PAGE_INIT causes this, so mark it as incompatible with KMSAN. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/Kconfig b/mm/Kconfig index 89971a894b60..4f2f99339fc7 100644

[PATCH v2 17/33] mm: kfence: Disable KMSAN when checking the canary

to ever touch it. Instead, disable KMSAN checks around canary read accesses. Signed-off-by: Ilya Leoshkevich --- mm/kfence/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 3872528d0963..a2ea8e5a1ad9 100644 --- a/mm/kfence/core.c

[PATCH v2 20/33] kmsan: Accept ranges starting with 0 on s390

Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index ffedf4dbc49d..7a3df4d359f8 100644 --- a/mm/kmsan/init.c +++ b/mm/kmsan/init.c @@ -33,7 +33,10 @@ static void __init

[PATCH v2 05/33] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Skip the comparison when this is the case. Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mm/kmsan/instrumentation.c b

[PATCH v2 16/33] mm: slub: Let KMSAN access metadata

Building the kernel with CONFIG_SLUB_DEBUG and CONFIG_KMSAN causes KMSAN to complain about touching redzones in kfree(). Fix by extending the existing KASAN-related metadata_access_enable() and metadata_access_disable() functions to KMSAN. Signed-off-by: Ilya Leoshkevich --- mm/slub.c | 2

[PATCH v2 15/33] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata()

Improve the readability by replacing the custom aligning logic with ALIGN_DOWN(). Unlike other places where a similar sequence is used, there is no size parameter that needs to be adjusted, so the standard macro fits. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm

[PATCH v2 14/33] kmsan: Support SLAB_POISON

in the future. Second, kmsan_poison_memory() calls may be added after memset() calls. The downside is that init_object() is called from free_debug_processing(), in which case poisoning will erase the distinction between simply uninitialized memory and UAF. Signed-off-by: Ilya Leoshkevich --- mm

[PATCH v2 02/33] kmsan: Make the tests compatible with kmsan.panic=1

It's useful to have both tests and kmsan.panic=1 during development, but right now the warnings, that the tests cause, lead to kernel panics. Temporarily set kmsan.panic=0 for the duration of the KMSAN testing. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan

[PATCH v2 18/33] lib/string: Add KMSAN support to strlcpy() and strlcat()

with different flags in the future. Signed-off-by: Ilya Leoshkevich --- lib/string.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lib/string.c b/lib/string.c index be26623953d2..e83c6dd77ec6 100644 --- a/lib/string.c +++ b/lib/string.c @@ -111,6 +111,9 @@ size_t strlcpy(char *dest

[PATCH v2 11/33] kmsan: Export panic_on_kmsan

When building the kmsan test as a module, modpost fails with the following error message: ERROR: modpost: "panic_on_kmsan" [mm/kmsan/kmsan_test.ko] undefined! Export panic_on_kmsan in order to improve the KMSAN usability for modules. Reviewed-by: Alexander Potapenko Signed-of

[PATCH v2 07/33] kmsan: Remove a useless assignment from kmsan_vmap_pages_range_noflush()

Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/shadow.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/kmsan/shadow.c b/mm/kmsan/shadow.c index b9d05aff313e..2d57408c78ae 100644 --- a/mm/kmsan/shadow.c +++ b/mm/kmsan/shadow.c @@ -243,7 +243,6 @@ int kmsan_vmap_pages_range_noflush(uns

[PATCH v2 10/33] kmsan: Expose kmsan_get_metadata()

address 0, one needs to resolve metadata for lowcore_ptr[raw_smp_processor_id()]. Expose kmsan_get_metadata() to make it possible to do this from the arch code. Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 14 ++ mm/kmsan/instrumentation.c | 1 + mm/kmsan/kmsan.h

[PATCH v2 08/33] kmsan: Remove an x86-specific #include from kmsan.h

o Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/kmsan.h | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/kmsan.h b/mm/kmsan/kmsan.h index a14744205435..adf443bcffe8 100644 --- a/mm/kmsan/kmsan.h +++ b/mm/kmsan/kmsan.h

[PATCH v2 01/33] ftrace: Unpoison ftrace_regs in ftrace_ops_list_func()

assembly code and always unpoisoning ftrace_regs in ftrace_ops_list_func. Signed-off-by: Ilya Leoshkevich --- kernel/trace/ftrace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 8de8bec5f366..dfb8b26966aa 100644 --- a/kernel/trace/ftrace.c

Re: [PATCH 13/32] kmsan: Support SLAB_POISON

On Thu, 2023-11-16 at 15:55 +0100, Alexander Potapenko wrote: > On Wed, Nov 15, 2023 at 9:34 PM Ilya Leoshkevich > wrote: > > > > Avoid false KMSAN negatives with SLUB_DEBUG by allowing > > kmsan_slab_free() to poison the freed memory, and by preventing > > init

Re: [PATCH 00/32] kmsan: Enable on s390

On Thu, 2023-11-16 at 09:42 +0100, Alexander Potapenko wrote: > On Wed, Nov 15, 2023 at 9:34 PM Ilya Leoshkevich > wrote: > > > > Hi, > > > > This series provides the minimal support for Kernel Memory > > Sanitizer on > > s390. Kernel Memo

Re: [PATCH 12/32] kmsan: Allow disabling KMSAN checks for the current task

On Thu, 2023-11-16 at 09:56 +0100, Alexander Potapenko wrote: > On Wed, Nov 15, 2023 at 9:34 PM Ilya Leoshkevich > wrote: > > > > Like for KASAN, it's useful to temporarily disable KMSAN checks > > around, > > e.g., redzone accesses. > > This example is in

[PATCH 31/32] s390: Implement the architecture-specific kmsan functions

arch_kmsan_get_meta_or_null() finds the lowcore shadow by querying the prefix and calling kmsan_get_metadata() again. kmsan_virt_addr_valid() delegates to virt_addr_valid(). Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/kmsan.h | 36 +++ 1 file

[PATCH 28/32] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs

This is normally done by the generic entry code, but the kernel_stack_overflow() flow bypasses it. Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/traps.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/kernel/traps.c b/arch/s390/kernel/traps.c index 1d2aa448d103

[PATCH 20/32] s390: Turn off KMSAN for boot, vdso and purgatory

All other sanitizers are disabled for these components as well. Reviewed-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 1 + arch/s390/kernel/vdso32/Makefile | 1 + arch/s390/kernel/vdso64/Makefile | 1 + arch/s390/purgatory/Makefile | 1 + 4

[PATCH 24/32] s390/cpacf: Unpoison the results of cpacf_trng()

Prevent KMSAN from complaining about buffers filled by cpacf_trng() being uninitialized. Tested-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/cpacf.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/include/asm/cpacf.h b/arch/s390/include/asm

[PATCH 29/32] s390/uaccess: Add KMSAN support to put_user() and get_user()

ll. Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 110 ++-- 1 file changed, 78 insertions(+), 32 deletions(-) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h index 81ae8a98e7ec..b0715b88b55a 10

[PATCH 27/32] s390/string: Add KMSAN support

Add KMSAN support for the s390 implementations of the string functions. Do this similar to how it's already done for KASAN, except that the optimized memset{16,32,64}() functions need to be disabled: it's important for KMSAN to know that they initialized something. Signed-off-by: Ilya Leoshkevich

[PATCH 32/32] kmsan: Enable on s390

Now that everything else is in place, enable KMSAN in Kconfig. Signed-off-by: Ilya Leoshkevich --- arch/s390/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 3bec98d20283..160ad2220c53 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig

[PATCH 25/32] s390/ftrace: Unpoison ftrace_regs in kprobe_ftrace_handler()

unpoisoning ftrace_regs in kprobe_ftrace_handler(). Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/ftrace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c index c46381ea04ec..3bad34eaa51e 100644 --- a/arch/s390/kernel/ftrace.c +++ b/arch

[PATCH 30/32] s390/unwind: Disable KMSAN checks

The unwind code can read uninitialized frames. Furthermore, even in the good case, KMSAN does not emit shadow for backchains. Therefore disable it for the unwinding functions. Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/unwind_bc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git

[PATCH 26/32] s390/mm: Define KMSAN metadata for vmalloc and modules

, and then take 2/3 of vmalloc for the vmalloc shadow and origins. This ensures that users passing small vmalloc= values on the command line do not cause module metadata collisions. Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/startup.c| 8 arch/s390/include/asm/pgtable.h

[PATCH 23/32] s390/checksum: Add a KMSAN check

Add a KMSAN check to the CKSM inline assembly, similar to how it was done for ASAN in commit e42ac7789df6 ("s390/checksum: always use cksm instruction"). Acked-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/checksum.h | 2 ++ 1 file changed, 2

[PATCH 22/32] s390/boot: Add the KMSAN runtime stub

is that it does not disturb the existing KMSAN build logic and call sites don't need to be changed. Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 1 + arch/s390/boot/kmsan.c | 6 ++ 2 files changed, 7 insertions(+) create mode 100644 arch/s390/boot/kmsan.c diff --git a/arch/s390/boot

[PATCH 21/32] s390: Use a larger stack for KMSAN

Adjust the stack size for the KMSAN-enabled kernel like it was done for the KASAN-enabled one in commit 7fef92ccadd7 ("s390/kasan: double the stack size"). Both tools have similar requirements. Reviewed-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- arch/s39

[PATCH 18/32] lib/zlib: Unpoison DFLTCC output buffers

://github.com/zlib-ng/zlib-ng/commit/1f5ddcc009ac3511e99fc88736a9e1a6381168c5 Reported-by: Alexander Gordeev Signed-off-by: Ilya Leoshkevich --- lib/zlib_dfltcc/dfltcc.h | 1 + lib/zlib_dfltcc/dfltcc_util.h | 23 +++ 2 files changed, 24 insertions(+) diff --git a/lib

[PATCH 19/32] kmsan: Accept ranges starting with 0 on s390

On s390 the virtual address 0 is valid (current CPU's lowcore is mapped there), therefore KMSAN should not complain about it. Disable the respective check on s390. There doesn't seem to be a Kconfig option to describe this situation, so explicitly check for s390. Signed-off-by: Ilya Leoshkevich

[PATCH 17/32] lib/string: Add KMSAN support to strlcpy() and strlcat()

with different flags in the future. Signed-off-by: Ilya Leoshkevich --- lib/string.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lib/string.c b/lib/string.c index be26623953d2..e83c6dd77ec6 100644 --- a/lib/string.c +++ b/lib/string.c @@ -111,6 +111,9 @@ size_t strlcpy(char *dest

[PATCH 16/32] mm: kfence: Disable KMSAN when checking the canary

to ever touch it. Instead, disable KMSAN checks around canary read accesses. Signed-off-by: Ilya Leoshkevich --- mm/kfence/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 3872528d0963..a2ea8e5a1ad9 100644 --- a/mm/kfence/core.c

[PATCH 10/32] kmsan: Expose kmsan_get_metadata()

address 0, one needs to resolve metadata for lowcore_ptr[raw_smp_processor_id()]. Expose kmsan_get_metadata() to make it possible to do this from the arch code. Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 14 ++ mm/kmsan/instrumentation.c | 1 + mm/kmsan/kmsan.h

[PATCH 14/32] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata()

Improve the readability by replacing the custom aligning logic with ALIGN_DOWN(). Unlike other places where a similar sequence is used, there is no size parameter that needs to be adjusted, so the standard macro fits. Signed-off-by: Ilya Leoshkevich --- mm/kmsan/shadow.c | 8 +++- 1 file

  1   2   >