[PATCH v7 36/38] s390/unwind: Disable KMSAN checks

The unwind code can read uninitialized frames. Furthermore, even in the good case, KMSAN does not emit shadow for backchains. Therefore disable it for the unwinding functions. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel

[PATCH v7 33/38] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs

This is normally done by the generic entry code, but the kernel_stack_overflow() flow bypasses it. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/traps.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/s390/kernel

[PATCH v7 37/38] s390/kmsan: Implement the architecture-specific functions

arch_kmsan_get_meta_or_null() finds the lowcore shadow by querying the prefix and calling kmsan_get_metadata() again. kmsan_virt_addr_valid() delegates to virt_addr_valid(). Acked-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm

[PATCH v7 35/38] s390/uaccess: Add the missing linux/instrumented.h #include

Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h index 70f0edc00c2a..9213be0529ee 100644 --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h

[PATCH v7 32/38] s390/string: Add KMSAN support

, but in the meantime resolve the issues by introducing the IN_BOOT_STRING_C macro, similar to the existing IN_ARCH_STRING_C macro. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/string.c| 16 arch/s390/include/asm

[PATCH v7 30/38] s390/irqflags: Do not instrument arch_local_irq_*() with KMSAN

this. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/irqflags.h | 17 ++--- drivers/s390/char/sclp.c | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/arch/s390/include/asm/irqflags.h b/arch/s390/include

[PATCH v7 28/38] s390/diag: Unpoison diag224() output buffer

Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/diag.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/s390/kernel/diag.c b/arch/s390/kernel/diag.c index 8dee9aa0ec95..8a7009618ba7 100644 --- a/arch/s390/kernel/diag.c +++ b/arch/s390/kernel

[PATCH v7 31/38] s390/mm: Define KMSAN metadata for vmalloc and modules

, and then take 2/3 of vmalloc for the vmalloc shadow and origins. This ensures that users passing small vmalloc= values on the command line do not cause module metadata collisions. Reviewed-by: Alexander Potapenko Acked-by: Alexander Gordeev Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich

[PATCH v7 29/38] s390/ftrace: Unpoison ftrace_regs in kprobe_ftrace_handler()

unpoisoning ftrace_regs in kprobe_ftrace_handler(). Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/ftrace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c index ddf2ee47cb87

[PATCH v7 38/38] kmsan: Enable on s390

Now that everything else is in place, enable KMSAN in Kconfig. Acked-by: Heiko Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index c59d2b54df49

[PATCH v7 27/38] s390/cpumf: Unpoison STCCTM output buffer

Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/cpu_mf.h | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/s390/include/asm/cpu_mf.h b/arch/s390/include/asm/cpu_mf.h index a0de5b9b02ea..9e4bbc3e53f8 100644 --- a/arch/s390/i

[PATCH v7 23/38] s390: Use a larger stack for KMSAN

Adjust the stack size for the KMSAN-enabled kernel like it was done for the KASAN-enabled one in commit 7fef92ccadd7 ("s390/kasan: double the stack size"). Both tools have similar requirements. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya L

[PATCH v7 26/38] s390/cpacf: Unpoison the results of cpacf_trng()

Prevent KMSAN from complaining about buffers filled by cpacf_trng() being uninitialized. Tested-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/cpacf.h | 3 +++ 1 file changed, 3 insertions(+) diff

[PATCH v7 19/38] mm: kfence: Disable KMSAN when checking the canary

to ever touch it. Instead, disable KMSAN checks around canary read accesses. Reviewed-by: Alexander Potapenko Tested-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kfence/core.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/mm/kfence/core.c b/mm

[PATCH v7 34/38] s390/uaccess: Add KMSAN support to put_user() and get_user()

ll. Acked-by: Heiko Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 111 +++- 1 file changed, 79 insertions(+), 32 deletions(-) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.

[PATCH v7 22/38] s390/boot: Turn off KMSAN

All other sanitizers are disabled for boot as well. While at it, add a comment explaining why we need this. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch

[PATCH v7 18/38] mm: slub: Disable KMSAN when checking the padding bytes

, this approach is too fragile. So simply disable the KMSAN checks in the respective functions. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/slub.c | 16 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index

[PATCH v7 14/38] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata()

Improve the readability by replacing the custom aligning logic with ALIGN_DOWN(). Unlike other places where a similar sequence is used, there is no size parameter that needs to be adjusted, so the standard macro fits. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm

[PATCH v7 25/38] s390/checksum: Add a KMSAN check

Add a KMSAN check to the CKSM inline assembly, similar to how it was done for ASAN in commit e42ac7789df6 ("s390/checksum: always use cksm instruction"). Acked-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/checksum.h

[PATCH v7 11/38] kmsan: Allow disabling KMSAN checks for the current task

the allow_reporting field for this. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- Documentation/dev-tools/kmsan.rst | 11 +-- include/linux/kmsan.h | 24 include/linux/kmsan_types.h | 2 +- mm/kmsan/core.c

[PATCH v7 20/38] lib/zlib: Unpoison DFLTCC output buffers

://github.com/zlib-ng/zlib-ng/commit/1f5ddcc009ac3511e99fc88736a9e1a6381168c5 Reported-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- lib/zlib_dfltcc/dfltcc.h | 1 + lib/zlib_dfltcc/dfltcc_util.h | 28 2 files changed, 29

[PATCH v7 09/38] kmsan: Expose kmsan_get_metadata()

address 0, one needs to resolve metadata for lowcore_ptr[raw_smp_processor_id()]. Expose kmsan_get_metadata() to make it possible to do this from the arch code. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 9 + mm/kmsan/instrumentation.c

[PATCH v7 17/38] mm: slub: Let KMSAN access metadata

Potapenko Signed-off-by: Ilya Leoshkevich --- mm/slub.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/slub.c b/mm/slub.c index 1134091abac5..b050e528112c 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -829,10 +829,12 @@ static int disable_higher_order_debug; static inline void

[PATCH v7 10/38] kmsan: Export panic_on_kmsan

When building the kmsan test as a module, modpost fails with the following error message: ERROR: modpost: "panic_on_kmsan" [mm/kmsan/kmsan_test.ko] undefined! Export panic_on_kmsan in order to improve the KMSAN usability for modules. Reviewed-by: Alexander Potapenko Signed-of

[PATCH v7 16/38] kmsan: Expose KMSAN_WARN_ON()

KMSAN_WARN_ON() is required for implementing s390-specific KMSAN functions, but right now it's available only to the KMSAN internal functions. Expose it to subsystems through . Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 25

[PATCH v7 04/38] kmsan: Increase the maximum store size to 4096

The inline assembly block in s390's chsc() stores that much. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/instrumentation.c b/mm/kmsan/instrumentation.c index

[PATCH v7 21/38] kmsan: Accept ranges starting with 0 on s390

Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index 9de76ac7062c..3f8b1bbb9060 100644 --- a/mm/kmsan/init.c +++ b/mm/kmsan/init.c @@ -33,7 +33,10 @@ static void __init

[PATCH v7 24/38] s390/boot: Add the KMSAN runtime stub

is that it does not disturb the existing KMSAN build logic and call sites don't need to be changed. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 1 + arch/s390/boot/kmsan.c | 6 ++ 2 files changed, 7 insertions(+) create mode 100644 arch/s390/boot

[PATCH v7 02/38] kmsan: Make the tests compatible with kmsan.panic=1

It's useful to have both tests and kmsan.panic=1 during development, but right now the warnings, that the tests cause, lead to kernel panics. Temporarily set kmsan.panic=0 for the duration of the KMSAN testing. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan

[PATCH v7 15/38] kmsan: Do not round up pg_data_t size

panic shortly after. Since the padding bytes are not used, drop the rounding. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index 3ac3b8921d36

[PATCH v7 13/38] kmsan: Support SLAB_POISON

after memset() calls. The downside is that init_object() is called from free_debug_processing(), in which case poisoning will erase the distinction between simply uninitialized memory and UAF. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/hooks.c | 2 +- mm

[PATCH v7 08/38] kmsan: Remove an x86-specific #include from kmsan.h

o Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/kmsan.h | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/kmsan.h b/mm/kmsan/kmsan.h index a14744205435..adf443bcffe8 100644 --- a/mm/kmsan/kmsan.h +++ b/mm/kmsan/kmsan.h

[PATCH v7 12/38] kmsan: Introduce memset_no_sanitize_memory()

Add a wrapper for memset() that prevents unpoisoning. This is useful for filling memory allocator redzones. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 18 ++ 1 file changed, 18 insertions(+) diff --git a/include/linux/kmsan.h b

[PATCH v7 03/38] kmsan: Disable KMSAN when DEFERRED_STRUCT_PAGE_INIT is enabled

(), it is considered an error. DEFERRED_STRUCT_PAGE_INIT causes this, so mark it as incompatible with KMSAN. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/Kconfig b/mm/Kconfig index b4cb45255a54..9791fce5d0a7 100644

[PATCH v7 00/38] kmsan: Enable on s390

initialized memory. The clang support for s390 has already been merged [1]. With this series, I can successfully boot s390 defconfig and debug_defconfig with kmsan.panic=1. The tool found one real s390-specific bug (fixed in master). Best regards, Ilya [1] https://reviews.llvm.org/D148596 Ilya Leoshkev

[PATCH v7 06/38] kmsan: Fix kmsan_copy_to_user() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Assume that we are handling user memory access in this case. Reported-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/hooks.c | 3 ++- 1 file changed, 2

[PATCH v7 01/38] ftrace: Unpoison ftrace_regs in ftrace_ops_list_func()

on x86_64 as well. [1] https://github.com/iii-i/llvm-project/commits/msan-poison-allocas-before-returning-2024-06-12/ Reviewed-by: Alexander Potapenko Acked-by: Steven Rostedt (Google) Signed-off-by: Ilya Leoshkevich --- kernel/trace/ftrace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel

[PATCH v7 07/38] kmsan: Remove a useless assignment from kmsan_vmap_pages_range_noflush()

Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/shadow.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/kmsan/shadow.c b/mm/kmsan/shadow.c index b9d05aff313e..2d57408c78ae 100644 --- a/mm/kmsan/shadow.c +++ b/mm/kmsan/shadow.c @@ -243,7 +243,6 @@ int kmsan_vmap_pages_range_noflush(uns

[PATCH v7 05/38] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Skip the comparison when this is the case. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff

Re: [PATCH v6 32/39] s390/ptdump: Add KMSAN page markers

On Fri, 2024-06-21 at 02:25 +0200, Ilya Leoshkevich wrote: > Add KMSAN vmalloc metadata areas to kernel_page_tables. > > Signed-off-by: Ilya Leoshkevich > --- >  arch/s390/mm/dump_pagetables.c | 30 ++ >  1 file changed, 30 insertions(+) > > d

[PATCH v6 38/39] s390/kmsan: Implement the architecture-specific functions

arch_kmsan_get_meta_or_null() finds the lowcore shadow by querying the prefix and calling kmsan_get_metadata() again. kmsan_virt_addr_valid() delegates to virt_addr_valid(). Acked-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm

[PATCH v6 35/39] s390/uaccess: Add KMSAN support to put_user() and get_user()

ll. Acked-by: Heiko Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 111 +++- 1 file changed, 79 insertions(+), 32 deletions(-) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.

[PATCH v6 39/39] kmsan: Enable on s390

Now that everything else is in place, enable KMSAN in Kconfig. Acked-by: Heiko Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index c59d2b54df49

[PATCH v6 37/39] s390/unwind: Disable KMSAN checks

The unwind code can read uninitialized frames. Furthermore, even in the good case, KMSAN does not emit shadow for backchains. Therefore disable it for the unwinding functions. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel

[PATCH v6 36/39] s390/uaccess: Add the missing linux/instrumented.h #include

Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h index 70f0edc00c2a..9213be0529ee 100644 --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h

[PATCH v6 27/39] s390/cpumf: Unpoison STCCTM output buffer

Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/cpu_mf.h | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/s390/include/asm/cpu_mf.h b/arch/s390/include/asm/cpu_mf.h index a0de5b9b02ea..9e4bbc3e53f8 100644 --- a/arch/s390/i

[PATCH v6 34/39] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs

This is normally done by the generic entry code, but the kernel_stack_overflow() flow bypasses it. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/traps.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/s390/kernel

[PATCH v6 31/39] s390/mm: Define KMSAN metadata for vmalloc and modules

, and then take 2/3 of vmalloc for the vmalloc shadow and origins. This ensures that users passing small vmalloc= values on the command line do not cause module metadata collisions. Reviewed-by: Alexander Potapenko Acked-by: Alexander Gordeev Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich

[PATCH v6 30/39] s390/irqflags: Do not instrument arch_local_irq_*() with KMSAN

this. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/irqflags.h | 17 ++--- drivers/s390/char/sclp.c | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/arch/s390/include/asm/irqflags.h b/arch/s390/include

[PATCH v6 32/39] s390/ptdump: Add KMSAN page markers

Add KMSAN vmalloc metadata areas to kernel_page_tables. Signed-off-by: Ilya Leoshkevich --- arch/s390/mm/dump_pagetables.c | 30 ++ 1 file changed, 30 insertions(+) diff --git a/arch/s390/mm/dump_pagetables.c b/arch/s390/mm/dump_pagetables.c index ffd07ed7b4af

[PATCH v6 33/39] s390/string: Add KMSAN support

, but in the meantime resolve the issues by introducing the IN_BOOT_STRING_C macro, similar to the existing IN_ARCH_STRING_C macro. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/string.c| 16 arch/s390/include/asm

[PATCH v6 01/39] ftrace: Unpoison ftrace_regs in ftrace_ops_list_func()

on x86_64 as well. [1] https://github.com/iii-i/llvm-project/commits/msan-poison-allocas-before-returning-2024-06-12/ Reviewed-by: Alexander Potapenko Acked-by: Steven Rostedt (Google) Signed-off-by: Ilya Leoshkevich --- kernel/trace/ftrace.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel

[PATCH v6 23/39] s390: Use a larger stack for KMSAN

Adjust the stack size for the KMSAN-enabled kernel like it was done for the KASAN-enabled one in commit 7fef92ccadd7 ("s390/kasan: double the stack size"). Both tools have similar requirements. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya L

[PATCH v6 25/39] s390/checksum: Add a KMSAN check

Add a KMSAN check to the CKSM inline assembly, similar to how it was done for ASAN in commit e42ac7789df6 ("s390/checksum: always use cksm instruction"). Acked-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/checksum.h

[PATCH v6 29/39] s390/ftrace: Unpoison ftrace_regs in kprobe_ftrace_handler()

unpoisoning ftrace_regs in kprobe_ftrace_handler(). Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/ftrace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c index ddf2ee47cb87

[PATCH v6 28/39] s390/diag: Unpoison diag224() output buffer

Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/diag.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/s390/kernel/diag.c b/arch/s390/kernel/diag.c index 8dee9aa0ec95..8a7009618ba7 100644 --- a/arch/s390/kernel/diag.c +++ b/arch/s390/kernel

[PATCH v6 24/39] s390/boot: Add the KMSAN runtime stub

is that it does not disturb the existing KMSAN build logic and call sites don't need to be changed. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 1 + arch/s390/boot/kmsan.c | 6 ++ 2 files changed, 7 insertions(+) create mode 100644 arch/s390/boot

[PATCH v6 03/39] kmsan: Disable KMSAN when DEFERRED_STRUCT_PAGE_INIT is enabled

(), it is considered an error. DEFERRED_STRUCT_PAGE_INIT causes this, so mark it as incompatible with KMSAN. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/Kconfig b/mm/Kconfig index b4cb45255a54..9791fce5d0a7 100644

[PATCH v6 04/39] kmsan: Increase the maximum store size to 4096

The inline assembly block in s390's chsc() stores that much. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/instrumentation.c b/mm/kmsan/instrumentation.c index

[PATCH v6 26/39] s390/cpacf: Unpoison the results of cpacf_trng()

Prevent KMSAN from complaining about buffers filled by cpacf_trng() being uninitialized. Tested-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/cpacf.h | 3 +++ 1 file changed, 3 insertions(+) diff

[PATCH v6 22/39] s390/boot: Turn off KMSAN

All other sanitizers are disabled for boot as well. While at it, add a comment explaining why we need this. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch

[PATCH v6 19/39] mm: kfence: Disable KMSAN when checking the canary

to ever touch it. Instead, disable KMSAN checks around canary read accesses. Reviewed-by: Alexander Potapenko Tested-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kfence/core.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/mm/kfence/core.c b/mm

[PATCH v6 21/39] kmsan: Accept ranges starting with 0 on s390

Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index 9de76ac7062c..3f8b1bbb9060 100644 --- a/mm/kmsan/init.c +++ b/mm/kmsan/init.c @@ -33,7 +33,10 @@ static void __init

[PATCH v6 16/39] kmsan: Expose KMSAN_WARN_ON()

KMSAN_WARN_ON() is required for implementing s390-specific KMSAN functions, but right now it's available only to the KMSAN internal functions. Expose it to subsystems through . Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 25 + mm/kmsan/kmsan.h | 24

[PATCH v6 20/39] lib/zlib: Unpoison DFLTCC output buffers

://github.com/zlib-ng/zlib-ng/commit/1f5ddcc009ac3511e99fc88736a9e1a6381168c5 Reported-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- lib/zlib_dfltcc/dfltcc.h | 1 + lib/zlib_dfltcc/dfltcc_util.h | 28 2 files changed, 29

[PATCH v6 14/39] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata()

Improve the readability by replacing the custom aligning logic with ALIGN_DOWN(). Unlike other places where a similar sequence is used, there is no size parameter that needs to be adjusted, so the standard macro fits. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm

[PATCH v6 17/39] mm: slub: Let KMSAN access metadata

Potapenko Signed-off-by: Ilya Leoshkevich --- mm/slub.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/slub.c b/mm/slub.c index 1134091abac5..b050e528112c 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -829,10 +829,12 @@ static int disable_higher_order_debug; static inline void

[PATCH v6 13/39] kmsan: Support SLAB_POISON

after memset() calls. The downside is that init_object() is called from free_debug_processing(), in which case poisoning will erase the distinction between simply uninitialized memory and UAF. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/hooks.c | 2 +- mm

[PATCH v6 18/39] mm: slub: Disable KMSAN when checking the padding bytes

, this approach is too fragile. So simply disable the KMSAN checks in the respective functions. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/slub.c | 16 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index

[PATCH v6 15/39] kmsan: Do not round up pg_data_t size

panic shortly after. Since the padding bytes are not used, drop the rounding. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index 3ac3b8921d36

[PATCH v6 07/39] kmsan: Remove a useless assignment from kmsan_vmap_pages_range_noflush()

Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/shadow.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/kmsan/shadow.c b/mm/kmsan/shadow.c index b9d05aff313e..2d57408c78ae 100644 --- a/mm/kmsan/shadow.c +++ b/mm/kmsan/shadow.c @@ -243,7 +243,6 @@ int kmsan_vmap_pages_range_noflush(uns

[PATCH v6 12/39] kmsan: Introduce memset_no_sanitize_memory()

Add a wrapper for memset() that prevents unpoisoning. This is useful for filling memory allocator redzones. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 18 ++ 1 file changed, 18 insertions(+) diff --git a/include/linux/kmsan.h b

[PATCH v6 11/39] kmsan: Allow disabling KMSAN checks for the current task

the allow_reporting field for this. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- Documentation/dev-tools/kmsan.rst | 11 +-- include/linux/kmsan.h | 24 include/linux/kmsan_types.h | 2 +- mm/kmsan/core.c

[PATCH v6 06/39] kmsan: Fix kmsan_copy_to_user() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Assume that we are handling user memory access in this case. Reported-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/hooks.c | 3 ++- 1 file changed, 2

[PATCH v6 10/39] kmsan: Export panic_on_kmsan

When building the kmsan test as a module, modpost fails with the following error message: ERROR: modpost: "panic_on_kmsan" [mm/kmsan/kmsan_test.ko] undefined! Export panic_on_kmsan in order to improve the KMSAN usability for modules. Reviewed-by: Alexander Potapenko Signed-of

[PATCH v6 02/39] kmsan: Make the tests compatible with kmsan.panic=1

It's useful to have both tests and kmsan.panic=1 during development, but right now the warnings, that the tests cause, lead to kernel panics. Temporarily set kmsan.panic=0 for the duration of the KMSAN testing. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan

[PATCH v6 08/39] kmsan: Remove an x86-specific #include from kmsan.h

o Carstens Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/kmsan.h | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/kmsan.h b/mm/kmsan/kmsan.h index a14744205435..adf443bcffe8 100644 --- a/mm/kmsan/kmsan.h +++ b/mm/kmsan/kmsan.h

[PATCH v6 00/39] kmsan: Enable on s390

debug_defconfig with kmsan.panic=1. The tool found one real s390-specific bug (fixed in master). Best regards, Ilya [1] https://reviews.llvm.org/D148596 Ilya Leoshkevich (39): ftrace: Unpoison ftrace_regs in ftrace_ops_list_func() kmsan: Make the tests compatible with kmsan.panic=1 kmsan: Dis

[PATCH v6 09/39] kmsan: Expose kmsan_get_metadata()

address 0, one needs to resolve metadata for lowcore_ptr[raw_smp_processor_id()]. Expose kmsan_get_metadata() to make it possible to do this from the arch code. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 9 + mm/kmsan/instrumentation.c

[PATCH v6 05/39] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Skip the comparison when this is the case. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff

Re: [PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user()

On Thu, 2024-06-20 at 13:19 +0200, Ilya Leoshkevich wrote: > On Thu, 2024-06-20 at 10:36 +0200, Alexander Potapenko wrote: > > On Wed, Jun 19, 2024 at 5:45 PM Ilya Leoshkevich > > > > wrote: > > > > > > put_user() uses inline assembly w

Re: [PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions

On Thu, 2024-06-20 at 11:25 +0200, Alexander Gordeev wrote: > On Wed, Jun 19, 2024 at 05:44:11PM +0200, Ilya Leoshkevich wrote: > > Hi Ilya, > > > +static inline bool is_lowcore_addr(void *addr) > > +{ > > + return addr >= (void *)_lowcore && &g

Re: [PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user()

On Thu, 2024-06-20 at 10:36 +0200, Alexander Potapenko wrote: > On Wed, Jun 19, 2024 at 5:45 PM Ilya Leoshkevich > wrote: > > > > put_user() uses inline assembly with precise constraints, so Clang > > is > > in principle capable of instrumenting it automatical

[PATCH v5 32/37] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs

This is normally done by the generic entry code, but the kernel_stack_overflow() flow bypasses it. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/traps.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/arch/s390/kernel

[PATCH v5 14/37] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata()

Improve the readability by replacing the custom aligning logic with ALIGN_DOWN(). Unlike other places where a similar sequence is used, there is no size parameter that needs to be adjusted, so the standard macro fits. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm

[PATCH v5 05/37] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces

Comparing pointers with TASK_SIZE does not make sense when kernel and userspace overlap. Skip the comparison when this is the case. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff

[PATCH v5 22/37] s390: Use a larger stack for KMSAN

Adjust the stack size for the KMSAN-enabled kernel like it was done for the KASAN-enabled one in commit 7fef92ccadd7 ("s390/kasan: double the stack size"). Both tools have similar requirements. Reviewed-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya L

[PATCH v5 34/37] s390/uaccess: Add the missing linux/instrumented.h #include

uaccess.h uses instrument_get_user() and instrument_put_user(), which are defined in linux/instrumented.h. Currently we get this header from somewhere else by accident; prefer to be explicit about it and include it directly. Suggested-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich

[PATCH v5 27/37] s390/diag: Unpoison diag224() output buffer

Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel/diag.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/s390/kernel/diag.c b/arch/s390/kernel/diag.c index 8dee9aa0ec95..8a7009618ba7 100644 --- a/arch/s390/kernel/diag.c +++ b/arch/s390/kernel

[PATCH v5 19/37] lib/zlib: Unpoison DFLTCC output buffers

://github.com/zlib-ng/zlib-ng/commit/1f5ddcc009ac3511e99fc88736a9e1a6381168c5 Reported-by: Alexander Gordeev Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- lib/zlib_dfltcc/dfltcc.h | 1 + lib/zlib_dfltcc/dfltcc_util.h | 28 2 files changed, 29

[PATCH v5 04/37] kmsan: Increase the maximum store size to 4096

The inline assembly block in s390's chsc() stores that much. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/instrumentation.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/kmsan/instrumentation.c b/mm/kmsan/instrumentation.c index

[PATCH v5 35/37] s390/unwind: Disable KMSAN checks

The unwind code can read uninitialized frames. Furthermore, even in the good case, KMSAN does not emit shadow for backchains. Therefore disable it for the unwinding functions. Reviewed-by: Alexander Potapenko Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/kernel

[PATCH v5 20/37] kmsan: Accept ranges starting with 0 on s390

Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index 9de76ac7062c..3f8b1bbb9060 100644 --- a/mm/kmsan/init.c +++ b/mm/kmsan/init.c @@ -33,7 +33,10 @@ static void __init

[PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user()

ll. Acked-by: Heiko Carstens Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/uaccess.h | 111 +++- 1 file changed, 79 insertions(+), 32 deletions(-) diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h index 81ae8a98e7ec..70f0edc00c2a 10

[PATCH v5 09/37] kmsan: Expose kmsan_get_metadata()

address 0, one needs to resolve metadata for lowcore_ptr[raw_smp_processor_id()]. Expose kmsan_get_metadata() to make it possible to do this from the arch code. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- include/linux/kmsan.h | 9 + mm/kmsan/instrumentation.c

[PATCH v5 23/37] s390/boot: Add the KMSAN runtime stub

is that it does not disturb the existing KMSAN build logic and call sites don't need to be changed. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/boot/Makefile | 1 + arch/s390/boot/kmsan.c | 6 ++ 2 files changed, 7 insertions(+) create mode 100644 arch/s390/boot

[PATCH v5 29/37] s390/irqflags: Do not instrument arch_local_irq_*() with KMSAN

this. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- arch/s390/include/asm/irqflags.h | 17 ++--- drivers/s390/char/sclp.c | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/arch/s390/include/asm/irqflags.h b/arch/s390/include

[PATCH v5 16/37] mm: slub: Let KMSAN access metadata

Potapenko Signed-off-by: Ilya Leoshkevich --- mm/slub.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/slub.c b/mm/slub.c index 1134091abac5..b050e528112c 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -829,10 +829,12 @@ static int disable_higher_order_debug; static inline void

[PATCH v5 15/37] kmsan: Do not round up pg_data_t size

panic shortly after. Since the padding bytes are not used, drop the rounding. Reviewed-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kmsan/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kmsan/init.c b/mm/kmsan/init.c index 3ac3b8921d36

[PATCH v5 18/37] mm: kfence: Disable KMSAN when checking the canary

to ever touch it. Instead, disable KMSAN checks around canary read accesses. Reviewed-by: Alexander Potapenko Tested-by: Alexander Potapenko Signed-off-by: Ilya Leoshkevich --- mm/kfence/core.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/mm/kfence/core.c b/mm

  1   2   3   >