Re: [PATCH v5 13/37] kmsan: Support SLAB_POISON

[PATCH v5 00/37] kmsan: Enable on s390 · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 08/37] kmsan: Remove an x86-specific #include from kmsan.h · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 03/37] kmsan: Disable KMSAN when DEFERRED_STRUCT_PAGE_INIT is enabled · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 21/37] s390/boot: Turn off KMSAN · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 07/37] kmsan: Remove a useless assignment from kmsan_vmap_pages_range_noflush() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 24/37] s390/checksum: Add a KMSAN check · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 10/37] kmsan: Export panic_on_kmsan · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 11/37] kmsan: Allow disabling KMSAN checks for the current task · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 12/37] kmsan: Introduce memset_no_sanitize_memory() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
Re: [PATCH v5 12/37] kmsan: Introduce memset_no_sanitize_memory() · Alexander Potapenko <glider@google.com> · 2024-06-20
[PATCH v5 25/37] s390/cpacf: Unpoison the results of cpacf_trng() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 02/37] kmsan: Make the tests compatible with kmsan.panic=1 · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 06/37] kmsan: Fix kmsan_copy_to_user() on arches with overlapping address spaces · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 37/37] kmsan: Enable on s390 · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 13/37] kmsan: Support SLAB_POISON · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
Re: [PATCH v5 13/37] kmsan: Support SLAB_POISON · Alexander Potapenko <glider@google.com> · 2024-06-20
[PATCH v5 31/37] s390/string: Add KMSAN support · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 17/37] mm: slub: Disable KMSAN when checking the padding bytes · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
Re: [PATCH v5 17/37] mm: slub: Disable KMSAN when checking the padding bytes · Alexander Potapenko <glider@google.com> · 2024-06-20
[PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
Re: [PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions · Alexander Gordeev <agordeev@linux.ibm.com> · 2024-06-20
Re: [PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-20
Re: [PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions · Alexander Potapenko <glider@google.com> · 2024-06-20
Re: [PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions · Alexander Potapenko <glider@google.com> · 2024-06-20
Re: [PATCH v5 36/37] s390/kmsan: Implement the architecture-specific functions · Alexander Gordeev <agordeev@linux.ibm.com> · 2024-06-20
[PATCH v5 26/37] s390/cpumf: Unpoison STCCTM output buffer · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 16/37] mm: slub: Let KMSAN access metadata · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 15/37] kmsan: Do not round up pg_data_t size · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 28/37] s390/ftrace: Unpoison ftrace_regs in kprobe_ftrace_handler() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 18/37] mm: kfence: Disable KMSAN when checking the canary · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 01/37] ftrace: Unpoison ftrace_regs in ftrace_ops_list_func() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 30/37] s390/mm: Define KMSAN metadata for vmalloc and modules · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 23/37] s390/boot: Add the KMSAN runtime stub · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 29/37] s390/irqflags: Do not instrument arch_local_irq_*() with KMSAN · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 09/37] kmsan: Expose kmsan_get_metadata() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
Re: [PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user() · Alexander Potapenko <glider@google.com> · 2024-06-20
Re: [PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-20
Re: [PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user() · Alexander Potapenko <glider@google.com> · 2024-06-20
Re: [PATCH v5 33/37] s390/uaccess: Add KMSAN support to put_user() and get_user() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-20
[PATCH v5 20/37] kmsan: Accept ranges starting with 0 on s390 · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 35/37] s390/unwind: Disable KMSAN checks · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 04/37] kmsan: Increase the maximum store size to 4096 · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 22/37] s390: Use a larger stack for KMSAN · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 19/37] lib/zlib: Unpoison DFLTCC output buffers · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 27/37] s390/diag: Unpoison diag224() output buffer · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 34/37] s390/uaccess: Add the missing linux/instrumented.h #include · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
Re: [PATCH v5 34/37] s390/uaccess: Add the missing linux/instrumented.h #include · Alexander Potapenko <glider@google.com> · 2024-06-20
[PATCH v5 14/37] kmsan: Use ALIGN_DOWN() in kmsan_get_metadata() · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 05/37] kmsan: Fix is_bad_asm_addr() on arches with overlapping address spaces · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19
[PATCH v5 32/37] s390/traps: Unpoison the kernel_stack_overflow()'s pt_regs · Ilya Leoshkevich <iii@linux.ibm.com> · 2024-06-19

From: Alexander Potapenko <glider@google.com>
Date: 2024-06-20 14:59:19
Also in: linux-mm, linux-s390, lkml

On Wed, Jun 19, 2024 at 5:45 PM Ilya Leoshkevich [off-list ref] wrote:

Avoid false KMSAN negatives with SLUB_DEBUG by allowing
kmsan_slab_free() to poison the freed memory, and by preventing
init_object() from unpoisoning new allocations by using __memset().

There are two alternatives to this approach. First, init_object()
can be marked with __no_sanitize_memory. This annotation should be used
with great care, because it drops all instrumentation from the
function, and any shadow writes will be lost. Even though this is not a
concern with the current init_object() implementation, this may change
in the future.

Second, kmsan_poison_memory() calls may be added after memset() calls.
The downside is that init_object() is called from
free_debug_processing(), in which case poisoning will erase the
distinction between simply uninitialized memory and UAF.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>

Reviewed-by: Alexander Potapenko <glider@google.com>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help