From patchwork Sun Mar 18 12:53:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abbott Liu X-Patchwork-Id: 10291183 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C9BEC60291 for ; Sun, 18 Mar 2018 14:11:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B613128AB7 for ; Sun, 18 Mar 2018 14:11:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AA62128CB7; Sun, 18 Mar 2018 14:11:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID autolearn=unavailable version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1959D28AB7 for ; Sun, 18 Mar 2018 14:11:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=0v01FHW+yJX5dxHQblRmacPlxNRzwCI/WrjpYGZrMGE=; b=GVx/t2sRIVD4N5 FbwjQ9LrLS5PywwNj2+RIps2SYrmhSKJ1eP+REqN+9GzvNQThtuSiDia+vepQ+bPgHainYsbEbd2Q tM8KSHc52NwqtG2MgTkK3T7BOjIaO1ldjOHH4yMyWGCHDn53UXDI4fID3kTmvrjC+C2kwnA3klBAc rTBCXVJo3Lc+Sil43453UOZ/EiSZ7J2i4EUrpxE4thUeZ9Uxjn0MCtVpWFaP0MCpBEtEA7EH5BPic d0h0dTkbjCxrfnDtHfjhC1c0mxL4utpUkES6oRL9ZtBgJWhC76M94MDmybXFRFTTcUbzcHLQ5Wx+W v8xt9wexrPKVjo+XkLlw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1exZ22-0004Uw-V2; Sun, 18 Mar 2018 14:11:30 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1exZ0N-0002ZE-DJ for linux-arm-kernel@bombadil.infradead.org; Sun, 18 Mar 2018 14:09:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=Content-Type:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:CC:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=qgWoI+Bk1EUFzyXBDMZUDRAghLQLLIbbHpFdsVN2v+A=; b=SedCNMj61/4HFWgYZj4N+Eg2u OFtRS/bRDaq2fU7/qEORj1FB7tXr/WJHWB/Gca8T3eFqr/uX4xz88l9phj3yGiQI8esV8P+tOK2u4 HjXnHb1lN/yuMvB2YKSw1wTzkm5gOUoX/kbFa6oW1o2jqFrr06eWvNFddEOOGB6IsLKYlxGDTXWWv juOZYYG5tzVWaozKwqi5VdRGgxFDeapLyeSxdfe1D4bvFhRcNKLcdKa6SENIimkgCRaNguUZ6NBOf Bd43dB2RY/3xOdkT+Rvl0pp3ahpbox9EWvoZ+hgHd/ZYKJLjEq2q3H0ILmhCQ+yIOg8XNOOqfeBc/ 9PbjWGEGw==; Received: from szxga05-in.huawei.com ([45.249.212.191] helo=huawei.com) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1exY8x-00006O-GC for linux-arm-kernel@lists.infradead.org; Sun, 18 Mar 2018 13:14:37 +0000 Received: from DGGEMS405-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id B265110742B04; Sun, 18 Mar 2018 21:13:50 +0800 (CST) Received: from linux.site (10.67.187.223) by DGGEMS405-HUB.china.huawei.com (10.3.19.205) with Microsoft SMTP Server id 14.3.361.1; Sun, 18 Mar 2018 21:13:42 +0800 From: Abbott Liu To: , , , , , , , , , Subject: [PATCH 5/7] Define the virtual space of KASan's shadow region Date: Sun, 18 Mar 2018 20:53:40 +0800 Message-ID: <20180318125342.4278-6-liuwenliang@huawei.com> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20180318125342.4278-1-liuwenliang@huawei.com> References: <20180318125342.4278-1-liuwenliang@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.187.223] X-CFilter-Loop: Reflected X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180318_091436_398577_C88DA855 X-CRM114-Status: GOOD ( 24.39 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nicolas.pitre@linaro.org, tixy@linaro.org, grygorii.strashko@linaro.org, catalin.marinas@arm.com, linux@rasmusvillemoes.dk, dhowells@redhat.com, linux-mm@kvack.org, glider@google.com, mark.rutland@arm.com, kvmarm@lists.cs.columbia.edu, opendmb@gmail.com, mawilcox@microsoft.com, kasan-dev@googlegroups.com, geert@linux-m68k.org, linux-arm-kernel@lists.infradead.org, zhichao.huang@linaro.org, labbott@redhat.com, vladimir.murzin@arm.com, keescook@chromium.org, arnd@arndb.de, philip@cog.systems, jinb.park7@gmail.com, tglx@linutronix.de, dvyukov@google.com, ard.biesheuvel@linaro.org, linux-kernel@vger.kernel.org, james.morse@arm.com, kirill.shutemov@linux.intel.com, pombredanne@nexb.com, thgarnie@google.com, christoffer.dall@linaro.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP Define KASAN_SHADOW_OFFSET,KASAN_SHADOW_START and KASAN_SHADOW_END for arm kernel address sanitizer. +----+ 0xffffffff | | | | | | +----+ CONFIG_PAGE_OFFSET | |\ | | |-> module virtual address space area. | |/ +----+ MODULE_VADDR = KASAN_SHADOW_END | |\ | | |-> the shadow area of kernel virtual address. | |/ +----+ TASK_SIZE(start of kernel space) = KASAN_SHADOW_START the | |\ shadow address of MODULE_VADDR | | ---------------------+ | | | + + KASAN_SHADOW_OFFSET |-> the user space area. Kernel address | | | sanitizer do not use this space. | | ---------------------+ | |/ ------ 0 1)KASAN_SHADOW_OFFSET: This value is used to map an address to the corresponding shadow address by the following formula: shadow_addr = (address >> 3) + KASAN_SHADOW_OFFSET; 2)KASAN_SHADOW_START This value is the MODULE_VADDR's shadow address. It is the start of kernel virtual space. 3)KASAN_SHADOW_END This value is the 0x100000000's shadow address. It is the end of kernel addresssanitizer's shadow area. It is also the start of the module area. When enable kasan, the definition of TASK_SIZE is not an an 8-bit rotated constant, so we need to modify the TASK_SIZE access code in the *.s file. Cc: Andrey Ryabinin Reviewed-by: Ard Biesheuvel Reviewed-by: Russell King - ARM Linux Tested-by: Florian Fainelli Signed-off-by: Abbott Liu --- arch/arm/include/asm/kasan_def.h | 52 ++++++++++++++++++++++++++++++++++++++++ arch/arm/include/asm/memory.h | 5 ++++ arch/arm/kernel/entry-armv.S | 5 ++-- arch/arm/kernel/entry-common.S | 6 +++-- arch/arm/mm/init.c | 6 +++++ arch/arm/mm/mmu.c | 7 +++++- 6 files changed, 76 insertions(+), 5 deletions(-) create mode 100644 arch/arm/include/asm/kasan_def.h diff --git a/arch/arm/include/asm/kasan_def.h b/arch/arm/include/asm/kasan_def.h new file mode 100644 index 0000000..3a5cdc9 --- /dev/null +++ b/arch/arm/include/asm/kasan_def.h @@ -0,0 +1,52 @@ +#ifndef __ASM_KASAN_DEF_H +#define __ASM_KASAN_DEF_H + +#ifdef CONFIG_KASAN + +/* + * +----+ 0xffffffff + * | | + * | | + * | | + * +----+ CONFIG_PAGE_OFFSET + * | |\ + * | | |-> module virtual address space area. + * | |/ + * +----+ MODULE_VADDR = KASAN_SHADOW_END + * | |\ + * | | |-> the shadow area of kernel virtual address. + * | |/ + * +----+ TASK_SIZE(start of kernel space) = KASAN_SHADOW_START the + * | |\ shadow address of MODULE_VADDR + * | | ---------------------+ + * | | | + * + + KASAN_SHADOW_OFFSET |-> the user space area. Kernel address + * | | | sanitizer do not use this space. + * | | ---------------------+ + * | |/ + * ------ 0 + * + *1)KASAN_SHADOW_OFFSET: + * This value is used to map an address to the corresponding shadow + * address by the following formula: + * shadow_addr = (address >> 3) + KASAN_SHADOW_OFFSET; + * + * 2)KASAN_SHADOW_START + * This value is the MODULE_VADDR's shadow address. It is the start + * of kernel virtual space. + * + * 3) KASAN_SHADOW_END + * This value is the 0x100000000's shadow address. It is the end of + * kernel addresssanitizer's shadow area. It is also the start of the + * module area. + * + */ + +#define KASAN_SHADOW_OFFSET (KASAN_SHADOW_END - (1<<29)) + +#define KASAN_SHADOW_START ((KASAN_SHADOW_END >> 3) + KASAN_SHADOW_OFFSET) + +#define KASAN_SHADOW_END (UL(CONFIG_PAGE_OFFSET) - UL(SZ_16M)) + +#endif +#endif diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h index 4966677..3ce1a9a 100644 --- a/arch/arm/include/asm/memory.h +++ b/arch/arm/include/asm/memory.h @@ -21,6 +21,7 @@ #ifdef CONFIG_NEED_MACH_MEMORY_H #include #endif +#include /* * Allow for constants defined here to be used from assembly code @@ -37,7 +38,11 @@ * TASK_SIZE - the maximum size of a user space task. * TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area */ +#ifndef CONFIG_KASAN #define TASK_SIZE (UL(CONFIG_PAGE_OFFSET) - UL(SZ_16M)) +#else +#define TASK_SIZE (KASAN_SHADOW_START) +#endif #define TASK_UNMAPPED_BASE ALIGN(TASK_SIZE / 3, SZ_16M) /* diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 1752033..b4de9e4 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -183,7 +183,7 @@ ENDPROC(__und_invalid) get_thread_info tsk ldr r0, [tsk, #TI_ADDR_LIMIT] - mov r1, #TASK_SIZE + ldr r1, =TASK_SIZE str r1, [tsk, #TI_ADDR_LIMIT] str r0, [sp, #SVC_ADDR_LIMIT] @@ -437,7 +437,8 @@ ENDPROC(__fiq_abt) @ if it was interrupted in a critical region. Here we @ perform a quick test inline since it should be false @ 99.9999% of the time. The rest is done out of line. - cmp r4, #TASK_SIZE + ldr r0, =TASK_SIZE + cmp r4, r0 blhs kuser_cmpxchg64_fixup #endif #endif diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 3c4f887..b7d0c6c 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -51,7 +51,8 @@ ret_fast_syscall: UNWIND(.cantunwind ) disable_irq_notrace @ disable interrupts ldr r2, [tsk, #TI_ADDR_LIMIT] - cmp r2, #TASK_SIZE + ldr r1, =TASK_SIZE + cmp r2, r1 blne addr_limit_check_failed ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK @@ -116,7 +117,8 @@ ret_slow_syscall: disable_irq_notrace @ disable interrupts ENTRY(ret_to_user_from_irq) ldr r2, [tsk, #TI_ADDR_LIMIT] - cmp r2, #TASK_SIZE + ldr r1, =TASK_SIZE + cmp r2, r1 blne addr_limit_check_failed ldr r1, [tsk, #TI_FLAGS] tst r1, #_TIF_WORK_MASK diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c index bd6f451..da11f61 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c @@ -538,6 +538,9 @@ void __init mem_init(void) #ifdef CONFIG_MODULES " modules : 0x%08lx - 0x%08lx (%4ld MB)\n" #endif +#ifdef CONFIG_KASAN + " kasan : 0x%08lx - 0x%08lx (%4ld MB)\n" +#endif " .text : 0x%p" " - 0x%p" " (%4td kB)\n" " .init : 0x%p" " - 0x%p" " (%4td kB)\n" " .data : 0x%p" " - 0x%p" " (%4td kB)\n" @@ -558,6 +561,9 @@ void __init mem_init(void) #ifdef CONFIG_MODULES MLM(MODULES_VADDR, MODULES_END), #endif +#ifdef CONFIG_KASAN + MLM(KASAN_SHADOW_START, KASAN_SHADOW_END), +#endif MLK_ROUNDUP(_text, _etext), MLK_ROUNDUP(__init_begin, __init_end), diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c index e46a6a4..f5aa1de 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -1251,9 +1251,14 @@ static inline void prepare_page_table(void) /* * Clear out all the mappings below the kernel image. */ - for (addr = 0; addr < MODULES_VADDR; addr += PMD_SIZE) + for (addr = 0; addr < TASK_SIZE; addr += PMD_SIZE) pmd_clear(pmd_off_k(addr)); +#ifdef CONFIG_KASAN + /*TASK_SIZE ~ MODULES_VADDR is the KASAN's shadow area -- skip over it*/ + addr = MODULES_VADDR; +#endif + #ifdef CONFIG_XIP_KERNEL /* The XIP kernel is mapped in the module area -- skip over it */ addr = ((unsigned long)_exiprom + PMD_SIZE - 1) & PMD_MASK;