From patchwork Wed Nov 29 21:50:46 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Lawrence <paullawrence@google.com>
X-Patchwork-Id: 10083731
Return-Path: <linux-kbuild-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	8F2FC60234 for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Wed, 29 Nov 2017 21:52:10 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F3CD29C9B
	for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Wed, 29 Nov 2017 21:52:10 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 71E8629C9C; Wed, 29 Nov 2017 21:52:10 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 209DC29C9A
	for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Wed, 29 Nov 2017 21:52:10 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752244AbdK2VvQ (ORCPT
	<rfc822;patchwork-linux-kbuild@patchwork.kernel.org>);
	Wed, 29 Nov 2017 16:51:16 -0500
Received: from mail-it0-f65.google.com ([209.85.214.65]:42570 "EHLO
	mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751648AbdK2VvN (ORCPT
	<rfc822;linux-kbuild@vger.kernel.org>);
	Wed, 29 Nov 2017 16:51:13 -0500
Received: by mail-it0-f65.google.com with SMTP id p139so5888905itb.1
	for <linux-kbuild@vger.kernel.org>;
	Wed, 29 Nov 2017 13:51:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=CHDaEhJigPjiBOcH9K7b4HKI0L14JpwQRaqxYXi8Sgk=;
	b=nM/5MOA/ETj8OnBI82TJlsBmtBJvnyNoxEawOzoNTKrTzgsxBFqZiBt4VBnd/P8ng8
	7QACL+Lt1E6sygjQ+s2D5JC3E84x0Skgnc2TFEAYqMXQ5m4elE48VB7iZzUp1/rcdM4i
	ExiSgyuLJD2nTEgukiyzcHVv4x3YW+2Han6XRlONic5UfI9Q/Bp7EbnxhZAgCunxHeJR
	e4kLa//FnigQQTTiFizY8HgQ9z0/21egmhdoE043LyWHndOd37EEktLcBf/hoD6ysq2C
	AFwQEeiYhNhz6pm/NB+BPguXjXzuV6/u03LCZn7X7opI4Mr2nNJJcFq/3Mo3YjIDHcl9
	NUvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=CHDaEhJigPjiBOcH9K7b4HKI0L14JpwQRaqxYXi8Sgk=;
	b=AtJfcTExlVDV2Lf1KjkCKwI+xrGTwEhw0HrVVIAOEo1bVkc/WW5SAqhu+LLWYb5iza
	aAooDLzJtpcTryzPHfqUMRcG/9pwBX8RWgPeu3u/BavPV8WrU7EqvrPSyt5YiJbivAOm
	BXKqT5AOLzqPK73HCbDGXyxxFrKz0s74L0gtY9r/o62QnF60fGbENBzWL8U0Hvw1mJK9
	QV6YCgVfPD2B4Oz7yrH3+mia8tWhiF7PTqu+LOpc4xOqRP2gTliNXzaweKKR/+QlUpU1
	8WqpbhQYBuGwLFrNzapiEzyMk/zJqBGM7mSLJB4OMMfaNWdD7EtwWZNcWIRKamGlR6Ts
	KsKw==
X-Gm-Message-State: AJaThX55Twmm0lD75miOxePJAgKsTEFFyQ+ONjkW7xr+vfn8TndlwREX
	6M+WWgZz9hDMaylfFDiy3A9Ajw==
X-Google-Smtp-Source: 
 AGs4zMbFyMvgYheVHUEenicxkE7w79V+jRyW+C8JPnQmCbHOAztoEnumEIC5UfVIblbav+7cdh9qdQ==
X-Received: by 10.36.79.75 with SMTP id c72mr354141itb.146.1511992272607;
	Wed, 29 Nov 2017 13:51:12 -0800 (PST)
Received: from paullawrence.mtv.corp.google.com ([172.22.120.84])
	by smtp.gmail.com with ESMTPSA id
	x72sm1438438ite.43.2017.11.29.13.51.11
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 29 Nov 2017 13:51:12 -0800 (PST)
From: Paul Lawrence <paullawrence@google.com>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Alexander Potapenko <glider@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Masahiro Yamada <yamada.masahiro@socionext.com>,
	Michal Marek <mmarek@suse.com>
Cc: linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
	linux-mm@kvack.org, linux-kbuild@vger.kernel.org,
	Matthias Kaehlcke <mka@chromium.org>, Michael Davidson <md@google.com>,
	Greg Hackmann <ghackmann@google.com>,
	Paul Lawrence <paullawrence@google.com>
Subject: [PATCH v2 1/5] kasan: support alloca() poisoning
Date: Wed, 29 Nov 2017 13:50:46 -0800
Message-Id: <20171129215050.158653-2-paullawrence@google.com>
X-Mailer: git-send-email 2.15.0.531.g2ccb3012c9-goog
In-Reply-To: <20171129215050.158653-1-paullawrence@google.com>
References: <20171129215050.158653-1-paullawrence@google.com>
Sender: linux-kbuild-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kbuild.vger.kernel.org>
X-Mailing-List: linux-kbuild@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

clang's AddressSanitizer implementation adds redzones on either side of
alloca()ed buffers.  These redzones are 32-byte aligned and at least 32
bytes long.

__asan_alloca_poison() is passed the size and address of the allocated
buffer, *excluding* the redzones on either side.  The left redzone will
always be to the immediate left of this buffer; but AddressSanitizer may
need to add padding between the end of the buffer and the right redzone.
If there are any 8-byte chunks inside this padding, we should poison
those too.

__asan_allocas_unpoison() is just passed the top and bottom of the
dynamic stack area, so unpoisoning is simpler.

Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Paul Lawrence <paullawrence@google.com>

 mm/kasan/kasan.c  | 32 ++++++++++++++++++++++++++++++++
 mm/kasan/kasan.h  |  8 ++++++++
 mm/kasan/report.c |  4 ++++
 3 files changed, 44 insertions(+)

diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 405bba487df5..f86f862f41f8 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -736,6 +736,38 @@ void __asan_unpoison_stack_memory(const void *addr, size_t size)
 }
 EXPORT_SYMBOL(__asan_unpoison_stack_memory);
 
+/* Emitted by compiler to poison alloca()ed objects. */
+void __asan_alloca_poison(unsigned long addr, size_t size)
+{
+	size_t rounded_up_size = round_up(size, KASAN_SHADOW_SCALE_SIZE);
+	size_t padding_size = round_up(size, KASAN_ALLOCA_REDZONE_SIZE) -
+			rounded_up_size;
+
+	const void *left_redzone = (const void *)(addr -
+			KASAN_ALLOCA_REDZONE_SIZE);
+	const void *right_redzone = (const void *)(addr + rounded_up_size);
+
+	WARN_ON(!IS_ALIGNED(addr, KASAN_ALLOCA_REDZONE_SIZE));
+
+	kasan_unpoison_shadow((const void *)addr, size);
+	kasan_poison_shadow(left_redzone, KASAN_ALLOCA_REDZONE_SIZE,
+			KASAN_ALLOCA_LEFT);
+	kasan_poison_shadow(right_redzone,
+			padding_size + KASAN_ALLOCA_REDZONE_SIZE,
+			KASAN_ALLOCA_RIGHT);
+}
+EXPORT_SYMBOL(__asan_alloca_poison);
+
+/* Emitted by compiler to unpoison alloca()ed areas when the stack unwinds. */
+void __asan_allocas_unpoison(const void *stack_top, const void *stack_bottom)
+{
+	if (unlikely(!stack_top || stack_top > stack_bottom))
+		return;
+
+	kasan_unpoison_shadow(stack_top, stack_bottom - stack_top);
+}
+EXPORT_SYMBOL(__asan_allocas_unpoison);
+
 #ifdef CONFIG_MEMORY_HOTPLUG
 static int __meminit kasan_mem_notifier(struct notifier_block *nb,
 			unsigned long action, void *data)
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index c70851a9a6a4..7c0bcd1f4c0d 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -24,6 +24,14 @@
 #define KASAN_STACK_PARTIAL     0xF4
 #define KASAN_USE_AFTER_SCOPE   0xF8
 
+/*
+ * alloca redzone shadow values
+ */
+#define KASAN_ALLOCA_LEFT	0xCA
+#define KASAN_ALLOCA_RIGHT	0xCB
+
+#define KASAN_ALLOCA_REDZONE_SIZE	32
+
 /* Don't break randconfig/all*config builds */
 #ifndef KASAN_ABI_VERSION
 #define KASAN_ABI_VERSION 1
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 6bcfb01ba038..25419d426426 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -102,6 +102,10 @@ static const char *get_shadow_bug_type(struct kasan_access_info *info)
 	case KASAN_USE_AFTER_SCOPE:
 		bug_type = "use-after-scope";
 		break;
+	case KASAN_ALLOCA_LEFT:
+	case KASAN_ALLOCA_RIGHT:
+		bug_type = "alloca-out-of-bounds";
+		break;
 	}
 
 	return bug_type;