Message ID | 20210702085422.10092-1-yee.lee@mediatek.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | kasan: solve redzone overwritten issue at debug | expand |
On Fri, Jul 02, 2021 at 04:54PM +0800, yee.lee@mediatek.com wrote: > From: Yee Lee <yee.lee@mediatek.com> > > Issue: when SLUB debug is on, hwtag kasan_unpoison() would overwrite > the redzone of object with unaligned size. > > An additional memzero_explicit() path is added to replacing init by > hwtag instruction for those unaligned size at SLUB debug mode. > > The penalty is acceptable since they are only enabled in debug mode, > not production builds. A block of comment is added for explanation. > > --- > v4: > - Add "slab.h" header > - Use slub_debug_enabled_unlikely() to replace IS_ENABLED > - Refine the comment block ^^ this changelog ... > --- ^^ this '---' is wrong unfortunately. > Signed-off-by: Yee Lee <yee.lee@mediatek.com> > Suggested-by: Marco Elver <elver@google.com> > Suggested-by: Andrey Konovalov <andreyknvl@gmail.com> > Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> > Cc: Alexander Potapenko <glider@google.com> > Cc: Dmitry Vyukov <dvyukov@google.com> > Cc: Andrew Morton <akpm@linux-foundation.org> ... should come after the tags. git am removes anything between the first '---' and the actual patch from the commit message. The typical convention is to place the changelog after a '---' _after_ the tags, so that it is removed from the final commit message. I think the code looks fine now, so please go ahead and send v5. Thanks, -- Marco
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 98e3059bfea4..a9d837197302 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -9,6 +9,7 @@ #ifdef CONFIG_KASAN_HW_TAGS #include <linux/static_key.h> +#include "../slab.h" DECLARE_STATIC_KEY_FALSE(kasan_flag_stacktrace); extern bool kasan_flag_async __ro_after_init; @@ -387,6 +388,17 @@ static inline void kasan_unpoison(const void *addr, size_t size, bool init) if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK)) return; + /* + * Explicitly initialize the memory with the precise object size to + * avoid overwriting the SLAB redzone. This disables initialization in + * the arch code and may thus lead to performance penalty. The penalty + * is accepted since SLAB redzones aren't enabled in production builds. + */ + if (slub_debug_enabled_unlikely() && + init && ((unsigned long)size & KASAN_GRANULE_MASK)) { + init = false; + memzero_explicit((void *)addr, size); + } size = round_up(size, KASAN_GRANULE_SIZE); hw_set_mem_tag_range((void *)addr, size, tag, init);