From patchwork Thu Sep 24 04:01:52 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Walter Wu <walter-zh.wu@mediatek.com>
X-Patchwork-Id: 11796017
Return-Path: <SRS0=vOKg=DB=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5368C59D
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 24 Sep 2020 04:02:49 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D526423899
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 24 Sep 2020 04:02:48 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com
 header.b="RQvO7Iqa"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D526423899
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=mediatek.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id BE8408E0003; Thu, 24 Sep 2020 00:02:47 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B98E38E0001; Thu, 24 Sep 2020 00:02:47 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id AAE988E0003; Thu, 24 Sep 2020 00:02:47 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0223.hostedemail.com
 [216.40.44.223])
	by kanga.kvack.org (Postfix) with ESMTP id 9605F8E0001
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 00:02:47 -0400 (EDT)
Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 5F7321F1B
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 04:02:47 +0000 (UTC)
X-FDA: 77296608774.25.offer78_4f14d022715c
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin25.hostedemail.com (Postfix) with ESMTP id 3AAE61804E3A0
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 04:02:47 +0000 (UTC)
X-Spam-Summary: 
 1,0,0,e446307d92c6c6a9,d41d8cd98f00b204,walter-zh.wu@mediatek.com,,RULES_HIT:41:355:379:541:966:967:968:973:988:989:1185:1260:1277:1311:1313:1314:1345:1437:1514:1515:1516:1518:1535:1541:1585:1711:1719:1730:1747:1777:1792:1978:1981:2194:2196:2198:2199:2200:2201:2393:2525:2553:2559:2565:2682:2685:2859:2892:2895:2901:2907:2924:2926:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3353:3865:3866:3867:3868:3870:3871:3872:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4250:4385:4605:5007:6119:6261:6653:6737:7875:7903:9025:9707:10004:10400:11026:11232:11658:11914:12043:12048:12291:12296:12297:12438:12521:12555:12679:12683:12698:12737:13069:13200:13229:13311:13357:14095:14096:14181:14394:14721:21080:21451:21627:21740:30012:30029:30054:30070:30075:30090,0,RBL:210.61.82.183:@mediatek.com:.lbl8.mailshell.net-62.14.12.100
 64.201.201.201;04ygnnq6ztgbgnxmuptxzqk8g75psocdbchdtgtp93exqu1hz99yzrcxb37a1ax.b5y8jq114dwr4wre9mf5kk6wrim6z9jg8g41wacoo5r8
 4sn9t4px
X-HE-Tag: offer78_4f14d022715c
X-Filterd-Recvd-Size: 5179
Received: from mailgw01.mediatek.com (unknown [210.61.82.183])
	by imf29.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 04:02:45 +0000 (UTC)
X-UUID: ea9a012e0b7743eabc5607017e117eba-20200924
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=mediatek.com; s=dk;
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From;
 bh=RdjwgzjFAA7kh4oYttC+KDV9EMdKnsHtZfsovneYDmY=;
	b=RQvO7IqaNmBkVsbDj4dB4G4SWNPM6jQa23RnKjrfHH+EhFZNAL0qzUVBNZbWovnuZmjU3iPIpDMAe4iApJz1jRr7GpfqxUNZ7kQqhLJP8sfTsmmtOgeKu6qO9xnMlbofazft82LkG/bR3+WVG9GTf1sRh5Ld1Pd1XhChL40Q7Rk=;
X-UUID: ea9a012e0b7743eabc5607017e117eba-20200924
Received: from mtkexhb02.mediatek.inc [(172.21.101.103)] by
 mailgw01.mediatek.com
	(envelope-from <walter-zh.wu@mediatek.com>)
	(Cellopoint E-mail Firewall v4.1.14 Build 0819 with TLSv1.2
 ECDHE-RSA-AES256-SHA384 256/256)
	with ESMTP id 2008707020; Thu, 24 Sep 2020 12:02:35 +0800
Received: from MTKCAS06.mediatek.inc (172.21.101.30) by
 mtkmbs06n2.mediatek.inc (172.21.101.130) with Microsoft SMTP Server (TLS) id
 15.0.1497.2; Thu, 24 Sep 2020 12:02:30 +0800
Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc
 (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Thu, 24 Sep 2020 12:02:28 +0800
From: Walter Wu <walter-zh.wu@mediatek.com>
To: Andrew Morton <akpm@linux-foundation.org>, Thomas Gleixner
	<tglx@linutronix.de>, John Stultz <john.stultz@linaro.org>, Stephen Boyd
	<sboyd@kernel.org>, Tejun Heo <tj@kernel.org>, Lai Jiangshan
	<jiangshanlai@gmail.com>, Marco Elver <elver@google.com>, Andrey Ryabinin
	<aryabinin@virtuozzo.com>, Alexander Potapenko <glider@google.com>, Dmitry
 Vyukov <dvyukov@google.com>, Andrey Konovalov <andreyknvl@google.com>,
	Matthias Brugger <matthias.bgg@gmail.com>
CC: <kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
	<linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
	wsd_upstream <wsd_upstream@mediatek.com>,
	<linux-mediatek@lists.infradead.org>, Walter Wu <walter-zh.wu@mediatek.com>
Subject: [PATCH v4 0/6] kasan: add workqueue and timer stack for generic KASAN
Date: Thu, 24 Sep 2020 12:01:52 +0800
Message-ID: <20200924040152.30851-1-walter-zh.wu@mediatek.com>
X-Mailer: git-send-email 2.18.0
MIME-Version: 1.0
X-TM-SNTS-SMTP: 
	FB7A3B37DFD44E891641141635D054C21024695F78B6E62C4D04FF435D1CC3DA2000:8
X-MTK: N
X-Bogosity: Ham, tests=bogofilter, spamicity=0.001702, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Syzbot reports many UAF issues for workqueue or timer, see [1] and [2].
In some of these access/allocation happened in process_one_work(),
we see the free stack is useless in KASAN report, it doesn't help
programmers to solve UAF on workqueue. The same may stand for times.

This patchset improves KASAN reports by making them to have workqueue
queueing stack and timer stack information. It is useful for programmers
to solve use-after-free or double-free memory issue.

Generic KASAN also records the last two workqueue and timer stacks and
prints them in KASAN report. It is only suitable for generic KASAN.

[1]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22+process_one_work
[2]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22%20expire_timers
[3]https://bugzilla.kernel.org/show_bug.cgi?id=198437

Walter Wu (6):
timer: kasan: record timer stack
workqueue: kasan: record workqueue stack
kasan: print timer and workqueue stack
lib/test_kasan.c: add timer test case
lib/test_kasan.c: add workqueue test case
kasan: update documentation for generic kasan
---
Changes since v3:
- testcases have merge conflict, so that need to
  be rebased onto the KASAN-KUNIT.

Changes since v2:
- modify kasan document to be readable,
  Thanks for Marco suggestion.

Changes since v1:
- Thanks for Marco and Thomas suggestion.
- Remove unnecessary code and fix commit log
- reuse kasan_record_aux_stack() and aux_stack
  to record timer and workqueue stack.
- change the aux stack title for common name.

---
Documentation/dev-tools/kasan.rst |  5 +++--
kernel/time/timer.c               |  3 +++
kernel/workqueue.c                |  3 +++
lib/test_kasan_module.c           | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
mm/kasan/report.c                 |  4 ++--
5 files changed, 66 insertions(+), 4 deletions(-)