From patchwork Thu Sep 24 04:03:35 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Walter Wu <walter-zh.wu@mediatek.com>
X-Patchwork-Id: 11796019
Return-Path: <SRS0=vOKg=DB=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 78D706CA
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 24 Sep 2020 04:03:51 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 2621023899
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 24 Sep 2020 04:03:51 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com
 header.b="KvhTLfP/"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2621023899
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=mediatek.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 68FA890000A; Thu, 24 Sep 2020 00:03:50 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 63E748E0001; Thu, 24 Sep 2020 00:03:50 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 52E3D90000A; Thu, 24 Sep 2020 00:03:50 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0227.hostedemail.com
 [216.40.44.227])
	by kanga.kvack.org (Postfix) with ESMTP id 392F28E0001
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 00:03:50 -0400 (EDT)
Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 014B38249980
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 04:03:50 +0000 (UTC)
X-FDA: 77296611420.16.bean03_1e0b98d2715c
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin16.hostedemail.com (Postfix) with ESMTP id D59741014AC3C
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 04:03:49 +0000 (UTC)
X-Spam-Summary: 
 1,0,0,0f745528571fc6b6,d41d8cd98f00b204,walter-zh.wu@mediatek.com,,RULES_HIT:41:355:379:541:800:960:966:968:973:988:989:1185:1260:1277:1311:1313:1314:1345:1431:1437:1514:1515:1516:1518:1534:1541:1585:1711:1730:1747:1777:1792:2196:2198:2199:2200:2393:2559:2562:2731:2899:3138:3139:3140:3141:3142:3353:3865:3866:3867:3868:3870:3871:3872:4250:4321:4385:5007:6261:6653:7875:8660:10004:10400:11026:11232:11473:11658:11914:12043:12048:12296:12297:12438:12521:12555:12895:13069:13148:13161:13229:13230:13311:13357:13972:14096:14097:14181:14394:14721:21080:21324:21451:21627:21740:21795:21939:30012:30029:30051:30054,0,RBL:210.61.82.184:@mediatek.com:.lbl8.mailshell.net-62.2.12.100
 64.100.201.201;04yfkbteygzmdxbfyo9wcmnmnuic4yc6mic35twf18q1zxpn3at5kbnoirf4p84.fqfrcm1k4ndfbf1rzf7d89a6htrq1hkha3teaqxkswia486bhdbu8b9s6wmtcn6.n-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:fp,MSBL:0,DNSBL:none,Custom_rules:0:0:0,
 LFtime:2
X-HE-Tag: bean03_1e0b98d2715c
X-Filterd-Recvd-Size: 4948
Received: from mailgw02.mediatek.com (unknown [210.61.82.184])
	by imf46.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 24 Sep 2020 04:03:48 +0000 (UTC)
X-UUID: 031d0cc632804df7b22e8a729a49ec48-20200924
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=mediatek.com; s=dk;
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From;
 bh=dMII3+0XheNBeDRCJOnd6NRZNf7iDHcFRVLV7dSXF+k=;
	b=KvhTLfP/K7dh3HStSf2sbxwwBlNFmP8LjxilGy8Wx8sUimh4QPK6zX5mO1PUxFCvD5CltoNG+XDyn9OS60OO/f64cAagKo19Bg8M4qOG5pAw6w9Qh19k/wfSl/5Wwd7kNMpN20qKKC68GjuJDAUS216Zu2iLw+uRL3Di++Nsh0g=;
X-UUID: 031d0cc632804df7b22e8a729a49ec48-20200924
Received: from mtkcas06.mediatek.inc [(172.21.101.30)] by
 mailgw02.mediatek.com
	(envelope-from <walter-zh.wu@mediatek.com>)
	(Cellopoint E-mail Firewall v4.1.14 Build 0819 with TLSv1.2
 ECDHE-RSA-AES256-SHA384 256/256)
	with ESMTP id 1673301738; Thu, 24 Sep 2020 12:03:41 +0800
Received: from MTKCAS06.mediatek.inc (172.21.101.30) by
 mtkmbs01n1.mediatek.inc (172.21.101.68) with Microsoft SMTP Server (TLS) id
 15.0.1497.2; Thu, 24 Sep 2020 12:03:38 +0800
Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc
 (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Thu, 24 Sep 2020 12:03:37 +0800
From: Walter Wu <walter-zh.wu@mediatek.com>
To: Andrew Morton <akpm@linux-foundation.org>, Thomas Gleixner
	<tglx@linutronix.de>, John Stultz <john.stultz@linaro.org>, Stephen Boyd
	<sboyd@kernel.org>, Marco Elver <elver@google.com>, Andrey Ryabinin
	<aryabinin@virtuozzo.com>, Alexander Potapenko <glider@google.com>, Dmitry
 Vyukov <dvyukov@google.com>, Andrey Konovalov <andreyknvl@google.com>,
	Matthias Brugger <matthias.bgg@gmail.com>
CC: <kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
	<linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
	wsd_upstream <wsd_upstream@mediatek.com>,
	<linux-mediatek@lists.infradead.org>, Walter Wu <walter-zh.wu@mediatek.com>
Subject: [PATCH v4 1/6] timer: kasan: record timer stack
Date: Thu, 24 Sep 2020 12:03:35 +0800
Message-ID: <20200924040335.30934-1-walter-zh.wu@mediatek.com>
X-Mailer: git-send-email 2.18.0
MIME-Version: 1.0
X-MTK: N
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When analyze use-after-free or double-free issue, recording the timer
stacks is helpful to preserve usage history which potentially gives
a hint about the affected code.

Record the most recent two timer init calls in KASAN which are printed
on failure in the KASAN report.

For timers it has turned out to be useful to record the stack trace
of the timer init call. Because if the UAF root cause is in timer init,
then user can see KASAN report to get where it is registered and find
out the root cause. It don't need to enable DEBUG_OBJECTS_TIMERS,
but they have a chance to find out the root cause.

Signed-off-by: Walter Wu <walter-zh.wu@mediatek.com>
Suggested-by: Marco Elver <elver@google.com>
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Marco Elver <elver@google.com>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Stephen Boyd <sboyd@kernel.org>
---

v2:
- Thanks for Marco and Thomas suggestion.
- Remove unnecessary code and fix commit log
- reuse kasan_record_aux_stack() and aux_stack
  to record timer and workqueue stack.

---
 kernel/time/timer.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/time/timer.c b/kernel/time/timer.c
index a16764b0116e..1ed8f8aca7f5 100644
--- a/kernel/time/timer.c
+++ b/kernel/time/timer.c
@@ -796,6 +796,9 @@ static void do_init_timer(struct timer_list *timer,
 	timer->function = func;
 	timer->flags = flags | raw_smp_processor_id();
 	lockdep_init_map(&timer->lockdep_map, name, key, 0);
+
+	/* record the timer stack in order to print it in KASAN report */
+	kasan_record_aux_stack(timer);
 }
 
 /**