[053/114] kasan, vmalloc: add vmalloc tagging for SW_TAGS

Message ID	20220325011114.80ADDC340F1@smtp.kernel.org (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> Date: Thu, 24 Mar 2022 18:11:13 -0700 To: will@kernel.org,vincenzo.frascino@arm.com,ryabinin.a.a@gmail.com,pcc@google.com,mark.rutland@arm.com,glider@google.com,eugenis@google.com,elver@google.com,dvyukov@google.com,catalin.marinas@arm.com,andreyknvl@google.com,akpm@linux-foundation.org,patches@lists.linux.dev,linux-mm@kvack.org,mm-commits@vger.kernel.org,torvalds@linux-foundation.org,akpm@linux-foundation.org From: Andrew Morton <akpm@linux-foundation.org> In-Reply-To: <20220324180758.96b1ac7e17675d6bc474485e@linux-foundation.org> Subject: [patch 053/114] kasan, vmalloc: add vmalloc tagging for SW_TAGS Message-Id: <20220325011114.80ADDC340F1@smtp.kernel.org> Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	[001/114] tools/vm/page_owner_sort.c: sort by stacktrace before culling \| expand [001/114] tools/vm/page_owner_sort.c: sort by stacktrace before culling [002/114] tools/vm/page_owner_sort.c: support sorting by stack trace [003/114] tools/vm/page_owner_sort.c: add switch between culling by stacktrace and txt [004/114] tools/vm/page_owner_sort.c: support sorting pid and time [005/114] tools/vm/page_owner_sort.c: two trivial fixes [006/114] tools/vm/page_owner_sort.c: delete invalid duplicate code [007/114] Documentation/vm/page_owner.rst: update the documentation [008/114] Documentation/vm/page_owner.rst: fix unexpected indentation warns [009/114] lib/vsprintf: avoid redundant work with 0 size [010/114] mm/page_owner: use scnprintf() to avoid excessive buffer overrun check [011/114] mm/page_owner: print memcg information [012/114] mm/page_owner: record task command name [013/114] mm/page_owner.c: record tgid [014/114] tools/vm/page_owner_sort.c: fix the instructions for use [015/114] tools/vm/page_owner_sort.c: fix comments [016/114] tools/vm/page_owner_sort.c: add a security check [017/114] tools/vm/page_owner_sort.c: support sorting by tgid and update documentation [018/114] tools/vm/page_owner_sort: fix three trivival places [019/114] tools/vm/page_owner_sort: support for sorting by task command name [020/114] tools/vm/page_owner_sort.c: support for selecting by PID, TGID or task command name [021/114] tools/vm/page_owner_sort.c: support for user-defined culling rules [022/114] mm: unexport page_init_poison [023/114] selftest/vm: add util.h and and move helper functions there [024/114] selftest/vm: add helpers to detect PAGE_SIZE and PAGE_SHIFT [025/114] mm: delete __ClearPageWaiters() [026/114] mm: filemap_unaccount_folio() large skip mapcount fixup [027/114] mm/thp: fix NR_FILE_MAPPED accounting in page_*_file_rmap() [028/114] mm/migration: add trace events for THP migrations [029/114] mm/migration: add trace events for base page and HugeTLB migrations [030/114] kasan, page_alloc: deduplicate should_skip_kasan_poison [031/114] kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages [032/114] kasan, page_alloc: merge kasan_free_pages into free_pages_prepare [033/114] kasan, page_alloc: simplify kasan_poison_pages call site [034/114] kasan, page_alloc: init memory of skipped pages on free [035/114] kasan: drop skip_kasan_poison variable in free_pages_prepare [036/114] mm: clarify __GFP_ZEROTAGS comment [037/114] kasan: only apply __GFP_ZEROTAGS when memory is zeroed [038/114] kasan, page_alloc: refactor init checks in post_alloc_hook [039/114] kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook [040/114] kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook [041/114] kasan, page_alloc: move SetPageSkipKASanPoison in post_alloc_hook [042/114] kasan, page_alloc: move kernel_init_free_pages in post_alloc_hook [043/114] kasan, page_alloc: rework kasan_unpoison_pages call site [044/114] kasan: clean up metadata byte definitions [045/114] kasan: define KASAN_VMALLOC_INVALID for SW_TAGS [046/114] kasan, x86, arm64, s390: rename functions for modules shadow [047/114] kasan, vmalloc: drop outdated VM_KASAN comment [048/114] kasan: reorder vmalloc hooks [049/114] kasan: add wrappers for vmalloc hooks [050/114] kasan, vmalloc: reset tags in vmalloc functions [051/114] kasan, fork: reset pointer tags of vmapped stacks [052/114] kasan, arm64: reset pointer tags of vmapped stacks [053/114] kasan, vmalloc: add vmalloc tagging for SW_TAGS [054/114] kasan, vmalloc, arm64: mark vmalloc mappings as pgprot_tagged [055/114] kasan, vmalloc: unpoison VM_ALLOC pages after mapping [056/114] kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS [057/114] kasan, page_alloc: allow skipping unpoisoning for HW_TAGS [058/114] kasan, page_alloc: allow skipping memory init for HW_TAGS [059/114] kasan, vmalloc: add vmalloc tagging for HW_TAGS [060/114] kasan, vmalloc: only tag normal vmalloc allocations [061/114] kasan, arm64: don't tag executable vmalloc allocations [062/114] kasan: mark kasan_arg_stacktrace as __initdata [063/114] kasan: clean up feature flags for HW_TAGS mode [064/114] kasan: add kasan.vmalloc command line flag [065/114] kasan: allow enabling KASAN_VMALLOC and SW/HW_TAGS [066/114] arm64: select KASAN_VMALLOC for SW/HW_TAGS modes [067/114] kasan: documentation updates [068/114] kasan: improve vmalloc tests [069/114] kasan: test: support async (again) and asymm modes for HW_TAGS [070/114] mm/kasan: remove unnecessary CONFIG_KASAN option [071/114] kasan: update function name in comments [072/114] kasan: print virtual mapping info in reports [073/114] kasan: drop addr check from describe_object_addr [074/114] kasan: more line breaks in reports [075/114] kasan: rearrange stack frame info in reports [076/114] kasan: improve stack frame info in reports [077/114] kasan: print basic stack frame info for SW_TAGS [078/114] kasan: simplify async check in end_report() [079/114] kasan: simplify kasan_update_kunit_status() and call sites [080/114] kasan: check CONFIG_KASAN_KUNIT_TEST instead of CONFIG_KUNIT [081/114] kasan: move update_kunit_status to start_report [082/114] kasan: move disable_trace_on_warning to start_report [083/114] kasan: split out print_report from __kasan_report [084/114] kasan: simplify kasan_find_first_bad_addr call sites [085/114] kasan: restructure kasan_report [086/114] kasan: merge __kasan_report into kasan_report [087/114] kasan: call print_report from kasan_report_invalid_free [088/114] kasan: move and simplify kasan_report_async [089/114] kasan: rename kasan_access_info to kasan_report_info [090/114] kasan: add comment about UACCESS regions to kasan_report [091/114] kasan: respect KASAN_BIT_REPORTED in all reporting routines [092/114] kasan: reorder reporting functions [093/114] kasan: move and hide kasan_save_enable/restore_multi_shot [094/114] kasan: disable LOCKDEP when printing reports [095/114] mm: enable MADV_DONTNEED for hugetlb mappings [096/114] selftests/vm: add hugetlb madvise MADV_DONTNEED MADV_REMOVE test [097/114] userfaultfd/selftests: enable hugetlb remap and remove event testing [098/114] mm/huge_memory: make is_transparent_hugepage() static [099/114] mm: optimize do_wp_page() for exclusive pages in the swapcache [100/114] mm: optimize do_wp_page() for fresh pages in local LRU pagevecs [101/114] mm: slightly clarify KSM logic in do_swap_page() [102/114] mm: streamline COW logic in do_swap_page() [103/114] mm/huge_memory: streamline COW logic in do_huge_pmd_wp_page() [104/114] mm/khugepaged: remove reuse_swap_page() usage [105/114] mm/swapfile: remove stale reuse_swap_page() [106/114] mm/huge_memory: remove stale page_trans_huge_mapcount() [107/114] mm/huge_memory: remove stale locking logic from __split_huge_pmd() [108/114] mm: warn on deleting redirtied only if accounted [109/114] mm: unmap_mapping_range_tree() with i_mmap_rwsem shared [111/114] mm: fix race between MADV_FREE reclaim and blkdev direct IO read [112/114] mm: madvise: MADV_DONTNEED_LOCKED [113/114] selftests: vm: remove dependecy from internal kernel macros [114/114] selftests: kselftest framework: provide "finished" helper

Message ID

20220325011114.80ADDC340F1@smtp.kernel.org (mailing list archive)

State

New

Headers

Date: Thu, 24 Mar 2022 18:11:13 -0700
To: 
 will@kernel.org,vincenzo.frascino@arm.com,ryabinin.a.a@gmail.com,pcc@google.com,mark.rutland@arm.com,glider@google.com,eugenis@google.com,elver@google.com,dvyukov@google.com,catalin.marinas@arm.com,andreyknvl@google.com,akpm@linux-foundation.org,patches@lists.linux.dev,linux-mm@kvack.org,mm-commits@vger.kernel.org,torvalds@linux-foundation.org,akpm@linux-foundation.org
From: Andrew Morton <akpm@linux-foundation.org>
In-Reply-To: <20220324180758.96b1ac7e17675d6bc474485e@linux-foundation.org>
Subject: [patch 053/114] kasan, vmalloc: add vmalloc tagging for SW_TAGS
Message-Id: <20220325011114.80ADDC340F1@smtp.kernel.org>
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

[001/114] tools/vm/page_owner_sort.c: sort by stacktrace before culling | expand

Commit Message

Andrew Morton March 25, 2022, 1:11 a.m. UTC

From: Andrey Konovalov <andreyknvl@google.com>
Subject: kasan, vmalloc: add vmalloc tagging for SW_TAGS

Add vmalloc tagging support to SW_TAGS KASAN.

- __kasan_unpoison_vmalloc() now assigns a random pointer tag, poisons
  the virtual mapping accordingly, and embeds the tag into the returned
  pointer.

- __get_vm_area_node() (used by vmalloc() and vmap()) and
  pcpu_get_vm_areas() save the tagged pointer into vm_struct->addr
  (note: not into vmap_area->addr). This requires putting
  kasan_unpoison_vmalloc() after setup_vmalloc_vm[_locked]();
  otherwise the latter will overwrite the tagged pointer.
  The tagged pointer then is naturally propagateed to vmalloc()
  and vmap().

- vm_map_ram() returns the tagged pointer directly.

As a result of this change, vm_struct->addr is now tagged.

Enabling KASAN_VMALLOC with SW_TAGS is not yet allowed.

Link: https://lkml.kernel.org/r/4a78f3c064ce905e9070c29733aca1dd254a74f1.1643047180.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Acked-by: Marco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Evgenii Stepanov <eugenis@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Collingbourne <pcc@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/kasan.h |   16 ++++++++++------
 mm/kasan/shadow.c     |    6 ++++--
 mm/vmalloc.c          |   14 ++++++++------
 3 files changed, 22 insertions(+), 14 deletions(-)

--- a/include/linux/kasan.h~kasan-vmalloc-add-vmalloc-tagging-for-sw_tags
+++ a/include/linux/kasan.h
@@ -403,12 +403,13 @@  void kasan_release_vmalloc(unsigned long
 			   unsigned long free_region_start,
 			   unsigned long free_region_end);
 
-void __kasan_unpoison_vmalloc(const void *start, unsigned long size);
-static __always_inline void kasan_unpoison_vmalloc(const void *start,
-						   unsigned long size)
+void *__kasan_unpoison_vmalloc(const void *start, unsigned long size);
+static __always_inline void *kasan_unpoison_vmalloc(const void *start,
+						    unsigned long size)
 {
 	if (kasan_enabled())
-		__kasan_unpoison_vmalloc(start, size);
+		return __kasan_unpoison_vmalloc(start, size);
+	return (void *)start;
 }
 
 void __kasan_poison_vmalloc(const void *start, unsigned long size);
@@ -433,8 +434,11 @@  static inline void kasan_release_vmalloc
 					 unsigned long free_region_start,
 					 unsigned long free_region_end) { }
 
-static inline void kasan_unpoison_vmalloc(const void *start, unsigned long size)
-{ }
+static inline void *kasan_unpoison_vmalloc(const void *start,
+					   unsigned long size)
+{
+	return (void *)start;
+}
 static inline void kasan_poison_vmalloc(const void *start, unsigned long size)
 { }
 
--- a/mm/kasan/shadow.c~kasan-vmalloc-add-vmalloc-tagging-for-sw_tags
+++ a/mm/kasan/shadow.c
@@ -475,12 +475,14 @@  void kasan_release_vmalloc(unsigned long
 	}
 }
 
-void __kasan_unpoison_vmalloc(const void *start, unsigned long size)
+void *__kasan_unpoison_vmalloc(const void *start, unsigned long size)
 {
 	if (!is_vmalloc_or_module_addr(start))
-		return;
+		return (void *)start;
 
+	start = set_tag(start, kasan_random_tag());
 	kasan_unpoison(start, size, false);
+	return (void *)start;
 }
 
 /*
--- a/mm/vmalloc.c~kasan-vmalloc-add-vmalloc-tagging-for-sw_tags
+++ a/mm/vmalloc.c
@@ -2231,7 +2231,7 @@  void *vm_map_ram(struct page **pages, un
 		mem = (void *)addr;
 	}
 
-	kasan_unpoison_vmalloc(mem, size);
+	mem = kasan_unpoison_vmalloc(mem, size);
 
 	if (vmap_pages_range(addr, addr + size, PAGE_KERNEL,
 				pages, PAGE_SHIFT) < 0) {
@@ -2464,10 +2464,10 @@  static struct vm_struct *__get_vm_area_n
 		return NULL;
 	}
 
-	kasan_unpoison_vmalloc((void *)va->va_start, requested_size);
-
 	setup_vmalloc_vm(area, va, flags, caller);
 
+	area->addr = kasan_unpoison_vmalloc(area->addr, requested_size);
+
 	return area;
 }
 
@@ -3815,9 +3815,6 @@  retry:
 	for (area = 0; area < nr_vms; area++) {
 		if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area]))
 			goto err_free_shadow;
-
-		kasan_unpoison_vmalloc((void *)vas[area]->va_start,
-				       sizes[area]);
 	}
 
 	/* insert all vm's */
@@ -3830,6 +3827,11 @@  retry:
 	}
 	spin_unlock(&vmap_area_lock);
 
+	/* mark allocated areas as accessible */
+	for (area = 0; area < nr_vms; area++)
+		vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr,
+							 vms[area]->size);
+
 	kfree(vas);
 	return vms;

[053/114] kasan, vmalloc: add vmalloc tagging for SW_TAGS

Commit Message

Patch