From patchwork Tue Sep 15 21:15:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 11777733 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AD6096CA for ; Tue, 15 Sep 2020 21:16:51 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 66B1D20770 for ; Tue, 15 Sep 2020 21:16:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="Pyez5vKz" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 66B1D20770 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id C714D90007D; Tue, 15 Sep 2020 17:16:48 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id C4A79900012; Tue, 15 Sep 2020 17:16:48 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B3BD990007D; Tue, 15 Sep 2020 17:16:48 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0111.hostedemail.com [216.40.44.111]) by kanga.kvack.org (Postfix) with ESMTP id 968FA900012 for ; Tue, 15 Sep 2020 17:16:48 -0400 (EDT) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 632198249980 for ; Tue, 15 Sep 2020 21:16:48 +0000 (UTC) X-FDA: 77266555296.08.crate05_5a0a5ca27114 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin08.hostedemail.com (Postfix) with ESMTP id 3344F1819E793 for ; Tue, 15 Sep 2020 21:16:48 +0000 (UTC) X-Spam-Summary: 1,0,0,fac5b71765cfc0c4,d41d8cd98f00b204,3py9hxwokccqandreyknvlgoogle.comlinux-mmkvack.org@flex--andreyknvl.bounces.google.com,,RULES_HIT:41:69:152:355:379:541:800:960:965:966:968:973:988:989:1042:1260:1277:1313:1314:1345:1359:1431:1437:1516:1518:1535:1543:1593:1594:1711:1730:1747:1777:1792:1981:2194:2196:2199:2200:2393:2559:2562:3138:3139:3140:3141:3142:3152:3354:3865:3866:3870:3871:4118:4250:4321:4385:4390:4395:4605:5007:6261:6653:6742:8603:9592:9969:10004:10400:10450:10455:11026:11232:11473:11658:11914:12043:12048:12296:12297:12438:12555:12895:12986:14181:14394:14659:14721:19904:19999:21080:21324:21365:21444:21451:21627:21772:21990:30003:30054:30070:30075,0,RBL:209.85.219.74:@flex--andreyknvl.bounces.google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04ygxf6bpehr5serjbbcipid8xq1aycgc3jxa5w7eathaudo4a8ji69bs13i8e6.7339wnmay9ss3t55ppn6nio6waw5e6oyyn5y55grcsrba91sx1gjr6npejwf5ii.r-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netch eck:none X-HE-Tag: crate05_5a0a5ca27114 X-Filterd-Recvd-Size: 7145 Received: from mail-qv1-f74.google.com (mail-qv1-f74.google.com [209.85.219.74]) by imf41.hostedemail.com (Postfix) with ESMTP for ; Tue, 15 Sep 2020 21:16:47 +0000 (UTC) Received: by mail-qv1-f74.google.com with SMTP id ct11so3063521qvb.16 for ; Tue, 15 Sep 2020 14:16:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=PJMOcA8gqYHqxhIXShAJ08j6C1UfzhHyZzvegxBV4p8=; b=Pyez5vKz+XLZ00ncbPcRUbrzjMjQrhm4FyXOKO0rf6GibdPjrahX4Dav2SHfv1yhRT i+YdOyuFp7w811xTJhmS8U5yzQA1RiOozM52MmAJYzwigWzxwukAtwabIZ62PQJwet4m /NLPTWYJlfPY/5F5DXaspPdyP2BsnQFdE52otIMmNbLJjT3/4dh4I9oIm/YejEYaie4R nQA5dszVd+YZ9oX2VErcwOMwi7vDvgwqbTCzlnbwzfKO3rdq1z/f2yzTupMx23vej94N lhtF+yoHeVLagt1I4Lqle8dAvBLPSY0uLRmZZt1Vyktpmw8FDsmMASdlOKNxxj4GWDjU RfLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=PJMOcA8gqYHqxhIXShAJ08j6C1UfzhHyZzvegxBV4p8=; b=QLRq8JTkjtugIWc+XDcZFwSRSpmco4NhygUxLs77sIIJiu6nLCCmqCwEcX3EYoahU/ WWTqPMiRm5Ocf125DjAtG+SU2n1L0VZcE+2VTaf7kxuyvHbrk+iP/nX3xHzic7SMnVti CJQaA6Ay1H64V2Q4vkmGP88JCKDOyenvtjiWIvGjOD9esTzY9qUo4NdBPeSepoAuzRtt bYMrDrTuRLTxJBuFF5mO1I5QYLG29v08h175QNPvIqa5/PTet6NYMeqP7GRoexckOfZK qjpFntBiMyh1uL/vx7iiDEaBkTpq9Gse/TFgHCuSGfP8TkZPCSnBd7RWvMCTpdh7jd5R 7GMg== X-Gm-Message-State: AOAM532ht1U/FM6jwe9GohOHfI0gvVherX7vx+1o2KNQq6a1tTHyLP2H LR1fXL3gKI7fV/EvC5K5UnzWdjFLa48PAPmu X-Google-Smtp-Source: ABdhPJyhaTd4yQYZ8onO2P+Zy+eqzSStAHDt5/e2wfJn4SyvBNEh8CRe7qqQKWFJB8cy29L9yd907X0cOOY8mKev X-Received: from andreyknvl3.muc.corp.google.com ([2a00:79e0:15:13:7220:84ff:fe09:7e9d]) (user=andreyknvl job=sendgmr) by 2002:ad4:5743:: with SMTP id q3mr19874682qvx.6.1600204607062; Tue, 15 Sep 2020 14:16:47 -0700 (PDT) Date: Tue, 15 Sep 2020 23:15:52 +0200 In-Reply-To: Message-Id: <29aaa1e9ab63d03891f8fae268a5f71582db5778.1600204505.git.andreyknvl@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.28.0.618.gf4bc123cb7-goog Subject: [PATCH v2 10/37] kasan: hide invalid free check implementation From: Andrey Konovalov To: Dmitry Vyukov , Vincenzo Frascino , Catalin Marinas , kasan-dev@googlegroups.com Cc: Andrey Ryabinin , Alexander Potapenko , Marco Elver , Evgenii Stepanov , Elena Petrova , Branislav Rankov , Kevin Brodsky , Will Deacon , Andrew Morton , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov X-Rspamd-Queue-Id: 3344F1819E793 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam05 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000050, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. For software KASAN modes the check is based on the value in the shadow memory. Hardware tag-based KASAN won't be using shadow, so hide the implementation of the check in check_invalid_free(). No functional changes for software modes. Signed-off-by: Andrey Konovalov Signed-off-by: Vincenzo Frascino --- Change-Id: I5fae9531c9fc948eb4d4e0c589744032fc5a0789 --- mm/kasan/common.c | 19 +------------------ mm/kasan/generic.c | 7 +++++++ mm/kasan/kasan.h | 2 ++ mm/kasan/tags.c | 12 ++++++++++++ 4 files changed, 22 insertions(+), 18 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 43a927e70067..a2321d35390e 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -277,25 +277,9 @@ void * __must_check kasan_init_slab_obj(struct kmem_cache *cache, return (void *)object; } -static inline bool shadow_invalid(u8 tag, s8 shadow_byte) -{ - if (IS_ENABLED(CONFIG_KASAN_GENERIC)) - return shadow_byte < 0 || - shadow_byte >= KASAN_GRANULE_SIZE; - - /* else CONFIG_KASAN_SW_TAGS: */ - if ((u8)shadow_byte == KASAN_TAG_INVALID) - return true; - if ((tag != KASAN_TAG_KERNEL) && (tag != (u8)shadow_byte)) - return true; - - return false; -} - static bool __kasan_slab_free(struct kmem_cache *cache, void *object, unsigned long ip, bool quarantine) { - s8 shadow_byte; u8 tag; void *tagged_object; unsigned long rounded_up_size; @@ -314,8 +298,7 @@ static bool __kasan_slab_free(struct kmem_cache *cache, void *object, if (unlikely(cache->flags & SLAB_TYPESAFE_BY_RCU)) return false; - shadow_byte = READ_ONCE(*(s8 *)kasan_mem_to_shadow(object)); - if (shadow_invalid(tag, shadow_byte)) { + if (check_invalid_free(tagged_object)) { kasan_report_invalid_free(tagged_object, ip); return true; } diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index f6d68aa9872f..73f4d786ad5d 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -192,6 +192,13 @@ bool check_memory_region(unsigned long addr, size_t size, bool write, return check_memory_region_inline(addr, size, write, ret_ip); } +bool check_invalid_free(void *addr) +{ + s8 shadow_byte = READ_ONCE(*(s8 *)kasan_mem_to_shadow(addr)); + + return shadow_byte < 0 || shadow_byte >= KASAN_GRANULE_SIZE; +} + void kasan_cache_shrink(struct kmem_cache *cache) { quarantine_remove_cache(cache); diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index c31e2c739301..cf6a135860f2 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -163,6 +163,8 @@ void kasan_poison_memory(const void *address, size_t size, u8 value); bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip); +bool check_invalid_free(void *addr); + void *find_first_bad_addr(void *addr, size_t size); const char *get_bug_type(struct kasan_access_info *info); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 4d5a1fe8251f..feb42c1763b8 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -126,6 +126,18 @@ bool check_memory_region(unsigned long addr, size_t size, bool write, return true; } +bool check_invalid_free(void *addr) +{ + u8 tag = get_tag(addr); + u8 shadow_byte = READ_ONCE(*(u8 *)kasan_mem_to_shadow(reset_tag(addr))); + + if (shadow_byte == KASAN_TAG_INVALID) + return true; + if (tag != KASAN_TAG_KERNEL && tag != shadow_byte) + return true; + return false; +} + #define DEFINE_HWASAN_LOAD_STORE(size) \ void __hwasan_load##size##_noabort(unsigned long addr) \ { \