From patchwork Wed Jun 26 12:20:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017583 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5DADD1398 for ; Wed, 26 Jun 2019 12:23:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 496BB28681 for ; Wed, 26 Jun 2019 12:23:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 35B07287AB; Wed, 26 Jun 2019 12:23:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1CEC52865F for ; Wed, 26 Jun 2019 12:23:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0FB738E0006; Wed, 26 Jun 2019 08:23:13 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0AD538E0002; Wed, 26 Jun 2019 08:23:13 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB5E68E0006; Wed, 26 Jun 2019 08:23:12 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by kanga.kvack.org (Postfix) with ESMTP id CDC998E0002 for ; Wed, 26 Jun 2019 08:23:12 -0400 (EDT) Received: by mail-qk1-f200.google.com with SMTP id j128so2296260qkd.23 for ; Wed, 26 Jun 2019 05:23:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=aEBIaaWYace9y+Mt2DPGrWS6yavzA5TNBst3S/YiRr8=; b=dVRFE9bw64RmqLHmo7Vaz69+KvXCEcH2RS+vVidV+I5jn/CwsXi5X6FH+8S68ZYqtf W5nnC5CczNMUTi3WVRUGjWrCJdUF9fWPgus0D7hFsc/lolPC4OfHcZ03GQ387HlfVDgD u6l22FcOd5jB9XSU7TIvcVjfTwiauAxe/jAUnMHGQDx+niEmPCu3SPL8BtYQ/jaTEbea uCv89Q8ly72/WdtCvp21T4+Q9qNqU7OclGyPHaLOIaBikes94c2qzqbV1RNoAJHWCoXB vmevN9A+Fbzjoo7bP1qeij7ZwtfEqbxzV41X6UXCG/kfz3N9M8VsH5VA5PCMX8B5G8eO DB4w== X-Gm-Message-State: APjAAAU8O/mBJSCTLe8G27GNpVpb89ZpweT/1OHHz0Zom68oNNIUoHpN sBPzw6MTHZtU6Es88kgjsHH3S6+YZjBiM1SMTxvbQEQW168n3aajTd6AwbFHpCpJB/fHfWfZG08 6nhjbtIyzD159x+UQbkvDxkA+AHHbcVytuntVtj1nH4WJs5ZBXNx/TDv53seortob4g== X-Received: by 2002:aed:21c6:: with SMTP id m6mr3460892qtc.173.1561551792618; Wed, 26 Jun 2019 05:23:12 -0700 (PDT) X-Received: by 2002:aed:21c6:: with SMTP id m6mr3460832qtc.173.1561551792008; Wed, 26 Jun 2019 05:23:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561551792; cv=none; d=google.com; s=arc-20160816; b=iE9rhV59F3FesY7JtRhszWwvehFKdbC38jUE3zh1ZA6qY0yK4bR1jYEH3ssAMAGRz4 74wcDSbZNr3vEP9M3k156UlKNfAki5IFj8yAnFezgjMja5BEEP5iRNGyMnj1iWjRgtTw LJ74pbgTTclOCgNQwGlwMNlKwYQJRe8Z05Vyfgf3xOHJuGSNYV2gTZHjtOL88IyP16z2 l/WIqOZy/uY2sjxb5X1vFISQW3TU1lXDGQ/SPG9POlW5vhidTLoBGUKbMhXklx7f+WGT 1OEcK/3EqDLft/b8b88BO8pAdTukJMXKJtzB8TNox71pQKshEA3tMrRryMjoE5mKXmN7 Xxow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=aEBIaaWYace9y+Mt2DPGrWS6yavzA5TNBst3S/YiRr8=; b=by4jXrkdwyaaySWqSPOfku5hkwikKvW5QD7yKhEtVbgiUc2E68VWCDOL4V25QsNpAE uOwEt77Bqwki9E7vkazSBk9DsQ6E3kQGIj92ox/hyRzeBUvTcYBhpeuCF6tzf4UG4m/A Xb3/Gi/0nnX6227Qu5ndB9TY7cTSJ8sKYQpeZ+lWTvYNNzm3ifE6HLiZEFDBUt/YZSrm GYTe5XXXIxi+Blx3gCWaEdPIJSr4H9oWnU6/GGqwI+sjafjztIW0zOhZJdotGcIp9sUH YWg01FxgfIPRndgEvfYajidt0Cty5ZJW/7tDVTXBxflWvzFEsW2SCQoAj+hgaczLhSP/ afFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dr+4yvWO; spf=pass (google.com: domain of 3r2mtxqukcliwdnwjyggydw.ugedafmp-eecnsuc.gjy@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3r2MTXQUKCLIWdnWjYggYdW.Ugedafmp-eecnSUc.gjY@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id v31sor23796225qtj.59.2019.06.26.05.23.11 for (Google Transport Security); Wed, 26 Jun 2019 05:23:11 -0700 (PDT) Received-SPF: pass (google.com: domain of 3r2mtxqukcliwdnwjyggydw.ugedafmp-eecnsuc.gjy@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dr+4yvWO; spf=pass (google.com: domain of 3r2mtxqukcliwdnwjyggydw.ugedafmp-eecnsuc.gjy@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3r2MTXQUKCLIWdnWjYggYdW.Ugedafmp-eecnSUc.gjY@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=aEBIaaWYace9y+Mt2DPGrWS6yavzA5TNBst3S/YiRr8=; b=dr+4yvWO8HKtBnImTSl+5RFoaisRmPyXQjXtuLieYwMP39/noqW8cVheUwz6irESV0 3TfgWgfZhjmOr/wFcdgoRLZSv92Fyr0xK3mm5fwriKMI8R1088jct+j7hVvdqWc87MU9 Nr67s0LKq5dzkWLUc5ztAJ9wpuvDlDTp8IACsm8hvZvF4NCxIYuxZFEg6atsfKWVNrTU E1B8cGpMonffJtkYxB7FLkqEi0gSbZTKuamnOvlLOp20etfu/XVDck85GJBgOFfSpzw7 L/i/NguP+nb/lETpV0WxTBasvmPBJfBB0lM2qo11MyoBTaWBZsjLOw5AQ0ek/E9lI2qG YCAA== X-Google-Smtp-Source: APXvYqzETn5PY7FFyGmJvrRKA+sP74ceYGu7ts+eCFNX7RzZ7aUQNYUrOWTneyaX/VgClEMR/LX/E+7tfQ== X-Received: by 2002:ac8:25d9:: with SMTP id f25mr3394375qtf.256.1561551791675; Wed, 26 Jun 2019 05:23:11 -0700 (PDT) Date: Wed, 26 Jun 2019 14:20:16 +0200 In-Reply-To: <20190626122018.171606-1-elver@google.com> Message-Id: <20190626122018.171606-2-elver@google.com> Mime-Version: 1.0 References: <20190626122018.171606-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v2 1/4] mm/kasan: Introduce __kasan_check_{read,write} From: Marco Elver To: aryabinin@virtuozzo.com, dvyukov@google.com, glider@google.com, andreyknvl@google.com Cc: linux-kernel@vger.kernel.org, Marco Elver , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This introduces __kasan_check_{read,write} which return a bool if the access was valid or not. __kasan_check functions may be used from anywhere, even compilation units that disable instrumentation selectively. For consistency, kasan_check_{read,write} have been changed to also return a bool. This change eliminates the need for the __KASAN_INTERNAL definition. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- include/linux/kasan-checks.h | 35 ++++++++++++++++++++++++++++------- mm/kasan/common.c | 14 ++++++-------- mm/kasan/generic.c | 13 +++++++------ mm/kasan/kasan.h | 10 +++++++++- mm/kasan/tags.c | 12 +++++++----- 5 files changed, 57 insertions(+), 27 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index a61dc075e2ce..b8cf8a7cad34 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -2,14 +2,35 @@ #ifndef _LINUX_KASAN_CHECKS_H #define _LINUX_KASAN_CHECKS_H -#if defined(__SANITIZE_ADDRESS__) || defined(__KASAN_INTERNAL) -void kasan_check_read(const volatile void *p, unsigned int size); -void kasan_check_write(const volatile void *p, unsigned int size); +/* + * __kasan_check_*: Always available when KASAN is enabled. This may be used + * even in compilation units that selectively disable KASAN, but must use KASAN + * to validate access to an address. Never use these in header files! + */ +#ifdef CONFIG_KASAN +bool __kasan_check_read(const volatile void *p, unsigned int size); +bool __kasan_check_write(const volatile void *p, unsigned int size); #else -static inline void kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool __kasan_check_read(const volatile void *p, unsigned int size) +{ return true; } +static inline bool __kasan_check_write(const volatile void *p, unsigned int size) +{ return true; } +#endif + +/* + * kasan_check_*: Only available when the particular compilation unit has KASAN + * instrumentation enabled. May be used in header files. + */ +#ifdef __SANITIZE_ADDRESS__ +static inline bool kasan_check_read(const volatile void *p, unsigned int size) +{ return __kasan_check_read(p, size); } +static inline bool kasan_check_write(const volatile void *p, unsigned int size) +{ return __kasan_check_read(p, size); } +#else +static inline bool kasan_check_read(const volatile void *p, unsigned int size) +{ return true; } +static inline bool kasan_check_write(const volatile void *p, unsigned int size) +{ return true; } #endif #endif diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 242fdc01aaa9..2277b82902d8 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -14,8 +14,6 @@ * */ -#define __KASAN_INTERNAL - #include #include #include @@ -89,17 +87,17 @@ void kasan_disable_current(void) current->kasan_depth--; } -void kasan_check_read(const volatile void *p, unsigned int size) +bool __kasan_check_read(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, false, _RET_IP_); + return check_memory_region((unsigned long)p, size, false, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_read); +EXPORT_SYMBOL(__kasan_check_read); -void kasan_check_write(const volatile void *p, unsigned int size) +bool __kasan_check_write(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, true, _RET_IP_); + return check_memory_region((unsigned long)p, size, true, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_write); +EXPORT_SYMBOL(__kasan_check_write); #undef memset void *memset(void *addr, int c, size_t len) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 504c79363a34..616f9dd82d12 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -166,29 +166,30 @@ static __always_inline bool memory_is_poisoned(unsigned long addr, size_t size) return memory_is_poisoned_n(addr, size); } -static __always_inline void check_memory_region_inline(unsigned long addr, +static __always_inline bool check_memory_region_inline(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { if (unlikely(size == 0)) - return; + return true; if (unlikely((void *)addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } if (likely(!memory_is_poisoned(addr, size))) - return; + return true; kasan_report(addr, size, write, ret_ip); + return false; } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { - check_memory_region_inline(addr, size, write, ret_ip); + return check_memory_region_inline(addr, size, write, ret_ip); } void kasan_cache_shrink(struct kmem_cache *cache) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 3ce956efa0cb..e62ea45d02e3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -123,7 +123,15 @@ static inline bool addr_has_shadow(const void *addr) void kasan_poison_shadow(const void *address, size_t size, u8 value); -void check_memory_region(unsigned long addr, size_t size, bool write, +/** + * check_memory_region - Check memory region, and report if invalid access. + * @addr: the accessed address + * @size: the accessed size + * @write: true if access is a write access + * @ret_ip: return address + * @return: true if access was valid, false if invalid + */ +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip); void *find_first_bad_addr(void *addr, size_t size); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 63fca3172659..0e987c9ca052 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -76,7 +76,7 @@ void *kasan_reset_tag(const void *addr) return reset_tag(addr); } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { u8 tag; @@ -84,7 +84,7 @@ void check_memory_region(unsigned long addr, size_t size, bool write, void *untagged_addr; if (unlikely(size == 0)) - return; + return true; tag = get_tag((const void *)addr); @@ -106,22 +106,24 @@ void check_memory_region(unsigned long addr, size_t size, bool write, * set to KASAN_TAG_KERNEL (0xFF)). */ if (tag == KASAN_TAG_KERNEL) - return; + return true; untagged_addr = reset_tag((const void *)addr); if (unlikely(untagged_addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } shadow_first = kasan_mem_to_shadow(untagged_addr); shadow_last = kasan_mem_to_shadow(untagged_addr + size - 1); for (shadow = shadow_first; shadow <= shadow_last; shadow++) { if (*shadow != tag) { kasan_report(addr, size, write, ret_ip); - return; + return false; } } + + return true; } #define DEFINE_HWASAN_LOAD_STORE(size) \ From patchwork Wed Jun 26 12:20:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017587 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DB48B1580 for ; Wed, 26 Jun 2019 12:23:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CA71028785 for ; Wed, 26 Jun 2019 12:23:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BE4E42877B; Wed, 26 Jun 2019 12:23:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 40A68286AD for ; Wed, 26 Jun 2019 12:23:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2A9268E0007; Wed, 26 Jun 2019 08:23:18 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 280948E0002; Wed, 26 Jun 2019 08:23:18 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 170718E0007; Wed, 26 Jun 2019 08:23:18 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by kanga.kvack.org (Postfix) with ESMTP id EA7398E0002 for ; Wed, 26 Jun 2019 08:23:17 -0400 (EDT) Received: by mail-qk1-f197.google.com with SMTP id t196so2379893qke.0 for ; Wed, 26 Jun 2019 05:23:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=XRvnKModUVHTmFHrHwuo1MwyIF32UbSI8S8OvJKLAFg=; b=ANG3GLgOIJ4kGdCxkhSJP7cIxn+XEWl0Jf8DxAOUhr09xXESYoACRAtYX6uA24yNpi nXt0L8YFEDeReCWVZU9jWf5mR9ygr/pxwZw1hPBFfbaw7R3sMLMd865a7TagAFWX9dvd ZRbr8iXAB+FBFj0m2BXKVrddlUObVHojltyzHV7U2urOQ6B5Cj+an7BpB9l5RbQ+p4MN M+eM806TDxbjl/1fEtfz54/8djGw8k8N9fEKS1MH6CmuIb51Ngu8dLyTLQAXKdqa7Nta Qqg031sOOowojYwzYEDViBPpyYLV4VRJSI5DuEwmr53+nOqtsRFJDZLu18sSROq0tU6J U8Jg== X-Gm-Message-State: APjAAAWPoAotxeXO9yFALRZaoSjJCsuyWSjkUDbp/2Y8RdhwmCB3wH59 loX50jirhORkdEBuwTGX2tMMwKH3UHepuOWBRC+mLNTyE4XV884tZfmiL4iHv1Yu8YZnr5Bu83t RUF1wycmmFIIkriQOvwU8nqrb4sXCb5spve/RwFXub2I8M5TROggQd3vREHYS2+EIuw== X-Received: by 2002:aed:254c:: with SMTP id w12mr3594919qtc.127.1561551797759; Wed, 26 Jun 2019 05:23:17 -0700 (PDT) X-Received: by 2002:aed:254c:: with SMTP id w12mr3594887qtc.127.1561551797293; Wed, 26 Jun 2019 05:23:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561551797; cv=none; d=google.com; s=arc-20160816; b=yjOdG9nJXYmoW0xbxBob6QJlrfOktZPz0ppvNgJW4zAAYVifGn9yxqXfpQuuEGaaNP n+AQpq7rCHkCslWNySB09sr11x3n1aTFCoZOIJKcepxiEdvvUeVN/tRZ5fs0q7+jxfOg qlgMbCq5DOpbJSC/OeNJ2eVEULcO42+hCNU9zGC/JBgAs7IUfLHPcuc3H33UCO/GNcrn MpFg4xvTjNgn8LXZoAqA99XhLPxMTddZf7z6gQaQHORYG7CsUC4R7Q/9sKcF/DqrGo+P rlENh8UXy3UUcoopWnzBtTqKQ0SErhIO+tNydHsx4anI3+i1qRcjtpvYByEZH1UON2cV lKxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=XRvnKModUVHTmFHrHwuo1MwyIF32UbSI8S8OvJKLAFg=; b=Yt0DDaLXE3Q9v10G3YL2v0En3kDVhZ2DLAu8OB0vqGkNZ0vG/z11aPfucV6D4QFeT0 yQNWlx3QlAxiaFnUTQn31V51lglxWw23Y7OUp9m5AqzpJ/Ht3Tb3qT3Axlk8YmiFoHaR c/mYUBZfTeYfRohF5XZnBPeWiVVnRA41uJoBvRvfLNQKZtSneGHUsXdX3xhbRgh1ZV9E jEijp10XMGe5kksCKERO2I/NEi7V8Ztn+ocsg0heEMU45+GHUKbKpj+DuL1NDDFKdbe6 /goSxTvO6juCZJcEVuccFzT4KrVFa7sq/Lbbth5it2Zy/2Hfh1Xs0JX30MAY02Nl88Xj rbnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=bEoviPlE; spf=pass (google.com: domain of 3tgmtxqukclcbisbodlldib.zljifkru-jjhsxzh.lod@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3tGMTXQUKCLcbisbodlldib.Zljifkru-jjhsXZh.lod@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id u36sor15088087qvg.34.2019.06.26.05.23.17 for (Google Transport Security); Wed, 26 Jun 2019 05:23:17 -0700 (PDT) Received-SPF: pass (google.com: domain of 3tgmtxqukclcbisbodlldib.zljifkru-jjhsxzh.lod@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=bEoviPlE; spf=pass (google.com: domain of 3tgmtxqukclcbisbodlldib.zljifkru-jjhsxzh.lod@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3tGMTXQUKCLcbisbodlldib.Zljifkru-jjhsXZh.lod@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=XRvnKModUVHTmFHrHwuo1MwyIF32UbSI8S8OvJKLAFg=; b=bEoviPlExN6sDh8KZFRQ1yCXcZkyNNLzW3u1pAVA2H1orVPnCYqlhFimU4rLGIWu1f CJpOGN2nBuRm6aQ1agx42bRuCEsvMeS+lSGPOVCQj83C+TNfcSHS6b2Q9MsbfNJHxa4b gl8xVU7JgPgG0I+Idoe82XDGV7mWty68PWMWXPDSHvW+eZwnURw531ZE7Ph55/H3ZEz8 LkKIW3ZgaUPS+I6NBRIMeSLBUT/MyQcadnDaa6eKlh1dKhvqdg0M0hkmoiwKNWT8b2oz r9Tq8XeSManWCswYnmY3NMckuTA9wL4+t5btPnUG6Uy+XvcGYD+kTQy2Dq6NB5BUq40T /i7g== X-Google-Smtp-Source: APXvYqyIgp9AlDPLRM1loC21o7i15mfv90NTnLoH2+tcZhHtyFvzp4P95svuux+9O3VuzMVNE7vsIN1kvw== X-Received: by 2002:a0c:d604:: with SMTP id c4mr3199153qvj.27.1561551796862; Wed, 26 Jun 2019 05:23:16 -0700 (PDT) Date: Wed, 26 Jun 2019 14:20:17 +0200 In-Reply-To: <20190626122018.171606-1-elver@google.com> Message-Id: <20190626122018.171606-3-elver@google.com> Mime-Version: 1.0 References: <20190626122018.171606-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v2 2/4] lib/test_kasan: Add test for double-kzfree detection From: Marco Elver To: aryabinin@virtuozzo.com, dvyukov@google.com, glider@google.com, andreyknvl@google.com Cc: linux-kernel@vger.kernel.org, Marco Elver , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Adds a simple test that checks if double-kzfree is being detected correctly. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- lib/test_kasan.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index e3c593c38eff..dda5da9f5bd4 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -619,6 +619,22 @@ static noinline void __init kasan_strings(void) strnlen(ptr, 1); } +static noinline void __init kmalloc_double_kzfree(void) +{ + char *ptr; + size_t size = 16; + + pr_info("double-free (kzfree)\n"); + ptr = kmalloc(size, GFP_KERNEL); + if (!ptr) { + pr_err("Allocation failed\n"); + return; + } + + kzfree(ptr); + kzfree(ptr); +} + static int __init kmalloc_tests_init(void) { /* @@ -660,6 +676,7 @@ static int __init kmalloc_tests_init(void) kasan_memchr(); kasan_memcmp(); kasan_strings(); + kmalloc_double_kzfree(); kasan_restore_multi_shot(multishot); From patchwork Wed Jun 26 12:20:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017593 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2390714C0 for ; Wed, 26 Jun 2019 12:23:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1241328785 for ; Wed, 26 Jun 2019 12:23:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 06315287A3; Wed, 26 Jun 2019 12:23:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 65262287A2 for ; Wed, 26 Jun 2019 12:23:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5682F8E0008; Wed, 26 Jun 2019 08:23:23 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 518C88E0002; Wed, 26 Jun 2019 08:23:23 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3E18F8E0008; Wed, 26 Jun 2019 08:23:23 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-vs1-f69.google.com (mail-vs1-f69.google.com [209.85.217.69]) by kanga.kvack.org (Postfix) with ESMTP id 1D04D8E0002 for ; Wed, 26 Jun 2019 08:23:23 -0400 (EDT) Received: by mail-vs1-f69.google.com with SMTP id j186so409623vsc.11 for ; Wed, 26 Jun 2019 05:23:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=kb82UguIVlhbKp5QqiDOlo6WFZGIh55p/2yvAOGPdkY=; b=VLx9s27Pd0BK5WJ3SgTQv/9ilxJyyoSPVYvycHJL0mVVVJWsB/H75glX3ay587zzQ9 afYIQVDcHVv2kulzroa/1Rr2W9blakzHSKLfHm1WVmVjzGuIYDXKxI7ahFLZR6x37yX0 6oBqtx6yWDswfNHrs3OUZjw7HXkatn9auWsojdJep+4SPM0S41D77yLVq5DiCdjNLCpx TgYhPFE++cpNHUPuoyKnSWyCVwluNBDLqDtntQ+WakJip6TqGj9xLCKPqkTikm7HEyiJ y0rd96QShhOnh/uw0QW+wzFyXkfdz5shbyoSAxvLTfOON1zlX5VoFB/T1VN9MPVzY9av p6/g== X-Gm-Message-State: APjAAAXs1ebd138NLX+5shlWpqnr6emzFNCIewkJWGfF4C3++t9QJP3v c34/nL5OR7sdG6GRJMPF9SyzRbmQVccrDUhqXCnanYV1TH6UMQkluifMQoaeBRlrss1Y3nPioI0 2HaM3PAIy4nm9OY5JAUA8QvXIdDYyZJaCqZnBiW8wLsq1g6sSE4FwPUAzcbsCJoPTyw== X-Received: by 2002:a67:7d13:: with SMTP id y19mr2747343vsc.232.1561551802710; Wed, 26 Jun 2019 05:23:22 -0700 (PDT) X-Received: by 2002:a67:7d13:: with SMTP id y19mr2747312vsc.232.1561551802148; Wed, 26 Jun 2019 05:23:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561551802; cv=none; d=google.com; s=arc-20160816; b=BLt0fcydNP97rgwr3DOcMSirqAcDtgL8YIZ9QdJ/CYv92SdHhzR0qm1nDpalD+Kh2j Ql7Hp8vKq5F6wwpEjRemltcNurq+zpPyAdHlPQSP9UyDnK7goRhnVLAU+8YlPqA9EMeZ R992BZSur+YJu3lnSp5yQpvzpAjwPQcJV3/HnxLRdd7bXJP63iona2EEL0PF6u54wLPX YNrkiFaay73EpqjY9GruQQTP0uf7ODQsC6UV1S8rVHJ9z3SJ2sPi+e25XZOcdh6y5/Ud ZX1rxLKe9x19og6XKjTgMrWhxm5S7u4aGzqvtnWQ7DDSkjd9oFqhLAHW0ndgrFg9Cq0j IoWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=kb82UguIVlhbKp5QqiDOlo6WFZGIh55p/2yvAOGPdkY=; b=av9W3zNmTu7Y96Qk2KyoyP0FQLLZJhpur3/P0OP8HMblmAKgbIbUh4a0LpZ4SSAFIE 0W3vVvUUJ4LAgeCoQkcZAITErka6Iar4ixUlutXc5z96s+yhHYzKwPNqwNVifCKmLaOX bYgadyhlbn3GQ+o6s1/SaYVOxPk1lbiWUJl5ubXiLPxGwouYLn2td7S39bCKtyuJq0r+ XKDwCQS4VQspcQS9AiIQXHlpgOF9Y55jOJMlxU4j+Hw400hNOzkvrTzoM1yaam24iufk 2CsMHgK4mWu+e/eR04IdU5VXP0r9mhXiMlrzb0s9WEYUMvlah5kuaLrXB4qqrzyNNQC6 DaOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WjjQYoJW; spf=pass (google.com: domain of 3uwmtxqukclwgnxgtiqqing.eqonkpwz-oomxcem.qti@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3uWMTXQUKCLwgnxgtiqqing.eqonkpwz-oomxcem.qti@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id f3sor9212040vsj.65.2019.06.26.05.23.22 for (Google Transport Security); Wed, 26 Jun 2019 05:23:22 -0700 (PDT) Received-SPF: pass (google.com: domain of 3uwmtxqukclwgnxgtiqqing.eqonkpwz-oomxcem.qti@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WjjQYoJW; spf=pass (google.com: domain of 3uwmtxqukclwgnxgtiqqing.eqonkpwz-oomxcem.qti@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3uWMTXQUKCLwgnxgtiqqing.eqonkpwz-oomxcem.qti@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=kb82UguIVlhbKp5QqiDOlo6WFZGIh55p/2yvAOGPdkY=; b=WjjQYoJWiOmPv33Bic0W0y++ZuZxKevS4PRnsDAXFP8G47Wf6XnYegtUuf/80uBNWA A1gHpD+sg5TIHX/kp83aZObf/5z20091//S7ZBttJaGHsFfYXoITFJ5crbnl52Cl7taN HS/4rK2VgTFgQSW0pYKI8dD6wOBVYQG/1gUIrSCOXKRdXrT2eDHOm2TnUmEjxVX1Bt/L /iGFzuT5b21+vBbEOctuwelfg2prpD5QY0fFEoVkS0iRK0wK2GhvgC7N4aVxSNnJT/0o 9KZ8sdg0JXjq04ZwR89bVN9iaoKBITJLBzoiMdOFDVSaxu4PqzodcfDwzntLAWh6vDYO rAQg== X-Google-Smtp-Source: APXvYqyuVTkGLueWtiLfl1GW263+k4hhKtcADqRo9YvGS0HFR4ngSZ+4HGwSUbtAwlCHZIi3qN18GcRGgw== X-Received: by 2002:a67:f2d3:: with SMTP id a19mr2676462vsn.240.1561551801607; Wed, 26 Jun 2019 05:23:21 -0700 (PDT) Date: Wed, 26 Jun 2019 14:20:18 +0200 In-Reply-To: <20190626122018.171606-1-elver@google.com> Message-Id: <20190626122018.171606-4-elver@google.com> Mime-Version: 1.0 References: <20190626122018.171606-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v2 3/4] mm/slab: Refactor common ksize KASAN logic into slab_common.c From: Marco Elver To: aryabinin@virtuozzo.com, dvyukov@google.com, glider@google.com, andreyknvl@google.com Cc: linux-kernel@vger.kernel.org, Marco Elver , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This refactors common code of ksize() between the various allocators into slab_common.c: __ksize() is the allocator-specific implementation without instrumentation, whereas ksize() includes the required KASAN logic. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- include/linux/slab.h | 1 + mm/slab.c | 28 ++++++---------------------- mm/slab_common.c | 26 ++++++++++++++++++++++++++ mm/slob.c | 4 ++-- mm/slub.c | 14 ++------------ 5 files changed, 37 insertions(+), 36 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 9449b19c5f10..98c3d12b7275 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -184,6 +184,7 @@ void * __must_check __krealloc(const void *, size_t, gfp_t); void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); +size_t __ksize(const void *); size_t ksize(const void *); #ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR diff --git a/mm/slab.c b/mm/slab.c index f7117ad9b3a3..394e7c7a285e 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -4204,33 +4204,17 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, #endif /* CONFIG_HARDENED_USERCOPY */ /** - * ksize - get the actual amount of memory allocated for a given object - * @objp: Pointer to the object + * __ksize -- Uninstrumented ksize. * - * kmalloc may internally round up allocations and return more memory - * than requested. ksize() can be used to determine the actual amount of - * memory allocated. The caller may use this additional memory, even though - * a smaller amount of memory was initially specified with the kmalloc call. - * The caller must guarantee that objp points to a valid object previously - * allocated with either kmalloc() or kmem_cache_alloc(). The object - * must not be freed during the duration of the call. - * - * Return: size of the actual memory used by @objp in bytes + * Unlike ksize(), __ksize() is uninstrumented, and does not provide the same + * safety checks as ksize() with KASAN instrumentation enabled. */ -size_t ksize(const void *objp) +size_t __ksize(const void *objp) { - size_t size; - BUG_ON(!objp); if (unlikely(objp == ZERO_SIZE_PTR)) return 0; - size = virt_to_cache(objp)->object_size; - /* We assume that ksize callers could use the whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(objp, size); - - return size; + return virt_to_cache(objp)->object_size; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); diff --git a/mm/slab_common.c b/mm/slab_common.c index 58251ba63e4a..b7c6a40e436a 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1597,6 +1597,32 @@ void kzfree(const void *p) } EXPORT_SYMBOL(kzfree); +/** + * ksize - get the actual amount of memory allocated for a given object + * @objp: Pointer to the object + * + * kmalloc may internally round up allocations and return more memory + * than requested. ksize() can be used to determine the actual amount of + * memory allocated. The caller may use this additional memory, even though + * a smaller amount of memory was initially specified with the kmalloc call. + * The caller must guarantee that objp points to a valid object previously + * allocated with either kmalloc() or kmem_cache_alloc(). The object + * must not be freed during the duration of the call. + * + * Return: size of the actual memory used by @objp in bytes + */ +size_t ksize(const void *objp) +{ + size_t size = __ksize(objp); + /* + * We assume that ksize callers could use whole allocated area, + * so we need to unpoison this area. + */ + kasan_unpoison_shadow(objp, size); + return size; +} +EXPORT_SYMBOL(ksize); + /* Tracepoints definitions. */ EXPORT_TRACEPOINT_SYMBOL(kmalloc); EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc); diff --git a/mm/slob.c b/mm/slob.c index 84aefd9b91ee..7f421d0ca9ab 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -527,7 +527,7 @@ void kfree(const void *block) EXPORT_SYMBOL(kfree); /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ -size_t ksize(const void *block) +size_t __ksize(const void *block) { struct page *sp; int align; @@ -545,7 +545,7 @@ size_t ksize(const void *block) m = (unsigned int *)(block - align); return SLOB_UNITS(*m) * SLOB_UNIT; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); int __kmem_cache_create(struct kmem_cache *c, slab_flags_t flags) { diff --git a/mm/slub.c b/mm/slub.c index cd04dbd2b5d0..05a8d17dd9b2 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3901,7 +3901,7 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, } #endif /* CONFIG_HARDENED_USERCOPY */ -static size_t __ksize(const void *object) +size_t __ksize(const void *object) { struct page *page; @@ -3917,17 +3917,7 @@ static size_t __ksize(const void *object) return slab_ksize(page->slab_cache); } - -size_t ksize(const void *object) -{ - size_t size = __ksize(object); - /* We assume that ksize callers could use whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(object, size); - return size; -} -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); void kfree(const void *x) { From patchwork Wed Jun 26 12:20:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017605 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 25FB61580 for ; Wed, 26 Jun 2019 12:23:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 148992871C for ; Wed, 26 Jun 2019 12:23:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0898F287A6; Wed, 26 Jun 2019 12:23:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06C222871C for ; Wed, 26 Jun 2019 12:23:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C94298E0009; Wed, 26 Jun 2019 08:23:27 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id C452B8E0002; Wed, 26 Jun 2019 08:23:27 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B35998E0009; Wed, 26 Jun 2019 08:23:27 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-vk1-f198.google.com (mail-vk1-f198.google.com [209.85.221.198]) by kanga.kvack.org (Postfix) with ESMTP id 9323D8E0002 for ; Wed, 26 Jun 2019 08:23:27 -0400 (EDT) Received: by mail-vk1-f198.google.com with SMTP id f125so819866vkc.8 for ; Wed, 26 Jun 2019 05:23:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=VZ1Nu4TClKywlJIX2MtkIO8a/JcUzUmevX6rOfNTQ4s=; b=G9m3h4R4QgJir3xX5a48wfdXK0YF7xVqXPuncExL2ri10CAUDaMBaHjYASpxnrQtKW 5ad4OBVjFjdaEHKp4UPIIkkEodSh/dgsulsWCH8zMdTqfNjBJN7DNSRNW0j52zzT3E7K r4CKzpeNWCuA6P7fzWku815kQKSAdPQyLOoraN/6pGwnIBa5BajCPKrd1fJse+c47oSa CO4RpumgqULYsUgYt20HJ95wSLUoVXB73B7dCzIZjFEf3MHh5hqUMG3vhnILjwyyN7Jr uKsYFavn+yWr6Jft2q5qAiAyFIbsh+adnrI5ZKAQaOg+pPpFXqHtcFEIy+KyTzTWyzj5 i8dQ== X-Gm-Message-State: APjAAAVzUF5qmKJCq2E44sSqSDguz+6J+zihF2xw5/GWnVT9p0ePMw4M gLCkitrDD1Vl2xqSkb1SdMJ5yba+0Yj8DrAVc1qjG4FmPW5juXt6CACGM95AdzvoRst+FLXIQe6 F3M9FoO+g9g79XHGvh3+sPUnkCk6R78V6PyfWVA1oUiW1bXmnrCGHNbI38h8a+H60Bg== X-Received: by 2002:ab0:23d6:: with SMTP id c22mr2228127uan.117.1561551807213; Wed, 26 Jun 2019 05:23:27 -0700 (PDT) X-Received: by 2002:ab0:23d6:: with SMTP id c22mr2228105uan.117.1561551806656; Wed, 26 Jun 2019 05:23:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561551806; cv=none; d=google.com; s=arc-20160816; b=dJaJ5laDhJATXIZSK8maffRBhqN7GbaIPBT+HYArfNBFECBrv/xtHMDJhnw6WbK35S qTQlPzlwFVTb7xyefDFFerisFDKVNPrCySQiKEJwCb+DL4L6mt+YZlxoC4rcwYXzC7Ku MmyrnLgynNjJ7RfKa+5Wa0FXaFsLO5xA61s1JZ8y1uACWwceguUQ+DsqQAlF9KPETT+T EDQEDDq6rBoz8obn9ubG9b9bEZ1qFcsA5PaEjzG8qetfLBKDvUgM1V7+LjjR1ysxgylC daARE5jMAWP2Cxu0qsqoUj8yFihBFqttYYFTp9HbZ9eY5yZ/aaWwScmQ5hydrwqfCv1W yIoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=VZ1Nu4TClKywlJIX2MtkIO8a/JcUzUmevX6rOfNTQ4s=; b=PDLPInmP5FA+MhqYMxMrWu6Mx5TTfqXWc/t09JBXjmnGf6wRSxbt5htJbqh6psxfSB 3kg2PVe43TVaQzNPJPoR1U8y6xfZjsfdHzUfklLKrP/6f0yk+91AA1DJf6/HIM/pq5fo q3oemwS6tcuSJzt3svJYXE1Zd55sZgiqgxNFZqNE1EPb8R/mHAm9nLes6pJ6Vmm/Dxa1 xLxgOZdoiQhad+Hg0Qos4MlYKGXcxgMOT3Q1S2pY5nqYgB01hjt1jDUE6p8Ahw7XMDiH jpaos81zEobcnRS5V6PBdEBzAsThhE1GMA6ChSmwG8FRqeATbFMWTlGccU/K6ALJa1hL or6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="R3K/eMQJ"; spf=pass (google.com: domain of 3vmmtxqukcmels2lynvvnsl.jvtspu14-ttr2hjr.vyn@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3vmMTXQUKCMEls2lynvvnsl.jvtspu14-ttr2hjr.vyn@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id s73sor5304125vkd.45.2019.06.26.05.23.26 for (Google Transport Security); Wed, 26 Jun 2019 05:23:26 -0700 (PDT) Received-SPF: pass (google.com: domain of 3vmmtxqukcmels2lynvvnsl.jvtspu14-ttr2hjr.vyn@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="R3K/eMQJ"; spf=pass (google.com: domain of 3vmmtxqukcmels2lynvvnsl.jvtspu14-ttr2hjr.vyn@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3vmMTXQUKCMEls2lynvvnsl.jvtspu14-ttr2hjr.vyn@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=VZ1Nu4TClKywlJIX2MtkIO8a/JcUzUmevX6rOfNTQ4s=; b=R3K/eMQJQRtikm1dkDPsjm0vASp36psrk0zphCIGzfzKdobUSKP98DNPLmE3jtTz36 k53RvT9C4WPzIrAf7ogmvNgTJP4wcCVxNDiuaOfrQkNwQXRiv4gX3Sie3ymaWUgyagMg ySSkdoOWxJnKUXRr1FdQqhPlm4/2c1Z726b2YODRRqTL0VIS1JsdL1HX3mFeeiGmiAS/ ZZ47BRrNaqaviL/MHAk9Lv7rCAqpfm6krL2+Cx/hFK5eUZ+FOWrS8SnUejWx9ZAUtqxA /FEM2bkxjkcXiLiaM5BfOOoQj6y2Tm4lRbVetJavA7nYiXeYRy5l25bLE/DfavSm0Web 3Zfw== X-Google-Smtp-Source: APXvYqygvrRZ1bPrPIv8ogsJy+NDtCh0yd5w8q0aP5/NTB15AyjhsuzojOb2uSDRovh5ehYjdR+FYjXA0w== X-Received: by 2002:a1f:a887:: with SMTP id r129mr1048981vke.75.1561551806136; Wed, 26 Jun 2019 05:23:26 -0700 (PDT) Date: Wed, 26 Jun 2019 14:20:19 +0200 In-Reply-To: <20190626122018.171606-1-elver@google.com> Message-Id: <20190626122018.171606-5-elver@google.com> Mime-Version: 1.0 References: <20190626122018.171606-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v2 4/4] mm/kasan: Add object validation in ksize() From: Marco Elver To: aryabinin@virtuozzo.com, dvyukov@google.com, glider@google.com, andreyknvl@google.com Cc: linux-kernel@vger.kernel.org, Marco Elver , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP ksize() has been unconditionally unpoisoning the whole shadow memory region associated with an allocation. This can lead to various undetected bugs, for example, double-kzfree(). Specifically, kzfree() uses ksize() to determine the actual allocation size, and subsequently zeroes the memory. Since ksize() used to just unpoison the whole shadow memory region, no invalid free was detected. This patch addresses this as follows: 1. Add a check in ksize(), and only then unpoison the memory region. 2. Preserve kasan_unpoison_slab() semantics by explicitly unpoisoning the shadow memory region using the size obtained from __ksize(). Tested: 1. With SLAB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. 2. With SLUB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199359 Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- include/linux/kasan.h | 7 +++++-- mm/slab_common.c | 21 ++++++++++++++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index b40ea104dd36..cc8a03cc9674 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -76,8 +76,11 @@ void kasan_free_shadow(const struct vm_struct *vm); int kasan_add_zero_shadow(void *start, unsigned long size); void kasan_remove_zero_shadow(void *start, unsigned long size); -size_t ksize(const void *); -static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); } +size_t __ksize(const void *); +static inline void kasan_unpoison_slab(const void *ptr) +{ + kasan_unpoison_shadow(ptr, __ksize(ptr)); +} size_t kasan_metadata_size(struct kmem_cache *cache); bool kasan_save_enable_multi_shot(void); diff --git a/mm/slab_common.c b/mm/slab_common.c index b7c6a40e436a..ba4a859261d5 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1613,7 +1613,26 @@ EXPORT_SYMBOL(kzfree); */ size_t ksize(const void *objp) { - size_t size = __ksize(objp); + size_t size; + + BUG_ON(!objp); + /* + * We need to check that the pointed to object is valid, and only then + * unpoison the shadow memory below. We use __kasan_check_read(), to + * generate a more useful report at the time ksize() is called (rather + * than later where behaviour is undefined due to potential + * use-after-free or double-free). + * + * If the pointed to memory is invalid we return 0, to avoid users of + * ksize() writing to and potentially corrupting the memory region. + * + * We want to perform the check before __ksize(), to avoid potentially + * crashing in __ksize() due to accessing invalid metadata. + */ + if (unlikely(objp == ZERO_SIZE_PTR) || !__kasan_check_read(objp, 1)) + return 0; + + size = __ksize(objp); /* * We assume that ksize callers could use whole allocated area, * so we need to unpoison this area.