From patchwork Mon Jul 8 17:07:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11035477 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9CF9513BD for ; Mon, 8 Jul 2019 17:09:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 876932858A for ; Mon, 8 Jul 2019 17:09:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7B341285AA; Mon, 8 Jul 2019 17:09:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4AA0C2858A for ; Mon, 8 Jul 2019 17:09:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 424308E0022; Mon, 8 Jul 2019 13:08:59 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3FC888E0002; Mon, 8 Jul 2019 13:08:59 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3156C8E0022; Mon, 8 Jul 2019 13:08:59 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by kanga.kvack.org (Postfix) with ESMTP id 139AC8E0002 for ; Mon, 8 Jul 2019 13:08:59 -0400 (EDT) Received: by mail-qk1-f200.google.com with SMTP id v4so16949735qkj.10 for ; Mon, 08 Jul 2019 10:08:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=Hwhk1enE9nNmmHHJ9NMKEqUFLaBrzoJTEH+x5otTjag=; b=fUSiGsF32vxTQxSxVaN6dHIdSpdO045LKClpTVRCVdf74U5jgkX8/r7+y6H4hl0wNQ 2i2t8+CZkmwZBbv76pmP281hYNL9NjD/fTLnPeCSZ0HORvx6ze/q2GawibJ3gZVgpi2J 9Z6QmgAqyu3koycSeIIoaiGP94cI5QqfLcyas+0j2iQjeWUGUotto4TmpAdYT9BeeAya VKXKQ7cEREjveNH7gsTx+o/hNHIWNueALxx75pUNxd7hlk5EGyNYdXnFAiJyuAQNuVqX dVI/wS1Ft2KTEAzFHTHyFmTk4d4TsbEEK3PM6As4pg8DiFj/sW4ixgp80yfI7NllplY0 4tWg== X-Gm-Message-State: APjAAAUKL70wfRlLl4/zy4jBqkTtbPLUbLgiN2nRTv2llxgIdQA3Fx38 wHfZ2x3RJRYtAEGeZX8bhlJ3L6QYab8ypTBlv+XlH3X84RPHOzWaV1kBELX6rP4asPiwBRcy/Up MnpTPwKGGRaZSW+3ZhN2/NjMqVcODOOH3vIFynALctrBhCh4NQ0zpyMhYrH5V44SieA== X-Received: by 2002:aed:3a24:: with SMTP id n33mr14789318qte.361.1562605738811; Mon, 08 Jul 2019 10:08:58 -0700 (PDT) X-Received: by 2002:aed:3a24:: with SMTP id n33mr14789277qte.361.1562605738209; Mon, 08 Jul 2019 10:08:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562605738; cv=none; d=google.com; s=arc-20160816; b=wukoT6ZU7xqj9mnX9uguw/0hKw/f5D7OMy1QUwxt7vQlgc6ksVg5HKTxVT53l1IKHg MPIPw1+ghi/7+7jtxgJtJwW9FWwhgw+Yk3MNDxq20xie6MAuuoEQATiNyq14kmK2Sjvk C8qMbvyi6AoJdcT+qlCxwMZYLNxlBsRJVxcx8Nw2zcMtxn68xuSkuUfplYdDh5AQYkXB qYrTdRa2X2YEjlziSrRx8LjW6Jjv/dX8X3kMsiD1AYA/OXB5KQjQ2x1mNVAhTO45c/+Q SN8F6EuCxJmPCm0PbL5p7+plnpmlFvBN9X+uz/d3RC4qxbLDfkOUaZ568/Vzo54bu55f TiNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=Hwhk1enE9nNmmHHJ9NMKEqUFLaBrzoJTEH+x5otTjag=; b=IBWMzJu2Udf52gAtVwK1/boGyHNYud+7tc05mndK/n6BQ2OEadQOww1XD/z2vNvuwp EMAvufAXrTV/Fvp6r+V6SpiugV9MK876qeZZFvqQFFDKeCWV0okM/nUZKcMXrFycw+bt dusPkZvBPMa4Ap010cjdIcGhuFwC4pDRR0L1323Wd5ReZ/hh7itG7+oDM7VAftjJoAFX vF6Bo78Hy1lPbs3WVch9UEvMKrP5YWVDZugQQaqWpnr7t++EuRiePZjC5y2yD9WbDIhM iLrqdP4kIUAOLvGMNMM+EfOtW399KS0P1UhrUa521OM4KSW+es4VYXP8+SfUQ42afNWK qk8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wOdsIHVM; spf=pass (google.com: domain of 3qxgjxqukcbg29j2f4cc492.0ca96bil-aa8jy08.cf4@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3qXgjXQUKCBg29J2F4CC492.0CA96BIL-AA8Jy08.CF4@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id k5sor23508489qtp.61.2019.07.08.10.08.58 for (Google Transport Security); Mon, 08 Jul 2019 10:08:58 -0700 (PDT) Received-SPF: pass (google.com: domain of 3qxgjxqukcbg29j2f4cc492.0ca96bil-aa8jy08.cf4@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wOdsIHVM; spf=pass (google.com: domain of 3qxgjxqukcbg29j2f4cc492.0ca96bil-aa8jy08.cf4@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3qXgjXQUKCBg29J2F4CC492.0CA96BIL-AA8Jy08.CF4@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Hwhk1enE9nNmmHHJ9NMKEqUFLaBrzoJTEH+x5otTjag=; b=wOdsIHVMZamkOSYuWNiQFHyAqqlxUMC9zzgAfqihPagHPuNYqfImiffF9t9yl+cgN2 FPO8yjuPBzh/cfI4a1HrVyKbDJNfD4KrSCxvHyuvK/AbBqouiF1uRJTO1HwPpEuIyFcx AJc3IVdMD8Qt8q5nf8e66WhTsJDBCW1aZOkRPP2tLJs1xVqhzSoOWpFmRPQrjzjwxWtM H/HV/bEP6ByYcFCoS52/X+xSXFdBum+Qdxno/6mk/WKN618Yc9OPo5Asuos1EpFJb+oD oIN2XuhitBq1hb5zsTPK1rUZes7bC8iFz/W3aHiaBjRlbpeJjT9aX2btjK5cntLk6L6g GJLQ== X-Google-Smtp-Source: APXvYqzqzU+7VOFTLnajYW2WtzqGbE36eBpzdkyAewvRtPAu/83hx5E2taIq76Yx29VuC7PM2wMXFbOWfQ== X-Received: by 2002:ac8:32c8:: with SMTP id a8mr10978860qtb.47.1562605737784; Mon, 08 Jul 2019 10:08:57 -0700 (PDT) Date: Mon, 8 Jul 2019 19:07:03 +0200 In-Reply-To: <20190708170706.174189-1-elver@google.com> Message-Id: <20190708170706.174189-2-elver@google.com> Mime-Version: 1.0 References: <20190708170706.174189-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v5 1/5] mm/kasan: Introduce __kasan_check_{read,write} From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Mark Rutland , Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Qian Cai , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This introduces __kasan_check_{read,write}. __kasan_check functions may be used from anywhere, even compilation units that disable instrumentation selectively. This change eliminates the need for the __KASAN_INTERNAL definition. Signed-off-by: Marco Elver Acked-by: Mark Rutland Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: Qian Cai Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- v5: * Use #define for kasan_check_* in the __SANITIZE_ADDRESS__ case, as the inline functions conflict with the __no_sanitize_address attribute. Reported-by: kbuild test robot v3: * Fix Formatting and split introduction of __kasan_check_* and returning bool into 2 patches. --- include/linux/kasan-checks.h | 25 ++++++++++++++++++++++--- mm/kasan/common.c | 10 ++++------ 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index a61dc075e2ce..221f05fbddd7 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -2,9 +2,28 @@ #ifndef _LINUX_KASAN_CHECKS_H #define _LINUX_KASAN_CHECKS_H -#if defined(__SANITIZE_ADDRESS__) || defined(__KASAN_INTERNAL) -void kasan_check_read(const volatile void *p, unsigned int size); -void kasan_check_write(const volatile void *p, unsigned int size); +/* + * __kasan_check_*: Always available when KASAN is enabled. This may be used + * even in compilation units that selectively disable KASAN, but must use KASAN + * to validate access to an address. Never use these in header files! + */ +#ifdef CONFIG_KASAN +void __kasan_check_read(const volatile void *p, unsigned int size); +void __kasan_check_write(const volatile void *p, unsigned int size); +#else +static inline void __kasan_check_read(const volatile void *p, unsigned int size) +{ } +static inline void __kasan_check_write(const volatile void *p, unsigned int size) +{ } +#endif + +/* + * kasan_check_*: Only available when the particular compilation unit has KASAN + * instrumentation enabled. May be used in header files. + */ +#ifdef __SANITIZE_ADDRESS__ +#define kasan_check_read __kasan_check_read +#define kasan_check_write __kasan_check_write #else static inline void kasan_check_read(const volatile void *p, unsigned int size) { } diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 242fdc01aaa9..6bada42cc152 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -14,8 +14,6 @@ * */ -#define __KASAN_INTERNAL - #include #include #include @@ -89,17 +87,17 @@ void kasan_disable_current(void) current->kasan_depth--; } -void kasan_check_read(const volatile void *p, unsigned int size) +void __kasan_check_read(const volatile void *p, unsigned int size) { check_memory_region((unsigned long)p, size, false, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_read); +EXPORT_SYMBOL(__kasan_check_read); -void kasan_check_write(const volatile void *p, unsigned int size) +void __kasan_check_write(const volatile void *p, unsigned int size) { check_memory_region((unsigned long)p, size, true, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_write); +EXPORT_SYMBOL(__kasan_check_write); #undef memset void *memset(void *addr, int c, size_t len) From patchwork Mon Jul 8 17:07:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11035479 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C49C813BD for ; Mon, 8 Jul 2019 17:09:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF16B2858A for ; Mon, 8 Jul 2019 17:09:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A2ECD285AA; Mon, 8 Jul 2019 17:09:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A990D2858A for ; Mon, 8 Jul 2019 17:09:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4EBBA8E0023; Mon, 8 Jul 2019 13:09:02 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 473448E0002; Mon, 8 Jul 2019 13:09:02 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 388148E0023; Mon, 8 Jul 2019 13:09:02 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by kanga.kvack.org (Postfix) with ESMTP id 1469C8E0002 for ; Mon, 8 Jul 2019 13:09:02 -0400 (EDT) Received: by mail-qk1-f197.google.com with SMTP id 5so17030966qki.2 for ; Mon, 08 Jul 2019 10:09:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=RtWDjGUPs90JyASI41SwauSsXqiA2S8BXOwsZQtnu1I=; b=ZvU4Rg7kwNN8s5ViIV9/myAO8IdjudmlnCIJwKEWxVj60W+bRhxjgj+W8/IM/Y1Emd hZ5zhQ6R/VxsMv1wqgUMLrPtSxL1rcNluBeHeJfl4Pe1w3joFgsi012m0osUgxMkeqMw ZJ3nenOb/maaTdtUiFT+naaT7zzCXuHLFHUaQBjnb/z5R25zVG87EOJEv98TpboBtcE2 0ZPql+qOcdBAW03GB+cNhT2ib3U16Ypra5vCgGKLippHghpJD2VJ89dweg32gEr1XKcL +w9GnRXtD06Xw1oySJ58wJabVPQu3XNBa6G0wdBmdt4vMoOkZoKmI6rdfwhWwEvEycTt Q52Q== X-Gm-Message-State: APjAAAVNwctopG2xeTz28DEXB269pHlS0cO3ySxYbpsJS5qdv+B2OwNr /5kMfsou/Z4wdw9AG+0jMdxx0tWP5nk/gVmlESbZf8ZOGY8VHxZw+k+OBBLRLnJ6KzTH+JYYNAu Vtm8cJDvFy8r5dUcwugZaDVx54IgHFNUxevotAH36X784QJBXEqTELlL61Kef3hXClg== X-Received: by 2002:ae9:ed4b:: with SMTP id c72mr14197022qkg.404.1562605741825; Mon, 08 Jul 2019 10:09:01 -0700 (PDT) X-Received: by 2002:ae9:ed4b:: with SMTP id c72mr14196984qkg.404.1562605741224; Mon, 08 Jul 2019 10:09:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562605741; cv=none; d=google.com; s=arc-20160816; b=Uf02m15CxoFD04S1B5KgmUusfxyiixVZsnFiPWEJ1XigAOnfhZTQSDEgPeFx7IOOIO fCK/ujER78bNZz87g901Ea3jb4Nck7+b5PuAnC3hEWOvyeWwxoJYRj/3Oldg7WqbrH/V WUBBo6njqVeZaT01O407RGFe/XiGFE19dE80ObKA0eiNOIZJuOsosTeINQpvJUeP2OPW afX3frDP5wmRRU/uNvRuxV6ptgK3n4ruhyTYTkkJDp9+KX3B7N8LZdbgl6M78LV1HVLa ejUtGpxa2UOTPO5NrHZKN+NP3HaCsUTJZ3+mOhBmJBgiEYg++3uSNTZoCWh2U3Z+Qp4F xP6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=RtWDjGUPs90JyASI41SwauSsXqiA2S8BXOwsZQtnu1I=; b=z2uwHPu+b8gMAJC2k3l1X7aNcngvm3afmyFsG9qK81/Avgbjy4l35GVfDA/FYfXFAb B00MvJDvzY8cCf1Q7qM/7lFoO9hE1aDfCqE3m+4r3RWtEuzXQq1wHXSLDiAV37fGEoym fjlO7Dsa//dmrxaGRTctxD24jJ3zA8AFGaUSFblMzInubRntTCyRi+7CLIRVIwnVSXcp ACQD67kkuBmvryeZRUCJ02Tu5xymGIgbe7WhgxhikxxowJyq4uPFcy3hQkKEaWqfHRIu 3wXnymoXhaf9js/AAOVLVyaPqjPz7G2LHsAFVbxOBW/4QLWuMcf5298yaN0MniKU7XfW pZFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XOe4Irkl; spf=pass (google.com: domain of 3rhgjxqukcbs5cm5i7ff7c5.3fdc9elo-ddbm13b.fi7@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3rHgjXQUKCBs5CM5I7FF7C5.3FDC9ELO-DDBM13B.FI7@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id z124sor10316014qkd.42.2019.07.08.10.09.01 for (Google Transport Security); Mon, 08 Jul 2019 10:09:01 -0700 (PDT) Received-SPF: pass (google.com: domain of 3rhgjxqukcbs5cm5i7ff7c5.3fdc9elo-ddbm13b.fi7@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XOe4Irkl; spf=pass (google.com: domain of 3rhgjxqukcbs5cm5i7ff7c5.3fdc9elo-ddbm13b.fi7@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3rHgjXQUKCBs5CM5I7FF7C5.3FDC9ELO-DDBM13B.FI7@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=RtWDjGUPs90JyASI41SwauSsXqiA2S8BXOwsZQtnu1I=; b=XOe4Irkl/KVbw9y5EerCSv8uURNZ0w5IOcfwYGUXv6rDuk8cm1Mtl43s6M4MXXkscS FeQSK/MGqhDc/1yw4EFvc6dCNBd+HnEmLChEi9T4tVZEVe4rTcG0ErUsi62cJve0WubA VlCjIh4I0UhfYnDVzBE6kqLlm0u6xBbQEolJUTHtXGJPwEUTrwc25iFyO5609USU2V7A N3yT+IvY/Z5qMzz2Q60w5BJnRNtsG1iiAhRMfQdD43LQDoFXPuB2dhgqe0dzOzYHYWKt JHV6ar2+53pKOzp7GX1zPs4TkYMK7BoPufoJdRoFfYEpWa5Y7y1HLry06eU2wAown11i nHiA== X-Google-Smtp-Source: APXvYqxFjhJIMQeNNvWGa+cge8Nh7zJViMGZ5hev3WLcoFslzclVoXSP6GR0qdv5dHdL9E7iiFR6Rkk2RA== X-Received: by 2002:a05:620a:1106:: with SMTP id o6mr14619312qkk.272.1562605740816; Mon, 08 Jul 2019 10:09:00 -0700 (PDT) Date: Mon, 8 Jul 2019 19:07:04 +0200 In-Reply-To: <20190708170706.174189-1-elver@google.com> Message-Id: <20190708170706.174189-3-elver@google.com> Mime-Version: 1.0 References: <20190708170706.174189-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v5 2/5] mm/kasan: Change kasan_check_{read,write} to return boolean From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , Stephen Rothwell , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This changes {,__}kasan_check_{read,write} functions to return a boolean denoting if the access was valid or not. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: Stephen Rothwell Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- v5: * Rebase on top of v5 of preceding patch. * Include types.h for bool. v3: * Fix Formatting and split introduction of __kasan_check_* and returning bool into 2 patches. --- include/linux/kasan-checks.h | 30 ++++++++++++++++++++---------- mm/kasan/common.c | 8 ++++---- mm/kasan/generic.c | 13 +++++++------ mm/kasan/kasan.h | 10 +++++++++- mm/kasan/tags.c | 12 +++++++----- 5 files changed, 47 insertions(+), 26 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index 221f05fbddd7..ac6aba632f2d 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -2,19 +2,25 @@ #ifndef _LINUX_KASAN_CHECKS_H #define _LINUX_KASAN_CHECKS_H +#include + /* * __kasan_check_*: Always available when KASAN is enabled. This may be used * even in compilation units that selectively disable KASAN, but must use KASAN * to validate access to an address. Never use these in header files! */ #ifdef CONFIG_KASAN -void __kasan_check_read(const volatile void *p, unsigned int size); -void __kasan_check_write(const volatile void *p, unsigned int size); +bool __kasan_check_read(const volatile void *p, unsigned int size); +bool __kasan_check_write(const volatile void *p, unsigned int size); #else -static inline void __kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void __kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool __kasan_check_read(const volatile void *p, unsigned int size) +{ + return true; +} +static inline bool __kasan_check_write(const volatile void *p, unsigned int size) +{ + return true; +} #endif /* @@ -25,10 +31,14 @@ static inline void __kasan_check_write(const volatile void *p, unsigned int size #define kasan_check_read __kasan_check_read #define kasan_check_write __kasan_check_write #else -static inline void kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool kasan_check_read(const volatile void *p, unsigned int size) +{ + return true; +} +static inline bool kasan_check_write(const volatile void *p, unsigned int size) +{ + return true; +} #endif #endif diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 6bada42cc152..2277b82902d8 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -87,15 +87,15 @@ void kasan_disable_current(void) current->kasan_depth--; } -void __kasan_check_read(const volatile void *p, unsigned int size) +bool __kasan_check_read(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, false, _RET_IP_); + return check_memory_region((unsigned long)p, size, false, _RET_IP_); } EXPORT_SYMBOL(__kasan_check_read); -void __kasan_check_write(const volatile void *p, unsigned int size) +bool __kasan_check_write(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, true, _RET_IP_); + return check_memory_region((unsigned long)p, size, true, _RET_IP_); } EXPORT_SYMBOL(__kasan_check_write); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 504c79363a34..616f9dd82d12 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -166,29 +166,30 @@ static __always_inline bool memory_is_poisoned(unsigned long addr, size_t size) return memory_is_poisoned_n(addr, size); } -static __always_inline void check_memory_region_inline(unsigned long addr, +static __always_inline bool check_memory_region_inline(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { if (unlikely(size == 0)) - return; + return true; if (unlikely((void *)addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } if (likely(!memory_is_poisoned(addr, size))) - return; + return true; kasan_report(addr, size, write, ret_ip); + return false; } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { - check_memory_region_inline(addr, size, write, ret_ip); + return check_memory_region_inline(addr, size, write, ret_ip); } void kasan_cache_shrink(struct kmem_cache *cache) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 3ce956efa0cb..e62ea45d02e3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -123,7 +123,15 @@ static inline bool addr_has_shadow(const void *addr) void kasan_poison_shadow(const void *address, size_t size, u8 value); -void check_memory_region(unsigned long addr, size_t size, bool write, +/** + * check_memory_region - Check memory region, and report if invalid access. + * @addr: the accessed address + * @size: the accessed size + * @write: true if access is a write access + * @ret_ip: return address + * @return: true if access was valid, false if invalid + */ +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip); void *find_first_bad_addr(void *addr, size_t size); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 63fca3172659..0e987c9ca052 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -76,7 +76,7 @@ void *kasan_reset_tag(const void *addr) return reset_tag(addr); } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { u8 tag; @@ -84,7 +84,7 @@ void check_memory_region(unsigned long addr, size_t size, bool write, void *untagged_addr; if (unlikely(size == 0)) - return; + return true; tag = get_tag((const void *)addr); @@ -106,22 +106,24 @@ void check_memory_region(unsigned long addr, size_t size, bool write, * set to KASAN_TAG_KERNEL (0xFF)). */ if (tag == KASAN_TAG_KERNEL) - return; + return true; untagged_addr = reset_tag((const void *)addr); if (unlikely(untagged_addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } shadow_first = kasan_mem_to_shadow(untagged_addr); shadow_last = kasan_mem_to_shadow(untagged_addr + size - 1); for (shadow = shadow_first; shadow <= shadow_last; shadow++) { if (*shadow != tag) { kasan_report(addr, size, write, ret_ip); - return; + return false; } } + + return true; } #define DEFINE_HWASAN_LOAD_STORE(size) \ From patchwork Mon Jul 8 17:07:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11035481 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 867C3112C for ; Mon, 8 Jul 2019 17:09:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6FD38285C6 for ; Mon, 8 Jul 2019 17:09:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 63B73285DB; Mon, 8 Jul 2019 17:09:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E6EF5285C6 for ; Mon, 8 Jul 2019 17:09:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 907B48E0024; Mon, 8 Jul 2019 13:09:05 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8B7448E0002; Mon, 8 Jul 2019 13:09:05 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7A52B8E0024; Mon, 8 Jul 2019 13:09:05 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-yb1-f200.google.com (mail-yb1-f200.google.com [209.85.219.200]) by kanga.kvack.org (Postfix) with ESMTP id 58D0A8E0002 for ; Mon, 8 Jul 2019 13:09:05 -0400 (EDT) Received: by mail-yb1-f200.google.com with SMTP id t18so7276671ybp.13 for ; Mon, 08 Jul 2019 10:09:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=WgLhQpz1bw5GU+Lv6x36GlyPCp/adnDxCyo0a/a2fVJIWZxBAmWdJxdMfO2kY44/qf 4FUvJRQ059Rv2z6Q3WjK6L+OrzOSqj7DHAzP5EgoCGujTS8Wg3sV6NMXA22RpBDyAMR4 nu0Sy9/aEkINwR6HPtVh8hMo/9z29fRnPeSUzieAyAprLqI5PuXGGZjqXoZpoUdUn9jS SRa1gCObt4jaAGfyegp5AZJ7aIZnBW953uOlbaJaiD7JFb4dCZ5m5E//i83S1XQfKYRN WaYD+MKPUYfOxqcIGOEyKTfYYoKvRzJAKA49RCDMLfyrj1gH84U0RHwLaJc4tAGZih7N xN2A== X-Gm-Message-State: APjAAAWr2gLTFOs8igBQkI56+sj+H1oMAkl1ST7ZVZxgKkTSE4Edv+1n 0YNoJEggha1Prn1F59/Gk0MZKx+Atgxxt4biWZ85CGKqw1omI8UlpL6eLgmaWLgCjBfHBF8fN0z Sg/QGaQhC9YISBfRqHsKzWb2x78Xwh3bWi1l8andQXgzdaPGV2pAt2B7t/AAG+a0qRw== X-Received: by 2002:a25:488:: with SMTP id 130mr11814132ybe.67.1562605744961; Mon, 08 Jul 2019 10:09:04 -0700 (PDT) X-Received: by 2002:a25:488:: with SMTP id 130mr11814098ybe.67.1562605744385; Mon, 08 Jul 2019 10:09:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562605744; cv=none; d=google.com; s=arc-20160816; b=1DDWmQ94BSFdyk19uezxySj4+Pa6XispupQZQI3K5huuwTSF4DLZnvE35o6J1ix9aY vLwbz5PDGcDpRw1FsGheY4qmyr35nT0AVQMiFwDsL2vFY4oTxOIkL7OoYZIYCEEzya+7 mB952Qaa0nJjrfxv8evrsFotGIsHDS59ZPxB493/+bIXL3duK2He/VPm7EpqIXN91Oty RlUZByEOvsgUdpuOtHvyh/vUppN7ZbAivytDUMtbrvqs+30csCgnF/vc4/1R5v24R8HY Y0rknDhggTwFJQ4gbvGZHbkQl8EAgbYsP7KU4IVw9F7leZFq9UYZFJj/7/yeq6/SBpzZ /c/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=JNwyfDgSTmhAWhxCLAPdub45xw2Skn4EjgO2jjzCGWXgD6aZnxrv9rhiUYMXI27Y/g NG/11LmZqwZ8SD95zAIHJQ02VS5rC/tBvm06AgCDKrSwGv7GrCQX3BhycZANGauNAThB J2BcATdALt9oFqJRVjpSCvP2i4n300ur/BQZUcvkBrKkETzyJHwFNN6pMa2HC1Q+Wj4N XvNfsvgDtRR/0PVaPMOe40IZPq2mDqD4KSSYqvKZAOCaCzjxoMldTxdXHUhLOTtX4lBM JXrN5kuDNJM1B3drXTfMz8EZe2Es9WBT/z8jj0G3F6IHYbFVEENE+u8ccIZ0xaEu3Tzt PWuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PgglRjVj; spf=pass (google.com: domain of 3r3gjxqukcb48fp8laiiaf8.6igfchor-ggep46e.ila@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3r3gjXQUKCB48FP8LAIIAF8.6IGFCHOR-GGEP46E.ILA@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id e3sor9865896ywe.143.2019.07.08.10.09.04 for (Google Transport Security); Mon, 08 Jul 2019 10:09:04 -0700 (PDT) Received-SPF: pass (google.com: domain of 3r3gjxqukcb48fp8laiiaf8.6igfchor-ggep46e.ila@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PgglRjVj; spf=pass (google.com: domain of 3r3gjxqukcb48fp8laiiaf8.6igfchor-ggep46e.ila@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3r3gjXQUKCB48FP8LAIIAF8.6IGFCHOR-GGEP46E.ILA@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=PgglRjVjhE72uthaYPgUkIA+L8Ic1IQKCjcb8XRTj87DCO10kaCcE306+6CbVNMvau SM1ka9Ic90hEIZxLQuIrW1jY3Vm6ESsEkj4IYF0TQ3+Fb38HOfRfZ6jc+goC1Vp402VA kMjKtNquIeLszR/h3t7e1dLItihhLNJ7YiN1g5fRoFKUsgOzwMwZ8toOK/16ArpBe9tF grBf339F217k5k/S6+fB3KbnXoO2Q0m6y/mS9TLUd2/nhXEGmHLG7x/xDi7tzYoCXGpA afNpmmQHXf9ZbTj7qJiAD426/t1VpxFKdDNos9FKE3egTSIsrvnwFas4LujNH5/S9+iA q5IA== X-Google-Smtp-Source: APXvYqxP+FPSf7rO7/ibi5Fz8cPbpk061VoEiwZkeVQq8DuTHnSF07hV2+HQ/wDAVE8vywm9H1aztfDkIA== X-Received: by 2002:a81:a95:: with SMTP id 143mr12306291ywk.279.1562605743974; Mon, 08 Jul 2019 10:09:03 -0700 (PDT) Date: Mon, 8 Jul 2019 19:07:05 +0200 In-Reply-To: <20190708170706.174189-1-elver@google.com> Message-Id: <20190708170706.174189-4-elver@google.com> Mime-Version: 1.0 References: <20190708170706.174189-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v5 3/5] lib/test_kasan: Add test for double-kzfree detection From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Adds a simple test that checks if double-kzfree is being detected correctly. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- lib/test_kasan.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index e3c593c38eff..dda5da9f5bd4 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -619,6 +619,22 @@ static noinline void __init kasan_strings(void) strnlen(ptr, 1); } +static noinline void __init kmalloc_double_kzfree(void) +{ + char *ptr; + size_t size = 16; + + pr_info("double-free (kzfree)\n"); + ptr = kmalloc(size, GFP_KERNEL); + if (!ptr) { + pr_err("Allocation failed\n"); + return; + } + + kzfree(ptr); + kzfree(ptr); +} + static int __init kmalloc_tests_init(void) { /* @@ -660,6 +676,7 @@ static int __init kmalloc_tests_init(void) kasan_memchr(); kasan_memcmp(); kasan_strings(); + kmalloc_double_kzfree(); kasan_restore_multi_shot(multishot); From patchwork Mon Jul 8 17:07:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11035483 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C17B3112C for ; Mon, 8 Jul 2019 17:09:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAB0D285C6 for ; Mon, 8 Jul 2019 17:09:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9EDA8285DB; Mon, 8 Jul 2019 17:09:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CE361285C6 for ; Mon, 8 Jul 2019 17:09:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 75A328E0025; Mon, 8 Jul 2019 13:09:09 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 70B3B8E0002; Mon, 8 Jul 2019 13:09:09 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5FA088E0025; Mon, 8 Jul 2019 13:09:09 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id 280EE8E0002 for ; Mon, 8 Jul 2019 13:09:09 -0400 (EDT) Received: by mail-pl1-f198.google.com with SMTP id u10so9081506plq.21 for ; Mon, 08 Jul 2019 10:09:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=QZnOkRdYQf8mUWhv/8goxyW49dQK1f6TH7q+YuHq6zOFBBhHr0GY3ksUcCvRpLbHcb QBOYrdeiOBuAG8d0ksyAzgZWJUdF3KWccVabr/CjaKCfhiGiD0rAL9nJ24Z5NzvTDE3Y nyvXFMrauG/AD9Gz96IZF19zMsjQW/YaSLkAECJa12vn121ro3UgEXCA1mXxHgTunnVh VVbYzA5XAYppCDPAs14QapNjN+sc4EOrV1tOMOq1/onwOIulFTf3hJbzqFNyhXEgQWD8 xHVXapVIVI5cwB932SlVARyaga0qjKyBupDbZ5zlC8JHHED9mCzli35BfNQBo0eWK6Fi TKTA== X-Gm-Message-State: APjAAAVSyRISt4M7dDCgzc7+GhFPlf8HrXVq4XxISkv8XPkg/Fy+T9Oo ncvaqo9zLCmwe8/UvvqR9cGOknvu2qU1qURjgpLkJ/EkW7CMJXiByxIbG7mY5mglw8lgIE+BuYH PLavObaSNk64tfjnItqbBuMbDFa9E4LvkJ6Pa36t+gJP0WqzJns6blioXuR1GG/h4bQ== X-Received: by 2002:a65:6454:: with SMTP id s20mr25192664pgv.15.1562605748702; Mon, 08 Jul 2019 10:09:08 -0700 (PDT) X-Received: by 2002:a65:6454:: with SMTP id s20mr25192601pgv.15.1562605747954; Mon, 08 Jul 2019 10:09:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562605747; cv=none; d=google.com; s=arc-20160816; b=0b3lslYHFruBhsgNf9KvSHxQOkSUaHAXX9t7jy9LPr+HwhYWAyikvV5ejYcfmdKWCE 30kw0J5cSja3CzuG2KwnaTAffHj25ZedWB/pBAR77swVnLOdBOP9zRIK+RijHmgmTuqR swMvqWxeGJfiXcNki8O47rEI7hskZYFwvs9Pi6gqgBcTSC9yl/X9DXI3Tpl9f+pdyh5n vsl3SK5NbmOJyMjlcoPDTLmW4vuZcqPnD/9mRoNcGKQvLVa77JY2vzOcBSG48t1fJ+W/ 7fFYwlNuktd9CeTEOIrPZYUUERZax5H98+fonNH10y3I0s4wNaThSd+Cbh1jnPwzpUGD wFbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=daOPUqYgvqPGu/6uP1EszIRnvfV04M0FeIpYiVUWRrYEWELyHJXxBEDC03NxzTAknV x8XQn/KDOImeAm4gWqSmBNp0Whh5ltVSwGer7hFJoGY8+KKukj8MKI5A03p4pg/dPXrN pbcvtKYPdMBDXizH0oJX72a+ZDDv9JyGmrHvvbbvX5t2ZZpQcggIH4Fd2pjLLt2lS7g4 FcK+g1Gosi6HPzgMCZHqb31cvAN0kq1nUeiMTXHrpzdCe6EdPVj9dDrY2MqZzF3qpgIz mw3JNgUsanJCLgTd90UtBxNnqqsULSVo98xzYMT0pni0tYMwUIsjFTIXXgPURhSri4jR Jobw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=keIyX3CN; spf=pass (google.com: domain of 3s3gjxqukccicjtcpemmejc.amkjglsv-kkit8ai.mpe@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3s3gjXQUKCCICJTCPEMMEJC.AMKJGLSV-KKIT8AI.MPE@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id t29sor9507499pgm.5.2019.07.08.10.09.07 for (Google Transport Security); Mon, 08 Jul 2019 10:09:07 -0700 (PDT) Received-SPF: pass (google.com: domain of 3s3gjxqukccicjtcpemmejc.amkjglsv-kkit8ai.mpe@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=keIyX3CN; spf=pass (google.com: domain of 3s3gjxqukccicjtcpemmejc.amkjglsv-kkit8ai.mpe@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3s3gjXQUKCCICJTCPEMMEJC.AMKJGLSV-KKIT8AI.MPE@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=keIyX3CNl5DDG92vrsREjVSX3La62v+TlU4jy29++vEjNAOxL156RFN76FY/S9OuA1 OJ9exP5qjcKi3SlFhKHjuoXtrqwxEHS8Uh6+D1eWxeC7htGTZw4dEuJhIKRLQosTcuoG Qvu2q0Klh44hoXqdiXhZZJCBSL6MLnEin4YgW/6DGR9CnQjOvvh2Pu/gcQqenAnMG5AW 3hLrmpY401qXabYeDGwIGYs4nTXkWrzcI5w3Pt1D/l8nlMcYMomItJP0aC6fsYX7ckqk 1CUgnYMJLNcb62DvNeuh1evMOM4jAvl8LNFfS039wNK3Ol764X60jOB8PX5aqcR4Xuxm o/aw== X-Google-Smtp-Source: APXvYqxNoDRGx+nApVWU9QeJBNTPDlCB953CYwbgWqfrgJL3iN+co1Qsz4hLpAn3aevd4wZ0T3x8crL6GA== X-Received: by 2002:a63:2a8d:: with SMTP id q135mr25079867pgq.46.1562605747189; Mon, 08 Jul 2019 10:09:07 -0700 (PDT) Date: Mon, 8 Jul 2019 19:07:06 +0200 In-Reply-To: <20190708170706.174189-1-elver@google.com> Message-Id: <20190708170706.174189-5-elver@google.com> Mime-Version: 1.0 References: <20190708170706.174189-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v5 4/5] mm/slab: Refactor common ksize KASAN logic into slab_common.c From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This refactors common code of ksize() between the various allocators into slab_common.c: __ksize() is the allocator-specific implementation without instrumentation, whereas ksize() includes the required KASAN logic. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org Acked-by: Christoph Lameter --- include/linux/slab.h | 1 + mm/slab.c | 28 ++++++---------------------- mm/slab_common.c | 26 ++++++++++++++++++++++++++ mm/slob.c | 4 ++-- mm/slub.c | 14 ++------------ 5 files changed, 37 insertions(+), 36 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 9449b19c5f10..98c3d12b7275 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -184,6 +184,7 @@ void * __must_check __krealloc(const void *, size_t, gfp_t); void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); +size_t __ksize(const void *); size_t ksize(const void *); #ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR diff --git a/mm/slab.c b/mm/slab.c index f7117ad9b3a3..394e7c7a285e 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -4204,33 +4204,17 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, #endif /* CONFIG_HARDENED_USERCOPY */ /** - * ksize - get the actual amount of memory allocated for a given object - * @objp: Pointer to the object + * __ksize -- Uninstrumented ksize. * - * kmalloc may internally round up allocations and return more memory - * than requested. ksize() can be used to determine the actual amount of - * memory allocated. The caller may use this additional memory, even though - * a smaller amount of memory was initially specified with the kmalloc call. - * The caller must guarantee that objp points to a valid object previously - * allocated with either kmalloc() or kmem_cache_alloc(). The object - * must not be freed during the duration of the call. - * - * Return: size of the actual memory used by @objp in bytes + * Unlike ksize(), __ksize() is uninstrumented, and does not provide the same + * safety checks as ksize() with KASAN instrumentation enabled. */ -size_t ksize(const void *objp) +size_t __ksize(const void *objp) { - size_t size; - BUG_ON(!objp); if (unlikely(objp == ZERO_SIZE_PTR)) return 0; - size = virt_to_cache(objp)->object_size; - /* We assume that ksize callers could use the whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(objp, size); - - return size; + return virt_to_cache(objp)->object_size; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); diff --git a/mm/slab_common.c b/mm/slab_common.c index 58251ba63e4a..b7c6a40e436a 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1597,6 +1597,32 @@ void kzfree(const void *p) } EXPORT_SYMBOL(kzfree); +/** + * ksize - get the actual amount of memory allocated for a given object + * @objp: Pointer to the object + * + * kmalloc may internally round up allocations and return more memory + * than requested. ksize() can be used to determine the actual amount of + * memory allocated. The caller may use this additional memory, even though + * a smaller amount of memory was initially specified with the kmalloc call. + * The caller must guarantee that objp points to a valid object previously + * allocated with either kmalloc() or kmem_cache_alloc(). The object + * must not be freed during the duration of the call. + * + * Return: size of the actual memory used by @objp in bytes + */ +size_t ksize(const void *objp) +{ + size_t size = __ksize(objp); + /* + * We assume that ksize callers could use whole allocated area, + * so we need to unpoison this area. + */ + kasan_unpoison_shadow(objp, size); + return size; +} +EXPORT_SYMBOL(ksize); + /* Tracepoints definitions. */ EXPORT_TRACEPOINT_SYMBOL(kmalloc); EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc); diff --git a/mm/slob.c b/mm/slob.c index 84aefd9b91ee..7f421d0ca9ab 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -527,7 +527,7 @@ void kfree(const void *block) EXPORT_SYMBOL(kfree); /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ -size_t ksize(const void *block) +size_t __ksize(const void *block) { struct page *sp; int align; @@ -545,7 +545,7 @@ size_t ksize(const void *block) m = (unsigned int *)(block - align); return SLOB_UNITS(*m) * SLOB_UNIT; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); int __kmem_cache_create(struct kmem_cache *c, slab_flags_t flags) { diff --git a/mm/slub.c b/mm/slub.c index cd04dbd2b5d0..05a8d17dd9b2 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3901,7 +3901,7 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, } #endif /* CONFIG_HARDENED_USERCOPY */ -static size_t __ksize(const void *object) +size_t __ksize(const void *object) { struct page *page; @@ -3917,17 +3917,7 @@ static size_t __ksize(const void *object) return slab_ksize(page->slab_cache); } - -size_t ksize(const void *object) -{ - size_t size = __ksize(object); - /* We assume that ksize callers could use whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(object, size); - return size; -} -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); void kfree(const void *x) { From patchwork Mon Jul 8 17:07:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11035485 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C181B112C for ; Mon, 8 Jul 2019 17:09:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AAED6285C6 for ; Mon, 8 Jul 2019 17:09:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9DD10285DB; Mon, 8 Jul 2019 17:09:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 07555285C6 for ; Mon, 8 Jul 2019 17:09:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1DB198E0026; Mon, 8 Jul 2019 13:09:12 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 18C108E0002; Mon, 8 Jul 2019 13:09:12 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0A19F8E0026; Mon, 8 Jul 2019 13:09:12 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-vk1-f198.google.com (mail-vk1-f198.google.com [209.85.221.198]) by kanga.kvack.org (Postfix) with ESMTP id D94348E0002 for ; Mon, 8 Jul 2019 13:09:11 -0400 (EDT) Received: by mail-vk1-f198.google.com with SMTP id t7so6835363vka.2 for ; Mon, 08 Jul 2019 10:09:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=va2IqGms4zwARolaxGifymkA8dWqhnjJfJEjqFTqRUA=; b=kzgZNInZFz3EJD3d+4fK49pmnNMPxYNQvVD4l+EWsn2pvBjDIp8oLTFed5MSA0aXqs kbiSH81+IjR9iEWGaTy+6EYOamhQOv1m0gUH592fuaNgP5/TrdDeWfBVXHcA7FRihrfJ x/rUeF4shnvVX7cAwN7SJH0EZAHR9pDWop+//KPb+YNiKHYqO81iIPLTXqpEY3hwWjut gSdPcEAdxQ6ehqZIFW3Smuc/gCz9n+mNaDB2mnX3Gd7BMz6woWiKQ4gec0LwuCaY6GvL wSVQHBtYCwfVgO8RAQd4TqebSmjGZDxqBrDSiSuJ77UIpqQyzd3lZPMytEBLtpxyDdNq W57A== X-Gm-Message-State: APjAAAUArccAxJ70TC+/rpaSJuUbBtuGtbfeLJ1i8pfuF5Lta1utotSr boZu5KEdZr04wbEZHeAqymuTsZbxV1yskg1Of1lIBt4bOgk/B/HjxKQg4zdCat44sGZHVljRQBF B1SJziDgbHD8r5eMmcAneeXwY3pB84aA2CVxc/yuf1dQ8uwL+/1CwcYTi4iTlm1hkWA== X-Received: by 2002:ab0:7035:: with SMTP id u21mr10454483ual.26.1562605751616; Mon, 08 Jul 2019 10:09:11 -0700 (PDT) X-Received: by 2002:ab0:7035:: with SMTP id u21mr10454448ual.26.1562605750887; Mon, 08 Jul 2019 10:09:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562605750; cv=none; d=google.com; s=arc-20160816; b=Sc8OuSOK00H9DPx3KFNNC4mHHKtFeGwlS+AWkXSVTGLwmsROgGp158z6Nt4koFnYI2 GveJbho71pHh67AeqP6aByPAgkCv6zKmzvWBANMZNccOHmlCdhaY0OmfwbDviRAYiNvh tzdf9hqxQSpMIwjW7hTjneo7KuFJZBq+KAxtXLOhmtothCV/WMU7EirnNF3oHFHaSej9 AldZP+mWZmCE/MPh8pk/pndj28VzO3Gcsy/XDoLyD3AnvdgCtVstbkzfNIxAL0Fkne8T R9EbVlDB5PZ8pm5vXpbU2vf/QqvLc/3yPiDpPgOt6yAsxW0WlK3KW1gjPP3uTluddjBK P54g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=va2IqGms4zwARolaxGifymkA8dWqhnjJfJEjqFTqRUA=; b=bhLnAM3uS/87E0HWyd7XMVlhUveVYFqjEGeqBPE81JAnmPY/z58xsve1CwM2t7vgJd Asy8jvf0awTFeN/GnGFfMnDcNPfv8Re5QdWWsnL2Y2DOWEOojnHeRI3zPCwJbNw43p4G fs17DsIQ4VUUYEtdKml/PoeVUQva+vnYZ8HoLBLQ631dnHaLkFil1zEX5hJgKkT4QTin f5aWrEnXVFUPineAtxyaXO0EPPaYPmPA64D1itJWwRIuo9ClCWNYSjbfXpLT+/aNvZQv 1mnwcGIdy8k9nEqqoznmBiHZvSmDU+/smiXbf0l6F2qM/J1zOB82bnIp0YFso3ksEcIF oBPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=B62llil3; spf=pass (google.com: domain of 3tngjxqukccufmwfshpphmf.dpnmjovy-nnlwbdl.psh@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3tngjXQUKCCUFMWFSHPPHMF.DPNMJOVY-NNLWBDL.PSH@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id j8sor7303174uad.24.2019.07.08.10.09.10 for (Google Transport Security); Mon, 08 Jul 2019 10:09:10 -0700 (PDT) Received-SPF: pass (google.com: domain of 3tngjxqukccufmwfshpphmf.dpnmjovy-nnlwbdl.psh@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=B62llil3; spf=pass (google.com: domain of 3tngjxqukccufmwfshpphmf.dpnmjovy-nnlwbdl.psh@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3tngjXQUKCCUFMWFSHPPHMF.DPNMJOVY-NNLWBDL.PSH@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=va2IqGms4zwARolaxGifymkA8dWqhnjJfJEjqFTqRUA=; b=B62llil3Fe4KzeXZEaBbD+00lGLnt61xZThwbT0g6IZl70whfkLgUD6l34hNGVCkHT 1XnLhu2ClICsG1ZP+VNktTAQx/P6j3YB6/j+5u70823Y2qvPdZJDEIRXRbOenMh1hpPP GSHE0OkiCT199jGkL1qB9jQVmf/D5xM3xl23+MYa2Z+ObxwJgvIxgeg+Qxu7/SXwDL7B FsNT+911aCa7KFAtwfmkM17dtznwJG3ibBxxM/tlmnyjdcoOIdyybcxyKNrZMUYmA9UV 9YH2/5ecSLu43JAiNIRdh+iXemCTUQqtbW+fFY4QzbvLVelQ8VLKJWV1P7oHoBSpKz/0 /BhQ== X-Google-Smtp-Source: APXvYqx/AWhWyRiQYsh8A+R32YrMoMJUGisZJ17vs2U294DwY3kO8gA6cjJzosgpsyUF6ubvfQSzhfr+jg== X-Received: by 2002:ab0:66d2:: with SMTP id d18mr10407237uaq.101.1562605750505; Mon, 08 Jul 2019 10:09:10 -0700 (PDT) Date: Mon, 8 Jul 2019 19:07:07 +0200 In-Reply-To: <20190708170706.174189-1-elver@google.com> Message-Id: <20190708170706.174189-6-elver@google.com> Mime-Version: 1.0 References: <20190708170706.174189-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v5 5/5] mm/kasan: Add object validation in ksize() From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Kees Cook , Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP ksize() has been unconditionally unpoisoning the whole shadow memory region associated with an allocation. This can lead to various undetected bugs, for example, double-kzfree(). Specifically, kzfree() uses ksize() to determine the actual allocation size, and subsequently zeroes the memory. Since ksize() used to just unpoison the whole shadow memory region, no invalid free was detected. This patch addresses this as follows: 1. Add a check in ksize(), and only then unpoison the memory region. 2. Preserve kasan_unpoison_slab() semantics by explicitly unpoisoning the shadow memory region using the size obtained from __ksize(). Tested: 1. With SLAB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. 2. With SLUB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199359 Signed-off-by: Marco Elver Acked-by: Kees Cook Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: Kees Cook Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- v4: * Prefer WARN_ON_ONCE() instead of BUG_ON(). --- include/linux/kasan.h | 7 +++++-- mm/slab_common.c | 22 +++++++++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index b40ea104dd36..cc8a03cc9674 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -76,8 +76,11 @@ void kasan_free_shadow(const struct vm_struct *vm); int kasan_add_zero_shadow(void *start, unsigned long size); void kasan_remove_zero_shadow(void *start, unsigned long size); -size_t ksize(const void *); -static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); } +size_t __ksize(const void *); +static inline void kasan_unpoison_slab(const void *ptr) +{ + kasan_unpoison_shadow(ptr, __ksize(ptr)); +} size_t kasan_metadata_size(struct kmem_cache *cache); bool kasan_save_enable_multi_shot(void); diff --git a/mm/slab_common.c b/mm/slab_common.c index b7c6a40e436a..a09bb10aa026 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1613,7 +1613,27 @@ EXPORT_SYMBOL(kzfree); */ size_t ksize(const void *objp) { - size_t size = __ksize(objp); + size_t size; + + if (WARN_ON_ONCE(!objp)) + return 0; + /* + * We need to check that the pointed to object is valid, and only then + * unpoison the shadow memory below. We use __kasan_check_read(), to + * generate a more useful report at the time ksize() is called (rather + * than later where behaviour is undefined due to potential + * use-after-free or double-free). + * + * If the pointed to memory is invalid we return 0, to avoid users of + * ksize() writing to and potentially corrupting the memory region. + * + * We want to perform the check before __ksize(), to avoid potentially + * crashing in __ksize() due to accessing invalid metadata. + */ + if (unlikely(objp == ZERO_SIZE_PTR) || !__kasan_check_read(objp, 1)) + return 0; + + size = __ksize(objp); /* * We assume that ksize callers could use whole allocated area, * so we need to unpoison this area.