From patchwork Thu Sep 24 04:03:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Walter Wu X-Patchwork-Id: 11796023 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C0C06CA for ; Thu, 24 Sep 2020 04:04:19 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 07E8523600 for ; Thu, 24 Sep 2020 04:04:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="bd6FxMG8"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="YE9tx9KF" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 07E8523600 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=wJZWiU8Ho85yy4pRiSlSracS/SC+Y5JrBU0vj9fXYE0=; b=bd6FxMG8si6WXyhcitBAeCzqly ANZrjWnSSW135kPzNDe4lhA97LgQqKD3aal8mnYhHDZZ77z6pfcyAWkYTELoSj6hB7LT2+vICvZp7 TprghmWFsBuqCj31f2hkicBuUlROwQ3E6BfSL+mX/o4/LWlFrghrZAI6j5W5Sca/s4C5rhSs18CT/ y5jN1c1sahECeLgwgW8XzZ3cHG2ACc9gpZdoORy35nbFA2AoFBVYhhTWFoEnDi+PcyXaVSFhQtyff OLMS7Za2wIqb9Az1I5nhoHWktIbsY2aWiuPNcVl31pEjQ4gP8vrJiEeRrFs675m69g+xuuzxnXPkm Rr9MsAVQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIUB-00056T-Co; Thu, 24 Sep 2020 04:03:59 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIU8-00055D-GV; Thu, 24 Sep 2020 04:03:57 +0000 X-UUID: cb26ea507c5e499db7432c3dc79cf521-20200923 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=dMII3+0XheNBeDRCJOnd6NRZNf7iDHcFRVLV7dSXF+k=; b=YE9tx9KFdxKMLpFRako2lbbt5Hv/Y/gBpTK9Q/sZN81Vd8UTh9Pg/TJao0n8ZYCzHihmeEO/jUqm3+dcbbcWb+XkMn5HsECdsQ8Z7LgxQEMY7TW5lFS5U4MXyj3jsk0K8sCWV79gZn1ana4IddAT/XohjhwyZHa6zOsE2G4RC2s=; X-UUID: cb26ea507c5e499db7432c3dc79cf521-20200923 Received: from mtkcas68.mediatek.inc [(172.29.94.19)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 770038226; Wed, 23 Sep 2020 20:03:48 -0800 Received: from MTKMBS01N1.mediatek.inc (172.21.101.68) by MTKMBS62DR.mediatek.inc (172.29.94.18) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 21:03:46 -0700 Received: from MTKCAS06.mediatek.inc (172.21.101.30) by mtkmbs01n1.mediatek.inc (172.21.101.68) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 24 Sep 2020 12:03:38 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 24 Sep 2020 12:03:37 +0800 From: Walter Wu To: Andrew Morton , Thomas Gleixner , John Stultz , Stephen Boyd , Marco Elver , Andrey Ryabinin , Alexander Potapenko , "Dmitry Vyukov" , Andrey Konovalov , Matthias Brugger Subject: [PATCH v4 1/6] timer: kasan: record timer stack Date: Thu, 24 Sep 2020 12:03:35 +0800 Message-ID: <20200924040335.30934-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200924_000356_677325_B5220A19 X-CRM114-Status: GOOD ( 13.95 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Walter Wu , wsd_upstream , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org When analyze use-after-free or double-free issue, recording the timer stacks is helpful to preserve usage history which potentially gives a hint about the affected code. Record the most recent two timer init calls in KASAN which are printed on failure in the KASAN report. For timers it has turned out to be useful to record the stack trace of the timer init call. Because if the UAF root cause is in timer init, then user can see KASAN report to get where it is registered and find out the root cause. It don't need to enable DEBUG_OBJECTS_TIMERS, but they have a chance to find out the root cause. Signed-off-by: Walter Wu Suggested-by: Marco Elver Suggested-by: Thomas Gleixner Acked-by: Marco Elver Reviewed-by: Dmitry Vyukov Reviewed-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: John Stultz Cc: Thomas Gleixner Cc: Stephen Boyd --- v2: - Thanks for Marco and Thomas suggestion. - Remove unnecessary code and fix commit log - reuse kasan_record_aux_stack() and aux_stack to record timer and workqueue stack. --- kernel/time/timer.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/time/timer.c b/kernel/time/timer.c index a16764b0116e..1ed8f8aca7f5 100644 --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -796,6 +796,9 @@ static void do_init_timer(struct timer_list *timer, timer->function = func; timer->flags = flags | raw_smp_processor_id(); lockdep_init_map(&timer->lockdep_map, name, key, 0); + + /* record the timer stack in order to print it in KASAN report */ + kasan_record_aux_stack(timer); } /** From patchwork Thu Sep 24 04:04:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Walter Wu X-Patchwork-Id: 11796075 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8222859D for ; Thu, 24 Sep 2020 04:13:09 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4EE222223E for ; Thu, 24 Sep 2020 04:13:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="C3T1jjLn"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="ZI1N7lUE" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4EE222223E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=VPL1B4eBuG+vr5+h5RBqN9sF5cnt0E2WeRvGooX0mes=; b=C3T1jjLnMYJ+m322E4h932PLFK 66bdrM85IoTvMWdArHpjkay5YGIaLuRCldoD9YnNSun39sP0lbUnPcJwHsd3gkUWIHWQfR8qcqWc+ BBuNrjwurTVjfTE93uoYOzFVlaRdcCPpJe/G3jmbkwE6dz/0W7POAYdWHj9hZSLkBk0My/6RhDdFM E7/PZqfixxhBpxhR4H87yGowduDIL8cRlD/9kQl05X5d593XHHedmPebLgWt4CnYwQ2LZjozLUchg 65Td8bi6yROmo6OZqVKzicz4lf3i1JEqlCA0ADI3YVn9DrlvQ61ZYM7uxqbEEJDFi1mxHQolCdofu WfkpXtFg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIcq-00071f-Tb; Thu, 24 Sep 2020 04:12:57 +0000 Received: from mailgw02.mediatek.com ([216.200.240.185]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIcc-0006xJ-Ga; Thu, 24 Sep 2020 04:12:44 +0000 X-UUID: 1e888abd97c942268420dbc381779e5e-20200923 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=yih98KEkzJLkFoWBf8Qw3xVcaUYkPNvBrd8fXNNVY9A=; b=ZI1N7lUETWVAnO3koNWr2ANN3sRKljk8Tz4PdVtIbZ8l3ZZhZHzgMEJIrtHi+0IdfpV4f1nnGOevgmpR7jrzbcorrWhO+FsMlk9PsnPIj5A8fEKN0LG8loK+4V9ROLT+FzLo2wIDk0E5yEra83lcSL+aTN0meNziL4WVGb+alAA=; X-UUID: 1e888abd97c942268420dbc381779e5e-20200923 Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 909286001; Wed, 23 Sep 2020 20:12:37 -0800 Received: from MTKMBS06N1.mediatek.inc (172.21.101.129) by MTKMBS62N2.mediatek.inc (172.29.193.42) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 21:04:31 -0700 Received: from MTKCAS06.mediatek.inc (172.21.101.30) by mtkmbs06n1.mediatek.inc (172.21.101.129) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 24 Sep 2020 12:04:30 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 24 Sep 2020 12:04:22 +0800 From: Walter Wu To: Andrew Morton , Tejun Heo , "Lai Jiangshan" , Marco Elver , "Andrey Ryabinin" , Alexander Potapenko , Dmitry Vyukov , Andrey Konovalov , Matthias Brugger Subject: [PATCH v4 2/6] workqueue: kasan: record workqueue stack Date: Thu, 24 Sep 2020 12:04:22 +0800 Message-ID: <20200924040422.30995-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200924_001242_742024_E18F4BF9 X-CRM114-Status: GOOD ( 13.84 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Walter Wu , wsd_upstream , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Records the last two enqueuing work call stacks in order to print them in KASAN report. It is useful for programmers to solve use-after-free or double-free memory workqueue issue. For workqueue it has turned out to be useful to record the enqueuing work call stacks. Because user can see KASAN report to determine whether it is root cause. They don't need to enable debugobjects, but they have a chance to find out the root cause. Signed-off-by: Walter Wu Suggested-by: Marco Elver Acked-by: Marco Elver Acked-by: Tejun Heo Reviewed-by: Dmitry Vyukov Reviewed-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Lai Jiangshan --- v2: - Thanks for Marco suggestion. - Remove unnecessary code - reuse kasan_record_aux_stack() and aux_stack to record timer and workqueue stack --- kernel/workqueue.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index c41c3c17b86a..5fea7dc9180f 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1324,6 +1324,9 @@ static void insert_work(struct pool_workqueue *pwq, struct work_struct *work, { struct worker_pool *pool = pwq->pool; + /* record the work call stack in order to print it in KASAN reports */ + kasan_record_aux_stack(work); + /* we own @work, set data and link */ set_work_pwq(work, pwq, extra_flags); list_add_tail(&work->entry, head); From patchwork Thu Sep 24 04:05:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Walter Wu X-Patchwork-Id: 11796077 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7286F59D for ; Thu, 24 Sep 2020 04:15:30 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4164A20657 for ; Thu, 24 Sep 2020 04:15:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="zdz4oX7t"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="Tvu1auoU" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4164A20657 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=oy+w6TCeleWFHiDWpTRDBNSwL6Dn9p2n1kqbHc/gwlA=; b=zdz4oX7tDZHvftIJwFO+Qd6V9X kotS7eIePbxBewGJ5U7fe2Nv2hEWdgu9i5e42qv4q4L2Z4gSpmSsb7IzYD/wiJ5iGyfq2fgz/JN3z ZOEvUV/Vu0l3aPCmTmFQdJozIguoMVlU/sfDUH9JU59zl4s0FVxLkyG18Shi7O+lW2G687WQkN7Xx 8zGebFx+eWo3M+qpLHH51k0v7sCI9VeqUE4dTadML7LQPcQW6xdKWxQR+kDdBbYSS1zoT9etIcorH mZlRlpKSY5Pv2Vsp9nPwFKXi5kjg+KUQjiyYkIJQxUgMkJncz7jyLNtAr+ykUwN8iId3kySOf70EB a1GxY4Bw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIce-0006yp-2J; Thu, 24 Sep 2020 04:12:44 +0000 Received: from mailgw02.mediatek.com ([216.200.240.185]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIcb-0006xJ-3y; Thu, 24 Sep 2020 04:12:42 +0000 X-UUID: 8b664fda1aec42059856f46b262eeafe-20200923 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=jERA97XeyBTxK9uRT3LHVudEGcqfyQoFzaVX3v1wRNo=; b=Tvu1auoUk0g9FYSf6jotBbJKeVSRyb9lnVgpl3AH/erIGOKbm45KiBMwLXr9UAJG1RAcGQcY2UcVUx57ozW/RymS+D+RkCmOGUyNWtgWh7Ry85R7gTw4kmqM9ufzf4MW5tVFlTFSTC3iib9BseEagCxFpABmdcsVceRpeF/d05A=; X-UUID: 8b664fda1aec42059856f46b262eeafe-20200923 Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 624694231; Wed, 23 Sep 2020 20:12:37 -0800 Received: from MTKMBS01N1.mediatek.inc (172.21.101.68) by MTKMBS62N2.mediatek.inc (172.29.193.42) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 21:05:15 -0700 Received: from MTKCAS06.mediatek.inc (172.21.101.30) by mtkmbs01n1.mediatek.inc (172.21.101.68) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 24 Sep 2020 12:05:13 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 24 Sep 2020 12:05:13 +0800 From: Walter Wu To: Andrew Morton , Marco Elver , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Andrey Konovalov , Matthias Brugger Subject: [PATCH v4 3/6] kasan: print timer and workqueue stack Date: Thu, 24 Sep 2020 12:05:13 +0800 Message-ID: <20200924040513.31051-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200924_001241_366429_4E8BF7C9 X-CRM114-Status: GOOD ( 13.71 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Walter Wu , wsd_upstream , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org The aux_stack[2] is reused to record the call_rcu() call stack, timer init call stack, and enqueuing work call stacks. So that we need to change the auxiliary stack title for common title, print them in KASAN report. Signed-off-by: Walter Wu Suggested-by: Marco Elver Acked-by: Marco Elver Reviewed-by: Dmitry Vyukov Reviewed-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Alexander Potapenko --- v2: - Thanks for Marco suggestion. - We modify aux stack title name in KASAN report in order to print call_rcu()/timer/workqueue stack. --- mm/kasan/report.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 4f49fa6cd1aa..886809d0a8dd 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -183,12 +183,12 @@ static void describe_object(struct kmem_cache *cache, void *object, #ifdef CONFIG_KASAN_GENERIC if (alloc_info->aux_stack[0]) { - pr_err("Last call_rcu():\n"); + pr_err("Last potentially related work creation:\n"); print_stack(alloc_info->aux_stack[0]); pr_err("\n"); } if (alloc_info->aux_stack[1]) { - pr_err("Second to last call_rcu():\n"); + pr_err("Second to last potentially related work creation:\n"); print_stack(alloc_info->aux_stack[1]); pr_err("\n"); } From patchwork Thu Sep 24 04:05:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Walter Wu X-Patchwork-Id: 11796063 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 652B46CA for ; Thu, 24 Sep 2020 04:12:00 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 36EF92223E for ; Thu, 24 Sep 2020 04:12:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pegRqMGs"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="rzaNtTpR" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 36EF92223E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=umDlujQAUTKGK57dllmISKolXZsHpXDGggDpQMG+T1A=; b=pegRqMGsNkBoEEIOpJ+fABcAXv tmSTy3r7doGo32/9tAD5xCt/S3Lcy+UNqEEb8uADf4srCBzRG4pfeW8WphKqvd6z/rNkbx/DbVmKO AhOce9sSQ7OyfrcEEEzVArIAl6jkYGpWx3jyg5iTV2iw/qZVn41AyQHaItLY/zYuTbFXXxO40ztdx juJJnRsbmD8OoGCGPzTRSzQ0M2XflwJI792o84BIJ56wailBnMuMofyCfz9j9v4c/oSQJGERRaO6S v9+IEHx7B45pKgOt7sVWR4NKGpBh32xD63od04UbeLW1xzfnB2h2+yWxtuwpZhbBpuVk2ljbTKdt4 exsQ+LQA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIab-0006PK-Rf; Thu, 24 Sep 2020 04:10:37 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIaX-0006NR-8E; Thu, 24 Sep 2020 04:10:34 +0000 X-UUID: 40e4031a1a964da382f37cb9ee4141ef-20200923 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=PimmuaElZUMsgbQjwJ8de8rcFyaYrVbSXAmqAq7D2xA=; b=rzaNtTpRz2b66QfQkp+d00sFmLYUTxrf4XZqzY99dEM1uCJaiK/bM1iAr3NgYm3rKxxDMCi5VntKi+bt5mdLm6Z6F4FgZOtxm+5DLc/0AVHPJWdyYDZ9LTETxcJ/GygoLL4urp8WGmiqNl9Vqg4MzjNOQB2/6NjMmAvHp4A50kA=; X-UUID: 40e4031a1a964da382f37cb9ee4141ef-20200923 Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 931543320; Wed, 23 Sep 2020 20:10:29 -0800 Received: from MTKMBS06N1.mediatek.inc (172.21.101.129) by MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 21:05:50 -0700 Received: from MTKCAS06.mediatek.inc (172.21.101.30) by mtkmbs06n1.mediatek.inc (172.21.101.129) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 24 Sep 2020 12:05:49 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 24 Sep 2020 12:05:47 +0800 From: Walter Wu To: Andrew Morton , Marco Elver , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Andrey Konovalov , Matthias Brugger Subject: [PATCH v4 4/6] kasan: add tests for timer stack recording Date: Thu, 24 Sep 2020 12:05:48 +0800 Message-ID: <20200924040548.31112-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200924_001033_446259_F5AC8208 X-CRM114-Status: GOOD ( 13.31 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Walter Wu , wsd_upstream , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Adds a test to verify timer stack recording and print it in KASAN report. The KASAN report was as follows(cleaned up slightly): BUG: KASAN: use-after-free in kasan_timer_uaf Freed by task 0: kasan_save_stack+0x24/0x50 kasan_set_track+0x24/0x38 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x170 kasan_slab_free+0x10/0x18 kfree+0x98/0x270 kasan_timer_function+0x1c/0x28 Last potentially related work creation: kasan_save_stack+0x24/0x50 kasan_record_tmr_stack+0xa8/0xb8 init_timer_key+0xf0/0x248 kasan_timer_uaf+0x5c/0xd8 Signed-off-by: Walter Wu Acked-by: Marco Elver Reviewed-by: Dmitry Vyukov Reviewed-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Matthias Brugger --- v4: - testcase has merge conflict, so that rebase onto the KASAN-KUNIT --- lib/test_kasan_module.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/lib/test_kasan_module.c b/lib/test_kasan_module.c index 2d68db6ae67b..d8234a1db8c9 100644 --- a/lib/test_kasan_module.c +++ b/lib/test_kasan_module.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "../mm/kasan/kasan.h" @@ -91,6 +92,29 @@ static noinline void __init kasan_rcu_uaf(void) call_rcu(&global_rcu_ptr->rcu, kasan_rcu_reclaim); } +static noinline void __init kasan_timer_function(struct timer_list *timer) +{ + del_timer(timer); + kfree(timer); +} + +static noinline void __init kasan_timer_uaf(void) +{ + struct timer_list *timer; + + timer = kmalloc(sizeof(struct timer_list), GFP_KERNEL); + if (!timer) { + pr_err("Allocation failed\n"); + return; + } + + timer_setup(timer, kasan_timer_function, 0); + add_timer(timer); + msleep(100); + + pr_info("use-after-free on timer\n"); + ((volatile struct timer_list *)timer)->expires; +} static int __init test_kasan_module_init(void) { @@ -102,6 +126,7 @@ static int __init test_kasan_module_init(void) copy_user_test(); kasan_rcu_uaf(); + kasan_timer_uaf(); kasan_restore_multi_shot(multishot); return -EAGAIN; From patchwork Thu Sep 24 04:06:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Walter Wu X-Patchwork-Id: 11796061 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4733B59D for ; Thu, 24 Sep 2020 04:10:53 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D1D87206DB for ; Thu, 24 Sep 2020 04:10:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="UgcLmbWJ"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=mediatek.com header.i=@mediatek.com header.b="GC/ubmTh" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D1D87206DB Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=TcjDJ90WKQ6D2/cCMl/f/tLU81GsYWLzf/E5wm6kk1I=; b=UgcLmbWJ/tlkgTPOmQPZKq2InX Wa2bdw0zd9CCnzEACK5erOIz3a1hf7EZmrh91TkX7SVYyPUzR4htP9jyWQao9WZyOS0QJZEWf0jGq wEUkhn6ZjB2zdCn/JVrjPnpCVfqMhdcn0FJb6tednbb6E8IyCqchzUxoYu1s+ygVFCVH2Xk7kRJ6C x28KbInV1z3vdllBOePgP6coI3n0mP5qgkuiDOzm3JSUkSHubOOvXV2ZoN3sz1KkzMzofn4tdqXG4 1AO9vayaNTjp5Br3TB8rXaw5KIwpbvuAiSxpyDTsbtTvkpdHiMawO0cgEX3XrdIerzCUO28LMi+uU 1jDAAJPg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIaZ-0006Ot-VL; Thu, 24 Sep 2020 04:10:36 +0000 Received: from mailgw01.mediatek.com ([216.200.240.184]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kLIaX-0006Nb-8E; Thu, 24 Sep 2020 04:10:34 +0000 X-UUID: 524f7f89b08d403d88647d83a3560394-20200923 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=kgEyV8GPi8LIdYi4bGI7Bw0WJs3ADwMNIObdnpyN9FA=; b=GC/ubmThR4cv2dADzTYXE879rDBpufb38i17eUPrxYl6PumipBgS31BTiuiC6OQYDQh3OwdWNROv2eHrtuWnNgtjkk0v2foHSCae530r/IvNpQEjib0t/rxBFPsafSwBugjzVXusbi1XuHo2XYrZ8jj0aA7+LevWYMI0ZIUs9j0=; X-UUID: 524f7f89b08d403d88647d83a3560394-20200923 Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by mailgw01.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 1346114532; Wed, 23 Sep 2020 20:10:29 -0800 Received: from MTKMBS01N2.mediatek.inc (172.21.101.79) by MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 21:06:58 -0700 Received: from MTKCAS06.mediatek.inc (172.21.101.30) by mtkmbs01n2.mediatek.inc (172.21.101.79) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 24 Sep 2020 12:06:49 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 24 Sep 2020 12:06:49 +0800 From: Walter Wu To: Andrew Morton , Jonathan Corbet , Marco Elver , Andrey Ryabinin , Alexander Potapenko , "Dmitry Vyukov" , Andrey Konovalov , Matthias Brugger Subject: [PATCH v4 6/6] kasan: update documentation for generic kasan Date: Thu, 24 Sep 2020 12:06:49 +0800 Message-ID: <20200924040650.31221-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-TM-SNTS-SMTP: CD7E561389D179394336201CEA174E7F8D7E06FE8F5E04C5B1D4AD0B5E80F0E02000:8 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200924_001033_471904_27AC371A X-CRM114-Status: GOOD ( 12.48 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Walter Wu , wsd_upstream , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Generic KASAN also supports to record the last two timer and workqueue stacks and print them in KASAN report. So that need to update documentation. Signed-off-by: Walter Wu Suggested-by: Marco Elver Acked-by: Marco Elver Reviewed-by: Dmitry Vyukov Reviewed-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Jonathan Corbet --- v3: - Thanks for Marco suggestion --- Documentation/dev-tools/kasan.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index 38fd5681fade..698ccb65e634 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -190,8 +190,9 @@ function calls GCC directly inserts the code to check the shadow memory. This option significantly enlarges kernel but it gives x1.1-x2 performance boost over outline instrumented kernel. -Generic KASAN prints up to 2 call_rcu() call stacks in reports, the last one -and the second to last. +Generic KASAN also reports the last 2 call stacks to creation of work that +potentially has access to an object. Call stacks for the following are shown: +call_rcu(), timer and workqueue queuing. Software tag-based KASAN ~~~~~~~~~~~~~~~~~~~~~~~~