From patchwork Mon Nov 6 20:10:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447418 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9864C4167B for ; Mon, 6 Nov 2023 20:10:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7E4776B0288; Mon, 6 Nov 2023 15:10:39 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 793FE6B028A; Mon, 6 Nov 2023 15:10:39 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5A7DE6B028C; Mon, 6 Nov 2023 15:10:39 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 271506B0288 for ; Mon, 6 Nov 2023 15:10:39 -0500 (EST) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 01C8B1607F3 for ; Mon, 6 Nov 2023 20:10:38 +0000 (UTC) X-FDA: 81428622198.25.3F89AF5 Received: from out-183.mta1.migadu.com (out-183.mta1.migadu.com [95.215.58.183]) by imf02.hostedemail.com (Postfix) with ESMTP id 2EEC480016 for ; Mon, 6 Nov 2023 20:10:35 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=L3cpdQsl; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf02.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.183 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301437; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5zUveeaHubKwNWv/mUHyod8asGDxf8HEl2nDgxq3m5s=; b=oN6KsAwmHhatRHPAp6bqteDNUy8QaLaThSVGTjx8O3fGeOcYkRsbMS4YgKS83gLzmG504I IhLV+c9yJd2ftxQNbbcm0w5QmqdfmaHR3IM6mh2yZmzXUQr5ZII0sFDVRSm7rv8zzmqTlP 0lGCOH7Wl4P+IzJbIrvxaZvyOJ5vZvA= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=L3cpdQsl; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf02.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.183 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301437; a=rsa-sha256; cv=none; b=oW8/aTpfwQAiGeJLMO8vZFCUhLgsQNHArIjh/E3BmSlBc3Sk577nG/YHzzFvcDBw395m6K YncWCHJZuxyY1D8eHY0l+JHzxdeuLUv+3THSXBljZU5MhHH6kC6NVwrv3E1z8PktQKAHyT xn+Gr6iwZrQnGV6cHeFGqudxDaLBu1U= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5zUveeaHubKwNWv/mUHyod8asGDxf8HEl2nDgxq3m5s=; b=L3cpdQsl8rkb7JZtwAIC4eCSnezYGVtiw98SxiDVzYCV5xe1AfbsSj6usun1a4l+c+qqRu z1J/4gwLmo5D3p+Kwl2i4n8TQXJgQGILOLkaKmpXlQWt0svPMKOeoNq+e2E1zahPLmA8Hc UdUKlPDzpckCJ729haSLr62Qg8EuqI4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 01/20] kasan: rename kasan_slab_free_mempool to kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:10 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 2EEC480016 X-Stat-Signature: g5833qtidzw5gbykbmjaept55u7xuam3 X-Rspam-User: X-HE-Tag: 1699301435-588197 X-HE-Meta: U2FsdGVkX1/8x8Pime02bJt4AgsQ27ZOavk4N6b52U3xcxvFZEwwsRFs9sZRah3dp/hE1ENrq5kvBJtHfXy18mddveiONduKho1Fr6uhIudI9HLXbhHMB4fsstM13hwIogKOZrACuGw0hC7wkR6GLNPwua6VEI5MacTBivfLu2O9TEyR4QBSgMNo6WUUasdxPT2Y/K+f6zAZQSpfyYHQI2V2Be+YyG0npI8DyrYYfq63kaLBuW0bNN/OE4/QrNuMTpdW/+xOXbcDFBQ/KXUpzLWnGkSa+cKNj9w3cj7KNtUjg7PgqCa/lvSmfzqkYlYmNuAl9q196WclNWaLOU7PvmqAkMSLIM9YyApkeRSgdYqS+2B0VftTADjRQcI2W5nhrBUHB3OZNueKx8t4Qz6ZsMMn1jJMBVgFOCJaC45++JLQexUWxn4F502qw2Ik5xlntqe82u3rsKyLZZ7zj1YnrSqh3ONUpKb+DBmt/2ubkzTRcSsIb62U0dvzLOdEfuaI/aIuhyCMPjiaB52iUoCBiFbzt/t7s16Ux5s1Qm3O/kxb7RQ8S+iHVfFX5Kgb9AHKF1pqA8zrv2VYhFzfkA331TgkPsOu0Of7sXcmJsBd2awfZgGw6p/hdU4JdUr1W2G+BTKvQVUcma9B3iopRl8HgKhx/w6wrJC7GJt399Vp0HPewyqCK5/u4hFBl0oI61dhg62jWTEiMsqn95Nwu5nTS/p0fItmJUJ8eQ9fm6T+VjGfi9aurejcD4iNy58H2zHoIppQUJi4Gpe8dVo9HsFo2FzVB8EtHtdT8bg6KpHaKnQ+R1Ff7aZp16+yVqecO3VOGNt1qcc3fSrS0PYW6BxU8BevibdNxFaOBdfeMi4r3OBxQXWyFvp13pgP8bpvoirVbYvazyxjxt7FaKFZTKdY/1W+Wm+mlUWl+peL3dJ9GO/w+bTX7oB4f/PxKocxefygM52AF4t64+WbTrm4Gwd Ax1nz1Wi RW2zh5u11XwzWIAaAdIrneTa7+rVtsKNd/1F43KsTMT8U2MPtSSkEdKywhSO9uKAKX373KggbJIffpvyFO2HhRCvWYQA65f5ynagnSJm3ircPbjv9eCnUECW3kPzx1qLwEvEM6elOBt+s2uVZypsNB0ivWdxMBsA/5r5P3J+czgA+B3gVHJVi0A63iMKrW4q9LHKg+DEmivdI784= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Rename kasan_slab_free_mempool to kasan_mempool_poison_object. kasan_slab_free_mempool is a slightly confusing name: it is unclear whether this function poisons the object when it is freed into mempool or does something when the object is freed from mempool to the underlying allocator. The new name also aligns with other mempool-related KASAN hooks added in the following patches in this series. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 8 ++++---- io_uring/alloc_cache.h | 3 +-- mm/kasan/common.c | 4 ++-- mm/mempool.c | 2 +- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 72cb693b075b..6310435f528b 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -172,11 +172,11 @@ static __always_inline void kasan_kfree_large(void *ptr) __kasan_kfree_large(ptr, _RET_IP_); } -void __kasan_slab_free_mempool(void *ptr, unsigned long ip); -static __always_inline void kasan_slab_free_mempool(void *ptr) +void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +static __always_inline void kasan_mempool_poison_object(void *ptr) { if (kasan_enabled()) - __kasan_slab_free_mempool(ptr, _RET_IP_); + __kasan_mempool_poison_object(ptr, _RET_IP_); } void * __must_check __kasan_slab_alloc(struct kmem_cache *s, @@ -256,7 +256,7 @@ static inline bool kasan_slab_free(struct kmem_cache *s, void *object, bool init return false; } static inline void kasan_kfree_large(void *ptr) {} -static inline void kasan_slab_free_mempool(void *ptr) {} +static inline void kasan_mempool_poison_object(void *ptr) {} static inline void *kasan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags, bool init) { diff --git a/io_uring/alloc_cache.h b/io_uring/alloc_cache.h index 241245cb54a6..8de0414e8efe 100644 --- a/io_uring/alloc_cache.h +++ b/io_uring/alloc_cache.h @@ -16,8 +16,7 @@ static inline bool io_alloc_cache_put(struct io_alloc_cache *cache, if (cache->nr_cached < cache->max_cached) { cache->nr_cached++; wq_stack_add_head(&entry->node, &cache->list); - /* KASAN poisons object */ - kasan_slab_free_mempool(entry); + kasan_mempool_poison_object(entry); return true; } return false; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 256930da578a..e42d6f349ae2 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -261,7 +261,7 @@ static inline bool ____kasan_kfree_large(void *ptr, unsigned long ip) /* * The object will be poisoned by kasan_poison_pages() or - * kasan_slab_free_mempool(). + * kasan_mempool_poison_object(). */ return false; @@ -272,7 +272,7 @@ void __kasan_kfree_large(void *ptr, unsigned long ip) ____kasan_kfree_large(ptr, ip); } -void __kasan_slab_free_mempool(void *ptr, unsigned long ip) +void __kasan_mempool_poison_object(void *ptr, unsigned long ip) { struct folio *folio; diff --git a/mm/mempool.c b/mm/mempool.c index 734bcf5afbb7..768cb39dc5e2 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -107,7 +107,7 @@ static inline void poison_element(mempool_t *pool, void *element) static __always_inline void kasan_poison_element(mempool_t *pool, void *element) { if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc) - kasan_slab_free_mempool(element); + kasan_mempool_poison_object(element); else if (pool->alloc == mempool_alloc_pages) kasan_poison_pages(element, (unsigned long)pool->pool_data, false); From patchwork Mon Nov 6 20:10:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447416 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45792C4167B for ; Mon, 6 Nov 2023 20:10:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A54B56B0286; Mon, 6 Nov 2023 15:10:38 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A04E26B0288; Mon, 6 Nov 2023 15:10:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F2CD6B0289; Mon, 6 Nov 2023 15:10:38 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 71A1F6B0288 for ; Mon, 6 Nov 2023 15:10:38 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 49EB3808E6 for ; Mon, 6 Nov 2023 20:10:38 +0000 (UTC) X-FDA: 81428622156.03.AE22885 Received: from out-174.mta1.migadu.com (out-174.mta1.migadu.com [95.215.58.174]) by imf29.hostedemail.com (Postfix) with ESMTP id 74F0F120015 for ; Mon, 6 Nov 2023 20:10:36 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=aaX6KV+U; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf29.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.174 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301436; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=t/Tz91brdE21dTNWs0et2BZxKBCaFAccIIB/OCqkFS0=; b=3qh9kj6XIfJCcagwVeHYvvMlubcsUovb8oJsTHf0hg6DS9GaZ1DEYz5evJmQhkrn0dfnYd z1vDT2o0fakGpHqRJvxMzLv39jMPtms2ROGu5mEy36GhYWLKflP6KGvxnYfm/sgLXWorBx dCtzBiugzXdPnpXHhCHYIJ9KK+CGqsw= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=aaX6KV+U; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf29.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.174 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301436; a=rsa-sha256; cv=none; b=PuNhAiq8WC0QNsPHrnfe360DabJSXa6aSyjTML4sk0feDxdg+sHyuaMUtXTYoOY4/PYM4s jZll8JRCenk0Rrjp7a0B9KHAZRWZbajz/CVs6BXSuiCsHXtsIwflRMrWr9zvGBo0D+lm9x Nw8vLODH5CSjq9mrCqzHUsWNVwaSNW4= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t/Tz91brdE21dTNWs0et2BZxKBCaFAccIIB/OCqkFS0=; b=aaX6KV+UWkGgoc/tFbUJHDU1fecvP/ug5k2WlsFn/kBP4/GWVGypJrvpu3Uccqw9G1op6n rqju0no4iU0SSp8Rg71WkOaGPzeamqnNgb+RhCgZ6NsdAvgl7d/PZXBvDZBn2USk1I6Xh7 af1WOsyuVc57E+UwVLOlLz3OCEp+fkY= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 02/20] kasan: move kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:11 +0100 Message-Id: <8bf615539d11dba005e01a65267be1c0298887bc.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Stat-Signature: inmjaz8bizjp1frpgc834x4n4cincyf1 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 74F0F120015 X-HE-Tag: 1699301436-192287 X-HE-Meta: U2FsdGVkX1/9JSad54dvDA5lNAxuLpaiMVsry21cR/J6H4/YAa0OsbIyRRCUfeebKQ+UFMTUNkV1jYEW1D4s9StG6wleOcX4n39aC0VrVT6WBd5dIxlo41HsiEmIBp/+vX7PptIjF7H7S5SjopT1ARu8PBAJ0Ha4gBJrqXHEjQYvTLwG+TwtUAr37s2BtNGMJ52PYnDR3RjU9L4Ex12p+9SmTWtWKR8B8noto6GDfWEUsgKpMmmfxxcCdbnDkOTNaSztj4hfyt6w/kzQSAi4tcPlxR3jjRzOCP8JJSOvpJbN8fLEeME4jymV1xDooUsa9EWKez/7Zy281apBR89ujGNDQFQlbm5EwWMnJNqLiUqVNZ10sI4DfzgmACUOh91nNm9TCOtE/81RlBEmaCLkrW1X/EIZyTZY9UEiW6S0FTOqhV40ydiLm9XDoUZSZRw/wj5TH+zNOCWMFNuZ0VPmgLPo9HA7O45a4cPqWa5t/PVHx6iyqyBCG6e5e2tKfyeVMG7JED2HLFc1h9L4U+/mX+ZdkTOrgEF2Dx7k085qq3mpED4a/s4ItMw5a2JULc9Bp6QC9YN7en/wHxx54i5sUp+CPnMU9gPM8jAOEidPcEax8po0EJUjxrwHrkqrX2xdoFGnZnKNNtBe2wTwmuEfQvONdZLlonOh2cTu6vv4FAmb8UwQQsEXOZXwO/2zlBMID/5FEtbjvOD2huHFMSfLuBXzqK0E9thxS/BuTvnOQb2X059LEiEq0U6ok2NBzBkBtM9tkkXulu2ZSSaxcukjmnFAL9S5LudugdVV8MobC9csmHtsqfdERar9KM3cSeIWItjv87NMCafGz6BUEIXHD65e+GdkZ1sozYWHH2yImaVx1u6qgSNiDgBjvAstMgKvvPK5QRHAFGaDCLyr6FZa7EFmJvNZAcmykvRvJvd2mztpEM+0sHq7hizCM/E3YMF9ZbkQqalcp1dSHR4xfFc 8CdStZIF pf8U7ZTW7yFYT6x/GUvtDwWQCA6AVvmaKoSVzC2qbtm0nWuWVAuxrFIiib4EmkQMJSsUArpEePr0rAjAhh/4zT8P1sta4tAcAmzL3ynaRpshQ24TJxil4o81SHAgHRQVPn4MTt5P7236srAyBAoGo3c2zKiG9C9Yao5+0bypDOzG8fvNfvcFABHwRPpSZ8K6G7ZxyiB1tc5woE5QsBqRX6dKdcQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Move kasan_mempool_poison_object after all slab-related KASAN hooks. This is a preparatory change for the following patches in this series. No functional changes. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 16 +++++++-------- mm/kasan/common.c | 46 +++++++++++++++++++++---------------------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 6310435f528b..0d1f925c136d 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -172,13 +172,6 @@ static __always_inline void kasan_kfree_large(void *ptr) __kasan_kfree_large(ptr, _RET_IP_); } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip); -static __always_inline void kasan_mempool_poison_object(void *ptr) -{ - if (kasan_enabled()) - __kasan_mempool_poison_object(ptr, _RET_IP_); -} - void * __must_check __kasan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags, bool init); static __always_inline void * __must_check kasan_slab_alloc( @@ -219,6 +212,13 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, return (void *)object; } +void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +static __always_inline void kasan_mempool_poison_object(void *ptr) +{ + if (kasan_enabled()) + __kasan_mempool_poison_object(ptr, _RET_IP_); +} + /* * Unlike kasan_check_read/write(), kasan_check_byte() is performed even for * the hardware tag-based mode that doesn't rely on compiler instrumentation. @@ -256,7 +256,6 @@ static inline bool kasan_slab_free(struct kmem_cache *s, void *object, bool init return false; } static inline void kasan_kfree_large(void *ptr) {} -static inline void kasan_mempool_poison_object(void *ptr) {} static inline void *kasan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags, bool init) { @@ -276,6 +275,7 @@ static inline void *kasan_krealloc(const void *object, size_t new_size, { return (void *)object; } +static inline void kasan_mempool_poison_object(void *ptr) {} static inline bool kasan_check_byte(const void *address) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index e42d6f349ae2..69f4c66f0da3 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -272,29 +272,6 @@ void __kasan_kfree_large(void *ptr, unsigned long ip) ____kasan_kfree_large(ptr, ip); } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip) -{ - struct folio *folio; - - folio = virt_to_folio(ptr); - - /* - * Even though this function is only called for kmem_cache_alloc and - * kmalloc backed mempool allocations, those allocations can still be - * !PageSlab() when the size provided to kmalloc is larger than - * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. - */ - if (unlikely(!folio_test_slab(folio))) { - if (____kasan_kfree_large(ptr, ip)) - return; - kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); - } else { - struct slab *slab = folio_slab(folio); - - ____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); - } -} - void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, void *object, gfp_t flags, bool init) { @@ -442,6 +419,29 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag return ____kasan_kmalloc(slab->slab_cache, object, size, flags); } +void __kasan_mempool_poison_object(void *ptr, unsigned long ip) +{ + struct folio *folio; + + folio = virt_to_folio(ptr); + + /* + * Even though this function is only called for kmem_cache_alloc and + * kmalloc backed mempool allocations, those allocations can still be + * !PageSlab() when the size provided to kmalloc is larger than + * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. + */ + if (unlikely(!folio_test_slab(folio))) { + if (____kasan_kfree_large(ptr, ip)) + return; + kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); + } else { + struct slab *slab = folio_slab(folio); + + ____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); + } +} + bool __kasan_check_byte(const void *address, unsigned long ip) { if (!kasan_byte_accessible(address)) { From patchwork Mon Nov 6 20:10:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447417 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79F46C0018A for ; Mon, 6 Nov 2023 20:10:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 37AC36B0289; Mon, 6 Nov 2023 15:10:39 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 327466B028C; Mon, 6 Nov 2023 15:10:39 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1C7B96B028A; Mon, 6 Nov 2023 15:10:39 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 0D8476B0288 for ; Mon, 6 Nov 2023 15:10:39 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id DE8E31606C6 for ; Mon, 6 Nov 2023 20:10:38 +0000 (UTC) X-FDA: 81428622156.23.D2D55EA Received: from out-178.mta1.migadu.com (out-178.mta1.migadu.com [95.215.58.178]) by imf24.hostedemail.com (Postfix) with ESMTP id 1CF7518001B for ; Mon, 6 Nov 2023 20:10:36 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Z07E7O2S; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf24.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.178 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301437; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nDVhwjjwJnVTlqgIL3b0i6xOOMbmQ8bjgeF5HzBvdls=; b=FtoSnYNq9sXSX/Z2G1UgfyMGIwDmxnpYAMKP7uEOSPVWhFdUdwZrinYWu4TFWUOQwnS0o9 H4mXQSxgVKbMnhT0ZnsM1H34cHjoBqyZcPnPmn5TuhG8g4CG/4NTSKpFTD17hSUQ/yW42z sWIMAr5qSzSMrxIgOPs52rTVMQgUO6o= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Z07E7O2S; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf24.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.178 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301437; a=rsa-sha256; cv=none; b=aEo7lxfO2dF6xVUsPB6AY4Yvi9Cw2sTKGGtk1Djrc8DDk2JTTwzqfgoK3jPFKww+OGjxHd 2V/UtKFJLSgrbydz6vv5YSNyd1dZsndK2b1+qOzQ7M/n/cxTrKvjAXYnTWTR4inxJXkOPN iaYW7PpQU2zyKfL1WqVmDYiQKHrdMO8= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nDVhwjjwJnVTlqgIL3b0i6xOOMbmQ8bjgeF5HzBvdls=; b=Z07E7O2SjDMyBRw/gSN9ci3NIZpunAPyyaCA7cmKpuMNMpB9/xhAR5qE7hyZk1t7jX+DKx 14Ptj42a2mWVBNIixSLaxs56Zs4E+ThuwbFOTv55BULKHRjR18asj8U8MJh/Z0FNeXZws6 6EI38tuAtGntOeBhrd01a+m6ax6bdrc= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 03/20] kasan: document kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:12 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 1CF7518001B X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: dwre6ms1eswnp3pe39chqgbzut3hyytk X-HE-Tag: 1699301436-202346 X-HE-Meta: U2FsdGVkX1+FOX9nMhp7WvTPjryhefzjbJ5uOfboneV9c0SAM9ssVW+SZVX+03BTbnEH1J7cSSWxy8FQjzLDlyhD3bkFFo9yw7jTOBYbLAibRayNwmZuOcCSUkd8qH52YD2O93FRjCqcclSs/HQ7wQRdM8C2eZ3guukgQJr49s58jWpfAwtdR0LHuGZo9UZ1VMJmL8qEAOOvgctclQ8b95d5EEGN5o9mX5vyJJAaz0MyUZtQdV5BWGR9sTNdmg80rhJ9crllFm2Qel2klPKNQK0yw/xVGi2m8sPkZruRLCB0gVt+xrxMZjgKk+0vLevp2ju/hK4UNj76DiyhgZuVhkHFPizYheOn0kAZ0mk7fXsa3eWcsbCWJGIqk8w5M0cwC25Y7IGLbDwQgLZiHld3eImIeFM7LBhbiiTT/IEwM9W0tTyi8UnJDuSAqMCcV24NYy4XZNhq8xw5NZqNPi/T+CJGMt5lIqNTNA5ehVx4diLjlU0R3Y7JVWhlfVyRe75C2ixPFirkEuWYGqp2STPuNLkO4oslO6hA0+Y0acxYn5gUPQa3hKfnPbfzk+JQkRwAxeOsxHovvFb3Vtot+PiksJ8fUtch8cc/wU+B1jBotScGYzJWBzbxZxxrS+ZOP5QOPGiUCO3wJogDP9G3Kw1JwrMN54dT8GfUbW4wOYKDlXD4VBY7u2jZyi2ZeC5REg6MI7msNhrQLQU1fiY/DyVQzSVEdIL8a5Or3Em+L0L1kq0ufwXwdtoopNYuFWx1NfcIOxwPoeRqdaClgw/4E5npC2EJJ+REDYIUZ7wKwPU3ozuDihgaImCWvgJTsY2rJovj2MR6jF7ca6/QqtIfBvj84Uc4/ybBm6KmfZ0f6wBAkSM0YWAlo3YlX1OvY3kEtwUnlrPosLcrw0s9Qnm4vUuJGkw6tNZaTS5JlKPDUyZv9uKLez18HgW/I1pirD+8AH5RzOI6ElBEIUHvcIInjvQ hOFmK1fU m35ktUF8sMoatvCJoiIhJESWbHgm/Bxr5WwBdjaloRdhqR+JJLhjkVNjqQs/Byhgt/caLZ6+wOq9qdszdCADI1hyhWqwyra2FnViEKE4Oojh7urUTTi+WWV3CoCNRhtCLUg5kY1heoYv3F5sJY0GydtgH1rpLiq4WAyWAGzP9o7Mmps+KnRAahwsj79/5DcE4CVId6+BIXaIfoD//YEZx5cXmPQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Add documentation comment for kasan_mempool_poison_object. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 0d1f925c136d..bbf6e2fa4ffd 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -213,6 +213,24 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, } void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +/** + * kasan_mempool_poison_object - Check and poison a mempool slab allocation. + * @ptr: Pointer to the slab allocation. + * + * This function is intended for kernel subsystems that cache slab allocations + * to reuse them instead of freeing them back to the slab allocator (e.g. + * mempool). + * + * This function poisons a slab allocation without initializing its memory and + * without putting it into the quarantine (for the Generic mode). + * + * This function also performs checks to detect double-free and invalid-free + * bugs and reports them. + * + * This function operates on all slab allocations including large kmalloc + * allocations (the ones returned by kmalloc_large() or by kmalloc() with the + * size > KMALLOC_MAX_SIZE). + */ static __always_inline void kasan_mempool_poison_object(void *ptr) { if (kasan_enabled()) From patchwork Mon Nov 6 20:10:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447419 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CB1DC4167D for ; Mon, 6 Nov 2023 20:10:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 32A246B028C; Mon, 6 Nov 2023 15:10:40 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2D8236B028F; Mon, 6 Nov 2023 15:10:40 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 12CE86B028E; Mon, 6 Nov 2023 15:10:40 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 016136B028A for ; Mon, 6 Nov 2023 15:10:39 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id CC1281CB464 for ; Mon, 6 Nov 2023 20:10:39 +0000 (UTC) X-FDA: 81428622198.10.B525C84 Received: from out-174.mta1.migadu.com (out-174.mta1.migadu.com [95.215.58.174]) by imf01.hostedemail.com (Postfix) with ESMTP id 78CF240015 for ; Mon, 6 Nov 2023 20:10:37 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=mSKMvKXc; spf=pass (imf01.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.174 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301437; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Hi9wxEG5hyOM24yVF5pvgyGm+UDfsaiMZW2KqzysWxs=; b=zPzZno7LehiRi2M1rcZWRlV2d6udJpvKcrERnfWH66hyoJTHueVTYzazcqOIbel3o+Z8aw fpiI5+Fe9kF+oakvnQHBIf05hsLdmckuyD1+y+DWvNJZibxKeWA4x0L63EHGxfeSYjeGxW tk23ly5yX4cL4iwXRDLr5Xd6xsCZS1w= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301437; a=rsa-sha256; cv=none; b=Udis7VZ1w99vWSl5lyhCkyoG05g28+Y3oTfm16DRiHL647p8RmwwA3b1yig5bnKS7I8z1C OGvXJMpG20R6YR7b9rnhSfBUS8x3ktKHShL42VOMiORBayThmrp2rgqEteZ9+xbvjU0UBp grFae/fjvaMQ48QXzAj/AbfW8s2DyKY= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=mSKMvKXc; spf=pass (imf01.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.174 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hi9wxEG5hyOM24yVF5pvgyGm+UDfsaiMZW2KqzysWxs=; b=mSKMvKXcLKjjTcyMkClrC36gOqKSe1PvNKyag40bJ4xtUzbPDJFYH5kFaBHKeVRgaBbWYV GIZXX51aID/GYcIpaL4fQ+N0sAMZRrmnx9/AYcnXe7Vz4JkkXEyYOmwLRJOMKQdsT311zO FHVzZWec6HA/wWLZY3SvOuHIPVsbkv8= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 04/20] kasan: add return value for kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:13 +0100 Message-Id: <673406599a04fc9ea0111dac01ae9c84f9a01524.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Stat-Signature: 19mxggu5khjz9hu3btwkw9anzq7kz6nc X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 78CF240015 X-Rspam-User: X-HE-Tag: 1699301437-264862 X-HE-Meta: U2FsdGVkX1+aXI69RTmgWMPG6qnGw9Sv175Po61zKw2VZxS0vAQ/ZPrRNK4eEXp8HjpDJ52BZose+QxKre3g7fWsKw8drtL4Qm/D43uK6k0hobbEC0RmG4TD2ulg9AijU5dpsGCqmN1C/tAh6lNW1hWKIIiZdcd40SUOmqoZ+UZMcLEV5qThe+9tjSiH3DvpQTq4khD+wK0mqAb3iIkExYbR+t+V0P6rh3XBOdgnDgIIQV0wwMqVONJHHD4X5Iafr7VvZ6+9eGUGJNfrVW9KOY6QmMFeUQiwkZRtr5LE+/I7yq5nBpRjjWoipfubiAZ7ZryDoODBiqjy/Z0BtOQYZ0kzNHq6dwjJ721ff9QX0QTkimv9mOeA1K0yVuRV7mFmHiOMvXVty7Ugu550lBPU5CqBVnaBAdth1n/ud5KphANV34nGSHS1jDkGjIsaBikRfIP0sJ2HcRFVg9i7+HcpiZZZ29k52NBBH8yDk/jVTrQ/WsX0W2dWaSxbNfAslQqfdE5MO7aUmEo7kpW+gi3PXT2nI/XpE4I7M8NwB1BjnwA6g2/+xM5EKrO+3TsCWQGlloYFPTP4Vq8S7pqazgp+2y0bOhzKnyMpRGtyTQEvb4RlwfEZltduoQf+bqb0K/NBxHPEqAg5MpSBUMrHZTfuK+7iUW1NBVcJywHA1/k7DqDsEYeb8CFGU3Bq64L3KEdWH2WJwmv8d/7o5Fwxe4scG4L1wCU7WhdjxQZv1rvaAvpJzBuD4yf1WjlLkT/st1aGFpWqBsJhEtgL1n2aLdUynaUQDAgUwb7T9sZNXJRKUvMqLNirQMqtZ1fi05CTcaJuLBkqd+b+dmhtHMyj1MvVdYDq9Bpe5l3IwLXfyzZMDFPqnk8iMKT0x6Nzg47AWDZXaYu2LvK0P8ibprLBOc1rsUDG3GP7Zd1mRoE0+Uc8QQGhuoB2zP0+grAFjH9opFGeM5lVRZFct69322y0Xs/ iGDemF+w Wd4Lh8W23+ME4zmMVUHSXD0AfDLdCrqtenm/I1J5hGDankRs3Q+rXjuwNEMsJoL4CBa4xa+2THu369+9dhxjdgh/Y46m3rrYKCZCgJytPD21MgvLy3L/CBpkTxYo/MtnR/DxQXtmN4Pvur7qaw9L2Y0PHr7Bxet+cRW4XFQCssh1kE68QhlxfZpxTAnTMEj44ljTi/ZPGzU9EC7zatquxzA+IFg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Add a return value for kasan_mempool_poison_object that lets the caller know whether the allocation is affected by a double-free or an invalid-free bug. The caller can use this return value to stop operating on the object. Also introduce a check_page_allocation helper function to improve the code readability. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 17 ++++++++++++----- mm/kasan/common.c | 21 ++++++++++----------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index bbf6e2fa4ffd..33387e254caa 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -212,7 +212,7 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, return (void *)object; } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); /** * kasan_mempool_poison_object - Check and poison a mempool slab allocation. * @ptr: Pointer to the slab allocation. @@ -225,16 +225,20 @@ void __kasan_mempool_poison_object(void *ptr, unsigned long ip); * without putting it into the quarantine (for the Generic mode). * * This function also performs checks to detect double-free and invalid-free - * bugs and reports them. + * bugs and reports them. The caller can use the return value of this function + * to find out if the allocation is buggy. * * This function operates on all slab allocations including large kmalloc * allocations (the ones returned by kmalloc_large() or by kmalloc() with the * size > KMALLOC_MAX_SIZE). + * + * Return: true if the allocation can be safely reused; false otherwise. */ -static __always_inline void kasan_mempool_poison_object(void *ptr) +static __always_inline bool kasan_mempool_poison_object(void *ptr) { if (kasan_enabled()) - __kasan_mempool_poison_object(ptr, _RET_IP_); + return __kasan_mempool_poison_object(ptr, _RET_IP_); + return true; } /* @@ -293,7 +297,10 @@ static inline void *kasan_krealloc(const void *object, size_t new_size, { return (void *)object; } -static inline void kasan_mempool_poison_object(void *ptr) {} +static inline bool kasan_mempool_poison_object(void *ptr) +{ + return true; +} static inline bool kasan_check_byte(const void *address) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 69f4c66f0da3..087f93629132 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -244,7 +244,7 @@ bool __kasan_slab_free(struct kmem_cache *cache, void *object, return ____kasan_slab_free(cache, object, ip, true, init); } -static inline bool ____kasan_kfree_large(void *ptr, unsigned long ip) +static inline bool check_page_allocation(void *ptr, unsigned long ip) { if (!kasan_arch_is_ready()) return false; @@ -259,17 +259,14 @@ static inline bool ____kasan_kfree_large(void *ptr, unsigned long ip) return true; } - /* - * The object will be poisoned by kasan_poison_pages() or - * kasan_mempool_poison_object(). - */ - return false; } void __kasan_kfree_large(void *ptr, unsigned long ip) { - ____kasan_kfree_large(ptr, ip); + check_page_allocation(ptr, ip); + + /* The object will be poisoned by kasan_poison_pages(). */ } void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, @@ -419,7 +416,7 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag return ____kasan_kmalloc(slab->slab_cache, object, size, flags); } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip) +bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) { struct folio *folio; @@ -432,13 +429,15 @@ void __kasan_mempool_poison_object(void *ptr, unsigned long ip) * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. */ if (unlikely(!folio_test_slab(folio))) { - if (____kasan_kfree_large(ptr, ip)) - return; + if (check_page_allocation(ptr, ip)) + return false; kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); + return true; } else { struct slab *slab = folio_slab(folio); - ____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); + return !____kasan_slab_free(slab->slab_cache, ptr, ip, + false, false); } } From patchwork Mon Nov 6 20:10:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447420 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2E71C001B2 for ; Mon, 6 Nov 2023 20:10:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 612DC6B028A; Mon, 6 Nov 2023 15:10:40 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4FBD86B028E; Mon, 6 Nov 2023 15:10:40 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3266D6B028A; Mon, 6 Nov 2023 15:10:40 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 0C5B76B028C for ; Mon, 6 Nov 2023 15:10:40 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id E0A231CB46F for ; Mon, 6 Nov 2023 20:10:39 +0000 (UTC) X-FDA: 81428622198.09.8FF7E25 Received: from out-172.mta1.migadu.com (out-172.mta1.migadu.com [95.215.58.172]) by imf30.hostedemail.com (Postfix) with ESMTP id 2DE1A80029 for ; Mon, 6 Nov 2023 20:10:37 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=IRiR9duy; spf=pass (imf30.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.172 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301438; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VrpDyLzZeYtu1H7+z0aR/HPyxv+dwo0N2+jHNRcNovg=; b=ilWz3pScsFtKTra7y6v3bpxQlUgDjIwk4P284EZmvQQku4OJhlzDF9PIfl/XOHpO1r+mNy 0NtaWrJ+waqt23iCXtGoheS3lRnPPN8Fj+i9ty/vQ8G5PMh4L0BrgkZFbO18GRZ2kYsQiu JDwFRXm0rQrGaax7QKBmJvlrs2JbfrU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301438; a=rsa-sha256; cv=none; b=Ez3gNNZX6I0pR5YqdSkLA3u8tqLWCFDo3QtfyNHqTQ0VruNqolYOHm0cvxmDjhtFKh5wVb +seqZQgdFvtQ35Ne18CECbywpCBYLQedrQSlehDbnPnTqxYfpz2DzrmhjBvCpUO2iiyRIP hjw4qt+u3qZneO3RS2w2K4W4u5cRfHg= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=IRiR9duy; spf=pass (imf30.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.172 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VrpDyLzZeYtu1H7+z0aR/HPyxv+dwo0N2+jHNRcNovg=; b=IRiR9duyySKTYMlcSCduunnoFku2ROSf7vVls3D3d5l3t64Tp6PJw5Tzev1W2QXnSS/iWi scQl4qOULKDYkIq8kuBLwHryMfjiAPS/Y+ufLRnA9LEHL20nZi55MDGuAm5yVuXtUNIc/i InULrYEGV1Mdxdx3Gw/YrKrgNHW65dM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 05/20] kasan: introduce kasan_mempool_unpoison_object Date: Mon, 6 Nov 2023 21:10:14 +0100 Message-Id: <6b096bcf531f457b13959ea99b1e270b96d5ca34.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 2DE1A80029 X-Rspam-User: X-Stat-Signature: mxr9ddff7n3bhu5s4sk9cfwf4h33sbmm X-Rspamd-Server: rspam03 X-HE-Tag: 1699301437-479020 X-HE-Meta: U2FsdGVkX19aaGMpGOMbqfn+6iH9+LyRB8mtJCEWHCJhUW/8u52oHt8J7T/IsdwVhDi9R+99xHGaIGcT74hP21R5BF3k537ILKi9KvX4qS32EZ9G57esPsqwZxCC2USuGW8sGDgTUo9ObaCVGDemsQUVgz4oq5sNacpW8WblG0R3/+DVYuNjXH7x0Wnh7OLQw6887ffBJgYEEWbR2q6zXPnHb8FWFot9rBQo0yUt/fqUT/KBpv7OUJFCA3N+33wCyPlHJJMH+LnjCYiJjBLuGHfVqVizbNyokaXbhpBFo/JK1DO33R376bPbqcfgqzfl7hBVq24aaX1e6tkEV6qjquriGBslU1NW7A6MjRJvUmnWBRhdngctakYbKGxrYm63nlln9qz1QhkWMlEyftCDi3HrqSXAl+rZ95qRJa/1POWRIHWP+SXJ+rRNVC1uvCr/myzUPDW7PAZRFkUSaqsImMM5WYgZ5Yz6HpnoTM3jZYgzl+eFhAM7oWLx1G+MBZznXfevJl1iI1bunMbgL4y+Oe9JbTI+MZ2os+KAOwIGxfqXLbrPq8ie1IJWPbOtgwHhKKoZBEPSoN7LruEYXfrDktvh26LRu3GJS057hPtG+iWLMVRUacCh4aBIu+WrFqoeiFKuZlWFz3/y3Lzq/1CEHQ0C0PNp4eyx84o7fYhuLAiQs270xVRKSHEDkRiVXY2TqFnuAZF+xl1LYyOGzGoJk0Cxa2gYtnWyzzW5+5NLlPx8FYMcXFimDqD54FYKoVS18u5iVrCdcX4c9PPeOPYI1BH2Hh6uC1jMJWtjS8oKc9zYyxBd6tn/qtvwEyysJe61TywbjyMCdkOaAnlOW0Y24zqsNw3MgsSlzWDqcvJjatx7VDWu+qQHSVjcwPSXWBFxkQVg86KgIzUCT2Vezdr8EsfY53ctfW62ZXsG1+CqFNBWcU3ipWN8YeJKptGYkkJWkmU927Eq1mfxvEiWTtJ FdFk5clP hUA9snqT0EHAp08oYaQbTTPvagMH+12pL3Rezd747pA0AILz0DSmfDIkeiQcTO6hXWwUR2OFo0gs0xScVmD2kVEJIsdaRUtNh0n0doF+B6ZOpgwJInoVRL0AhgQW85E7bV/kSUFpZEtHW0ui74iVkAqEPwawwbDTQPgeu022KbzSSkAAT6ey2Mgt9Ky9wsQJKcvZdT/BTcex46nE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Introduce and document a kasan_mempool_unpoison_object hook. This hook serves as a replacement for the generic kasan_unpoison_range that the mempool code relies on right now. mempool will be updated to use the new hook in one of the following patches. For now, define the new hook to be identical to kasan_unpoison_range. One of the following patches will update it to add stack trace collection. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 31 +++++++++++++++++++++++++++++++ mm/kasan/common.c | 5 +++++ 2 files changed, 36 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 33387e254caa..c5fe303bc1c2 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -228,6 +228,9 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); * bugs and reports them. The caller can use the return value of this function * to find out if the allocation is buggy. * + * Before the poisoned allocation can be reused, it must be unpoisoned via + * kasan_mempool_unpoison_object(). + * * This function operates on all slab allocations including large kmalloc * allocations (the ones returned by kmalloc_large() or by kmalloc() with the * size > KMALLOC_MAX_SIZE). @@ -241,6 +244,32 @@ static __always_inline bool kasan_mempool_poison_object(void *ptr) return true; } +void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip); +/** + * kasan_mempool_unpoison_object - Unpoison a mempool slab allocation. + * @ptr: Pointer to the slab allocation. + * @size: Size to be unpoisoned. + * + * This function is intended for kernel subsystems that cache slab allocations + * to reuse them instead of freeing them back to the slab allocator (e.g. + * mempool). + * + * This function unpoisons a slab allocation that was previously poisoned via + * kasan_mempool_poison_object() without initializing its memory. For the + * tag-based modes, this function does not assign a new tag to the allocation + * and instead restores the original tags based on the pointer value. + * + * This function operates on all slab allocations including large kmalloc + * allocations (the ones returned by kmalloc_large() or by kmalloc() with the + * size > KMALLOC_MAX_SIZE). + */ +static __always_inline void kasan_mempool_unpoison_object(void *ptr, + size_t size) +{ + if (kasan_enabled()) + __kasan_mempool_unpoison_object(ptr, size, _RET_IP_); +} + /* * Unlike kasan_check_read/write(), kasan_check_byte() is performed even for * the hardware tag-based mode that doesn't rely on compiler instrumentation. @@ -301,6 +330,8 @@ static inline bool kasan_mempool_poison_object(void *ptr) { return true; } +static inline void kasan_mempool_unpoison_object(void *ptr, size_t size) {} + static inline bool kasan_check_byte(const void *address) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 087f93629132..033c860afe51 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -441,6 +441,11 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) } } +void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) +{ + kasan_unpoison(ptr, size, false); +} + bool __kasan_check_byte(const void *address, unsigned long ip) { if (!kasan_byte_accessible(address)) { From patchwork Mon Nov 6 20:10:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447421 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47DB4C4332F for ; Mon, 6 Nov 2023 20:11:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CC5656B0293; Mon, 6 Nov 2023 15:11:42 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C75486B0294; Mon, 6 Nov 2023 15:11:42 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B3E036B0295; Mon, 6 Nov 2023 15:11:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A4E676B0293 for ; Mon, 6 Nov 2023 15:11:42 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 773D91A082A for ; Mon, 6 Nov 2023 20:11:42 +0000 (UTC) X-FDA: 81428624844.19.0BDA1E1 Received: from out-182.mta1.migadu.com (out-182.mta1.migadu.com [95.215.58.182]) by imf22.hostedemail.com (Postfix) with ESMTP id 50810C0009 for ; Mon, 6 Nov 2023 20:11:39 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=whzKutAZ; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf22.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.182 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301500; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wOW8bM5LUt0/83cpSlqfBj0DKQkCrWZjISfEAI+z8F8=; b=TPux2FST/Cmq8p92XbXEG4URkTC3os638pEoCgIQQMtZZ8crzbZjIvS/AwXqHaxVBi4SbM B+YaIU205RTaKej+OxSl7vQjaO7ysrdSzI7NEbz1UbQsDC5JSKkgtqTinVxLxt4EEBFTXF 9q/bHExfMhm/Ewm3R23b9mtyo0JCMLk= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=whzKutAZ; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf22.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.182 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301500; a=rsa-sha256; cv=none; b=g3Bt1sPg85P8OldOe7D+qP9XamWqiGmmw5NYEcBZIguv8GDGxRYpju61LY8ijP+J/1JHq8 Hr/KM+KlXbX9F/qomPzmIbcYJj0j6LejWV9bUyvzCBG4fL7vB7pPQpNmiXrC23igKiw1kQ kfxMfKYT3uNcccjEtI2jAkYZtaR+2Dg= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301498; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wOW8bM5LUt0/83cpSlqfBj0DKQkCrWZjISfEAI+z8F8=; b=whzKutAZQjowRwHa43pazOIwGIr0bQTB71FOqN2VXFxSHeCtofhsbtvlLPo7irVUIhiyw6 pancxW7Jzm82f5iCk4fHMKj/CtH9ujxzi66CbOwDe/5jAaY5Ge9UJvVHW0GX5ta8Tzklfq sce+wX6Wcualha3H+6sfIg6SEBbZJSo= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 06/20] kasan: introduce kasan_mempool_poison_pages Date: Mon, 6 Nov 2023 21:10:15 +0100 Message-Id: <3a377ec3223f9c98f3ac471845e084abe7fd6fe0.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 50810C0009 X-Stat-Signature: q7rmt6nt18q1za11jec3giza7xwtjns1 X-HE-Tag: 1699301499-735759 X-HE-Meta: U2FsdGVkX1+IXroUmCjrDhpYRl+ei+qCd2BphpR0p1Nk2kOgPk5HrZmkOpw1u1VU2EwcXXzzmBdETqz90tOc0EYyN+Jn7Y7iBWgRQ0oaKJ6O2k1/VE9gL/L4Ut5aLg1ekIGHdEyvQiB5HwSHBdzFV2FkLfNBFHkd4xOy/O5AMweuWHm+KHolzpB2vhT8OKqxSj6KpJElGq5fVmg7yh6+/AA4bRmNFDHjjOcT1QkRnatJG05jtDqx3tDoteUpyANjqgDxEkTSxuwX8ifgIboqR5Pwc8bnrl5W7w91AO9BxycZ28CrqF9T2Jd5M4MCIVK/VOOc/XTgxoiEg60Q+Xi2O/EWffPux3M89vcw8mIsfahNkV2127Yy9ZDHWDSdQEHS4+2j9lx0nUK0PmVfQJA8QopPmw0Rh3iYTcxo0bba1kkJ3PzVNaog03lfQKBWQBQWUNuIjvKFe2AJ1B7id4SdYX4qO6+X5JtFQZRDuuOGaaKGEFW+LsF729AgD/EKCsWv+5HXkCK1pqGeVhHA/1Uqi30PtFsUeoldpSxyVHM/5qMDIVPejJOQEYKFGLjW4EHNocle6TF4HntVexu1xTjaqoIKsU6nHhAqq2YJ+Sc389lWuYhlOaJfbSVjrpSTuyxdf/lT68zx+eW/Tm727952BzwHNGqD/FOOOGzlEPj71rU04o4ieuwW7qf1euYWheGDXIxCX8Mmc559XtVEMBBAq0j21qNgTgazCnkLnO+iOLR2nBhuHpMIHerhAnmkPcpZV6nZx73PZSOhb7vZ9tGGzt0oyxYcX3YqCcYM9Z2erdmvNZS6cwx2wd5gJq/ocOia30SMWXcrVeulDtgmqQt4NJqtFtMZ4JGyykYnxb+blWP6oX1izDVFBOvEqxC4VwWXwc+g/13dEw4YQEe2ucWLZ4yyP5mRYj2LNSUki2f+WNolXnyZD5PDxwECuWVOTVrhBQnKis2Sn1ZyGOIEmwn e1sFVPUz wJ4scLdMBf/o/Z+cSKlWk4d1ENK+OA0xgbtBrr/D7pJHLmFEFEs9CGRliQ4PPpMfOtFHHckIutAWiF9wIJSeF0SK2A3NdhT3baq7UNyOi2kKrjyzIC8Yl+VTyAalgkTr0NmRvpmU/wimadiZz5Ah/dAN/zyqKmScrNSW3aPWN01eug0Cp1MSfmaz23Ms+XrWCOZP3tL60QnQwjzquyFMaK2SeAw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Introduce and document a kasan_mempool_poison_pages hook to be used by the mempool code instead of kasan_poison_pages. Compated to kasan_poison_pages, the new hook: 1. For the tag-based modes, skips checking and poisoning allocations that were not tagged due to sampling. 2. Checks for double-free and invalid-free bugs. In the future, kasan_poison_pages can also be updated to handle #2, but this is out-of-scope of this series. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 27 +++++++++++++++++++++++++++ mm/kasan/common.c | 23 +++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index c5fe303bc1c2..de2a695ad34d 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -212,6 +212,29 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, return (void *)object; } +bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, + unsigned long ip); +/** + * kasan_mempool_poison_pages - Check and poison a mempool page allocation. + * @page: Pointer to the page allocation. + * @order: Order of the allocation. + * + * This function is intended for kernel subsystems that cache page allocations + * to reuse them instead of freeing them back to page_alloc (e.g. mempool). + * + * This function is similar to kasan_mempool_poison_object() but operates on + * page allocations. + * + * Return: true if the allocation can be safely reused; false otherwise. + */ +static __always_inline bool kasan_mempool_poison_pages(struct page *page, + unsigned int order) +{ + if (kasan_enabled()) + return __kasan_mempool_poison_pages(page, order, _RET_IP_); + return true; +} + bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); /** * kasan_mempool_poison_object - Check and poison a mempool slab allocation. @@ -326,6 +349,10 @@ static inline void *kasan_krealloc(const void *object, size_t new_size, { return (void *)object; } +static inline bool kasan_mempool_poison_pages(struct page *page, unsigned int order) +{ + return true; +} static inline bool kasan_mempool_poison_object(void *ptr) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 033c860afe51..9ccc78b20cf2 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -416,6 +416,29 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag return ____kasan_kmalloc(slab->slab_cache, object, size, flags); } +bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, + unsigned long ip) +{ + unsigned long *ptr; + + if (unlikely(PageHighMem(page))) + return true; + + /* Bail out if allocation was excluded due to sampling. */ + if (!IS_ENABLED(CONFIG_KASAN_GENERIC) && + page_kasan_tag(page) == KASAN_TAG_KERNEL) + return true; + + ptr = page_address(page); + + if (check_page_allocation(ptr, ip)) + return false; + + kasan_poison(ptr, PAGE_SIZE << order, KASAN_PAGE_FREE, false); + + return true; +} + bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) { struct folio *folio; From patchwork Mon Nov 6 20:10:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447422 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39CF2C4167D for ; Mon, 6 Nov 2023 20:11:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 15CA06B0294; Mon, 6 Nov 2023 15:11:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 10FA06B0295; Mon, 6 Nov 2023 15:11:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EC5186B0297; Mon, 6 Nov 2023 15:11:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id CEB036B0295 for ; Mon, 6 Nov 2023 15:11:42 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id AA508160864 for ; Mon, 6 Nov 2023 20:11:42 +0000 (UTC) X-FDA: 81428624844.11.D6EEFDD Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com [95.215.58.186]) by imf29.hostedemail.com (Postfix) with ESMTP id BC4ED12001B for ; Mon, 6 Nov 2023 20:11:40 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="nqNu/iJt"; spf=pass (imf29.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301500; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Z8UoFAswFgd+L4wk44THWP2F8PtTdf8hA2eur1Xmylc=; b=QsowvAoiBZOf6V9YfJqDvP8Y45BHsW4DpV65Et5iqYmDOU35WSDq2xcs4puXLn5p2OA29n Sqe5qMSYGISuitkyEtTwp/XkQFGMl/VxgTcXpxbMGvcGB9plINYLHxCj7JQbkMV9+ZP9A2 1mQYpI5aWdVew3SVD+CrD7mCHn9Rqq0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301500; a=rsa-sha256; cv=none; b=443wJUhdeevb9+PlgvOT3zGwP4P2GxjYPYxW5uUfRFO+IMkZgCFtJbEgR+8RVRhi7PAOwl M/KDcd0SsdSk6akBPwXuylBV/DSsgtpaJNL//A9uHdWr2gkodpk4HlRt86osNyZ2FZ0hfr IttjdqGXZtNrNjVCy+xai1r8C6fAPOg= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="nqNu/iJt"; spf=pass (imf29.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z8UoFAswFgd+L4wk44THWP2F8PtTdf8hA2eur1Xmylc=; b=nqNu/iJtTBpRGoCOjf1lL74liuMLk3YhpzpUWzj3S+HMg+GQeM+EOVnxft+z4OPpPQbPuS Udqa+ZKx2NChvvQUHxkJu+aUnZoO5Chyi4YdPGofo1DOrNugA3NlPhfyyz2+pR+R6ojuqt 30m2oaGb1ReuPP6HOsDoxxp4rcV7+Ok= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 07/20] kasan: introduce kasan_mempool_unpoison_pages Date: Mon, 6 Nov 2023 21:10:16 +0100 Message-Id: <573ab13b08f2e13d8add349c3a3900bcb7d79680.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: BC4ED12001B X-Rspam-User: X-Stat-Signature: 5xnre8bsp3nfn9ipw8hf6cysqhngta4w X-Rspamd-Server: rspam03 X-HE-Tag: 1699301500-53200 X-HE-Meta: U2FsdGVkX18RJAe5fpqHvvdxI/QKsjExKIMDpJFUyR9uicxqcnaNKqe99SdFLizSFGICgnSMBXXX1wxgJ7yVUVfR4jSTQqs5i+LjBxyyuLt0g/Qs6LZgxdXsTpZqtkmsFNweQOH5CL6laT65tdJn1tESyo/zLZD1GGFrUgNLcalSBo0Zpp6WgJWTf2dpHvdLD3Mub6Y7YAiwh3R6jaR7IguhMpe1ZB4MoDu6L9pvhtoOzyFLl+R+os0tYfC4EGag9skvMwP0cJQ26aEN3EHVnOkTJIa/UySRQwcuhJVXGbogPierEPwy6Kd+qR06QlJb5L935tMP7ZDBpO/sTtAj2v9TyuY7Ip3VJ0AH6pfus/OJ3Yzbq2AlSCBEhbvNH7VgLJ1cP1eSP3hKLLk0q1AZ6pBDpshkBTu4nbOmAJ8fK7VC+j9ae9WicjIe46pVvav2C6dzD6vxNZdDes6svQESeFW/EKwsTVANkh1+a1Vrme20oHakDS30p06aAwODHxCCI3GDR4SBCJqHx2ANstpoN4D7rBjgroNiQ0Iehavhwot9WEcChoEWlGZlFXaoEg0mnoPWJl6V2euNREgeKxqWn6hVCMB+5xUX8TZPmch2zCnCrw1LGBs5ihsnj+9EO4WEpq8qiU8nymoc6isN+r0K70ZjAj5KY6kn5mqvSiAKpU6rS4WD5WJJ72vatTKVcrNoxDPne0oQPncQ48oWJ3oaajw3FgawJotRGtd41on8tOZLosKAa0dOIKx+mSWMWk7KahiNSM4NytQBMDZTEKXL7MP6d/iG5CMAVEZQPpOrzydhXYvpO3P1rLLfozuNuhrnSi1JP71JMYHgwwI8jVyqSz7oUzE9zfy1nlBwWNQhr1+1XRcAnm8fDLeraiH+buUOXLf9ruwDqfnBfSAlHkwm8KWxdNdgKInztvgyhscrDNVAVOSdsiIVHLbxMf/w1j7yyvoP8CLJO6DprVszZKS n8BLNiBh lzn8UGBaSNDv5WZ/z9sngMDIlvbaCISDMBVz3Q/YOgr0pBOJB6WnP/AnnEjo+nsYsbOHJrFY0ILT6F5DwvQ9hDssmrCssJ+U3+WejkORsESgWZUgE/helwZcU9pGCBKl9EjglDg/YTjGDauiPGHUfHkM30q/C+8wVqBl6qkVl06FftexMpICYLrPnItHnU5iM5se0CN/1sWj5UlFed9OGAK72fDgQ8tvtHiij X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Introduce and document a new kasan_mempool_unpoison_pages hook to be used by the mempool code instead of kasan_unpoison_pages. This hook is not functionally different from kasan_unpoison_pages, but using it improves the mempool code readability. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 25 +++++++++++++++++++++++++ mm/kasan/common.c | 6 ++++++ 2 files changed, 31 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index de2a695ad34d..f8ebde384bd7 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -225,6 +225,9 @@ bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, * This function is similar to kasan_mempool_poison_object() but operates on * page allocations. * + * Before the poisoned allocation can be reused, it must be unpoisoned via + * kasan_mempool_unpoison_pages(). + * * Return: true if the allocation can be safely reused; false otherwise. */ static __always_inline bool kasan_mempool_poison_pages(struct page *page, @@ -235,6 +238,27 @@ static __always_inline bool kasan_mempool_poison_pages(struct page *page, return true; } +void __kasan_mempool_unpoison_pages(struct page *page, unsigned int order, + unsigned long ip); +/** + * kasan_mempool_unpoison_pages - Unpoison a mempool page allocation. + * @page: Pointer to the page allocation. + * @order: Order of the allocation. + * + * This function is intended for kernel subsystems that cache page allocations + * to reuse them instead of freeing them back to page_alloc (e.g. mempool). + * + * This function unpoisons a page allocation that was previously poisoned by + * kasan_mempool_poison_pages() without zeroing the allocation's memory. For + * the tag-based modes, this function assigns a new tag to the allocation. + */ +static __always_inline void kasan_mempool_unpoison_pages(struct page *page, + unsigned int order) +{ + if (kasan_enabled()) + __kasan_mempool_unpoison_pages(page, order, _RET_IP_); +} + bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); /** * kasan_mempool_poison_object - Check and poison a mempool slab allocation. @@ -353,6 +377,7 @@ static inline bool kasan_mempool_poison_pages(struct page *page, unsigned int or { return true; } +static inline void kasan_mempool_unpoison_pages(struct page *page, unsigned int order) {} static inline bool kasan_mempool_poison_object(void *ptr) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 9ccc78b20cf2..6283f0206ef6 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -439,6 +439,12 @@ bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, return true; } +void __kasan_mempool_unpoison_pages(struct page *page, unsigned int order, + unsigned long ip) +{ + __kasan_unpoison_pages(page, order, false); +} + bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) { struct folio *folio; From patchwork Mon Nov 6 20:10:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447424 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 957D0C4167B for ; Mon, 6 Nov 2023 20:11:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7E60F6B0296; Mon, 6 Nov 2023 15:11:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 770696B0297; Mon, 6 Nov 2023 15:11:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5CBA46B029A; Mon, 6 Nov 2023 15:11:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 4A0FA6B0297 for ; Mon, 6 Nov 2023 15:11:44 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 14E0F140942 for ; Mon, 6 Nov 2023 20:11:44 +0000 (UTC) X-FDA: 81428624928.26.329333C Received: from out-188.mta1.migadu.com (out-188.mta1.migadu.com [95.215.58.188]) by imf12.hostedemail.com (Postfix) with ESMTP id 5766940006 for ; Mon, 6 Nov 2023 20:11:41 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=vvDAFFN6; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf12.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.188 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301501; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XVuFmnWl7Ai+GOwJv1yuDcJd9SrRUciNhjDptmGZnZI=; b=VVFyi+imOwDDLV2fJoJftz5YZg2w9CW4ydhQJVBAtH17R7RJ5lIh34KFO+J6h+FiASp+YM fxyyHyAjIdt7PMP1YdCa6BSey/TQd9ojBt+FyfvD3Y/DIpD+MhIAmZVLJT1FrcTX6GADL1 cvkzMYjdyGtfTAm8mmldaLe87JBeLxw= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=vvDAFFN6; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf12.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.188 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301501; a=rsa-sha256; cv=none; b=4XrpTH8i+hrtIAfT0RTx3vxo2NJgh2RtMDynyfwVVxKQzEYh2pbANY78JEJ/Ux2/by2y8D Ov9wQhjvFfCxIumgifo6dw82lzojkXq2ZIYy73JS1ULRR3ttVUk9h69Z32h63ywGKdzQzh ui0iPW2hE1cgC6xhLlQzWP10y6OF9+M= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XVuFmnWl7Ai+GOwJv1yuDcJd9SrRUciNhjDptmGZnZI=; b=vvDAFFN6FcYKWYAGx5sCoYZo2aE996ZHT27ORsBGzAXwAllc9a/mweQGGLH+tNqC9ukgoo kfT6X1bqAgw8fHV/cuj8owqV2YMiINk9I1HHRRwNCkZiOyFphUoExea/Wc88Wdh/Xw3yFD ieHf70kObAwysIDH+u5fgJoaxYfbcAM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 08/20] kasan: clean up __kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:17 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 5766940006 X-Stat-Signature: wdu96chniiyyghk5icga57mri8iphtnx X-Rspam-User: X-HE-Tag: 1699301501-131148 X-HE-Meta: U2FsdGVkX19qRcUdRSVjIaKG4PLJ96lVEenZNyc4COCq5Zu9W7GmfQGwoFmc+UkpzZnBiexRNRdFkpVwghJKm50YNC+ltBFm1+5TZPZ5bGRxvzMTUvD+O1dSX9GkZVPoDD2Bwi4erwBmwXM/xd+HRh9eDvOge5wHzs4dUUVssTqtmR/dpvRE/N11hP9ot/rSSDf+48slVlCLOp3NhBy4ACfzWATxv9HlwsgPPWPOt0aJ9SfJpF6ZGz6SGaYJy1u5EEQgsFJr+3J/9Y19Vvcj6CChS4cA4bNpzkElrDyVsZ8v42uujz6zxg2/MMYYdWQQira78LiaYvhQ/KtSMfT3NIo3vB0SkGQWris6Mxvq5+6IXIo4HmsELCI2cpwZVqwvBT02VTddqyTLpMlYp9fGWDrehHRLWMcIGjudplesaxHXlcV8ajJK5IAvgSHbGcIubbNK9KlE9LRqMLfv/mgvGpum4xCxWYOf3smyVWzcNaN2jBRb6SoWNdNmwVDXYVrTmOso2AzOz+gglc95ddpR3R7v+ZSBk8gBtIwiSmK7GsZsU3+dNZIUIsZZYMVyBKDk96+jD4K+lp/S9RyBcJWhgSCsO4ZJbMykSHQL9aigosfnUb/0wgIdtq75ELCoD9HbMP1DYANkiSOk/oBSXi7cmbUtAoHtWVBWt370YqagaUJYBhCXdxsfiFoNSSpPXervYdJvIcfdRP7DfWL89ltQlTHcOZdnGo1UYavvVKxhiEmxJloIFMh+bABpHnr3g2PpJANe4ifmvETOVVYJxbpINzvNaHsqzPM9VbOOlivN+Bobgv0et4rS+B/uGnA97Dootktf1E8hk1vgB/yW9GSJsbErPTfeb5xrtxewAYKuUyLBgfK8TsmGarYm8f5Qrx0nXfUXzYHwWCbiL9kCQNT98udr5cnV7OHEz4UAWzFZrYd5oleSYsLSDlW6w9KSR29YBBbvIdDKSIZd6hnP+kd L4/1jSuo CLLbGp9M+b7cv3AGY6RtdBNSH+rO+JtEOLkEYDExxOvAxGIuL6AzbXli4GdbYhAwCf7njzJUV9SMI7gRFM+1rcLnNM6a2JWk1RhY0cfmRNcCn8054sUtkq1yBIiIyGFQiU8hvXNspZpTKSlMYcVcOc37Bjef27hVLGFAfIYKA0IP6fLi3Bn5sfdocCuCh1VSjkvTOx9RMvcb61uo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Reorganize the code and reword the comment in __kasan_mempool_poison_object to improve the code readability. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 6283f0206ef6..7c28d0a5af2c 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -447,27 +447,22 @@ void __kasan_mempool_unpoison_pages(struct page *page, unsigned int order, bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) { - struct folio *folio; - - folio = virt_to_folio(ptr); + struct folio *folio = virt_to_folio(ptr); + struct slab *slab; /* - * Even though this function is only called for kmem_cache_alloc and - * kmalloc backed mempool allocations, those allocations can still be - * !PageSlab() when the size provided to kmalloc is larger than - * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. + * This function can be called for large kmalloc allocation that get + * their memory from page_alloc. Thus, the folio might not be a slab. */ if (unlikely(!folio_test_slab(folio))) { if (check_page_allocation(ptr, ip)) return false; kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); return true; - } else { - struct slab *slab = folio_slab(folio); - - return !____kasan_slab_free(slab->slab_cache, ptr, ip, - false, false); } + + slab = folio_slab(folio); + return !____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); } void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) From patchwork Mon Nov 6 20:10:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447423 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9F66C4332F for ; Mon, 6 Nov 2023 20:11:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 377526B0295; Mon, 6 Nov 2023 15:11:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 327026B0296; Mon, 6 Nov 2023 15:11:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1A0EA6B0297; Mon, 6 Nov 2023 15:11:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 00FB36B0295 for ; Mon, 6 Nov 2023 15:11:43 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id CC580C08C7 for ; Mon, 6 Nov 2023 20:11:43 +0000 (UTC) X-FDA: 81428624886.02.1C2F2E1 Received: from out-185.mta1.migadu.com (out-185.mta1.migadu.com [95.215.58.185]) by imf27.hostedemail.com (Postfix) with ESMTP id DBFE24001C for ; Mon, 6 Nov 2023 20:11:41 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=uCxP18Kq; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf27.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.185 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301502; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=22d9hHWXVi8zazHV61QMl0VMY5WvMEtggwgAvi4OURE=; b=UbFpyEzDRMwQXRbAXvKv/Q25OQ6h5X96oLj6o8V0VCOrnkMZWPdk4C4TdFVSwZkJBM6rnx Frne1lcLBMOsoSuwwS7gPHwoKqCTvHOMbRolX4FWsxYtfYGK0/84eGL5jWpNC2dZW0OBZ3 QY7npa+JLSRF2wKPpj9/SY2Atqc+x4Q= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=uCxP18Kq; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf27.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.185 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301502; a=rsa-sha256; cv=none; b=QQrvs5ORUpe1UjCB70C8PdWtQq2IJ3fCX92BhRKDty2qro9rByN9WxRNzkXGNiRQoePkyH 6HnUHrx776mUAPrFRlfLll34hVlFcH2kS2mfRuJF9OQqH0RVQ0nF/M6ZU/uEVvLu7QCa0d afZvHtpfcjljfgcylgWsT5Yhg82oqYc= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=22d9hHWXVi8zazHV61QMl0VMY5WvMEtggwgAvi4OURE=; b=uCxP18KqioH8DesdZGPrQhB9iAWKsetIiyp+iZWAll3HfZniU6A5CfSfVvg/YBXwUWgOgp g7au6m059IPietJorP9ETACRyTK+wluf8gUh/M/fKwcPWO9JGxfNf9EdEiOA8l56yCB+on SoSVmK/iZ+6LRI96vDxmC3Xr0mWe7BI= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 09/20] kasan: save free stack traces for slab mempools Date: Mon, 6 Nov 2023 21:10:18 +0100 Message-Id: <52d80b4c1d42b10b6c2c3cba57b628a88cb58e03.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: DBFE24001C X-Stat-Signature: ftwta6poagugi9n78jebho7qowskffb7 X-HE-Tag: 1699301501-515194 X-HE-Meta: U2FsdGVkX1+NU6SUytIbAVSA9MZET5FCgPwuXp6J6qSt7v9Rr9DZgrT8w0DF1wfT7aa+ZGP43MS8f7dyBUmPrRHBFt/578B1hTHtZ2CW5Xgys3PWS/7voJJqTK0oxn1XNp8+Khs5U3THBobwvNSPYqBNl+ry1qhCRlD5kLoCgg0Mvb1WvMkzBGcxSOYNNOKoPQHqYaqADEvpUUY4U3DsiOCbrmOB/7IPk4sQwzHOK9q3wEoQAC/+C2s/irSdEesJwYsWceXJ8QeLofTfAbFWqb4Brz8bfvhNLONOazjVSoOaUD7M6Xs06irytwsOjjS33msjOBg0eyUYmrEjK3cD1v5segwRcoT+6Zuaqo2aY8KXEpuUgHcv6IAzqC9IPPnL+Yse89lOfJgZ6qE/Y2OSVfelq0K8hqa6XGbPTzoB6iHIcO4olV1O7Hxv0okxZlMS7qRGihLGWYNvjYWLTzd7Ts4XwzrvP3v8j3zUg/WHodACaWcs+pgMDwRgXl1JC/li5pJZCVEF8syK2zUA6uCyvWV+eeoz7IDO5nv3Yfx1wt+Uz9ESzSGZ6L6uMeVUESxSuJSaEoevw9ueG/UyPaCshFzpNCj5c6D4XCx7otQA4yoww9z9xbPpOfbjfHbf4j7uDzf8ruxHz6rkmpYKuRV73Y5ofaO3d8CZBS0DwMc/yR5McZBJk3MZDG3Vxl0vd+LMrP2q/EZ0S5uuCEJGZcSO1J38ANX+/BdqRHlYz++y3Jh/1TofBtNJcBnStD44dwJYeVVKhEAcQ61wuYzqWziMibR51ayqlHoS7mn086KEk+Lcs6+fI8xO3sNMFUKRUC2Ai1YXAioe8Ab2h0q2fdG4DR246cNXE4f/q4TCxHLskXj2EA0Kvs2H/z+NxaXQvZG+EbW6rN93bPplZ8JXHpWNK/dY27M4bwLTA7nCAkFNE983pGAvejwH9Mwl3NxbVGSQvDqiQ/DNbJxH5IMe2Ru nxQ9N+xi LZaIv8ZSAfD0otBeDyc+uxyEpnuqf6o72Qce42VqXmNoaNcEhxF77N01f5kfeeM4QP/q+3jaH7xSsriqDwNAoaiSvNsDrpyMf0gbajcujiTcRLpM2LyyRJ/i4cg487zVyXDyV1hwIh2QME8w2Zc4yYKl18VcsslpJJCQrvoch6wFndWs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Make kasan_mempool_poison_object save free stack traces for slab and kmalloc mempools when the object is freed into the mempool. Also simplify and rename ____kasan_slab_free to poison_slab_object and do a few other reability changes. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 5 +++-- mm/kasan/common.c | 20 +++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index f8ebde384bd7..e636a00e26ba 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -268,8 +268,9 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); * to reuse them instead of freeing them back to the slab allocator (e.g. * mempool). * - * This function poisons a slab allocation without initializing its memory and - * without putting it into the quarantine (for the Generic mode). + * This function poisons a slab allocation and saves a free stack trace for it + * without initializing the allocation's memory and without putting it into the + * quarantine (for the Generic mode). * * This function also performs checks to detect double-free and invalid-free * bugs and reports them. The caller can use the return value of this function diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 7c28d0a5af2c..683d0dad32f2 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -197,8 +197,8 @@ void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache, return (void *)object; } -static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *object, - unsigned long ip, bool quarantine, bool init) +static inline bool poison_slab_object(struct kmem_cache *cache, void *object, + unsigned long ip, bool init) { void *tagged_object; @@ -211,13 +211,12 @@ static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *object, if (is_kfence_address(object)) return false; - if (unlikely(nearest_obj(cache, virt_to_slab(object), object) != - object)) { + if (unlikely(nearest_obj(cache, virt_to_slab(object), object) != object)) { kasan_report_invalid_free(tagged_object, ip, KASAN_REPORT_INVALID_FREE); return true; } - /* RCU slabs could be legally used after free within the RCU period */ + /* RCU slabs could be legally used after free within the RCU period. */ if (unlikely(cache->flags & SLAB_TYPESAFE_BY_RCU)) return false; @@ -229,19 +228,18 @@ static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *object, kasan_poison(object, round_up(cache->object_size, KASAN_GRANULE_SIZE), KASAN_SLAB_FREE, init); - if ((IS_ENABLED(CONFIG_KASAN_GENERIC) && !quarantine)) - return false; - if (kasan_stack_collection_enabled()) kasan_save_free_info(cache, tagged_object); - return kasan_quarantine_put(cache, object); + return false; } bool __kasan_slab_free(struct kmem_cache *cache, void *object, unsigned long ip, bool init) { - return ____kasan_slab_free(cache, object, ip, true, init); + bool buggy_object = poison_slab_object(cache, object, ip, init); + + return buggy_object ? true : kasan_quarantine_put(cache, object); } static inline bool check_page_allocation(void *ptr, unsigned long ip) @@ -462,7 +460,7 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) } slab = folio_slab(folio); - return !____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); + return !poison_slab_object(slab->slab_cache, ptr, ip, false); } void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) From patchwork Mon Nov 6 20:10:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447425 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95045C4332F for ; Mon, 6 Nov 2023 20:11:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C52816B0297; Mon, 6 Nov 2023 15:11:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B8C306B0299; Mon, 6 Nov 2023 15:11:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9904C6B029B; Mon, 6 Nov 2023 15:11:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 84A536B0299 for ; Mon, 6 Nov 2023 15:11:44 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 59B6A808E6 for ; Mon, 6 Nov 2023 20:11:44 +0000 (UTC) X-FDA: 81428624928.23.4827860 Received: from out-173.mta1.migadu.com (out-173.mta1.migadu.com [95.215.58.173]) by imf23.hostedemail.com (Postfix) with ESMTP id 728D9140022 for ; Mon, 6 Nov 2023 20:11:42 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=d537NTwR; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf23.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.173 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301502; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mCp2zVxGwC1RwRlWPaWBJT09DIYULTSyRat3kYinLuo=; b=TAEFGKELJxqtOjOKpJT5gLBdoEljNLBMdpSjek4qp4FOmVTquGTyxDabZTk2DfGki/nau9 aHRcA0JGKHx2OwJlXS4hiJo+j8VwnhMMLOEOTXTgwHkvVoBKv5nk8Hxu0660yP9H9zueld vOw4jrWKjuWKM0GebpJhSxdwR65r57Y= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=d537NTwR; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf23.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.173 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301502; a=rsa-sha256; cv=none; b=IZEdWzCvg2PKHttlCfJnHkFBMTbvZ4RxLVgjrhp/ND/OxdffpX4j3vFI3OkrV3Avh+4Af2 M3I29FZBi5osfJlzcX02lVqy4u05MMNwXWxwkVpSF6mk8MAMCExzEU2uqPMuwxfjLNwK3H OLhiG96yuR3RrgX5LkjbFwaiBs5liHk= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mCp2zVxGwC1RwRlWPaWBJT09DIYULTSyRat3kYinLuo=; b=d537NTwRPy7XHKrbuKDfSOCLE08WU2ewkqbATysLDcBjkJxGbnCtGoml9BLyk6/HLbiYso RIWijpSbPsp80ot8o8jmcjVSegnslv45cg4Nvd81jyQ1AX00FXznhsA0/PT1hlWfYlVBc3 NcK/vgYL8Yq2KxPrM8UJdzKMgl1NbA8= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 10/20] kasan: clean up and rename ____kasan_kmalloc Date: Mon, 6 Nov 2023 21:10:19 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Stat-Signature: ajeut5e3iq8zywfh1zef7f9bcwe5tfbp X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 728D9140022 X-HE-Tag: 1699301502-794605 X-HE-Meta: U2FsdGVkX1+Lbn01zQQ4KC8UX3BcFaJTxMuZ1tCWUfY8lb7Tr9nf9eScBk8Pmcux7zBluOUhKQV3/wMYG9K6Sp3m02ySULpQYNO75PAmHx1GWbiVz9iRM/thdEnV/OB6CPz1Dw9jPwupQyQRLl4DgCe9W5KPubzH2HLNbxxIOcucVxuCiApyFiQ7WpOdJhBaLG8cXClM5l3CPuXsPsYHr47ikMsAbjAIY6mdXJ+iyzQ2F/TSOw/VJPDAEzcKtrXcDssabPSMNJkMFNA5j0XVHz1sEv594xXeV0ExIgvqN9gnCz1AMgap7c+eEtRbBGo9Fm32KMCV+mCNaHOEPLYRbHVpNFSjFFwl89OmII/jZ0w0IlYuaq7Jcx7LFSFuua4LmTJUaJuSyBkGw7rqui51AV6y6xLsTwEDEps/v9GqIlS4d/RZwFtfYE5Z53Ns8LaWnuKLEt9z9DhprlTtK6I2P1xGzanpHh4yn/TQEr+eYh25S33yIGu3WjF7BLyaScq3dj6CN6mvflSLFCVHMRwnkyeY1mAqSgXlUGGjPGTSNGC3DlnqZLVHENAyZ4hk7ywjf4fZLWFPEDfmjTGOZAqbmY1Y53uN0p2KdBdqoaQ8aI8SlCgK2TtIXOeIvawzOHBQcCVIX6u2O1nmDnRQRI/LEbqAfKXIpn9yFx6gZQ6JIvH6QM5/v26z4UpaSq4StQNjqw/s/GnHIEiYVtnXXRCdPAtTQudQAr0ZdTKoXDlocz39c7wosjfm6N2pvSfn1LMLjcTSG1q1OMMuMfdbC6PJ1vGXRsDOJbc9HjZz+kzQChXeGG5f1F2x752hpggK6nHrynXRScV4peAilzXrvOuzpigje2TYbDZwAUiLXJDYPd/tfgBjWmWWbE7oLJDAFvLXz8ERm2GKSELezWJmvgfFG467awmCJLs6ZYdxKe45jzNEMzP4k+5HoDivYIOmGcJnEPX6uBYrGYFI4KlLAid XzbVslUw Bz7Wb7d6/mR8GNu06xVWLT3E+PEnWwb39ZX3DVOXsoFCu1njzqp9b7DtNJUgnrZAyO+tfTffQPbIN5i5VoS7n0/cnEbrVxJpvl8wE8TAFtvcwNraANGnI2x74bdrrnKxOOLN5YrYtLDsvBdu3odC9tfjxAVdDWhGaEarmIsAKjB9Fndz64LdcstkNF3ztVyiTw1S9MsiQlRwvUkLT+3KBCxdzGQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Introduce a new poison_kmalloc_redzone helper function that poisons the redzone for kmalloc object. Drop the confusingly named ____kasan_kmalloc function and instead use poison_kmalloc_redzone along with the other required parts of ____kasan_kmalloc in the callers' code. This is a preparatory change for the following patches in this series. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 683d0dad32f2..ceb06d5f169f 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -302,26 +302,12 @@ void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, return tagged_object; } -static inline void *____kasan_kmalloc(struct kmem_cache *cache, +static inline void poison_kmalloc_redzone(struct kmem_cache *cache, const void *object, size_t size, gfp_t flags) { unsigned long redzone_start; unsigned long redzone_end; - if (gfpflags_allow_blocking(flags)) - kasan_quarantine_reduce(); - - if (unlikely(object == NULL)) - return NULL; - - if (is_kfence_address(kasan_reset_tag(object))) - return (void *)object; - - /* - * The object has already been unpoisoned by kasan_slab_alloc() for - * kmalloc() or by kasan_krealloc() for krealloc(). - */ - /* * The redzone has byte-level precision for the generic mode. * Partially poison the last object granule to cover the unaligned @@ -345,14 +331,25 @@ static inline void *____kasan_kmalloc(struct kmem_cache *cache, if (kasan_stack_collection_enabled() && is_kmalloc_cache(cache)) kasan_save_alloc_info(cache, (void *)object, flags); - /* Keep the tag that was set by kasan_slab_alloc(). */ - return (void *)object; } void * __must_check __kasan_kmalloc(struct kmem_cache *cache, const void *object, size_t size, gfp_t flags) { - return ____kasan_kmalloc(cache, object, size, flags); + if (gfpflags_allow_blocking(flags)) + kasan_quarantine_reduce(); + + if (unlikely(object == NULL)) + return NULL; + + if (is_kfence_address(kasan_reset_tag(object))) + return (void *)object; + + /* The object has already been unpoisoned by kasan_slab_alloc(). */ + poison_kmalloc_redzone(cache, object, size, flags); + + /* Keep the tag that was set by kasan_slab_alloc(). */ + return (void *)object; } EXPORT_SYMBOL(__kasan_kmalloc); @@ -398,6 +395,9 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag if (unlikely(object == ZERO_SIZE_PTR)) return (void *)object; + if (is_kfence_address(kasan_reset_tag(object))) + return (void *)object; + /* * Unpoison the object's data. * Part of it might already have been unpoisoned, but it's unknown @@ -410,8 +410,10 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag /* Piggy-back on kmalloc() instrumentation to poison the redzone. */ if (unlikely(!slab)) return __kasan_kmalloc_large(object, size, flags); - else - return ____kasan_kmalloc(slab->slab_cache, object, size, flags); + else { + poison_kmalloc_redzone(slab->slab_cache, object, size, flags); + return (void *)object; + } } bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, From patchwork Mon Nov 6 20:10:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447426 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78FE5C4167D for ; Mon, 6 Nov 2023 20:11:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 39E246B0299; Mon, 6 Nov 2023 15:11:45 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 375D46B029A; Mon, 6 Nov 2023 15:11:45 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1C83E6B029B; Mon, 6 Nov 2023 15:11:45 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 068556B0299 for ; Mon, 6 Nov 2023 15:11:45 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id B7B1280925 for ; Mon, 6 Nov 2023 20:11:44 +0000 (UTC) X-FDA: 81428624928.21.C550111 Received: from out-172.mta1.migadu.com (out-172.mta1.migadu.com [95.215.58.172]) by imf08.hostedemail.com (Postfix) with ESMTP id 0FCEB16002A for ; Mon, 6 Nov 2023 20:11:42 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=RItIssP+; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf08.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.172 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301503; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CJgfMj/P7YPw/LlXCqtrAgQfJMC0kIuIB9F1taTDejA=; b=iYMxpQZ3ENPZzHmDwaBDcqbNkBXULMonOnRLSjWZgne+wnF7uxItOrXY6P0h1niod5opl7 g+cw+Rf8FuuLgNy/UtP+qrqicv0E1SEE20KQ1CFV12LqTD3MVywGRVeqmw/SWhXpHkQTAk NSQIwgl/988DUZ2k1Q+gjxB2o/jvPy4= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=RItIssP+; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf08.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.172 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301503; a=rsa-sha256; cv=none; b=EOmsxrCcrw5W6ef7kBPxFtS2AhlrLEaXAdcqwF2rYbPFP63BlWZTGA869N68iGui9YKWAj uQ0j0bNA9ZEg6JXkdb5mFSz2vjepvq5hRHn7cal0ITVEUkHtK0vivM+n8xfPJY1pJGXJrk 5EtA9Y0Ar8BV/RsucXZ97gAWpdzBfoI= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CJgfMj/P7YPw/LlXCqtrAgQfJMC0kIuIB9F1taTDejA=; b=RItIssP+VxjIXsAX7VSo3+5Kc1Se3hq8f7f/cbQzFTUM6RKLnsGl4CAP/yG2vvcChay10m sSL9QfjTxiEsvbgUXV80kI0/hG2Tid6pbZndkQAOOqmBYC5P+q26F0bUqJ3gTSejNUH0wQ 8h5rzVebWZwZH9+D6V1P/RwTQQDBARw= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 11/20] kasan: introduce poison_kmalloc_large_redzone Date: Mon, 6 Nov 2023 21:10:20 +0100 Message-Id: <79f306b7713aa06876975bbc782c392087652383.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 0FCEB16002A X-Stat-Signature: chynq75qqqads7hid3dbkzn4edwmecx1 X-Rspam-User: X-HE-Tag: 1699301502-399187 X-HE-Meta: U2FsdGVkX1+dqGxg3yDQiM6CwU/mF/5L6uQb8AvK3zdW7vDvVG4xZDlHUXv00T3h6LPqgyzJ4LlaSmA+xA68u7Q9+6G1apc2skcqCIu/ZsH8OP3sXDdd3ckMsbk7WcBjM0g0c1I1fe7qgJVZEDaEJu+YZ+BCUtd7wcknHuFaXjvb1yaH/O6iEcrl8VnLJccWQnErLV9aZoQpsZlae/EZlXColZLoHrAjpiAFfG/F6cP24zrDmBtzZFboC6SQ17n44G4rs1uVD28xzebtiu6OQcHlbLkoXLVdgb78EofoAi3cuX1gkA10wu/0wqUbLtaZDVFZdyQJ6UVr1uYQ3O/dcQ4ec3h2K7friHlKZlPqHoICQVO1DuEuSl5qKJKB2K7wQAcpoYaP8bcEHn0MCdxFlol1x6FzA1cZ9+oeVPRW/Fm/QEGdn/M+5vU1pJBFH2gbnlkbWww4OON5vqycZSTS4YVZqLzNsCZiOOPkqUay7BZZMojfDbz8OJl6TTOjVo960e9LhHyXoptyFcgWCzyNMffwpx4jCTnfL66t4lp68V+EyLmtm6Cs/sMbJfNeWx2aH8XagCb3G9V0Hs+uwl/9RChXarFe+GtqDDACXphVVwEPdnlqm9IiGdaZ+giZYrHVvjcowdpi4VYnf5avKjVvKk2PLNBo03prrAUG5lcydx3P1UNvW2ZXVMWJVTRMX0kBicEPrELjFZlckMECBqhqCCkqcCogATeRVtse8SuvhPnVxGCcAv7Lr9De1UEsNLMM9CAzEHaXBBNnEnvBQtIBPJwNJ9y/zkZCPvSOZaftGVrKUcJLdOfW8oO7gxA7ePY8m3p2TM6nV3UQAtvWjv5NL5r0Y/0ahzIg6ykeWN0qnnn7ikXsyilF1PmEGdfWYJ8XJwWa+DUXipDAkViNg1gambTyT5qEOLNqTaCSxNn/kqfi5Ko6Ut9Lnub867em1PLMwozVYpBpOP1dy4+jqE9 ykaFB6wD DVNDtCDHG0q3b3jXn6pnmbQ67FVhtf9nLkofsBTcycfG/qvuncc2O5y9rfcj6EgdhSgndRUmztDrKjNrfOJLcpC2OlWV8s476zw5amaOK5Vx0n07U9fxZB3stIrPl9DJu823RCKFM3TgiO2jj4v2oqN+gBcCEXm1G+2Mr234/6Htoj5dxeybirBE9w+ewvj9oBRl+jEd8/kAj29Y= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Split out a poison_kmalloc_large_redzone helper from __kasan_kmalloc_large and use it in the caller's code. This is a preparatory change for the following patches in this series. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index ceb06d5f169f..b50e4fbaf238 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -353,23 +353,12 @@ void * __must_check __kasan_kmalloc(struct kmem_cache *cache, const void *object } EXPORT_SYMBOL(__kasan_kmalloc); -void * __must_check __kasan_kmalloc_large(const void *ptr, size_t size, +static inline void poison_kmalloc_large_redzone(const void *ptr, size_t size, gfp_t flags) { unsigned long redzone_start; unsigned long redzone_end; - if (gfpflags_allow_blocking(flags)) - kasan_quarantine_reduce(); - - if (unlikely(ptr == NULL)) - return NULL; - - /* - * The object has already been unpoisoned by kasan_unpoison_pages() for - * alloc_pages() or by kasan_krealloc() for krealloc(). - */ - /* * The redzone has byte-level precision for the generic mode. * Partially poison the last object granule to cover the unaligned @@ -379,12 +368,25 @@ void * __must_check __kasan_kmalloc_large(const void *ptr, size_t size, kasan_poison_last_granule(ptr, size); /* Poison the aligned part of the redzone. */ - redzone_start = round_up((unsigned long)(ptr + size), - KASAN_GRANULE_SIZE); + redzone_start = round_up((unsigned long)(ptr + size), KASAN_GRANULE_SIZE); redzone_end = (unsigned long)ptr + page_size(virt_to_page(ptr)); kasan_poison((void *)redzone_start, redzone_end - redzone_start, KASAN_PAGE_REDZONE, false); +} +void * __must_check __kasan_kmalloc_large(const void *ptr, size_t size, + gfp_t flags) +{ + if (gfpflags_allow_blocking(flags)) + kasan_quarantine_reduce(); + + if (unlikely(ptr == NULL)) + return NULL; + + /* The object has already been unpoisoned by kasan_unpoison_pages(). */ + poison_kmalloc_large_redzone(ptr, size, flags); + + /* Keep the tag that was set by alloc_pages(). */ return (void *)ptr; } @@ -392,6 +394,9 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag { struct slab *slab; + if (gfpflags_allow_blocking(flags)) + kasan_quarantine_reduce(); + if (unlikely(object == ZERO_SIZE_PTR)) return (void *)object; @@ -409,11 +414,11 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag /* Piggy-back on kmalloc() instrumentation to poison the redzone. */ if (unlikely(!slab)) - return __kasan_kmalloc_large(object, size, flags); - else { + poison_kmalloc_large_redzone(object, size, flags); + else poison_kmalloc_redzone(slab->slab_cache, object, size, flags); - return (void *)object; - } + + return (void *)object; } bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, From patchwork Mon Nov 6 20:10:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447460 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2362C4332F for ; Mon, 6 Nov 2023 20:12:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 795C96B02A0; Mon, 6 Nov 2023 15:12:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7459C6B02A1; Mon, 6 Nov 2023 15:12:48 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 65C4C6B02A2; Mon, 6 Nov 2023 15:12:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 575586B02A0 for ; Mon, 6 Nov 2023 15:12:48 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 255B3120773 for ; Mon, 6 Nov 2023 20:12:47 +0000 (UTC) X-FDA: 81428627574.29.97D10FB Received: from out-178.mta1.migadu.com (out-178.mta1.migadu.com [95.215.58.178]) by imf05.hostedemail.com (Postfix) with ESMTP id 37892100014 for ; Mon, 6 Nov 2023 20:12:44 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=pwv3dkzf; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf05.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.178 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301565; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pzcd7T6SaBRo5t2Dalks3vRx+ahOG8KGm+CRn7Qcn4c=; b=BGzbBNgzQHQxYLYJ1e/3OsTFBIxSG5eLh7fz/9Xu4pwitmstnkFxO0VfSW1SEWJ83E9L6N vYbeFLZwpk/CSle7mZi1jmpD5ggOKK7KWPl0ctAhuOIRJkzyV4MZDe3CzRSzmJZVvwnPx1 iXksiJJfv/o7z/q/LYy896/1C3gRNn4= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=pwv3dkzf; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf05.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.178 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301565; a=rsa-sha256; cv=none; b=4/Th49rvHSZqYEuDTFIFoFFSXzQ38QcT/Z18O0E+wph/3zHkbEVLRF4ZmcKu4Xr1/z9G1D PUBSlbsYFacUddRbXiP9uCKqsjvUDcST2MoUkD4xkjM3Md81vycyxhG3qkEJDVN9sQ/EX+ J06d3X8nuA1ZZnRd20C4/4/rBmP05DU= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301563; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pzcd7T6SaBRo5t2Dalks3vRx+ahOG8KGm+CRn7Qcn4c=; b=pwv3dkzff3LD7yWHcbYcgAz4JV6yfUR59dhP8YxPHgOJqBy44vK2HoY3LSsvhd8ac/r+Kw YjUTxsAxtuUXSOSqxissVE/DJambefCo5UZhQA3OpygTzSXNBEkWw+ttz9+sRuo965g4Qr dO5rxteHGvoYv4f78rDOUpqGsj2A/J4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 12/20] kasan: save alloc stack traces for mempool Date: Mon, 6 Nov 2023 21:10:21 +0100 Message-Id: <325b1285d95f7bb6d2865750aa0088ab4cb5e0c3.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Stat-Signature: ofpr7n86h5bgx84nap1xc68n3xodgkx4 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 37892100014 X-HE-Tag: 1699301564-990804 X-HE-Meta: U2FsdGVkX1+4+Cj8pRi8pwfURzza3cU0rcgKEHq9xLVByKD3NCbUd/0Gf1i0yGhw2gwWW2XYxuEpz86eEv9E/vSa17g7EiJJ24Xk+M0B+/OLm7DqaS6SXBFIrhrr2EbtqX5bnrT/azbfdX98QQqEaai+71CmX68x4s+Vz+hbBtzeHqcmVHo5LIVkUf7bXMwRicUvTytcs9XMA7sv06H3aaXPL5FPifsEQi3C4UJA5NP73vZUsZec7qqkakvF3G4xxGxPpo8Pn3zznqN9cLOpLZiWyKKDZkmUhMebW8lDDN4XujnsaFo+3r2RqwOaP0M0OMmDn0IFsIMPE22hoKKGi4BZJB6Xfy26MXVIqA696RZCo/HrlqSdREAkly1JricTHjsyyVvPFI5LYl3RptovlbDUE95vkDi4QNcTnCHNOIdttdpWU1IJ3rN8FlCv/9xSdslE4k/dJJaf5c1KoR2pCJUzRamKKGFgx1rpN1Djy0QBJL7HAxXaJazPfbCKwGbIRJbvBBlqTaglUkC9RttKG1EMPeg8SpNpeBXN61JzlpMgdFZG1AUzUVu05VYySkJe6V0zFqHMjYr7x0Nb2i7a2PlOHx9kumbGj8uF9zBiQP71LwIVCyeBEKSPp438xHVNsBjc4ijaQXYv5CYIgNFTvtOTmzr2O1E7HxrJGG8auxn7Z15h+8ENeMWQBFcM9iIUmJsBrctSfIf07oJkXGVLphnl7ASI2snRfg7bZKoQf+n4DcJUbgRjKiuqWC57D9+nN/zdLlQ+0aIMNGxjZk473EY6SUPEaSOgU7t1QM4cwBkwhwfM89WY9Tx3Gx2qYoMuBbrY/kBfKBTZVD0j3EJlFltMmwSl5cGyrK0WOa/UajcDRsShKQ4YhO5TbkK3yS68o99Tskje+mKf4dhHGUCQoMeyMJnW9WDNWhZR8U8biAiHqSTvKHc9jvu+Xd0wnZonvML0TFfQYQXiEj3+eIp fxwwLn40 9TEdw7o0f1LUiixY1LVGOykRo76rgqXff2VFqKk0yF6AJcQEeCgeVRtF42q6AUmZAozBwMYUAvEVri4/XGwRQmYFy+LM9m36w8V+ZpUnjAoN6ocSdw95Bi9RS/ung3eotrgWBwDzZRJK0EyJ2QGkQ99iuvNB24E66+jKCnIZDR5UHqFE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Update kasan_mempool_unpoison_object to properly poison the redzone and save alloc strack traces for kmalloc and slab pools. As a part of this change, split out and use a unpoison_slab_object helper function from __kasan_slab_alloc. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 7 +++--- mm/kasan/common.c | 50 ++++++++++++++++++++++++++++++++++--------- 2 files changed, 44 insertions(+), 13 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index e636a00e26ba..7392c5d89b92 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -303,9 +303,10 @@ void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip); * mempool). * * This function unpoisons a slab allocation that was previously poisoned via - * kasan_mempool_poison_object() without initializing its memory. For the - * tag-based modes, this function does not assign a new tag to the allocation - * and instead restores the original tags based on the pointer value. + * kasan_mempool_poison_object() and saves an alloc stack trace for it without + * initializing the allocation's memory. For the tag-based modes, this function + * does not assign a new tag to the allocation and instead restores the + * original tags based on the pointer value. * * This function operates on all slab allocations including large kmalloc * allocations (the ones returned by kmalloc_large() or by kmalloc() with the diff --git a/mm/kasan/common.c b/mm/kasan/common.c index b50e4fbaf238..65850d37fd27 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -267,6 +267,20 @@ void __kasan_kfree_large(void *ptr, unsigned long ip) /* The object will be poisoned by kasan_poison_pages(). */ } +void unpoison_slab_object(struct kmem_cache *cache, void *object, gfp_t flags, + bool init) +{ + /* + * Unpoison the whole object. For kmalloc() allocations, + * poison_kmalloc_redzone() will do precise poisoning. + */ + kasan_unpoison(object, cache->object_size, init); + + /* Save alloc info (if possible) for non-kmalloc() allocations. */ + if (kasan_stack_collection_enabled() && !is_kmalloc_cache(cache)) + kasan_save_alloc_info(cache, object, flags); +} + void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, void *object, gfp_t flags, bool init) { @@ -289,15 +303,8 @@ void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, tag = assign_tag(cache, object, false); tagged_object = set_tag(object, tag); - /* - * Unpoison the whole object. - * For kmalloc() allocations, kasan_kmalloc() will do precise poisoning. - */ - kasan_unpoison(tagged_object, cache->object_size, init); - - /* Save alloc info (if possible) for non-kmalloc() allocations. */ - if (kasan_stack_collection_enabled() && !is_kmalloc_cache(cache)) - kasan_save_alloc_info(cache, tagged_object, flags); + /* Unpoison the object and save alloc info for non-kmalloc() allocations. */ + unpoison_slab_object(cache, tagged_object, flags, init); return tagged_object; } @@ -472,7 +479,30 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) { - kasan_unpoison(ptr, size, false); + struct slab *slab; + gfp_t flags = 0; /* Might be executing under a lock. */ + + if (is_kfence_address(kasan_reset_tag(ptr))) + return; + + slab = virt_to_slab(ptr); + + /* + * This function can be called for large kmalloc allocation that get + * their memory from page_alloc. + */ + if (unlikely(!slab)) { + kasan_unpoison(ptr, size, false); + poison_kmalloc_large_redzone(ptr, size, flags); + return; + } + + /* Unpoison the object and save alloc info for non-kmalloc() allocations. */ + unpoison_slab_object(slab->slab_cache, ptr, size, flags); + + /* Poison the redzone and save alloc info for kmalloc() allocations. */ + if (is_kmalloc_cache(slab->slab_cache)) + poison_kmalloc_redzone(slab->slab_cache, ptr, size, flags); } bool __kasan_check_byte(const void *address, unsigned long ip) From patchwork Mon Nov 6 20:10:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447461 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D719EC4167B for ; Mon, 6 Nov 2023 20:12:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C780E6B02A1; Mon, 6 Nov 2023 15:12:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C27FF6B02A2; Mon, 6 Nov 2023 15:12:48 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A82AD6B02A4; Mon, 6 Nov 2023 15:12:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 8E7796B02A2 for ; Mon, 6 Nov 2023 15:12:48 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 899881208CF for ; Mon, 6 Nov 2023 20:12:47 +0000 (UTC) X-FDA: 81428627574.27.26F9CF4 Received: from out-177.mta1.migadu.com (out-177.mta1.migadu.com [95.215.58.177]) by imf16.hostedemail.com (Postfix) with ESMTP id C4248180012 for ; Mon, 6 Nov 2023 20:12:45 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Se8wvGtj; spf=pass (imf16.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.177 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301566; a=rsa-sha256; cv=none; b=MpGaGa9/kPpGA0GRYkHnoOwHpq3RsDxsyiOzx4dcFSYVdEpKYOSkJZMQ7t9gFe2oHP+Q/U pxmJuTdYDFunG9Q0XELA7sBZSHm8IIa1hnNbdMKPbd0A1orPJsPqq7YvF++sLJcPbrqCPs 3S2d2dZ3LLYmRK4G6vT0sOkOZi5g8yw= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Se8wvGtj; spf=pass (imf16.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.177 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301566; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Y7WYl7BvMbHXvuo0GG2Dw3ttgTpXyQGpBAxBpCO6Yug=; b=YwMbL5AQJsE1Fj10XxzCu13H1SGeN6qhKAtXCo3wRwMchIwr5+BisCcOfiwvlDcdzETTNW di3CyGK1gnoeqdFpv0joLux4YXOgDSEzbt4NOXBRv2Wo3sDZQI1JTH89FWP1AUVj39Jnzv NfpqpJZuEqd6kD74vXEid8G2wW2Q26U= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301564; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y7WYl7BvMbHXvuo0GG2Dw3ttgTpXyQGpBAxBpCO6Yug=; b=Se8wvGtj/WVgiMvB7sZyg/heScqMLOAwYAwTo7zIDTlOs7/E4MpQ3WkYM5OZWwaEklWfOa 6LljcHgyM247RHb2O+0uPsJYfuEgHjfHFdFXD7jDjGFaAlpmIDR4Qn3spNLTA9EIg7y9u6 nCPJ9UBSsabPf9Y6+LauRsZG7NRpK20= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 13/20] mempool: use new mempool KASAN hooks Date: Mon, 6 Nov 2023 21:10:22 +0100 Message-Id: <35771e9e5fc0fe2169c59f190fbd6bfc901b7c09.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: C4248180012 X-Stat-Signature: 767ubw1ym3ue48ymb9jp33mzqg6eut7n X-Rspam-User: X-HE-Tag: 1699301565-95316 X-HE-Meta: U2FsdGVkX1+b2I+CSYZj6CZzi/kZyl+EPTVApWXIy74hbMqjqRHTKme0agAFZDlCGmgxOe01LV4p3d4oCjYEifEppVP2mAQ+jaC3jF/mgIHqizOZ+zMSzGucwzY36EDFRf4pmierLX1zd5KJ8SF8Q9uIKOnAY2LwXrld4AgCUXYb/0FuWNRYo3bhcecHCbxW62Do4BDw4oLPAkO5shKGwNjkbhtatBSIyGWA9CUTzPJcvmnHD6BMUjyvGftLYR/pq1EKHgk2tDiTKZRGF3+QqRmBcX7MaWBxrFWF6MnIHIAbg2oIl8a/VTgGgHCLbLJZOcL6KRV5WbEkmT/9dTdVbyrGYUYOx72T1OflL+lUTkyDmwbvxs7z66PekY8afUx3ETGwCttDjsycfyFdy/fTomowgdMJYvh1OOi6xeveei8UBOn9dc9o6WErDZz6RTTmN3K2lXnN/noCsckjoU8BbD1CbOzlFxmMnjhQmnpZXwpIk2doM9A4Y4VYHVvZLaScrBudbjr/10AbiBovvjNafxtYCjoIoqE1487vxpt9kwK5QelfpcKOoIU4w926ifGCT+EvPBFQnfFzZeksh+TgvbXMnLwIEfzYNRFCO+EHUiykC5wHRB+/JgYeTOBjfV5MCVDci5fyL3HFR/SOR7Isf43QPsqPCXvWKTvamnG728zmct06Vtevz9ouwmQ2MS1ssHS/0BCz0iXLHardiNUz/MJ3o9/xFBGpo7JLHm9flXDXYYrOKvvZZhpiGS6+47PjTRnGXqZG5dEcIjvt0ehlOI8NgBOpVnSCRtckbJFPkVcgkPDkTADAFFucV+/wTDokKQDrpceB2ovMsDD0RcQ9/31Wm0tVDUbV03ff2Erhmc6dAhYDpjojrqlZoa0Rsa0ePpMAx9FAattQZLPU5AzvBC7pPPBVRX7QPD46p8mNSxGm3ZBoMGFPHOCjFYhHTFoDnuVfgsX2tSrEQajEg6C v1Pt+1Yv gRbqI9TzGYYGSlvYAKwsn0i0CYmiQf1UT6ePPd12CsH/oToTd2QDIjl/tW+R5vLoTBQs8x/b5drTmWsp31VCDB2fRvSowIEkgqHUtaog3Q79eL9MEtk6bV5HebonTw4ilwHB5WYFcZTg5Qx6nDpvf67JwrA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Update the mempool code to use the new mempool KASAN hooks. Rely on the return value of kasan_mempool_poison_object and kasan_mempool_poison_pages to prevent double-free and invalid-free bugs. Signed-off-by: Andrey Konovalov --- mm/mempool.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/mm/mempool.c b/mm/mempool.c index 768cb39dc5e2..f67ca6753332 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -104,32 +104,34 @@ static inline void poison_element(mempool_t *pool, void *element) } #endif /* CONFIG_DEBUG_SLAB || CONFIG_SLUB_DEBUG_ON */ -static __always_inline void kasan_poison_element(mempool_t *pool, void *element) +static __always_inline bool kasan_poison_element(mempool_t *pool, void *element) { if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc) - kasan_mempool_poison_object(element); + return kasan_mempool_poison_object(element); else if (pool->alloc == mempool_alloc_pages) - kasan_poison_pages(element, (unsigned long)pool->pool_data, - false); + return kasan_mempool_poison_pages(element, + (unsigned long)pool->pool_data); + return true; } static void kasan_unpoison_element(mempool_t *pool, void *element) { if (pool->alloc == mempool_kmalloc) - kasan_unpoison_range(element, (size_t)pool->pool_data); + kasan_mempool_unpoison_object(element, (size_t)pool->pool_data); else if (pool->alloc == mempool_alloc_slab) - kasan_unpoison_range(element, kmem_cache_size(pool->pool_data)); + kasan_mempool_unpoison_object(element, + kmem_cache_size(pool->pool_data)); else if (pool->alloc == mempool_alloc_pages) - kasan_unpoison_pages(element, (unsigned long)pool->pool_data, - false); + kasan_mempool_unpoison_pages(element, + (unsigned long)pool->pool_data); } static __always_inline void add_element(mempool_t *pool, void *element) { BUG_ON(pool->curr_nr >= pool->min_nr); poison_element(pool, element); - kasan_poison_element(pool, element); - pool->elements[pool->curr_nr++] = element; + if (kasan_poison_element(pool, element)) + pool->elements[pool->curr_nr++] = element; } static void *remove_element(mempool_t *pool) From patchwork Mon Nov 6 20:10:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447462 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 795DFC4167D for ; Mon, 6 Nov 2023 20:12:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F00BF6B02A2; Mon, 6 Nov 2023 15:12:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id DBB2F6B02A6; Mon, 6 Nov 2023 15:12:48 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BD9DF6B02A3; Mon, 6 Nov 2023 15:12:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A470E6B02A1 for ; Mon, 6 Nov 2023 15:12:48 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id F40571208D6 for ; Mon, 6 Nov 2023 20:12:47 +0000 (UTC) X-FDA: 81428627574.24.3AF9FFB Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com [95.215.58.186]) by imf13.hostedemail.com (Postfix) with ESMTP id 3CECE20011 for ; Mon, 6 Nov 2023 20:12:46 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=t8CeOtDw; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf13.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301566; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lOIDRjZO1avx1i6mH90OIJOQ1dfwcpWT2tH0Qop8VTU=; b=q2EJ1FKk2uaEJ1lHi31724CXKdo7M6NPyvamkZUeE1uHtGkDtjbMnveJQeYJkDSbz1RZKm kBElaaC6ByLGhndPH0C9/PEaNLZ43cTSAHkexD0vetUI8FfKsCqTdAMg1nwmtU5QshjsVT aFwm4TkNF2pmcblkYp/rsQZzFn07ehs= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=t8CeOtDw; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf13.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301566; a=rsa-sha256; cv=none; b=BzxK6i8NXufh9XkDJOfYlIqdD29K2xicKj56+2gMc/QU/G0Z6leun5UVMBd36lr2qLOeW3 NTYDIxQgP+kpro/MBHoCjWstK7ijGiBZGzPc0wzG2s1mzZVJaATZ7zxhHfHjfR61JmH+0r BPhAMAXp6qYYKSdbULPQxZYJ79/j/iI= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lOIDRjZO1avx1i6mH90OIJOQ1dfwcpWT2tH0Qop8VTU=; b=t8CeOtDwG84XGm08T/bHl0dU0SgTNjwxEbFpQe0150BlnXaBD0GRxcGWFE3gsolklSS+ox lTkeYhEYrQQ5j6iilU4kS0eMM5/B2HVjeNJmRJ19p/j/CS/27IgI29IHA++NsiwgXZYidM ve2wNSyQK1IC+l9HF2etSKPK0c0wFik= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 14/20] mempool: introduce mempool_use_prealloc_only Date: Mon, 6 Nov 2023 21:10:23 +0100 Message-Id: <9752c5fc4763e7533a44a7c9368f056c47b52f34.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 3CECE20011 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: d75gt8goyrf7s5tbxfktre4d958pd1gu X-HE-Tag: 1699301566-48206 X-HE-Meta: U2FsdGVkX1/A/ERN5DLUij94roigsRG/mFEHFZVclC0mbUhaGLTuFzTVHD93eDJQAe10ZaEQKBSxpmdT0ffKqXEPMUNecm/2SjNYWOm3o4uqnM1iEberWlSDS9dkH2GfVz44DYfOoY6ONBbz6bYDzfrqEKcrIZuv3Ci7B0Y1aHAGACowHm5cWOABi4E24aqiU3/9bomwGhmP8rZxY5JBk/HNKYW3UAAvfBbnx5uaSqstdzOtMHPLRlhKaFpGXPYj8Ltw76G6FLTZyeQiDD3EL0DHNdIJ/JB3A58/tlA/bv7ff4vQKom5+ZObBVtuBbEvAi+Lmrg7ms5GOrMoYTrAeaPR0nxmgOTBd4E3JL/S2MK24KYjtgtpdjwXO+vX3PzlGdDzkyAjUHZEYH5/90MoljJBsJ2PdNGo90Rm3pXlOc1fPzPEXxpkFUCP2ABpRqjC+nrIWNCn62oK/XhuLKV7ZYF36lsL262tZhHJv899/xg5icHamuuN1TV1wGQ/niiU1yL8zfBAb92z+viDJD5NiL58Xk0HsGd3NNx1kCz6tZBU1hAgyiXPX12DV+23ikJL3wih78+qljrO2tqHoMEw6MVIe4G/ZhQqt/K3HoeAc6KC1NWybQMm/BeHsOpmuDzWiNjAyD1yS3jndIYvY2jxf9ziGAR6Dv7sDart9H45PviaA/wfX/jV9dMsvsJ/yMLhmCqN+m67+Rmjkk851oMtjP42IMq3JmieJt+wicFqdChI15I4H2FOFMWsRKLTuQOc7B4OV7nYc+VoFqcNL431D9jI2CM13oG80yuGJX6HHSbEh8aSO5ruziT3ivMIcoaBBTlyLP/KhRX3AgpGtI4G/D/sj8IAuX9NmMcpDTlXHItGHcVYuyddPjwy/8OimjoxRomocGD797sPlychmLHLKWm33pRR9FLMsBCnar0Wi7FySCFlBrQ2GaNlByG3ulOD1UZvXHOrySG/FwURhpo eHiZ5Vqs CmRngzPtvYd7FTwmQIHeqX1SGlPfAYz+tPxIpwS/suDcUXPAVt1xJ7mvHRAhmHQYWIc+8lp56SUimx1HPBsfGql7x8eeHZbVPodkAKO0fHkq5+Fgip5E2d1H5hCU5vq4frB/dMxyt4AdlYGhwOrSBRH9m8MsbULZVDdHmV7qwb3P6Ug5zXGAsQG0wk9dPux5QBPTM0drzRuUWGRxzG02BpGHNVQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Introduce a new mempool_use_prealloc_only API that tells the mempool to only use the elements preallocated during the mempool's creation and to not attempt allocating new ones. This API is required to test the KASAN poisoning/unpoisoning functinality in KASAN tests, but it might be also useful on its own. Signed-off-by: Andrey Konovalov --- include/linux/mempool.h | 2 ++ mm/mempool.c | 27 ++++++++++++++++++++++++--- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/include/linux/mempool.h b/include/linux/mempool.h index 4aae6c06c5f2..822adf1e7567 100644 --- a/include/linux/mempool.h +++ b/include/linux/mempool.h @@ -18,6 +18,7 @@ typedef struct mempool_s { int min_nr; /* nr of elements at *elements */ int curr_nr; /* Current nr of elements at *elements */ void **elements; + bool use_prealloc_only; /* Use only preallocated elements */ void *pool_data; mempool_alloc_t *alloc; @@ -48,6 +49,7 @@ extern mempool_t *mempool_create_node(int min_nr, mempool_alloc_t *alloc_fn, mempool_free_t *free_fn, void *pool_data, gfp_t gfp_mask, int nid); +extern void mempool_use_prealloc_only(mempool_t *pool); extern int mempool_resize(mempool_t *pool, int new_min_nr); extern void mempool_destroy(mempool_t *pool); extern void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask) __malloc; diff --git a/mm/mempool.c b/mm/mempool.c index f67ca6753332..59f7fcd355b3 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -365,6 +365,20 @@ int mempool_resize(mempool_t *pool, int new_min_nr) } EXPORT_SYMBOL(mempool_resize); +/** + * mempool_use_prealloc_only - mark a pool to only use preallocated elements + * @pool: pointer to the memory pool that should be marked + * + * This function should only be called right after the pool creation via + * mempool_init() or mempool_create() and must not be called concurrently with + * mempool_alloc(). + */ +void mempool_use_prealloc_only(mempool_t *pool) +{ + pool->use_prealloc_only = true; +} +EXPORT_SYMBOL(mempool_use_prealloc_only); + /** * mempool_alloc - allocate an element from a specific memory pool * @pool: pointer to the memory pool which was allocated via @@ -397,9 +411,11 @@ void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask) repeat_alloc: - element = pool->alloc(gfp_temp, pool->pool_data); - if (likely(element != NULL)) - return element; + if (!pool->use_prealloc_only) { + element = pool->alloc(gfp_temp, pool->pool_data); + if (likely(element != NULL)) + return element; + } spin_lock_irqsave(&pool->lock, flags); if (likely(pool->curr_nr)) { @@ -415,6 +431,11 @@ void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask) return element; } + if (pool->use_prealloc_only) { + spin_unlock_irqrestore(&pool->lock, flags); + return NULL; + } + /* * We use gfp mask w/o direct reclaim or IO for the first round. If * alloc failed with that and @pool was empty, retry immediately. From patchwork Mon Nov 6 20:10:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447463 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60480C0018A for ; Mon, 6 Nov 2023 20:12:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 377906B02A3; Mon, 6 Nov 2023 15:12:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 302D96B02A4; Mon, 6 Nov 2023 15:12:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EBF956B02A5; Mon, 6 Nov 2023 15:12:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D0C696B02A4 for ; Mon, 6 Nov 2023 15:12:48 -0500 (EST) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id A66281606C6 for ; Mon, 6 Nov 2023 20:12:48 +0000 (UTC) X-FDA: 81428627616.15.0A46F6D Received: from out-177.mta1.migadu.com (out-177.mta1.migadu.com [95.215.58.177]) by imf10.hostedemail.com (Postfix) with ESMTP id 00302C000A for ; Mon, 6 Nov 2023 20:12:46 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="u66VHtu/"; spf=pass (imf10.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.177 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301567; a=rsa-sha256; cv=none; b=vOrPFNAymLFETqIQUsHp9vk86OHypthv5jB2K7fh30NXZsKbPyRhFO+3olMsJYZVMrHjs2 JJWyZQkssx1LHn2YWiuQC07ga3CA2cue0SdvdIlXZiOxkR3BNOvFqpfv7/V9Sl+N7zy/m5 5qNzxOTyrr5senkJZEY00DkrNY5cNkQ= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="u66VHtu/"; spf=pass (imf10.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.177 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301567; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=J0FZGClDjGLvLD3TemnnZlVkckK/FbBcRM13VFu32PM=; b=FkXWb7nU1VM89qY6IBmL+AfsCllhE5JpG9exV7gbGDdcoGATQo1Qa97OywBxcH1U6QY8ky qH9ZPlAU+vzUdKjsadLYjcdt3rByceL/X/HZxtZzxF+FkQrrTI+gA7WDIZGCL8T1kELncp t7WF5f4TGa62tkaS3JIyiLbRWl24OtE= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J0FZGClDjGLvLD3TemnnZlVkckK/FbBcRM13VFu32PM=; b=u66VHtu/jQ8awmrPx0sqAT3awrwRy7LoUZT6YuP/AeVFLTV8z6gU99EDSnmB7b+vlP8GiH kLVdU8feP/LvgjDFYRFlJYBJnYVG/BCUZebuMkwHoBpVhV+QpImR3lWmGnjoTkYHo9queI m9qLnEnZnW6Qbh8fHp4S9bL0AaSkd1M= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 15/20] kasan: add mempool tests Date: Mon, 6 Nov 2023 21:10:24 +0100 Message-Id: <389467628f04e7defb81cc08079cdc9c983f71a4.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 00302C000A X-Stat-Signature: 4it9k6aidns3hedtoxckuihzxub9u4w8 X-Rspam-User: X-HE-Tag: 1699301566-344404 X-HE-Meta: U2FsdGVkX1/A9nj1YCaFh3rtMUxqET8FCU7rT9WNhO5K+1u55xyR2uaw74x5nUJulsuuxLlgHUSRhPYJCD2efJM7OldMU4HMUrffm4lb9Nhurkn1pMGeDOZwNpok6zKBxSAgrNH1U46Gd6fk0i/H+6/xaxwHUiSPjy/9J2lo0cjMMIh8XbuMKLuGaL7YDaRlu6K/nh5GcrsYkrbZfTC7aMBJc0hPOWOCo5G5tuW2GvGXrjPIhKxwFTUIEeaV4R8xfYZu9YBtMbZRJu67ojsRgQHzM4bYO42xu8P6veiE2c9W3CYRDL6RHkhZ1q2SyWjUfET8No2c0lK6lxbkNmkoSUi/Rw7/VLO67JWSUSVGVm9SP7/gC4UZJJhNRm55sYCZhlKRnrC+4dZ9YxgvVypuM3uLSviAOHlO/8sbATJd3ZzzDLm34mPXAFem6KaWJZfTZWy4PNXG+vS1T3HWeVWSeq0TKnyDRjUNF1as2nf73Ta8qhBJvtg7OSrD1ZT0TiunS6o9V0TUp/eyCueNlfqX+pw+oGjt5G5hwNXIQFO8FsJj4KqRxEcREYZnRTxx4rhQZw2Y3rEPkppFs4l9LYHK+8Iy3StnhVWj2l5RBlTWQZwx1K1oy9XdBNPePEQ+RalcDj2haWI1nvhUMT+hfsvWLSaAMHLLd/5Kl1/U0nt4AW+goYdmg3UPYYkWXWU2xGRrUVkEEVe5mqQ+CzlII4G2n14HbYQLYYdczW/csxkXeusHoFlQ0g5OwvlGWPPQNLSo7TIpSZoS6GEzEfdZ1EUylZpA9iJ1fr7k8qcin5wn9iXkgMihNQW+njPzT5cXOrAeCJYI1CehYoZ5K1oyE6xmGIsU9N++94yVuBqW74WudDk3PFoFWP21lX4TtD98HCnS8za+BWQOxyh7HHravZ9IYKJbvuwx8cwXAurueOVrZVCmTFD8ZpSYlY8vjy6RgDIIhjnMPBxagt5cJ96HfGw ZKWRBEPv wORcJpIZakB/6htOK7M/K6etmdg8D9aSdQvgofSvfz/RShX1Vvnm1hHwMzXUo6Xa7UydDhL+r1E+SaMbTMa4Y6NmHZIPGxiLr/4gSbUenRdV+QBkZoV4aTlqWwN0Mamrv24sNajJISkz4ni7wrcZ2Ouz/Ln8dwrT4zGjfv/v1VzoJod+tMgcHw9P2k+x61pfM+0chYdJm1/d/uDuLW4+EM23ykaPQZrc1hdNpxmd23+25uHU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Add KASAN tests for mempool. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 325 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 325 insertions(+) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 8281eb42464b..9adbcd04259b 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -798,6 +799,318 @@ static void kmem_cache_bulk(struct kunit *test) kmem_cache_destroy(cache); } +static void *mempool_prepare_kmalloc(struct kunit *test, mempool_t *pool, size_t size) +{ + int pool_size = 4; + int ret; + void *elem; + + memset(pool, 0, sizeof(*pool)); + ret = mempool_init_kmalloc_pool(pool, pool_size, size); + KUNIT_ASSERT_EQ(test, ret, 0); + + /* Tell mempool to only use preallocated elements. */ + mempool_use_prealloc_only(pool); + + /* + * Allocate one element to prevent mempool from freeing elements to the + * underlying allocator and instead make it add them to the element + * list when the tests trigger double-free and invalid-free bugs. + * This allows testing KASAN annotations in add_element(). + */ + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + return elem; +} + +static struct kmem_cache *mempool_prepare_slab(struct kunit *test, mempool_t *pool, size_t size) +{ + struct kmem_cache *cache; + int pool_size = 4; + int ret; + + cache = kmem_cache_create("test_cache", size, 0, 0, NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + + memset(pool, 0, sizeof(*pool)); + ret = mempool_init_slab_pool(pool, pool_size, cache); + KUNIT_ASSERT_EQ(test, ret, 0); + + mempool_use_prealloc_only(pool); + + /* + * Do not allocate one preallocated element, as we skip the double-free + * and invalid-free tests for slab mempool for simplicity. + */ + + return cache; +} + +static void *mempool_prepare_page(struct kunit *test, mempool_t *pool, int order) +{ + int pool_size = 4; + int ret; + void *elem; + + memset(pool, 0, sizeof(*pool)); + ret = mempool_init_page_pool(pool, pool_size, order); + KUNIT_ASSERT_EQ(test, ret, 0); + + mempool_use_prealloc_only(pool); + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + return elem; +} + +static void mempool_oob_right_helper(struct kunit *test, mempool_t *pool, size_t size) +{ + char *elem; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + OPTIMIZER_HIDE_VAR(elem); + + if (IS_ENABLED(CONFIG_KASAN_GENERIC)) + KUNIT_EXPECT_KASAN_FAIL(test, elem[size] = 'x'); + else + KUNIT_EXPECT_KASAN_FAIL(test, + elem[round_up(size, KASAN_GRANULE_SIZE)] = 'x'); + + mempool_free(elem, pool); +} + +static void mempool_kmalloc_oob_right(struct kunit *test) +{ + mempool_t pool; + size_t size = 128 - KASAN_GRANULE_SIZE - 5; + void *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_oob_right_helper(test, &pool, size); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_oob_right(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + void *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_oob_right_helper(test, &pool, size); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_slab_oob_right(struct kunit *test) +{ + mempool_t pool; + size_t size = 123; + struct kmem_cache *cache; + + cache = mempool_prepare_slab(test, &pool, size); + + mempool_oob_right_helper(test, &pool, size); + + mempool_exit(&pool); + kmem_cache_destroy(cache); +} + +/* + * Skip the out-of-bounds test for page mempool. With Generic KASAN, page + * allocations have no redzones, and thus the out-of-bounds detection is not + * guaranteed; see https://bugzilla.kernel.org/show_bug.cgi?id=210503. With + * the tag-based KASAN modes, the neighboring allocation might have the same + * tag; see https://bugzilla.kernel.org/show_bug.cgi?id=203505. + */ + +static void mempool_uaf_helper(struct kunit *test, mempool_t *pool, bool page) +{ + char *elem, *ptr; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + mempool_free(elem, pool); + + ptr = page ? page_address((struct page *)elem) : elem; + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); +} + +static void mempool_kmalloc_uaf(struct kunit *test) +{ + mempool_t pool; + size_t size = 128; + void *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_uaf_helper(test, &pool, false); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_uaf(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + void *extra_elem; + + /* page_alloc fallback is only implemented for SLUB. */ + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_uaf_helper(test, &pool, false); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_slab_uaf(struct kunit *test) +{ + mempool_t pool; + size_t size = 123; + struct kmem_cache *cache; + + cache = mempool_prepare_slab(test, &pool, size); + + mempool_uaf_helper(test, &pool, false); + + mempool_exit(&pool); + kmem_cache_destroy(cache); +} + +static void mempool_page_alloc_uaf(struct kunit *test) +{ + mempool_t pool; + int order = 2; + void *extra_elem; + + extra_elem = mempool_prepare_page(test, &pool, order); + + mempool_uaf_helper(test, &pool, true); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_double_free_helper(struct kunit *test, mempool_t *pool) +{ + char *elem; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + mempool_free(elem, pool); + + KUNIT_EXPECT_KASAN_FAIL(test, mempool_free(elem, pool)); +} + +static void mempool_kmalloc_double_free(struct kunit *test) +{ + mempool_t pool; + size_t size = 128; + char *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_double_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_double_free(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + char *extra_elem; + + /* page_alloc fallback is only implemented for SLUB. */ + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_double_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_page_alloc_double_free(struct kunit *test) +{ + mempool_t pool; + int order = 2; + char *extra_elem; + + extra_elem = mempool_prepare_page(test, &pool, order); + + mempool_double_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_invalid_free_helper(struct kunit *test, mempool_t *pool) +{ + char *elem; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + KUNIT_EXPECT_KASAN_FAIL(test, mempool_free(elem + 1, pool)); + + mempool_free(elem, pool); +} + +static void mempool_kmalloc_invalid_free(struct kunit *test) +{ + mempool_t pool; + size_t size = 128; + char *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_kmalloc_invalid_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_invalid_free(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + char *extra_elem; + + /* page_alloc fallback is only implemented for SLUB. */ + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_kmalloc_invalid_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +/* + * Skip the invalid-free test for page mempool. The invalid-free detection only + * works for compound pages and mempool preallocates all page elements without + * the __GFP_COMP flag. + */ + static char global_array[10]; static void kasan_global_oob_right(struct kunit *test) @@ -1538,6 +1851,18 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmem_cache_oob), KUNIT_CASE(kmem_cache_accounted), KUNIT_CASE(kmem_cache_bulk), + KUNIT_CASE(mempool_kmalloc_oob_right), + KUNIT_CASE(mempool_kmalloc_large_oob_right), + KUNIT_CASE(mempool_slab_oob_right), + KUNIT_CASE(mempool_kmalloc_uaf), + KUNIT_CASE(mempool_kmalloc_large_uaf), + KUNIT_CASE(mempool_slab_uaf), + KUNIT_CASE(mempool_page_alloc_uaf), + KUNIT_CASE(mempool_kmalloc_double_free), + KUNIT_CASE(mempool_kmalloc_large_double_free), + KUNIT_CASE(mempool_page_alloc_double_free), + KUNIT_CASE(mempool_kmalloc_invalid_free), + KUNIT_CASE(mempool_kmalloc_large_invalid_free), KUNIT_CASE(kasan_global_oob_right), KUNIT_CASE(kasan_global_oob_left), KUNIT_CASE(kasan_stack_oob), From patchwork Mon Nov 6 20:10:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447464 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 637E4C001B2 for ; Mon, 6 Nov 2023 20:12:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C4FC76B02A4; Mon, 6 Nov 2023 15:12:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C05106B02A5; Mon, 6 Nov 2023 15:12:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A53A66B02A6; Mon, 6 Nov 2023 15:12:49 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 9319F6B02A4 for ; Mon, 6 Nov 2023 15:12:49 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 74E77160893 for ; Mon, 6 Nov 2023 20:12:49 +0000 (UTC) X-FDA: 81428627658.08.8AFCA91 Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com [95.215.58.186]) by imf16.hostedemail.com (Postfix) with ESMTP id 8E08718000F for ; Mon, 6 Nov 2023 20:12:47 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="UlmlCS1/"; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf16.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301567; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kJM+A7peUz+3HNFpMd2AaQcsySYXWlMk/hSPbyjpTN8=; b=doj5fc5SlsJWP+mT6cZZAb6e+T+9myaI+aUI9fjzsmuUkYSTvqevH8PJouHpICvaUYQo19 glhwKBdWGuia39ucwI9m7x05g3GYPHvOZalOCN18yh9zQuEsPq11/bFxXiVvPji2CcPJPc J7zzZrySNFqUu9zwis8SHBV4QD6wwzY= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="UlmlCS1/"; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf16.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301567; a=rsa-sha256; cv=none; b=K7O/EPEmZGI/uBUsOYuA6a6ySh1EQ38ggQ/NdOx+HzNcK3np/yn0CQoI5qmww5KGkb5yYn QuGenfaksXKM+JTxE9/LytQZhZyrdxM1PnYCdIZqA+ZhlwEgeWOYuu0TzM6uQpji44Y+yB YynmdZkl4DRIJQvKZZf7Hve5dm1g/SA= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kJM+A7peUz+3HNFpMd2AaQcsySYXWlMk/hSPbyjpTN8=; b=UlmlCS1/Z5dNByDcL6mE/0uoH62A1+s+Ul8OA7cSjRv8NsKOsAjlfXrZLnkR3VwZsnhqQm BCWlrEHz9Npwsl36SjkhbQgtrNkJApwPl+NiWrTyhnCPtmdiUaVoCUKg2oM4RE/0RN1Uw9 TCk2g0lBq9wUxkhNuVfEb1cqa6QfF3g= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 16/20] kasan: rename pagealloc tests Date: Mon, 6 Nov 2023 21:10:25 +0100 Message-Id: <0cf5eb3ea000a76c48554bbc80acb6135ebbb94a.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 8E08718000F X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: y66hkzzihbe8uu3q6sf5bup31ixriwcx X-HE-Tag: 1699301567-172295 X-HE-Meta: U2FsdGVkX198RF+jpx2yAsuRx9HiBWDqm98f3fo/WelyvuPzvo0qYtGH5qsNnLW5yN/oeKuke46/x8Gx77Nlq3II1LC83IlYoDnXdm2fAQDsd1y8mFiCm1rY9iti1+qL9j5y7IEvTAudd6KR/hC/g4l2Q8JSqEoK95LQAEMYNj03eascR4//np21q7OU/JaNm+rQ+xmfSpHhBscStpaeBhdwFR8H+hTwfjHcxmiSO6mSA4kpB1PxIo/+rl7oejgfiaV5Zc4xoZwFM3OI6vgt5hQ5E61yCPdgSrBHhmsDmqCc3V/2/hD647je5BMM78QS3SsoA0/aRAM73taNOSmD0N46sdUYfqNXCge4RaRw2eTGfRZsMKOaMT7q1rYN9kcfCsZEIBWwwmN+wrGFUfHkBHNkaNiDSuc3HX5948XKioHkqXXYuothd4Sv0UrqfgfAJ6MfoIcEqyWYJ9kJdDqCiqcS6ARKGA3BRkmkT+OoqmGRVUFrDd4O5tzISsFTp0UqsTZi/swfO+GIidLFc0FyavDxoAe3t6cUFJc73Q5H4ZBe0e7/2Qw/lHCe+9BOAj6XUBtPD+kfTT3RZWTy0myoC5YwQgSx6rofirspIZ2rVa/2uo/sO5FcjtzT8GO9l8KaTnyw9nKpatSsY/mfHdzE+K3SmzHSPZAsAcV6iW/frh07TUeqIfUIZOzLwCdbc5hIAv1/IG5vpRf2+Nd5X6XqX2Lll+Ixou4A94iShf4fnFGRCpWsEAcbz5VohpcS1P0+lIjsCVrY25xfShlh3hBrercxMc/vQpWgukeeABEo6tBFxS4HVqRTIvyxeYbWNEh/KEvDZ67IQFN/qZJBOS4cNgEBEQ719hYcsb1whicKkGu+oXAM7PVrgM7BunkNZGin42GqEXUrH2mkGgp4biBVa9l4oBJRnEP9WVyIX8g57/RCxdZJ6G78SB9Z12+XTuYGp6nra9nFd9N+dbp5Non 88o1GwiJ 0/fokxDhKMzMHStS/mwy00PLU9rJW0VP7WbU5jKxxyV+9goCbfv8rtu9YoIfPrkf/1XsZPsKhoMeaaV9l5Zbde2VPeFOXMFgX25CcqMCIetRyqzwn48OZPoUZOSYeer/Bwc70G6rbrfC3sD8IohqnyZXWsumCaFhzHbW0SQiwuZ2YE14= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Rename "pagealloc" KASAN tests: 1. Use "kmalloc_large" for tests that use large kmalloc allocations. 2. Use "page_alloc" for tests that use page_alloc. Also clean up the comments. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 51 ++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 9adbcd04259b..4ea403653a39 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -214,12 +214,13 @@ static void kmalloc_node_oob_right(struct kunit *test) } /* - * These kmalloc_pagealloc_* tests try allocating a memory chunk that doesn't - * fit into a slab cache and therefore is allocated via the page allocator - * fallback. Since this kind of fallback is only implemented for SLUB, these - * tests are limited to that allocator. + * The kmalloc_large_* tests below use kmalloc() to allocate a memory chunk + * that does not fit into the largest slab cache and therefore is allocated via + * the page_alloc fallback for SLUB. SLAB has no such fallback, and thus these + * tests are not supported for it. */ -static void kmalloc_pagealloc_oob_right(struct kunit *test) + +static void kmalloc_large_oob_right(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE + 10; @@ -235,7 +236,7 @@ static void kmalloc_pagealloc_oob_right(struct kunit *test) kfree(ptr); } -static void kmalloc_pagealloc_uaf(struct kunit *test) +static void kmalloc_large_uaf(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE + 10; @@ -249,7 +250,7 @@ static void kmalloc_pagealloc_uaf(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } -static void kmalloc_pagealloc_invalid_free(struct kunit *test) +static void kmalloc_large_invalid_free(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE + 10; @@ -262,7 +263,7 @@ static void kmalloc_pagealloc_invalid_free(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, kfree(ptr + 1)); } -static void pagealloc_oob_right(struct kunit *test) +static void page_alloc_oob_right(struct kunit *test) { char *ptr; struct page *pages; @@ -284,7 +285,7 @@ static void pagealloc_oob_right(struct kunit *test) free_pages((unsigned long)ptr, order); } -static void pagealloc_uaf(struct kunit *test) +static void page_alloc_uaf(struct kunit *test) { char *ptr; struct page *pages; @@ -298,15 +299,15 @@ static void pagealloc_uaf(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } -static void kmalloc_large_oob_right(struct kunit *test) +/* + * Check that KASAN detects an out-of-bounds access for a big object allocated + * via kmalloc(). But not as big as to trigger the page_alloc fallback for SLUB. + */ +static void kmalloc_big_oob_right(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE - 256; - /* - * Allocate a chunk that is large enough, but still fits into a slab - * and does not trigger the page allocator fallback in SLUB. - */ ptr = kmalloc(size, GFP_KERNEL); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); @@ -404,18 +405,18 @@ static void krealloc_less_oob(struct kunit *test) krealloc_less_oob_helper(test, 235, 201); } -static void krealloc_pagealloc_more_oob(struct kunit *test) +static void krealloc_large_more_oob(struct kunit *test) { - /* page_alloc fallback in only implemented for SLUB. */ + /* page_alloc fallback is only implemented for SLUB. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); krealloc_more_oob_helper(test, KMALLOC_MAX_CACHE_SIZE + 201, KMALLOC_MAX_CACHE_SIZE + 235); } -static void krealloc_pagealloc_less_oob(struct kunit *test) +static void krealloc_large_less_oob(struct kunit *test) { - /* page_alloc fallback in only implemented for SLUB. */ + /* page_alloc fallback is only implemented for SLUB. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); krealloc_less_oob_helper(test, KMALLOC_MAX_CACHE_SIZE + 235, @@ -1822,16 +1823,16 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmalloc_oob_right), KUNIT_CASE(kmalloc_oob_left), KUNIT_CASE(kmalloc_node_oob_right), - KUNIT_CASE(kmalloc_pagealloc_oob_right), - KUNIT_CASE(kmalloc_pagealloc_uaf), - KUNIT_CASE(kmalloc_pagealloc_invalid_free), - KUNIT_CASE(pagealloc_oob_right), - KUNIT_CASE(pagealloc_uaf), KUNIT_CASE(kmalloc_large_oob_right), + KUNIT_CASE(kmalloc_large_uaf), + KUNIT_CASE(kmalloc_large_invalid_free), + KUNIT_CASE(page_alloc_oob_right), + KUNIT_CASE(page_alloc_uaf), + KUNIT_CASE(kmalloc_big_oob_right), KUNIT_CASE(krealloc_more_oob), KUNIT_CASE(krealloc_less_oob), - KUNIT_CASE(krealloc_pagealloc_more_oob), - KUNIT_CASE(krealloc_pagealloc_less_oob), + KUNIT_CASE(krealloc_large_more_oob), + KUNIT_CASE(krealloc_large_less_oob), KUNIT_CASE(krealloc_uaf), KUNIT_CASE(kmalloc_oob_16), KUNIT_CASE(kmalloc_uaf_16), From patchwork Mon Nov 6 20:10:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447465 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6986AC41535 for ; Mon, 6 Nov 2023 20:12:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8D0756B02A5; Mon, 6 Nov 2023 15:12:50 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 857516B02A6; Mon, 6 Nov 2023 15:12:50 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5BFCD6B02A7; Mon, 6 Nov 2023 15:12:50 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 4CB376B02A5 for ; Mon, 6 Nov 2023 15:12:50 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 2383BB58DB for ; Mon, 6 Nov 2023 20:12:50 +0000 (UTC) X-FDA: 81428627700.04.16FC937 Received: from out-176.mta1.migadu.com (out-176.mta1.migadu.com [95.215.58.176]) by imf22.hostedemail.com (Postfix) with ESMTP id 296C2C0005 for ; Mon, 6 Nov 2023 20:12:47 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=FgwksLN8; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf22.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.176 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301568; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FpmYov1aH1316OEV0hzDWuWRApXC9pzAf5GrPoQwwQE=; b=0Q31NCUsftTRu0YXwjwWW0Xif9/znShDS+63QUhGUf8OXXG3sfepE6U9YrtuRLCv6LKhV5 oYsC9zRm8b8vlLk6zpBTdcK1Er6quypPgH1wOF/EHSsuzkjxlVVz97ezE5MU48DXOM1Klc XVZsreSavnj3u20gfU2++rih4NMtvxM= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=FgwksLN8; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf22.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.176 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301568; a=rsa-sha256; cv=none; b=gmVtoTSEr9N5hKa1KBggZ+MIurnC5tH+mrbWneM56z/FF4GpZ6EXHuIhkLcfMTMPa0VAh7 AhZPB+YKlx65pDQeVUFlxGBKZqfy5/p/ilYK69lL2YN8HsDmNEFV4tdElZMQIjNc1t1P4N wq3aOJNmolSx1pZu1hMh7dYJ+G3LWX0= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FpmYov1aH1316OEV0hzDWuWRApXC9pzAf5GrPoQwwQE=; b=FgwksLN8aysaSZtwoYOKI1noktDySIqALWEt8eIDOA37kM5+nQFR36VjYWjdvMHSYOiZSB U5qxNgDH42TiixtLjkdrfCsLZMwoMST5/Z7rYYxnjZsSHjJkCwefw8l0CxPmxQpMFrg4wn oNPg94RExuW29qqQXFjSvALdPkpS8gs= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 17/20] kasan: reorder tests Date: Mon, 6 Nov 2023 21:10:26 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Stat-Signature: oitzbt5p47t3baznwbudobf53tbmfjnf X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 296C2C0005 X-HE-Tag: 1699301567-56267 X-HE-Meta: U2FsdGVkX1+QF8+e+/fA49liXPg5a/Lkh8FY4cV3h2baO+oOKJxl8tPPaNlBLDLsEpI+CPYn7Ro47u/njWFAkONzC7pcQ+R+0IMWte3N38UI6/peuPB8sTEAyY8uZuE/WDWjLKzLY8KU3QcJAHGoRTt4lwtm404Rzz3aAux7X0brOyOtfBGyg9DhV0J5Wl/J9I5LFzfrQg8OVgF+1f94Ep/wk/fkwe1jrRmCoJN7lVTQOaWV5oGRew7V5dxKPtu5J4VO3A3rQbxG0B0pMRw7CGifd2nuUkI2TSR8Z09YgK7yCJAqAf8vRdbJXcN+AwUK4CKgKOk9c1DoKz+RQ1TyYA4r7KSNKkcsAQSUnsyw8SGlKYq4bBE8p14WX5SCjSe0vToHOaStVBeif+fzMsajLRgxCQTLAWJsOg4zZ01FSod6Pi9SrAfKVxRxm7EYOphTm+ndVxwyYZfaoeZGKKm6hxjuO6ZUmByvyXDEcfbfQo86VhILhhBh/arja3OPLiaUAjA5sJzJHKWd5Zlh13D/sRaZotlolUI2HX6pvF4TqGihW/jKk8aktFPdaqkpUve8QMcTrC7YbJVJJsMH4r5BrGwpPd0ChU4sAtRMHJNQlgrxeAHObnxVEaCVAnLdRqcZXb/J3U5Rh+ZcGlMAvzj/IfvXnZzrMruRloGH23LxYokVYaWLErRLoDRSsbJZiGcp96Z6FUrwQ2pzZjHbzqIKzTJqKafHR1CJq3aps0n/sZkDIR+uVyqCwYGlkkTXdiMtYD69RrXcDSfhiqNXED+KzjbRaRO1ixr3fFiQPa0ImxiMCGTtGv04VWHLT+Px0S5gXkOp9d7A6da4L1FGyRHozJHQ55I6+pglTT6VPG7TMrO/8Ig7P86oSYPJ5qj40CsUFdzPLG3vKBtwhjCJEUAiIcIFvkJ//6ATk+k538TZuqd07wetnZ6PzyBzArF4XMD6jvOyEzQcz5R2prQEkwG 3Eig5rgx L6SCmJjGcsJPUwXzm8T1mMXjmCxWgT09T39AtjVa9wE0alxTdwOHC31GTQo+J2lDJfHHFH+2jYiI7qHWb0BNa+ZtHEFI7P4KWuke2F8VTVh+9YvLIqG7/6CDHpNgaBNB10rOySJ46UOHPUFbR7fnc1BTEhweFt+tESQS6NzpCfYM+2Qc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Put closely related tests next to each other. No functional changes. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 418 +++++++++++++++++++++--------------------- 1 file changed, 209 insertions(+), 209 deletions(-) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 4ea403653a39..9a1bdd6ca8c4 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -213,6 +213,23 @@ static void kmalloc_node_oob_right(struct kunit *test) kfree(ptr); } +/* + * Check that KASAN detects an out-of-bounds access for a big object allocated + * via kmalloc(). But not as big as to trigger the page_alloc fallback for SLUB. + */ +static void kmalloc_big_oob_right(struct kunit *test) +{ + char *ptr; + size_t size = KMALLOC_MAX_CACHE_SIZE - 256; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + OPTIMIZER_HIDE_VAR(ptr); + KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); + kfree(ptr); +} + /* * The kmalloc_large_* tests below use kmalloc() to allocate a memory chunk * that does not fit into the largest slab cache and therefore is allocated via @@ -299,23 +316,6 @@ static void page_alloc_uaf(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } -/* - * Check that KASAN detects an out-of-bounds access for a big object allocated - * via kmalloc(). But not as big as to trigger the page_alloc fallback for SLUB. - */ -static void kmalloc_big_oob_right(struct kunit *test) -{ - char *ptr; - size_t size = KMALLOC_MAX_CACHE_SIZE - 256; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - OPTIMIZER_HIDE_VAR(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); - kfree(ptr); -} - static void krealloc_more_oob_helper(struct kunit *test, size_t size1, size_t size2) { @@ -698,6 +698,126 @@ static void kmalloc_uaf3(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr1)[8]); } +static void kmalloc_double_kzfree(struct kunit *test) +{ + char *ptr; + size_t size = 16; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + kfree_sensitive(ptr); + KUNIT_EXPECT_KASAN_FAIL(test, kfree_sensitive(ptr)); +} + +/* Check that ksize() does NOT unpoison whole object. */ +static void ksize_unpoisons_memory(struct kunit *test) +{ + char *ptr; + size_t size = 128 - KASAN_GRANULE_SIZE - 5; + size_t real_size; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + real_size = ksize(ptr); + KUNIT_EXPECT_GT(test, real_size, size); + + OPTIMIZER_HIDE_VAR(ptr); + + /* These accesses shouldn't trigger a KASAN report. */ + ptr[0] = 'x'; + ptr[size - 1] = 'x'; + + /* These must trigger a KASAN report. */ + if (IS_ENABLED(CONFIG_KASAN_GENERIC)) + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size + 5]); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size - 1]); + + kfree(ptr); +} + +/* + * Check that a use-after-free is detected by ksize() and via normal accesses + * after it. + */ +static void ksize_uaf(struct kunit *test) +{ + char *ptr; + int size = 128 - KASAN_GRANULE_SIZE; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + kfree(ptr); + + OPTIMIZER_HIDE_VAR(ptr); + KUNIT_EXPECT_KASAN_FAIL(test, ksize(ptr)); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); +} + +/* + * The two tests below check that Generic KASAN prints auxiliary stack traces + * for RCU callbacks and workqueues. The reports need to be inspected manually. + * + * These tests are still enabled for other KASAN modes to make sure that all + * modes report bad accesses in tested scenarios. + */ + +static struct kasan_rcu_info { + int i; + struct rcu_head rcu; +} *global_rcu_ptr; + +static void rcu_uaf_reclaim(struct rcu_head *rp) +{ + struct kasan_rcu_info *fp = + container_of(rp, struct kasan_rcu_info, rcu); + + kfree(fp); + ((volatile struct kasan_rcu_info *)fp)->i; +} + +static void rcu_uaf(struct kunit *test) +{ + struct kasan_rcu_info *ptr; + + ptr = kmalloc(sizeof(struct kasan_rcu_info), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + global_rcu_ptr = rcu_dereference_protected( + (struct kasan_rcu_info __rcu *)ptr, NULL); + + KUNIT_EXPECT_KASAN_FAIL(test, + call_rcu(&global_rcu_ptr->rcu, rcu_uaf_reclaim); + rcu_barrier()); +} + +static void workqueue_uaf_work(struct work_struct *work) +{ + kfree(work); +} + +static void workqueue_uaf(struct kunit *test) +{ + struct workqueue_struct *workqueue; + struct work_struct *work; + + workqueue = create_workqueue("kasan_workqueue_test"); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, workqueue); + + work = kmalloc(sizeof(struct work_struct), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, work); + + INIT_WORK(work, workqueue_uaf_work); + queue_work(workqueue, work); + destroy_workqueue(workqueue); + + KUNIT_EXPECT_KASAN_FAIL(test, + ((volatile struct work_struct *)work)->data); +} + static void kfree_via_page(struct kunit *test) { char *ptr; @@ -748,6 +868,69 @@ static void kmem_cache_oob(struct kunit *test) kmem_cache_destroy(cache); } +static void kmem_cache_double_free(struct kunit *test) +{ + char *p; + size_t size = 200; + struct kmem_cache *cache; + + cache = kmem_cache_create("test_cache", size, 0, 0, NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + + p = kmem_cache_alloc(cache, GFP_KERNEL); + if (!p) { + kunit_err(test, "Allocation failed: %s\n", __func__); + kmem_cache_destroy(cache); + return; + } + + kmem_cache_free(cache, p); + KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p)); + kmem_cache_destroy(cache); +} + +static void kmem_cache_invalid_free(struct kunit *test) +{ + char *p; + size_t size = 200; + struct kmem_cache *cache; + + cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU, + NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + + p = kmem_cache_alloc(cache, GFP_KERNEL); + if (!p) { + kunit_err(test, "Allocation failed: %s\n", __func__); + kmem_cache_destroy(cache); + return; + } + + /* Trigger invalid free, the object doesn't get freed. */ + KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1)); + + /* + * Properly free the object to prevent the "Objects remaining in + * test_cache on __kmem_cache_shutdown" BUG failure. + */ + kmem_cache_free(cache, p); + + kmem_cache_destroy(cache); +} + +static void empty_cache_ctor(void *object) { } + +static void kmem_cache_double_destroy(struct kunit *test) +{ + struct kmem_cache *cache; + + /* Provide a constructor to prevent cache merging. */ + cache = kmem_cache_create("test_cache", 200, 0, 0, empty_cache_ctor); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + kmem_cache_destroy(cache); + KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_destroy(cache)); +} + static void kmem_cache_accounted(struct kunit *test) { int i; @@ -1151,53 +1334,6 @@ static void kasan_global_oob_left(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p); } -/* Check that ksize() does NOT unpoison whole object. */ -static void ksize_unpoisons_memory(struct kunit *test) -{ - char *ptr; - size_t size = 128 - KASAN_GRANULE_SIZE - 5; - size_t real_size; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - real_size = ksize(ptr); - KUNIT_EXPECT_GT(test, real_size, size); - - OPTIMIZER_HIDE_VAR(ptr); - - /* These accesses shouldn't trigger a KASAN report. */ - ptr[0] = 'x'; - ptr[size - 1] = 'x'; - - /* These must trigger a KASAN report. */ - if (IS_ENABLED(CONFIG_KASAN_GENERIC)) - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size + 5]); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size - 1]); - - kfree(ptr); -} - -/* - * Check that a use-after-free is detected by ksize() and via normal accesses - * after it. - */ -static void ksize_uaf(struct kunit *test) -{ - char *ptr; - int size = 128 - KASAN_GRANULE_SIZE; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - kfree(ptr); - - OPTIMIZER_HIDE_VAR(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ksize(ptr)); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); -} - static void kasan_stack_oob(struct kunit *test) { char stack_array[10]; @@ -1240,69 +1376,6 @@ static void kasan_alloca_oob_right(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p); } -static void kmem_cache_double_free(struct kunit *test) -{ - char *p; - size_t size = 200; - struct kmem_cache *cache; - - cache = kmem_cache_create("test_cache", size, 0, 0, NULL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); - - p = kmem_cache_alloc(cache, GFP_KERNEL); - if (!p) { - kunit_err(test, "Allocation failed: %s\n", __func__); - kmem_cache_destroy(cache); - return; - } - - kmem_cache_free(cache, p); - KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p)); - kmem_cache_destroy(cache); -} - -static void kmem_cache_invalid_free(struct kunit *test) -{ - char *p; - size_t size = 200; - struct kmem_cache *cache; - - cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU, - NULL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); - - p = kmem_cache_alloc(cache, GFP_KERNEL); - if (!p) { - kunit_err(test, "Allocation failed: %s\n", __func__); - kmem_cache_destroy(cache); - return; - } - - /* Trigger invalid free, the object doesn't get freed. */ - KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1)); - - /* - * Properly free the object to prevent the "Objects remaining in - * test_cache on __kmem_cache_shutdown" BUG failure. - */ - kmem_cache_free(cache, p); - - kmem_cache_destroy(cache); -} - -static void empty_cache_ctor(void *object) { } - -static void kmem_cache_double_destroy(struct kunit *test) -{ - struct kmem_cache *cache; - - /* Provide a constructor to prevent cache merging. */ - cache = kmem_cache_create("test_cache", 200, 0, 0, empty_cache_ctor); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); - kmem_cache_destroy(cache); - KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_destroy(cache)); -} - static void kasan_memchr(struct kunit *test) { char *ptr; @@ -1464,79 +1537,6 @@ static void kasan_bitops_tags(struct kunit *test) kfree(bits); } -static void kmalloc_double_kzfree(struct kunit *test) -{ - char *ptr; - size_t size = 16; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - kfree_sensitive(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, kfree_sensitive(ptr)); -} - -/* - * The two tests below check that Generic KASAN prints auxiliary stack traces - * for RCU callbacks and workqueues. The reports need to be inspected manually. - * - * These tests are still enabled for other KASAN modes to make sure that all - * modes report bad accesses in tested scenarios. - */ - -static struct kasan_rcu_info { - int i; - struct rcu_head rcu; -} *global_rcu_ptr; - -static void rcu_uaf_reclaim(struct rcu_head *rp) -{ - struct kasan_rcu_info *fp = - container_of(rp, struct kasan_rcu_info, rcu); - - kfree(fp); - ((volatile struct kasan_rcu_info *)fp)->i; -} - -static void rcu_uaf(struct kunit *test) -{ - struct kasan_rcu_info *ptr; - - ptr = kmalloc(sizeof(struct kasan_rcu_info), GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - global_rcu_ptr = rcu_dereference_protected( - (struct kasan_rcu_info __rcu *)ptr, NULL); - - KUNIT_EXPECT_KASAN_FAIL(test, - call_rcu(&global_rcu_ptr->rcu, rcu_uaf_reclaim); - rcu_barrier()); -} - -static void workqueue_uaf_work(struct work_struct *work) -{ - kfree(work); -} - -static void workqueue_uaf(struct kunit *test) -{ - struct workqueue_struct *workqueue; - struct work_struct *work; - - workqueue = create_workqueue("kasan_workqueue_test"); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, workqueue); - - work = kmalloc(sizeof(struct work_struct), GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, work); - - INIT_WORK(work, workqueue_uaf_work); - queue_work(workqueue, work); - destroy_workqueue(workqueue); - - KUNIT_EXPECT_KASAN_FAIL(test, - ((volatile struct work_struct *)work)->data); -} - static void vmalloc_helpers_tags(struct kunit *test) { void *ptr; @@ -1823,12 +1823,12 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmalloc_oob_right), KUNIT_CASE(kmalloc_oob_left), KUNIT_CASE(kmalloc_node_oob_right), + KUNIT_CASE(kmalloc_big_oob_right), KUNIT_CASE(kmalloc_large_oob_right), KUNIT_CASE(kmalloc_large_uaf), KUNIT_CASE(kmalloc_large_invalid_free), KUNIT_CASE(page_alloc_oob_right), KUNIT_CASE(page_alloc_uaf), - KUNIT_CASE(kmalloc_big_oob_right), KUNIT_CASE(krealloc_more_oob), KUNIT_CASE(krealloc_less_oob), KUNIT_CASE(krealloc_large_more_oob), @@ -1847,9 +1847,17 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmalloc_uaf_memset), KUNIT_CASE(kmalloc_uaf2), KUNIT_CASE(kmalloc_uaf3), + KUNIT_CASE(kmalloc_double_kzfree), + KUNIT_CASE(ksize_unpoisons_memory), + KUNIT_CASE(ksize_uaf), + KUNIT_CASE(rcu_uaf), + KUNIT_CASE(workqueue_uaf), KUNIT_CASE(kfree_via_page), KUNIT_CASE(kfree_via_phys), KUNIT_CASE(kmem_cache_oob), + KUNIT_CASE(kmem_cache_double_free), + KUNIT_CASE(kmem_cache_invalid_free), + KUNIT_CASE(kmem_cache_double_destroy), KUNIT_CASE(kmem_cache_accounted), KUNIT_CASE(kmem_cache_bulk), KUNIT_CASE(mempool_kmalloc_oob_right), @@ -1869,19 +1877,11 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kasan_stack_oob), KUNIT_CASE(kasan_alloca_oob_left), KUNIT_CASE(kasan_alloca_oob_right), - KUNIT_CASE(ksize_unpoisons_memory), - KUNIT_CASE(ksize_uaf), - KUNIT_CASE(kmem_cache_double_free), - KUNIT_CASE(kmem_cache_invalid_free), - KUNIT_CASE(kmem_cache_double_destroy), KUNIT_CASE(kasan_memchr), KUNIT_CASE(kasan_memcmp), KUNIT_CASE(kasan_strings), KUNIT_CASE(kasan_bitops_generic), KUNIT_CASE(kasan_bitops_tags), - KUNIT_CASE(kmalloc_double_kzfree), - KUNIT_CASE(rcu_uaf), - KUNIT_CASE(workqueue_uaf), KUNIT_CASE(vmalloc_helpers_tags), KUNIT_CASE(vmalloc_oob), KUNIT_CASE(vmap_tags), From patchwork Mon Nov 6 20:10:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447466 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A4C1C4332F for ; Mon, 6 Nov 2023 20:13:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 17B646B02AE; Mon, 6 Nov 2023 15:13:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 12CFD6B02AF; Mon, 6 Nov 2023 15:13:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F35BE6B02B0; Mon, 6 Nov 2023 15:13:53 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id E41906B02AE for ; Mon, 6 Nov 2023 15:13:53 -0500 (EST) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id C325D80924 for ; Mon, 6 Nov 2023 20:13:53 +0000 (UTC) X-FDA: 81428630346.25.9363E10 Received: from out-180.mta0.migadu.com (out-180.mta0.migadu.com [91.218.175.180]) by imf09.hostedemail.com (Postfix) with ESMTP id 04F00140020 for ; Mon, 6 Nov 2023 20:13:51 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="gW/TzhDf"; spf=pass (imf09.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.180 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301632; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FAC2S7cvKWC0F44BA8JFK/nUEMkMZjl2M4MUzuWuDcc=; b=TQma8zyUGTM+oUBQYlrlYEFE7psucUvLjiIoMYza+YlCTMs9oJHCQiPpRup5vDqs+w6nHY CqFj8Cdmq/23CIrA34QGdPVASxV/sF3IRyw+EcvHUAw+DO3dDPET4XxmQzThXmxs5rkL2h 4jHotAvMR8CkOPbabxMUhmSPV3iSY+0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301632; a=rsa-sha256; cv=none; b=TOKe+PK5Pc1dH73RWkMPJ+SKnYrcUwA8Ys436vbwMKrqmUH+zKLSA/KncLXbrAW58S7T6x 4CyhRts/eg7Y1/xWXWBbNpb/Xu2k7kzbtil6GBSASreFTdfSsfxc+D4olbzZYG/innuXr0 wIFsulTosd3S52IY/a30sEZGZWe/jSY= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="gW/TzhDf"; spf=pass (imf09.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.180 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FAC2S7cvKWC0F44BA8JFK/nUEMkMZjl2M4MUzuWuDcc=; b=gW/TzhDfZHPF/6G1OrNDQlLOWzEZX/fdM1cYbnvPQJyE+kylQJLDKf+bdGnEZPKJYJFBTJ 4QEyp11eHyzBaGYnGOiz5gn3Q6Jl2PEmI90MIeHA3Z1ZMwOIDu2AEjJhNEEem2iCH7tksZ EO/mX3B4YVf6+hMEYQMPvEmF3YvoFx4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 18/20] kasan: rename and document kasan_(un)poison_object_data Date: Mon, 6 Nov 2023 21:10:27 +0100 Message-Id: <1128fd5cf1051270bc7e5978479a983a918626f5.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 04F00140020 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: guemodgu4crg9mnj98bighe188wjpn3u X-HE-Tag: 1699301631-161589 X-HE-Meta: U2FsdGVkX1+4cjYUI1tZD0x7AruM+kzID9he4ZNxtM3mP1APNHyaGS68gbzBEW5WoOImw8We//sr7M4fqYuMUu8gp0pAQwwzl8NU8DJuKd98TSThSrbMd7UB+0UuxNeReUf9QeNexMyKLgXDcwgbSH1CJGr7gWFlF1rL0uWtLqIsTg3GRDRCaPANWPs/PJww4YmWsjjimo9qTU6kKcmBGzbe+7W7JPEFxJsTHlvY0iPG4Xri+nsVS2VMYVmvPhsuw+ySx6v2LW7AwD63PD2O590Qs/OEpaGmecWwB/o5heO1oFA7iO8VTpmHutefNTUBSOFRKnKGtOKcTfJVrN3O4qTiQAUCAWdzuYUw70rQBbQMTv3nfSCrHRySEWloZEAZhykwKw4WLbwqyr48NuTltJN9mHZaN4tDdkdJdTI8hdFRYri3uZs9tO77aLeei9ZL1Fq0dw7EzubUzahFEZS5U8/iajZ1VsgkCPAchvIAGpSTZ5NDcZtPd8v4sgT5wC28S0btaAa5YJ2p3L+7QnzeVaVBsalF9hHmo2W4/VtUSeP4QaSDIeXeSVaRpnnjNt1wFqbmCEtYC9jreispWqVpQbeberc1CuuI3tlwHsXOO7saOPVgOK+w7iATbNiq1MNmXB6Bny5+C91u8BMOLckMdqem9OpXfj2ETNuHTsoR8c/ZDU/71J9DkGIyENu1Rlo+7eLyp4uNsz+C/h0bn7uAcJpb9TVgpas4hMSujdg58cAtsGvV9rVAFPK+HD+yjDJAUDaJcBh6tYo1DoAuNH782p8bk1hiotZHegOiyRWotoc8ZLKcGtUHfuQ/3lJ7m5koMPrpZ9YyZ80NP8sP9PKz6neVTWzfBNqnCIOFRLd/3Vk0fz0aLEXg1jWwu1qPFsC3nXDvVkkSDqnCKevG5joADfs/YMEXG7Tjdaq99XRs1sepVVjGp8zFNKLeJFY197QalbXKngCZG+JWWyjqKFm 1PCav9fY 8CHfggGOwfMVfuH5u1qpDceH2TsC++LVqy0T96Ee0Ku43nxYagPynbcoZ/y7eSnIXPc6NAQg3de9bvecQr9gUwRZcBOR6Y1H9UsN+mCsnrz98X3IY6NOxAfPp7U7quz98/lOKdhNc4QI567BC6yUKAycsoab2YuXU3X7cDkPw+SC6v0aD4ipDAZ3sLjqObxfFyamZQETWXFrC+IjTDTylHqPQMpI0//LxyBd1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Rename kasan_unpoison_object_data to kasan_unpoison_new_object and add a documentation comment. Do the same for kasan_poison_object_data. The new names and the comments should suggest the users that these hooks are intended for internal use by the slab allocator. The following patch will remove non-slab-internal uses of these hooks. No functional changes. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 35 +++++++++++++++++++++++++++-------- mm/kasan/common.c | 4 ++-- mm/slab.c | 10 ++++------ mm/slub.c | 4 ++-- net/core/skbuff.c | 8 ++++---- 5 files changed, 39 insertions(+), 22 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 7392c5d89b92..d49e3d4c099e 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -129,20 +129,39 @@ static __always_inline void kasan_poison_slab(struct slab *slab) __kasan_poison_slab(slab); } -void __kasan_unpoison_object_data(struct kmem_cache *cache, void *object); -static __always_inline void kasan_unpoison_object_data(struct kmem_cache *cache, +void __kasan_unpoison_new_object(struct kmem_cache *cache, void *object); +/** + * kasan_unpoison_new_object - Temporarily unpoison a new slab object. + * @cache: Cache the object belong to. + * @object: Pointer to the object. + * + * This function is intended for the slab allocator's internal use. It + * temporarily unpoisons an object from a newly allocated slab without doing + * anything else. The object must later be repoisoned by + * kasan_poison_new_object(). + */ +static __always_inline void kasan_unpoison_new_object(struct kmem_cache *cache, void *object) { if (kasan_enabled()) - __kasan_unpoison_object_data(cache, object); + __kasan_unpoison_new_object(cache, object); } -void __kasan_poison_object_data(struct kmem_cache *cache, void *object); -static __always_inline void kasan_poison_object_data(struct kmem_cache *cache, +void __kasan_poison_new_object(struct kmem_cache *cache, void *object); +/** + * kasan_unpoison_new_object - Repoison a new slab object. + * @cache: Cache the object belong to. + * @object: Pointer to the object. + * + * This function is intended for the slab allocator's internal use. It + * repoisons an object that was previously unpoisoned by + * kasan_unpoison_new_object() without doing anything else. + */ +static __always_inline void kasan_poison_new_object(struct kmem_cache *cache, void *object) { if (kasan_enabled()) - __kasan_poison_object_data(cache, object); + __kasan_poison_new_object(cache, object); } void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache, @@ -342,9 +361,9 @@ static inline bool kasan_unpoison_pages(struct page *page, unsigned int order, return false; } static inline void kasan_poison_slab(struct slab *slab) {} -static inline void kasan_unpoison_object_data(struct kmem_cache *cache, +static inline void kasan_unpoison_new_object(struct kmem_cache *cache, void *object) {} -static inline void kasan_poison_object_data(struct kmem_cache *cache, +static inline void kasan_poison_new_object(struct kmem_cache *cache, void *object) {} static inline void *kasan_init_slab_obj(struct kmem_cache *cache, const void *object) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 65850d37fd27..9f11be6b00a8 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -133,12 +133,12 @@ void __kasan_poison_slab(struct slab *slab) KASAN_SLAB_REDZONE, false); } -void __kasan_unpoison_object_data(struct kmem_cache *cache, void *object) +void __kasan_unpoison_new_object(struct kmem_cache *cache, void *object) { kasan_unpoison(object, cache->object_size, false); } -void __kasan_poison_object_data(struct kmem_cache *cache, void *object) +void __kasan_poison_new_object(struct kmem_cache *cache, void *object) { kasan_poison(object, round_up(cache->object_size, KASAN_GRANULE_SIZE), KASAN_SLAB_REDZONE, false); diff --git a/mm/slab.c b/mm/slab.c index 9ad3d0f2d1a5..773c79e153f3 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -2327,11 +2327,9 @@ static void cache_init_objs_debug(struct kmem_cache *cachep, struct slab *slab) * They must also be threaded. */ if (cachep->ctor && !(cachep->flags & SLAB_POISON)) { - kasan_unpoison_object_data(cachep, - objp + obj_offset(cachep)); + kasan_unpoison_new_object(cachep, objp + obj_offset(cachep)); cachep->ctor(objp + obj_offset(cachep)); - kasan_poison_object_data( - cachep, objp + obj_offset(cachep)); + kasan_poison_new_object(cachep, objp + obj_offset(cachep)); } if (cachep->flags & SLAB_RED_ZONE) { @@ -2472,9 +2470,9 @@ static void cache_init_objs(struct kmem_cache *cachep, /* constructor could break poison info */ if (DEBUG == 0 && cachep->ctor) { - kasan_unpoison_object_data(cachep, objp); + kasan_unpoison_new_object(cachep, objp); cachep->ctor(objp); - kasan_poison_object_data(cachep, objp); + kasan_poison_new_object(cachep, objp); } if (!shuffled) diff --git a/mm/slub.c b/mm/slub.c index 63d281dfacdb..973f091ec5d1 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1849,9 +1849,9 @@ static void *setup_object(struct kmem_cache *s, void *object) setup_object_debug(s, object); object = kasan_init_slab_obj(s, object); if (unlikely(s->ctor)) { - kasan_unpoison_object_data(s, object); + kasan_unpoison_new_object(s, object); s->ctor(object); - kasan_poison_object_data(s, object); + kasan_poison_new_object(s, object); } return object; } diff --git a/net/core/skbuff.c b/net/core/skbuff.c index b157efea5dea..63bb6526399d 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -337,7 +337,7 @@ static struct sk_buff *napi_skb_cache_get(void) } skb = nc->skb_cache[--nc->skb_count]; - kasan_unpoison_object_data(skbuff_cache, skb); + kasan_unpoison_new_object(skbuff_cache, skb); return skb; } @@ -1309,13 +1309,13 @@ static void napi_skb_cache_put(struct sk_buff *skb) struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); u32 i; - kasan_poison_object_data(skbuff_cache, skb); + kasan_poison_new_object(skbuff_cache, skb); nc->skb_cache[nc->skb_count++] = skb; if (unlikely(nc->skb_count == NAPI_SKB_CACHE_SIZE)) { for (i = NAPI_SKB_CACHE_HALF; i < NAPI_SKB_CACHE_SIZE; i++) - kasan_unpoison_object_data(skbuff_cache, - nc->skb_cache[i]); + kasan_unpoison_new_object(skbuff_cache, + nc->skb_cache[i]); kmem_cache_free_bulk(skbuff_cache, NAPI_SKB_CACHE_HALF, nc->skb_cache + NAPI_SKB_CACHE_HALF); From patchwork Mon Nov 6 20:10:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447467 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8735BC4167D for ; Mon, 6 Nov 2023 20:13:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6FB3E6B02AF; Mon, 6 Nov 2023 15:13:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 683036B02B0; Mon, 6 Nov 2023 15:13:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 571596B02B1; Mon, 6 Nov 2023 15:13:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 489BF6B02AF for ; Mon, 6 Nov 2023 15:13:54 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 03537140874 for ; Mon, 6 Nov 2023 20:13:53 +0000 (UTC) X-FDA: 81428630388.20.DE3E617 Received: from out-179.mta0.migadu.com (out-179.mta0.migadu.com [91.218.175.179]) by imf02.hostedemail.com (Postfix) with ESMTP id 0C7918000A for ; Mon, 6 Nov 2023 20:13:51 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="cb/DYhw0"; spf=pass (imf02.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.179 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301632; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=e29xpsueqsta+pB4dpMwNezQWpITpFZrOcR7dgpqXnM=; b=p66tCInNvS9tktb4P3eBLSB8l14WavLt4Sy6JmshMAA5zetgtf5HfzdVT2gNxcZE6lDyRv TCDN/S/o/PjJVfbJkaakGW70oi8FxrnF3+LBFBuUW+nb7xtzD94b24r4NW89SJbyTmjine xUmFEkBHSb4RX0KSxXFm2dDCe2Za744= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301632; a=rsa-sha256; cv=none; b=2Kjmqhojvff8fg6dAtCO4iqcwiPG/YMw8O0KR3+FXFNhpcVtBCSKCXCTeKIolCB6dBBNoF +XUsbagbFKvaHYE0kfYPgFVQ4m//aic/Hj1+ImbqrosWG0QjYMcrq5foEqC4l2MrJ2R6tM ohJJUWKpwF/a4g6f+670i6TruA/7+8k= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b="cb/DYhw0"; spf=pass (imf02.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.179 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301630; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e29xpsueqsta+pB4dpMwNezQWpITpFZrOcR7dgpqXnM=; b=cb/DYhw0AcKTI1pVz3p5Uc8ghHAi9yPw0pCvEZBvaYr82je3xMtKhMD9iTFLNv661L48Eq HUw3/4UfBzgyqKFgTfXOU3WP5GDlN3MF7k6C82pIbPfG6hYKtEzn5y09GxVAaKf1nIbuQV MZc8fQIvmv/Ni7E4wK5ggRDzTvGHEZ0= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 19/20] skbuff: use mempool KASAN hooks Date: Mon, 6 Nov 2023 21:10:28 +0100 Message-Id: <13e15a27958e63070970ca4d7bb52c8c156bfa02.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 0C7918000A X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: dt1r7ud77496j7ymh4waqxp17ori1sec X-HE-Tag: 1699301631-949167 X-HE-Meta: U2FsdGVkX1+/bFTO7y7/3TqoyR+itQceeczYw437n1Q652pf/cGtk0uFaWCUyr6FdEpoE4eqUC2MguRZTw/kjrapkiVYCrelJDLGHll/CT3YCKKwQ7XWfA8daOLgxWPTNWuOib6a8AqdYwXq3sYTAgvkLTxfr6Gi+LPpC2IyqH1WDQb88mtFSWuhtNMCQa8yASBMFRZhUzatgnugT41XFnJN+nmSTlZFrM9RNZDY/YMNQtnKNa3rCQE+u17537uWW02hy0m9IagGjfGfFo47xaW6wT7m3rudx4uO8Dw5QmoRWJ7U/rhv6esRor1R2B0dvKrMbO4imIy7J//PseJPl2OeTp6AFX6pwLmllLbfSRMTUvjsgJspamU+syjnbv3wt2cNyMf99AcNn1MGfbC4+PtdH5dm3VIifQil2PL5t7f2mKWenhwatyLcmuEBOCqs6aY5UuF2ijB+d4VTmpuTgqKWkNnk1sJhNW8nod8jiCNdWSXZEKXlKAo9ls4Yu95ZtqIyVa4SWK+gFxDWQSUztRw8I2U3GWeWOX+80o86Lwxsysuc+l/RMuU3dV/upZoVmc+pRNW3ctGzSWmsRcSp2NbyiAQSE6IccTFdFGuATRcIKStlI+4SpmT4C0ykgYeqfdPmVGXqDr7lHcw4q4v8wboYQrSsehrmxlXbrJhH5zAOB2fr+XjQZ0pDM6cxF12naJfBGqmLC7WYFhytQK9KAtN6K59MGE7rTWcsz2ltmGHnfZCAH37xN9Ak6hhPR5+/C2+gG2EicLXb8nml9Sb+6dDFGCaOuy4FMc8xEEcJ1fwVm8cLJeN6MxM6wHS2SEApsrGNX+vuvVs38wdHvOdyJwS4w24iK7X4ytQmjIE+EHnZqufSV8M6CCHEVDPlzHtfj+7YSIYx+/epBPXPbABC9X6RLu+H/8IppoSZWMSLIB0noSba94TiC9PQ0H1f+ixTKv0MvlixQfMOrDaQSom Z1sTBcvp xdQImRF6VF8bVB5U5DzgQxr79CsmI/dGbzExZLaw6ZyV/O4bCQrnyBICpH9T+Of/96PUOgNL3JjEdjPvFceVe3pmfaIsdkzyLcYh0rmGoKca8TvYCr6G5WwkSZHb8IHsaWKiaXuKKwIHp6dtZEx/Wqpx4cm4FqI+OHkel0ASPPumer0KccpStj6zjY01k+q6JMuytBXeey1TTPcQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Instead of using slab-internal KASAN hooks for poisoning and unpoisoning cached objects, use the proper mempool KASAN hooks. Also check the return value of kasan_mempool_poison_object to prevent double-free and invali-free bugs. Signed-off-by: Andrey Konovalov --- net/core/skbuff.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 63bb6526399d..bb75b4272992 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -337,7 +337,7 @@ static struct sk_buff *napi_skb_cache_get(void) } skb = nc->skb_cache[--nc->skb_count]; - kasan_unpoison_new_object(skbuff_cache, skb); + kasan_mempool_unpoison_object(skb, kmem_cache_size(skbuff_cache)); return skb; } @@ -1309,13 +1309,15 @@ static void napi_skb_cache_put(struct sk_buff *skb) struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); u32 i; - kasan_poison_new_object(skbuff_cache, skb); + if (!kasan_mempool_poison_object(skb)) + return; + nc->skb_cache[nc->skb_count++] = skb; if (unlikely(nc->skb_count == NAPI_SKB_CACHE_SIZE)) { for (i = NAPI_SKB_CACHE_HALF; i < NAPI_SKB_CACHE_SIZE; i++) - kasan_unpoison_new_object(skbuff_cache, - nc->skb_cache[i]); + kasan_mempool_unpoison_object(nc->skb_cache[i], + kmem_cache_size(skbuff_cache)); kmem_cache_free_bulk(skbuff_cache, NAPI_SKB_CACHE_HALF, nc->skb_cache + NAPI_SKB_CACHE_HALF); From patchwork Mon Nov 6 20:10:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13447468 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 424EDC4167B for ; Mon, 6 Nov 2023 20:13:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DFECB6B02B0; Mon, 6 Nov 2023 15:13:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id DAEFC6B02B1; Mon, 6 Nov 2023 15:13:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C00696B02B2; Mon, 6 Nov 2023 15:13:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id B1B216B02B0 for ; Mon, 6 Nov 2023 15:13:54 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 92A9E4089D for ; Mon, 6 Nov 2023 20:13:54 +0000 (UTC) X-FDA: 81428630388.16.EC16296 Received: from out-173.mta0.migadu.com (out-173.mta0.migadu.com [91.218.175.173]) by imf08.hostedemail.com (Postfix) with ESMTP id 99F30160005 for ; Mon, 6 Nov 2023 20:13:52 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=VvwPI2ke; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf08.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.173 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699301632; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EPGVjwO+qP/d7FcuwPK2D6CcDKWjvT42oG4AsVrb0Go=; b=SRPW4ANKlAwghIs+KtbbXxHGW3dzd8C1UqesWi5h771XeoC5dh+H9KdzEwQVfcP0+9lIEH LihWrHpRDF1POSJVax1lvzwmZ5O3uIqiW8ILj3vNBAlNgPiEYUXyqw/7lq3xc8ja+Qdr+R 85HXNCMK4ceG9fZbeCiMMxhS4OcQ2Zs= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=VvwPI2ke; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf08.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.173 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699301632; a=rsa-sha256; cv=none; b=6zsedj6RAMQv716tuWT+GKuZOdVy/XtQ0K+b4e2kgWNvfr/7T9tw0oQA0E3bWQ8wuPh9si 30BS7jPqjyP1uC0Y9tFEcR5OxEX4GQVP3VSeiSEb9bmC/vzr0d8wIuJNUkKM6gz+LUlfrk 2j2AC/ZXeeRi7MHyxCwmtW3a/rW9XQI= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301631; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EPGVjwO+qP/d7FcuwPK2D6CcDKWjvT42oG4AsVrb0Go=; b=VvwPI2keLXzkzqlZ3FnvGVKGg5TiKAVIbhEfe4q4zBpcT7eCPN3B9NQON+ibMnBGElwnGf eWdKn2N728sPwjXJ2GuPBYYG5XnlY5BH2yy4FnLjIp2Sa6KToE0S7E2SFjTIoYB0IY5KEk KahIGvyWN2K+2fQ0a2nUKxfLXrFjdms= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 20/20] io_uring: use mempool KASAN hook Date: Mon, 6 Nov 2023 21:10:29 +0100 Message-Id: <4f2fc546ce7b494c99c08e282c4d697d6dd58a8f.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 99F30160005 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: ttqu6yw8nqstcnte4ff35frje1amkmr7 X-HE-Tag: 1699301632-197147 X-HE-Meta: U2FsdGVkX1/KKlMdkN1rKACWk/o/rI4TaqOkCE7hF+uf3/y9pWX2+IqVG0GVr8PSAcHYxhEAN8aBGoVuQj+iCwoL5py5R3GwTRVSCMFGM7x2pLBMFtVzaZjmzzW0xEJ7Yd1Qm/yzHU+dTezmCbrjflwe+6pJKARPYeVU00VltzoshX8KLFbohGbsFLM5O15vPpf/Ro5qidMLRrmrr+uKJtjdiHD8on2bsch49ibIZDB4u9MRySVyeGlPTP8qHNKi21lQQfxFNJY2HB3W7PYRyS+7aUueqt9E50jRkdZVT/oGSZkV08+upopPsXqE7Q/XX6sKX3aa8NfV+PYbZRji7MEYHY/t/hGzZpjaEbtyq6Yjo54AnDO+gRVVu4G35F6Zrq36aFi++audV67z8CeLbtIE3ypmbDCKOtqi0pbtgDrjbPVIcmbqbiu/awmK4FnDnL/yzloYkWy7WjcppxygItiXH/B7VUYyHA/+dbndtM6wDx3bwC3xs1/V/waNGvF26+FFnuZCazwHXOzY1Xue+gEOvuz1Gy61F+35T/tLvBL39Zx5CVFtoNiEVhZuRYrC3rXdCWmoRLpE9RegEEKQJjczlXIOkhpTfM+qaxedBfAOG1Us1trqB15u6ID01cDTP332UkBxkZrIMaSkFAVnEmOnLMWlB6z7lgJuX1d6bWzNhFWgcFBYGY1peM7+vqX57HFOh+/sGR+7DHSm21IIRgZB1ZQX8/kdOVIjVA87xaqUYTsTIpvEg54yGm65ZYP0WcDoEqDmKxdlwG8zWWajIFXZsFvP4vnKD1qKuZmIho7iwTQLNDMyvfo9968p6aAmF9RLOg2u/GYbY1S8nXJdRWfISmXIsN5O9YYF4ox/LnuIq9ePCFK3jYU3YlbRhKMK4Hhj3oz51Vdr+8Mg0tQiU/72ZPY7+SGC6hAyC8Cw9ZSFS8dQqYIyoW0nuRpHsbG94vjWw2rpGaTWN2KXRDK ZMOzBFEC xEGsarN0+6+WAPF38/hd+RI0NJuCroeMQGHH1ECjccCQNBTRd5qpIxklWs2spn2WYD6kuCtETeqZ4hvPbR78dO/18hMwwDrPXBGOy1kBECZz71YhoaoG0pCobr33auUvocdgW4fL9bg5if/QdqYz0n+/Q++9LAK7q4yTsHn8/MKs7Xln79Dv4qieSLTQ08XrfYIZmj2R/FgSQL/L0tioa2GxtZ6NnuY7aaMhD X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Use the proper kasan_mempool_unpoison_object hook for unpoisoning cached objects. A future change might also update io_uring to check the return value of kasan_mempool_poison_object to prevent double-free and invalid-free bugs. This proves to be non-trivial with the current way io_uring caches objects, so this is left out-of-scope of this series. Signed-off-by: Andrey Konovalov --- io_uring/alloc_cache.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/io_uring/alloc_cache.h b/io_uring/alloc_cache.h index 8de0414e8efe..bf2fb26a6539 100644 --- a/io_uring/alloc_cache.h +++ b/io_uring/alloc_cache.h @@ -33,7 +33,7 @@ static inline struct io_cache_entry *io_alloc_cache_get(struct io_alloc_cache *c struct io_cache_entry *entry; entry = container_of(cache->list.next, struct io_cache_entry, node); - kasan_unpoison_range(entry, cache->elem_size); + kasan_mempool_unpoison_object(entry, cache->elem_size); cache->list.next = cache->list.next->next; cache->nr_cached--; return entry;