[21/32] kasan: simplify invalid-free reporting

Message ID	f7f5cfc5eb8f1a1f849665641b9dd2cfb4a62c3c.1655150842.git.andreyknvl@google.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: andrey.konovalov@linux.dev To: Marco Elver <elver@google.com>, Alexander Potapenko <glider@google.com> Cc: Andrey Konovalov <andreyknvl@gmail.com>, Dmitry Vyukov <dvyukov@google.com>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, kasan-dev@googlegroups.com, Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com>, Florian Mayer <fmayer@google.com>, Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH 21/32] kasan: simplify invalid-free reporting Date: Mon, 13 Jun 2022 22:14:12 +0200 Message-Id: <f7f5cfc5eb8f1a1f849665641b9dd2cfb4a62c3c.1655150842.git.andreyknvl@google.com> In-Reply-To: <cover.1655150842.git.andreyknvl@google.com> References: <cover.1655150842.git.andreyknvl@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	kasan: switch tag-based modes to stack ring from per-object metadata \| expand [00/32] kasan: switch tag-based modes to stack ring from per-object metadata [01/32] kasan: check KASAN_NO_FREE_META in __kasan_metadata_size [02/32] kasan: rename kasan_set__info to kasan_save__info [03/32] kasan: move is_kmalloc check out of save_alloc_info [04/32] kasan: split save_alloc_info implementations [05/32] kasan: drop CONFIG_KASAN_TAGS_IDENTIFY [06/32] kasan: introduce kasan_print_aux_stacks [07/32] kasan: introduce kasan_get_alloc_track [08/32] kasan: introduce kasan_init_object_meta [09/32] kasan: clear metadata functions for tag-based modes [10/32] kasan: move kasan_get_*_meta to generic.c [11/32] kasan: introduce kasan_requires_meta [12/32] kasan: introduce kasan_init_cache_meta [13/32] kasan: drop CONFIG_KASAN_GENERIC check from kasan_init_cache_meta [14/32] kasan: only define kasan_metadata_size for Generic mode [15/32] kasan: only define kasan_never_merge for Generic mode [16/32] kasan: only define metadata offsets for Generic mode [17/32] kasan: only define metadata structs for Generic mode [18/32] kasan: only define kasan_cache_create for Generic mode [19/32] kasan: pass tagged pointers to kasan_save_alloc/free_info [20/32] kasan: move kasan_get_alloc/free_track definitions [21/32] kasan: simplify invalid-free reporting [22/32] kasan: cosmetic changes in report.c [23/32] kasan: use kasan_addr_to_slab in print_address_description [24/32] kasan: move kasan_addr_to_slab to common.c [25/32] kasan: make kasan_addr_to_page static [26/32] kasan: simplify print_report [27/32] kasan: introduce complete_report_info [28/32] kasan: fill in cache and object in complete_report_info [29/32] kasan: rework function arguments in report.c [30/32] kasan: introduce kasan_complete_mode_report_info [31/32] kasan: implement stack ring for tag-based modes [32/32] kasan: better identify bug types for tag-based modes

Message ID

f7f5cfc5eb8f1a1f849665641b9dd2cfb4a62c3c.1655150842.git.andreyknvl@google.com (mailing list archive)

State

New

Headers

From: andrey.konovalov@linux.dev
To: Marco Elver <elver@google.com>,
	Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Andrey Ryabinin <ryabinin.a.a@gmail.com>,
	kasan-dev@googlegroups.com,
	Peter Collingbourne <pcc@google.com>,
	Evgenii Stepanov <eugenis@google.com>,
	Florian Mayer <fmayer@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH 21/32] kasan: simplify invalid-free reporting
Date: Mon, 13 Jun 2022 22:14:12 +0200
Message-Id: 
 <f7f5cfc5eb8f1a1f849665641b9dd2cfb4a62c3c.1655150842.git.andreyknvl@google.com>
In-Reply-To: <cover.1655150842.git.andreyknvl@google.com>
References: <cover.1655150842.git.andreyknvl@google.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

kasan: switch tag-based modes to stack ring from per-object metadata | expand

Commit Message

andrey.konovalov@linux.dev June 13, 2022, 8:14 p.m. UTC

From: Andrey Konovalov <andreyknvl@google.com>

Right now, KASAN uses the kasan_report_type enum to describe report types.

As this enum only has two options, replace it with a bool variable.

Also, unify printing report header for invalid-free and other bug types
in print_error_description().

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 mm/kasan/kasan.h  |  7 +------
 mm/kasan/report.c | 16 +++++++---------
 2 files changed, 8 insertions(+), 15 deletions(-)

Comments

Kuan-Ying Lee (李冠穎) June 21, 2022, 7:17 a.m. UTC | #1

On Tue, 2022-06-14 at 04:14 +0800, andrey.konovalov@linux.dev wrote:
> From: Andrey Konovalov <andreyknvl@google.com>
> 
> Right now, KASAN uses the kasan_report_type enum to describe report
> types.
> 
> As this enum only has two options, replace it with a bool variable.
> 
> Also, unify printing report header for invalid-free and other bug
> types
> in print_error_description().
> 
> Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
> ---
>  mm/kasan/kasan.h  |  7 +------
>  mm/kasan/report.c | 16 +++++++---------
>  2 files changed, 8 insertions(+), 15 deletions(-)
> 
> diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
> index e8329935fbfb..f696d50b09fb 100644
> --- a/mm/kasan/kasan.h
> +++ b/mm/kasan/kasan.h
> @@ -146,16 +146,11 @@ static inline bool kasan_requires_meta(void)
>  #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW *
> KASAN_GRANULE_SIZE)
>  #define META_ROWS_AROUND_ADDR 2
> 
> -enum kasan_report_type {
> -       KASAN_REPORT_ACCESS,
> -       KASAN_REPORT_INVALID_FREE,
> -};
> -
>  struct kasan_report_info {
> -       enum kasan_report_type type;
>         void *access_addr;
>         void *first_bad_addr;
>         size_t access_size;
> +       bool is_free;
>         bool is_write;
>         unsigned long ip;
>  };
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index f951fd39db74..7269b6249488 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -175,14 +175,12 @@ static void end_report(unsigned long *flags,
> void *addr)
> 

Hi Andrey,

Do we need to distinguish "double free" case from "invalid free" or
we just print "double-free or invalid-free"?

I sent a patch[1] to separate double free case from invalid
free last week and I saw it has been merged into akpm tree.

[1] 
https://lore.kernel.org/linux-mm/20220615062219.22618-1-Kuan-Ying.Lee@mediatek.com/

Thanks,
Kuan-Ying Lee

>  static void print_error_description(struct kasan_report_info *info)
>  {
> -       if (info->type == KASAN_REPORT_INVALID_FREE) {
> -               pr_err("BUG: KASAN: double-free or invalid-free in
> %pS\n",
> -                      (void *)info->ip);
> -               return;
> -       }
> +       const char *bug_type = info->is_free ?
> +               "double-free or invalid-free" :
> kasan_get_bug_type(info);
> 
> -       pr_err("BUG: KASAN: %s in %pS\n",
> -               kasan_get_bug_type(info), (void *)info->ip);
> +       pr_err("BUG: KASAN: %s in %pS\n", bug_type, (void *)info-
> >ip);
> +       if (info->is_free)
> +               return;
>         if (info->access_size)
>                 pr_err("%s of size %zu at addr %px by task %s/%d\n",
>                         info->is_write ? "Write" : "Read", info-
> >access_size,
> @@ -435,11 +433,11 @@ void kasan_report_invalid_free(void *ptr,
> unsigned long ip)
> 
>         start_report(&flags, true);
> 
> -       info.type = KASAN_REPORT_INVALID_FREE;
>         info.access_addr = ptr;
>         info.first_bad_addr = kasan_reset_tag(ptr);
>         info.access_size = 0;
>         info.is_write = false;
> +       info.is_free = true;
>         info.ip = ip;
> 
>         print_report(&info);
> @@ -468,11 +466,11 @@ bool kasan_report(unsigned long addr, size_t
> size, bool is_write,
> 
>         start_report(&irq_flags, true);
> 
> -       info.type = KASAN_REPORT_ACCESS;
>         info.access_addr = ptr;
>         info.first_bad_addr = kasan_find_first_bad_addr(ptr, size);
>         info.access_size = size;
>         info.is_write = is_write;
> +       info.is_free = false;
>         info.ip = ip;
> 
>         print_report(&info);
> --
> 2.25.1
> 
>

Andrey Konovalov July 12, 2022, 8:38 p.m. UTC | #2

On Tue, Jun 21, 2022 at 9:17 AM Kuan-Ying Lee
<Kuan-Ying.Lee@mediatek.com> wrote:
>
> On Tue, 2022-06-14 at 04:14 +0800, andrey.konovalov@linux.dev wrote:
> > From: Andrey Konovalov <andreyknvl@google.com>
> >
> > Right now, KASAN uses the kasan_report_type enum to describe report
> > types.
> >
> > As this enum only has two options, replace it with a bool variable.
> >
> > Also, unify printing report header for invalid-free and other bug
> > types
> > in print_error_description().
> >
> > Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
> > ---
> >  mm/kasan/kasan.h  |  7 +------
> >  mm/kasan/report.c | 16 +++++++---------
> >  2 files changed, 8 insertions(+), 15 deletions(-)
> >
> > diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
> > index e8329935fbfb..f696d50b09fb 100644
> > --- a/mm/kasan/kasan.h
> > +++ b/mm/kasan/kasan.h
> > @@ -146,16 +146,11 @@ static inline bool kasan_requires_meta(void)
> >  #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW *
> > KASAN_GRANULE_SIZE)
> >  #define META_ROWS_AROUND_ADDR 2
> >
> > -enum kasan_report_type {
> > -       KASAN_REPORT_ACCESS,
> > -       KASAN_REPORT_INVALID_FREE,
> > -};
> > -
> >  struct kasan_report_info {
> > -       enum kasan_report_type type;
> >         void *access_addr;
> >         void *first_bad_addr;
> >         size_t access_size;
> > +       bool is_free;
> >         bool is_write;
> >         unsigned long ip;
> >  };
> > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > index f951fd39db74..7269b6249488 100644
> > --- a/mm/kasan/report.c
> > +++ b/mm/kasan/report.c
> > @@ -175,14 +175,12 @@ static void end_report(unsigned long *flags,
> > void *addr)
> >
>
> Hi Andrey,
>
> Do we need to distinguish "double free" case from "invalid free" or
> we just print "double-free or invalid-free"?
>
> I sent a patch[1] to separate double free case from invalid
> free last week and I saw it has been merged into akpm tree.
>
> [1]
> https://lore.kernel.org/linux-mm/20220615062219.22618-1-Kuan-Ying.Lee@mediatek.com/

Hi Kuan-Ying,

Yes, thank you for the patch! I will rebase my series onto it.

Thanks!

diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index e8329935fbfb..f696d50b09fb 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -146,16 +146,11 @@  static inline bool kasan_requires_meta(void)
 #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW * KASAN_GRANULE_SIZE)
 #define META_ROWS_AROUND_ADDR 2
 
-enum kasan_report_type {
-	KASAN_REPORT_ACCESS,
-	KASAN_REPORT_INVALID_FREE,
-};
-
 struct kasan_report_info {
-	enum kasan_report_type type;
 	void *access_addr;
 	void *first_bad_addr;
 	size_t access_size;
+	bool is_free;
 	bool is_write;
 	unsigned long ip;
 };
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index f951fd39db74..7269b6249488 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -175,14 +175,12 @@  static void end_report(unsigned long *flags, void *addr)
 
 static void print_error_description(struct kasan_report_info *info)
 {
-	if (info->type == KASAN_REPORT_INVALID_FREE) {
-		pr_err("BUG: KASAN: double-free or invalid-free in %pS\n",
-		       (void *)info->ip);
-		return;
-	}
+	const char *bug_type = info->is_free ?
+		"double-free or invalid-free" : kasan_get_bug_type(info);
 
-	pr_err("BUG: KASAN: %s in %pS\n",
-		kasan_get_bug_type(info), (void *)info->ip);
+	pr_err("BUG: KASAN: %s in %pS\n", bug_type, (void *)info->ip);
+	if (info->is_free)
+		return;
 	if (info->access_size)
 		pr_err("%s of size %zu at addr %px by task %s/%d\n",
 			info->is_write ? "Write" : "Read", info->access_size,
@@ -435,11 +433,11 @@  void kasan_report_invalid_free(void *ptr, unsigned long ip)
 
 	start_report(&flags, true);
 
-	info.type = KASAN_REPORT_INVALID_FREE;
 	info.access_addr = ptr;
 	info.first_bad_addr = kasan_reset_tag(ptr);
 	info.access_size = 0;
 	info.is_write = false;
+	info.is_free = true;
 	info.ip = ip;
 
 	print_report(&info);
@@ -468,11 +466,11 @@  bool kasan_report(unsigned long addr, size_t size, bool is_write,
 
 	start_report(&irq_flags, true);
 
-	info.type = KASAN_REPORT_ACCESS;
 	info.access_addr = ptr;
 	info.first_bad_addr = kasan_find_first_bad_addr(ptr, size);
 	info.access_size = size;
 	info.is_write = is_write;
+	info.is_free = false;
 	info.ip = ip;
 
 	print_report(&info);

[21/32] kasan: simplify invalid-free reporting

Commit Message

Comments

Patch