From patchwork Wed Jun 26 14:20:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017963 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 69B9C14E5 for ; Wed, 26 Jun 2019 14:28:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 58D572891A for ; Wed, 26 Jun 2019 14:28:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4D020288CE; Wed, 26 Jun 2019 14:28:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4DD0A2890E for ; Wed, 26 Jun 2019 14:27:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ED2878E0011; Wed, 26 Jun 2019 10:27:57 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E328D8E0002; Wed, 26 Jun 2019 10:27:57 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D216E8E0011; Wed, 26 Jun 2019 10:27:57 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-ua1-f70.google.com (mail-ua1-f70.google.com [209.85.222.70]) by kanga.kvack.org (Postfix) with ESMTP id AB7408E0002 for ; Wed, 26 Jun 2019 10:27:57 -0400 (EDT) Received: by mail-ua1-f70.google.com with SMTP id 64so236374uam.22 for ; Wed, 26 Jun 2019 07:27:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=M/VKnz1BZ+rvrIeSdLI9RxXAlLGL/xX/aFhsrhXW1SI=; b=IKT6s9OLy6x7RD4qazO0KiNBQt1NXE6RIs+3cGNKQA/axLOAnYIcK499tMzF20nZ9w antK98R7kA7sORddHQ4kJbGsBOaAWNSJKmjo9GU1oZacoo0l3ODIut6bbS0B3plMhp8p bCi797DE9ln0MRIz1K57bm5MFn3F8f3xYPT65gWfsi9fAcKg+qAJi6BuiivJ1XYm6tmJ xFYWGl8DQNF0G76J1bfLhLFYj6YhMKlMTp/fTL+LqgLjV4bw/TxAK8G9W1YPvl58a+iK PJBQoCjqnbx7weGLw5yQ9+xibuT3J6YdvUR3QNtuXHM3Ner8UOA5KBwXAsVEiQnFCrU+ Xpgw== X-Gm-Message-State: APjAAAV6Bt+PLC8A3L9NBBou23KpT05Z+mxRF4tWP+AyFjsLPlmCLrbX Ayj/s+/ZgGqFMSEBlZz7TBTqztWf1CGgHB42DT7I74BnmOF+Uk8GHyT2hxbflPId+wrpaiOfUkn FSZe0a0rFa3v+Qq5llxCAWsngvRNkpYujN9SzmzG/6x9Zrhevi/lpUlgtll1jqMng+w== X-Received: by 2002:a9f:21d6:: with SMTP id 80mr2707672uac.60.1561559277327; Wed, 26 Jun 2019 07:27:57 -0700 (PDT) X-Received: by 2002:a9f:21d6:: with SMTP id 80mr2707640uac.60.1561559276706; Wed, 26 Jun 2019 07:27:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561559276; cv=none; d=google.com; s=arc-20160816; b=f6MzmS6PPqosmkh/52uTzRCFUThF6HALNxSHMwO6o/6vNUF/rtmN7cR/ThRl+9niEh oUp3gA4CyLIPGYRcejXofh1FUsrTAe3k2uQqJEYWjA/lLiEtjZtJXFG3x+6Rr2iepO70 yxMzkIx1UK0UXQkZX/YNijk01bxLAojyEUCZ7G9eDaT00qD7ksOU9cpFz66TKjaDmL7q wi4Ua32hXv4zo/bpZHZj6qQRar7FIU5VNdb+XSCvcMBOFc8Jqaxb3fWFnsACEDwboIZe 9sflyaXJIJUK79MX5KiqkH5I1J1gitDYmalOE2m/Ewin3fcH1B2P9Lkvux8idmD7HVzA jOdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=M/VKnz1BZ+rvrIeSdLI9RxXAlLGL/xX/aFhsrhXW1SI=; b=Gh459f7vRCohanbjq9/I26wbFa6c2khb7nJ12yEjDf3i4Hw4dk60WLoCJXeF+6h45L ZIzLP1js6+oKIMS3nz+8qAMPFVCQr062Y3+vMS4zWMiSAtkZm6KJ/iiGt4FnvYv3ahz6 JJa4jHPsRnuEBuZpxYE1QBCGGYD6yFrZKXNpB3IXNR8xWYKlSRSnKbOB2Mq/Qw5Y7bQx XfMOGgX21hOLW9fjNWiGcEgTlk1245E/7l58JYQfLbHHmrLGbYLbDe86TFWf4wlxN2RM JwA1sUUK7Cay6vjKmzv9H8S7bcC0IBXFiYLaH7o37GdT9s4LNWXN6TzOoie2+PDKeG1h f/zg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=r6nw3M8i; spf=pass (google.com: domain of 37iatxqukccslsclynvvnsl.jvtspube-ttrchjr.vyn@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=37IATXQUKCCsLScLYNVVNSL.JVTSPUbe-TTRcHJR.VYN@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id n16sor9197549uao.69.2019.06.26.07.27.56 for (Google Transport Security); Wed, 26 Jun 2019 07:27:56 -0700 (PDT) Received-SPF: pass (google.com: domain of 37iatxqukccslsclynvvnsl.jvtspube-ttrchjr.vyn@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=r6nw3M8i; spf=pass (google.com: domain of 37iatxqukccslsclynvvnsl.jvtspube-ttrchjr.vyn@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=37IATXQUKCCsLScLYNVVNSL.JVTSPUbe-TTRcHJR.VYN@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=M/VKnz1BZ+rvrIeSdLI9RxXAlLGL/xX/aFhsrhXW1SI=; b=r6nw3M8iBdMMdDsQCi4kz+gaKEu4VgLdto3uR/Hb+x3jWuYlTLr6ifrsToJKF86GHa qA78Fzg+q3rah9Tq3+HC4NgmeJxeMXRi6X+mqSx2fMh7EN9mNVJho6xtgRDF+fgO/vzZ ph3SX/j0XxKhGizyKrKnGHNigwW1uJl5IV9Uvjv8Nz6URFk0B2IZ5ts9Ue3zzcY9MHh/ BX7duW0QkAb0oIPz7Dhyy5UTlbci3X/d+MHSSpHlmE4LnN2rjqdhj9HwTgqMEq4YFAay T924yXwtHmyBk/42sVazqXLxX0pT73ZH6McGBQ9WAhVmi56I2JeIk3VnKvW7e34FBVDz ZwxA== X-Google-Smtp-Source: APXvYqyMLyo8aALGSXk8URhLTy8rPMv7ukPLiXQ5MQebePn4ydKU3VHhJTmrxX7/WLals9YL9eTyAQQfXg== X-Received: by 2002:ab0:70c8:: with SMTP id r8mr2695528ual.89.1561559276181; Wed, 26 Jun 2019 07:27:56 -0700 (PDT) Date: Wed, 26 Jun 2019 16:20:10 +0200 In-Reply-To: <20190626142014.141844-1-elver@google.com> Message-Id: <20190626142014.141844-2-elver@google.com> Mime-Version: 1.0 References: <20190626142014.141844-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v3 1/5] mm/kasan: Introduce __kasan_check_{read,write} From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This introduces __kasan_check_{read,write}. __kasan_check functions may be used from anywhere, even compilation units that disable instrumentation selectively. This change eliminates the need for the __KASAN_INTERNAL definition. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org Acked-by: Mark Rutland --- v3: * Fix Formatting and split introduction of __kasan_check_* and returning bool into 2 patches. --- include/linux/kasan-checks.h | 31 ++++++++++++++++++++++++++++--- mm/kasan/common.c | 10 ++++------ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index a61dc075e2ce..19a0175d2452 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -2,9 +2,34 @@ #ifndef _LINUX_KASAN_CHECKS_H #define _LINUX_KASAN_CHECKS_H -#if defined(__SANITIZE_ADDRESS__) || defined(__KASAN_INTERNAL) -void kasan_check_read(const volatile void *p, unsigned int size); -void kasan_check_write(const volatile void *p, unsigned int size); +/* + * __kasan_check_*: Always available when KASAN is enabled. This may be used + * even in compilation units that selectively disable KASAN, but must use KASAN + * to validate access to an address. Never use these in header files! + */ +#ifdef CONFIG_KASAN +void __kasan_check_read(const volatile void *p, unsigned int size); +void __kasan_check_write(const volatile void *p, unsigned int size); +#else +static inline void __kasan_check_read(const volatile void *p, unsigned int size) +{ } +static inline void __kasan_check_write(const volatile void *p, unsigned int size) +{ } +#endif + +/* + * kasan_check_*: Only available when the particular compilation unit has KASAN + * instrumentation enabled. May be used in header files. + */ +#ifdef __SANITIZE_ADDRESS__ +static inline void kasan_check_read(const volatile void *p, unsigned int size) +{ + __kasan_check_read(p, size); +} +static inline void kasan_check_write(const volatile void *p, unsigned int size) +{ + __kasan_check_read(p, size); +} #else static inline void kasan_check_read(const volatile void *p, unsigned int size) { } diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 242fdc01aaa9..6bada42cc152 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -14,8 +14,6 @@ * */ -#define __KASAN_INTERNAL - #include #include #include @@ -89,17 +87,17 @@ void kasan_disable_current(void) current->kasan_depth--; } -void kasan_check_read(const volatile void *p, unsigned int size) +void __kasan_check_read(const volatile void *p, unsigned int size) { check_memory_region((unsigned long)p, size, false, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_read); +EXPORT_SYMBOL(__kasan_check_read); -void kasan_check_write(const volatile void *p, unsigned int size) +void __kasan_check_write(const volatile void *p, unsigned int size) { check_memory_region((unsigned long)p, size, true, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_write); +EXPORT_SYMBOL(__kasan_check_write); #undef memset void *memset(void *addr, int c, size_t len) From patchwork Wed Jun 26 14:20:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017965 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 020DD924 for ; Wed, 26 Jun 2019 14:28:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E412028913 for ; Wed, 26 Jun 2019 14:28:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D80502890C; Wed, 26 Jun 2019 14:28:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0928228849 for ; Wed, 26 Jun 2019 14:28:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A89ED8E0012; Wed, 26 Jun 2019 10:28:01 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 9EBB98E0002; Wed, 26 Jun 2019 10:28:01 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 88B7F8E0012; Wed, 26 Jun 2019 10:28:01 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 517BE8E0002 for ; Wed, 26 Jun 2019 10:28:01 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id e95so1538440plb.9 for ; Wed, 26 Jun 2019 07:28:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=Rln2FP6BOxdiVf8wORphr5UbX/lGN9PNgnvsQm0pxfA=; b=YgQYC/xZRMFSmiqmd8J0pCSa01vmbTCDih+WE1jS5gNouoEuNN+TAaRSs/4J3hrBRd /4FXoJ3jOlsSUL+shLX2fkt/fPcYVxuelOLz6QtG2CgG619Q0CbCK0vTRpGIrKMpagdr xkX4GzogE9FAlUcbShg3BdvL54nDLsCH4i+5FtaS1eNbaCyp1JIIVcFEJF9APSowyFU8 Vg3E6i9c8roWv9CbkSmHPd29x/WtdKvzJrnYpZvXOr/f+A//UcMUgDuE0/m7ieSCfH09 ZqhDVcVD3lVU46HoT4YJoeg1gp92L3JWnR8hp5E2wZTheeJu8t8+TgaWNM59IdCCQEXJ AXZA== X-Gm-Message-State: APjAAAU+pOFDMo/vWbbp/FLS79KwDhppoPWk+yHWDqID9tYaq8sB7cAp l848ibw8F3oBsZRQKEnpE5fxVKxEdGz3wVU01wzk1iRzu/+apMS3tTBWSPvAhFldf6XCiABpqP7 NZG7GlWCY5dzcLW3xFHhboGgHjHiYPpVg4M//qWHEUXq8EKPlytcov0wfIesLYDsYxA== X-Received: by 2002:a17:902:aa8a:: with SMTP id d10mr5941623plr.154.1561559280860; Wed, 26 Jun 2019 07:28:00 -0700 (PDT) X-Received: by 2002:a17:902:aa8a:: with SMTP id d10mr5941565plr.154.1561559280189; Wed, 26 Jun 2019 07:28:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561559280; cv=none; d=google.com; s=arc-20160816; b=XXaRuENJ5yeOegFuroJy/F5I0GfaGTZhMm/ulPsUijflBfwOz0ODyQZvPTzrXP3Kis sjVyD4YwD1rnpn8Q1rH8rxSlQs0EWjC0vCWb+/FhUXGopFQKls/rEYY32KGXifkwxpdE ugIeGZnrmIQuNX9eVj6rxCCMrjfi4YbrEp2zJr590Q9SKVaaC+TxVP0EiKvXkBGxsK5n 9r8rEbf6zqcoeJEPQYqp1b4VAd+SJacM7ElEFXoTTy8UjzSH/VJKBCJRE4LLNzrKavTO jxsRJCwR6GiqyiOlzq+p2O9ZT77ZBTV7vT4KqF38lzdL4RrKVjUDhbS+bJ35GN7E2Jpt B3Qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=Rln2FP6BOxdiVf8wORphr5UbX/lGN9PNgnvsQm0pxfA=; b=qUTVYVlrMUSuiiPX8F95Zp9csEUTPi4OxkRsHHmwjkBdmteSdoM06XFfUxWkBl+382 FNr8xZz81w+fnxZZ9SKmvCZROxSgngAiigVKlQ+55onhQnwDxgGMYY8MfiDGH629kYxr P+ttAYzjdmifITLfnPOus+IeLPT0CAjd8SNRUlFBnqugLsdiF3jNeiDZI6GL2WgI5hLP MnYxciizP9dugMw9pDjwwlTNhSUB6CTOVMWqpC2MXfv6KMlfrfIhTSCPflULmUT0hK47 8AYP3nvhvnxDPPNQtJkoY14Rv+T3kq3L9EKfCd4PzE0XyAFVG/ijTYzQPYliLUTl0cAA Wo5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b1IaFK1m; spf=pass (google.com: domain of 374atxqukcc4ovfobqyyqvo.mywvsxeh-wwufkmu.ybq@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=374ATXQUKCC4OVfObQYYQVO.MYWVSXeh-WWUfKMU.YbQ@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id r27sor10786032pfg.42.2019.06.26.07.28.00 for (Google Transport Security); Wed, 26 Jun 2019 07:28:00 -0700 (PDT) Received-SPF: pass (google.com: domain of 374atxqukcc4ovfobqyyqvo.mywvsxeh-wwufkmu.ybq@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=b1IaFK1m; spf=pass (google.com: domain of 374atxqukcc4ovfobqyyqvo.mywvsxeh-wwufkmu.ybq@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=374ATXQUKCC4OVfObQYYQVO.MYWVSXeh-WWUfKMU.YbQ@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Rln2FP6BOxdiVf8wORphr5UbX/lGN9PNgnvsQm0pxfA=; b=b1IaFK1mLKquMHrwUdq8QS9ugryrRPvq91UQ0Uq6LFY+c2JG0h8vOnQRBq9Y4iBHrd 17LsoajCwmnclKkY2LGLzmZK9jswwvQ8KphGCaAcqDw3Y5nANf73MjW7Cdyza3VWGCrS zpMj+JpcmgUaOeIauUqJJoduT7cgP35I/T6J0lq7MXm+xBM7VbsrPucsTC/qhyGJNYqj Jq0SH14PhfI7POH8+ntsXeZlQLTimCrlHvzHDw1oHqI66dDTIlPptw8JxI9T+XhR2DNf D9MpYcQLyK6spvA7kZWNLDDdjpLaHgbAIKd/hbGa6ghj3SUJRGWYatvWEVeUYYzWX5l9 DKaA== X-Google-Smtp-Source: APXvYqwQ22+0NkxIaX9CnqzWtnR2UzcffAGPuQ8MCIc490y2qHEX39KgAM5Jw+zu+rhdlMT/dvmAxkp4nA== X-Received: by 2002:a65:4387:: with SMTP id m7mr3168635pgp.287.1561559279316; Wed, 26 Jun 2019 07:27:59 -0700 (PDT) Date: Wed, 26 Jun 2019 16:20:11 +0200 In-Reply-To: <20190626142014.141844-1-elver@google.com> Message-Id: <20190626142014.141844-3-elver@google.com> Mime-Version: 1.0 References: <20190626142014.141844-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v3 2/5] mm/kasan: Change kasan_check_{read,write} to return boolean From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This changes {,__}kasan_check_{read,write} functions to return a boolean denoting if the access was valid or not. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- v3: * Fix Formatting and split introduction of __kasan_check_* and returning bool into 2 patches. --- include/linux/kasan-checks.h | 36 ++++++++++++++++++++++-------------- mm/kasan/common.c | 8 ++++---- mm/kasan/generic.c | 13 +++++++------ mm/kasan/kasan.h | 10 +++++++++- mm/kasan/tags.c | 12 +++++++----- 5 files changed, 49 insertions(+), 30 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index 19a0175d2452..2c7f0b6307b2 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -8,13 +8,17 @@ * to validate access to an address. Never use these in header files! */ #ifdef CONFIG_KASAN -void __kasan_check_read(const volatile void *p, unsigned int size); -void __kasan_check_write(const volatile void *p, unsigned int size); +bool __kasan_check_read(const volatile void *p, unsigned int size); +bool __kasan_check_write(const volatile void *p, unsigned int size); #else -static inline void __kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void __kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool __kasan_check_read(const volatile void *p, unsigned int size) +{ + return true; +} +static inline bool __kasan_check_write(const volatile void *p, unsigned int size) +{ + return true; +} #endif /* @@ -22,19 +26,23 @@ static inline void __kasan_check_write(const volatile void *p, unsigned int size * instrumentation enabled. May be used in header files. */ #ifdef __SANITIZE_ADDRESS__ -static inline void kasan_check_read(const volatile void *p, unsigned int size) +static inline bool kasan_check_read(const volatile void *p, unsigned int size) { - __kasan_check_read(p, size); + return __kasan_check_read(p, size); } -static inline void kasan_check_write(const volatile void *p, unsigned int size) +static inline bool kasan_check_write(const volatile void *p, unsigned int size) { - __kasan_check_read(p, size); + return __kasan_check_read(p, size); } #else -static inline void kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool kasan_check_read(const volatile void *p, unsigned int size) +{ + return true; +} +static inline bool kasan_check_write(const volatile void *p, unsigned int size) +{ + return true; +} #endif #endif diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 6bada42cc152..2277b82902d8 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -87,15 +87,15 @@ void kasan_disable_current(void) current->kasan_depth--; } -void __kasan_check_read(const volatile void *p, unsigned int size) +bool __kasan_check_read(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, false, _RET_IP_); + return check_memory_region((unsigned long)p, size, false, _RET_IP_); } EXPORT_SYMBOL(__kasan_check_read); -void __kasan_check_write(const volatile void *p, unsigned int size) +bool __kasan_check_write(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, true, _RET_IP_); + return check_memory_region((unsigned long)p, size, true, _RET_IP_); } EXPORT_SYMBOL(__kasan_check_write); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 504c79363a34..616f9dd82d12 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -166,29 +166,30 @@ static __always_inline bool memory_is_poisoned(unsigned long addr, size_t size) return memory_is_poisoned_n(addr, size); } -static __always_inline void check_memory_region_inline(unsigned long addr, +static __always_inline bool check_memory_region_inline(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { if (unlikely(size == 0)) - return; + return true; if (unlikely((void *)addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } if (likely(!memory_is_poisoned(addr, size))) - return; + return true; kasan_report(addr, size, write, ret_ip); + return false; } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { - check_memory_region_inline(addr, size, write, ret_ip); + return check_memory_region_inline(addr, size, write, ret_ip); } void kasan_cache_shrink(struct kmem_cache *cache) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 3ce956efa0cb..e62ea45d02e3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -123,7 +123,15 @@ static inline bool addr_has_shadow(const void *addr) void kasan_poison_shadow(const void *address, size_t size, u8 value); -void check_memory_region(unsigned long addr, size_t size, bool write, +/** + * check_memory_region - Check memory region, and report if invalid access. + * @addr: the accessed address + * @size: the accessed size + * @write: true if access is a write access + * @ret_ip: return address + * @return: true if access was valid, false if invalid + */ +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip); void *find_first_bad_addr(void *addr, size_t size); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 63fca3172659..0e987c9ca052 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -76,7 +76,7 @@ void *kasan_reset_tag(const void *addr) return reset_tag(addr); } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { u8 tag; @@ -84,7 +84,7 @@ void check_memory_region(unsigned long addr, size_t size, bool write, void *untagged_addr; if (unlikely(size == 0)) - return; + return true; tag = get_tag((const void *)addr); @@ -106,22 +106,24 @@ void check_memory_region(unsigned long addr, size_t size, bool write, * set to KASAN_TAG_KERNEL (0xFF)). */ if (tag == KASAN_TAG_KERNEL) - return; + return true; untagged_addr = reset_tag((const void *)addr); if (unlikely(untagged_addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } shadow_first = kasan_mem_to_shadow(untagged_addr); shadow_last = kasan_mem_to_shadow(untagged_addr + size - 1); for (shadow = shadow_first; shadow <= shadow_last; shadow++) { if (*shadow != tag) { kasan_report(addr, size, write, ret_ip); - return; + return false; } } + + return true; } #define DEFINE_HWASAN_LOAD_STORE(size) \ From patchwork Wed Jun 26 14:20:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017967 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EF12314E5 for ; Wed, 26 Jun 2019 14:28:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DEDD2288CE for ; Wed, 26 Jun 2019 14:28:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D324528923; Wed, 26 Jun 2019 14:28:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5F1AD288CE for ; Wed, 26 Jun 2019 14:28:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 46F118E0013; Wed, 26 Jun 2019 10:28:04 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 420A08E0002; Wed, 26 Jun 2019 10:28:04 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2E6D98E0013; Wed, 26 Jun 2019 10:28:04 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-vs1-f71.google.com (mail-vs1-f71.google.com [209.85.217.71]) by kanga.kvack.org (Postfix) with ESMTP id 09AA38E0002 for ; Wed, 26 Jun 2019 10:28:04 -0400 (EDT) Received: by mail-vs1-f71.google.com with SMTP id w76so525365vsw.10 for ; Wed, 26 Jun 2019 07:28:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=TMu0A+3chvyUOctsH0BXGlUt9J7/DbmOlILtGATtQF/vym9hfVdUVidKGCWMm2ghTD HuUcwYf6YMKbY8KmsVHlAW24D3F6Wz0lHy8F9kgIjsHMjjYRm4VzP/fXvkDXQw0mmZCM xaNm/lJ3pprfXQU5yW5FOVZ3QJhQHRt5JmdtZuUXXkdCfzZ8bDvkaOyOFlHMxCg0wUMP EWN8UlfFdv8cJVYDU9kFY0+AO7n9TqnLlkU0a7jQm2pU1jr+zUj/z4TJgT+RYNf7E+MV PFJe2M6arj/lFsvrYJTkCFEdl8VQSYe8aL8csLSkona4L6J8+9iDQvXhvXhyout1FETn Dqsw== X-Gm-Message-State: APjAAAX8PDZ5coVrmw5YfuFM+D9hqFdvHXtYdDU0Kfd5efGsSxBUFQGp AXdQb+edhQX6ae2yyWlGwyb49ogA17iqxqITXo4L2aqFwBQdAep2pp7JwirDgi6ilwIjxr1G1td 7mTRUnmaVgAFBTyDCdMS3i+cJvSkdO92Pk1ZZlV95rhanDdV8u2m2RwP/vL7YFB/Pzw== X-Received: by 2002:ab0:18a6:: with SMTP id t38mr2749447uag.83.1561559283662; Wed, 26 Jun 2019 07:28:03 -0700 (PDT) X-Received: by 2002:ab0:18a6:: with SMTP id t38mr2749421uag.83.1561559283178; Wed, 26 Jun 2019 07:28:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561559283; cv=none; d=google.com; s=arc-20160816; b=CjYTrE31uZPQOxFhpdighbr272A1dw+Hpm+IYbRXP2GHTespqFQbGmds9XnFbVFuSm BwHcnX5ZyYTIMFkIOHkdIgrrvpLB/1yRA6WcfCihpZNihq/URL0tm1pRRHt7wWg0I4Hf aLsT5IeK4eRbqpZHuihfGzQVw67S3e0mkHSSsAqDZp4erveIJVqBzFNQx6KTx4Qtj3mB obxxb8gFquFlFTL7v43u+ocrkqIKaF+OxDzRFD4BmRUF2cGAvDY7MKJKOiIptv59RFLh ndzBK8Nze+qJuP5VJJP0hZbRRVvNOJieB2Wkp0YpNxH92iR7zOFR2tmrGFFN8nQvlBBZ n6/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=EI9kctSfYjk+2oDtwP0dR+gJy3NeQqPulx5wX4WGRitKZPILxqUa/nCdelICS8Oiqd RDlOP4EB94UkbyHrzTizmTgVn7f7opEodfJ6tJLGBISIv2A4QWF1M4dWl2gaNwNQvWDA Xdb63uBX4auJTlF5tn9VBkZlotR/Jq+uyEyS4hoNBeKmtpdlu+HXW69b2N+gqvexsGVO 5MrdQl0GQ/9ZQtkofF4AKiWa6aWop+lHEBReCvvC7g63KZJuPXZYvJRXG/tyS5SslYvZ gED88c3ZsqvRxkyvWY0vWWsVZbJhNIImLqAJx0SPCw4jdL1b78FKlo7F75O16+SFIehs zLdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gU068bo8; spf=pass (google.com: domain of 38oatxqukcderyiretbbtyr.pbzyvahk-zzxinpx.bet@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=38oATXQUKCDERYiReTbbTYR.PbZYVahk-ZZXiNPX.beT@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id 4sor5401248vkh.64.2019.06.26.07.28.03 for (Google Transport Security); Wed, 26 Jun 2019 07:28:03 -0700 (PDT) Received-SPF: pass (google.com: domain of 38oatxqukcderyiretbbtyr.pbzyvahk-zzxinpx.bet@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gU068bo8; spf=pass (google.com: domain of 38oatxqukcderyiretbbtyr.pbzyvahk-zzxinpx.bet@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=38oATXQUKCDERYiReTbbTYR.PbZYVahk-ZZXiNPX.beT@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=gU068bo8xI9L4oRs1xcqv6j6N8grLH+AVjMocfTmuM4/QLKQLZ9QIslBwFDqGkRaKR Nalu2EhT83YJzP8X3y3VqF99al81l3vbeMWMq6Vv8cV0pT2GHKQG6TiZyPyxGWJJH0+w uiXHRZi806sGyKzldGWmP+mv8uuH2IL46hSwD0xgwvmeXYFr1mZmXJNtmnOpcpCZ2TU9 LlX+Hvk2kLpmjnlVLNn+CmX1fXrBN8qP38IAz7RxpAbrzukzszYTb5z7N1xNWI48iTPq KFLfb5HFylzoR1RIOZsvqdTxQbst5LNBijEISkOESca8sUNG/W0wbcjbhJs6XTeJjxqH +W8A== X-Google-Smtp-Source: APXvYqyFzpguQlvg2yrB3GTEFA5hP/raLtejdwArbzB/ifkPk8m/SyboHpSof39lpBUIHCeFgRv34I646g== X-Received: by 2002:ac5:c2d2:: with SMTP id i18mr1273686vkk.36.1561559282687; Wed, 26 Jun 2019 07:28:02 -0700 (PDT) Date: Wed, 26 Jun 2019 16:20:12 +0200 In-Reply-To: <20190626142014.141844-1-elver@google.com> Message-Id: <20190626142014.141844-4-elver@google.com> Mime-Version: 1.0 References: <20190626142014.141844-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v3 3/5] lib/test_kasan: Add test for double-kzfree detection From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Adds a simple test that checks if double-kzfree is being detected correctly. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- lib/test_kasan.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index e3c593c38eff..dda5da9f5bd4 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -619,6 +619,22 @@ static noinline void __init kasan_strings(void) strnlen(ptr, 1); } +static noinline void __init kmalloc_double_kzfree(void) +{ + char *ptr; + size_t size = 16; + + pr_info("double-free (kzfree)\n"); + ptr = kmalloc(size, GFP_KERNEL); + if (!ptr) { + pr_err("Allocation failed\n"); + return; + } + + kzfree(ptr); + kzfree(ptr); +} + static int __init kmalloc_tests_init(void) { /* @@ -660,6 +676,7 @@ static int __init kmalloc_tests_init(void) kasan_memchr(); kasan_memcmp(); kasan_strings(); + kmalloc_double_kzfree(); kasan_restore_multi_shot(multishot); From patchwork Wed Jun 26 14:20:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017969 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6D3F914E5 for ; Wed, 26 Jun 2019 14:28:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5C38E28849 for ; Wed, 26 Jun 2019 14:28:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5043A28913; Wed, 26 Jun 2019 14:28:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 878AD28849 for ; Wed, 26 Jun 2019 14:28:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 731CB8E0014; Wed, 26 Jun 2019 10:28:07 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 6687E8E0002; Wed, 26 Jun 2019 10:28:07 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 50BB48E0014; Wed, 26 Jun 2019 10:28:07 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-ua1-f70.google.com (mail-ua1-f70.google.com [209.85.222.70]) by kanga.kvack.org (Postfix) with ESMTP id 1F9738E0002 for ; Wed, 26 Jun 2019 10:28:07 -0400 (EDT) Received: by mail-ua1-f70.google.com with SMTP id a29so242692uah.8 for ; Wed, 26 Jun 2019 07:28:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=T1lUMGtWFiAZn1MYhUM0cKO/6yhm/rxR6box+5QA6XyFdCkjBlopvvJzf9rlmrggff SKSSRyFjrHaiOffU2daPpI/xwRxqmku3+yheQAIzDOx3avOBwddJO9dLxJIXXKmOV2JC 38b3PAPjlqmO/5VXKfP0fG3KaUUqXfVJV8wrv8juMXvECFeZniN2iO1KhVCt272xXAFY U/JthH2qOqKLV6xhJ13iEJVZBGAvFcWZ6ifY4W8HVrN5iHbPcfM5e6mcS/xWEdUwZcNb dN1+e9YD+uMx1vrPv+rYA1OECSdQOjbEiQIp5Yg5fyKsfle8WxELqli8qSbkmXg8ucXb gKTA== X-Gm-Message-State: APjAAAW0I4G0XGFyIw4h9hBiHRBVXfNk2xzCJhtQ4zM/2zruE+/TT1tu vk2NnxwZEQVszntRxWL4n1tNnmJpvsRrhB1Wz6dNr2Nj0Ty07BPB/yo1rWgyHjCcSBD9Y0kJ2zx +Wj0X9PxMcy6XJu9Y1nOo3RBMBQSvj3x2XwwjyxNhW+klgjHx3CZppBxnoEP2DpqRyQ== X-Received: by 2002:a67:e9d9:: with SMTP id q25mr3090762vso.74.1561559286875; Wed, 26 Jun 2019 07:28:06 -0700 (PDT) X-Received: by 2002:a67:e9d9:: with SMTP id q25mr3090725vso.74.1561559286272; Wed, 26 Jun 2019 07:28:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561559286; cv=none; d=google.com; s=arc-20160816; b=D2THdBpV8CYu9TCZJypiItEk2UJ9pm5sNiXKr3fcJD/PFzXI5R3VTJxZoyZvsotPxl QsT+BALv6MplipfgR4bAVzVNOMQrLok9uyEKbvul7sFAhwCqc6YzPvX/Pc+rAk1e8dF3 /vkLF1R2BYyW9p7AdE9TRWjYMS3vJtYa/ZwyWRy8bUQ8f10UFJ+cQSQT02MINwclAmDw NzafGc9B5CS+k+oQLGV519YTA6NyXGZkMfeTPZmPmdt7dFswL5rnLG7WLGFWANxGk68J vppgUnI25rpx2inlsn0/hVfxaN7wdRGusoNOn0VjqsuL9K9Up+ShLLapcTYoVxBo4Awi 8r/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=i5KayI0oOCYIVUwCecfR1hdU9iRYjEJeVSn93QgB3b1ubNRurqCMngzjhU/nDEJdSh aeen/BImIdRqVcAz0pFgBU5qwYd9zDYXYx2zfMGP1Dmnt5qBqr1Ede0i82LJ7vanbsgQ r2XrpIu/hGMVYwh2E12QRiTRIU7i4MLIAzNhyxwkRvLhblrD2hw+ZsD5Av9WL1HrJMrX v/f7rvlKi1OUy0NCf/NZH5xEjy0UoPyaJvEFfPPV1kFidBeYLrkHLQSf5SLCbn23ejiO MYo4IIG+/M+4QZgfowiWxCA9VrdwcSoF+XxGOycN4cW/yOzKKdlBegivR06Y+pASFvy/ SSsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="u/9U+nio"; spf=pass (google.com: domain of 39yatxqukcdqubluhweewbu.secbydkn-ccalqsa.ehw@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=39YATXQUKCDQUblUhWeeWbU.SecbYdkn-ccalQSa.ehW@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id l64sor5409218vkg.23.2019.06.26.07.28.06 for (Google Transport Security); Wed, 26 Jun 2019 07:28:06 -0700 (PDT) Received-SPF: pass (google.com: domain of 39yatxqukcdqubluhweewbu.secbydkn-ccalqsa.ehw@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="u/9U+nio"; spf=pass (google.com: domain of 39yatxqukcdqubluhweewbu.secbydkn-ccalqsa.ehw@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=39YATXQUKCDQUblUhWeeWbU.SecbYdkn-ccalQSa.ehW@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=u/9U+nio0GSQlTuwXQJYoLEcLF76o87YU8PcOckc4P78mxdxcX2UHm9EJLgXpLkXI5 HQt7VNp7dkReXf/MW6OH7DXj8PZkvAKjLN1R9ZAJ3mJ/d13kIUhoP7HmTZrewr22chyt T309sesiuUjKxYHbwNl0ml81KCv75+HCSipQYmUn34aqKbM465NC1YTY0rRGd/fuqGH4 l91CX114soALpbHKmRDF0xGDcGJfDc5o4imbC3mAOQPLzLPWoFHSWX8OvNtpv4uhs/3s 7dkzwq+JudTY0lRiJUeHcINv/obrEvTfimyBai//ek9cE1vxy9hLCL9Uji+qwgilNtbz Hzqw== X-Google-Smtp-Source: APXvYqztp05jq/iKevbZ1lrkTr3y4FJp0BJcho7hQ2605KOA4eSE2mE8lLNh3stpTm9Ss5/+9xiosgWh9w== X-Received: by 2002:a1f:14c1:: with SMTP id 184mr1327869vku.69.1561559285813; Wed, 26 Jun 2019 07:28:05 -0700 (PDT) Date: Wed, 26 Jun 2019 16:20:13 +0200 In-Reply-To: <20190626142014.141844-1-elver@google.com> Message-Id: <20190626142014.141844-5-elver@google.com> Mime-Version: 1.0 References: <20190626142014.141844-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v3 4/5] mm/slab: Refactor common ksize KASAN logic into slab_common.c From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This refactors common code of ksize() between the various allocators into slab_common.c: __ksize() is the allocator-specific implementation without instrumentation, whereas ksize() includes the required KASAN logic. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- include/linux/slab.h | 1 + mm/slab.c | 28 ++++++---------------------- mm/slab_common.c | 26 ++++++++++++++++++++++++++ mm/slob.c | 4 ++-- mm/slub.c | 14 ++------------ 5 files changed, 37 insertions(+), 36 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 9449b19c5f10..98c3d12b7275 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -184,6 +184,7 @@ void * __must_check __krealloc(const void *, size_t, gfp_t); void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); +size_t __ksize(const void *); size_t ksize(const void *); #ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR diff --git a/mm/slab.c b/mm/slab.c index f7117ad9b3a3..394e7c7a285e 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -4204,33 +4204,17 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, #endif /* CONFIG_HARDENED_USERCOPY */ /** - * ksize - get the actual amount of memory allocated for a given object - * @objp: Pointer to the object + * __ksize -- Uninstrumented ksize. * - * kmalloc may internally round up allocations and return more memory - * than requested. ksize() can be used to determine the actual amount of - * memory allocated. The caller may use this additional memory, even though - * a smaller amount of memory was initially specified with the kmalloc call. - * The caller must guarantee that objp points to a valid object previously - * allocated with either kmalloc() or kmem_cache_alloc(). The object - * must not be freed during the duration of the call. - * - * Return: size of the actual memory used by @objp in bytes + * Unlike ksize(), __ksize() is uninstrumented, and does not provide the same + * safety checks as ksize() with KASAN instrumentation enabled. */ -size_t ksize(const void *objp) +size_t __ksize(const void *objp) { - size_t size; - BUG_ON(!objp); if (unlikely(objp == ZERO_SIZE_PTR)) return 0; - size = virt_to_cache(objp)->object_size; - /* We assume that ksize callers could use the whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(objp, size); - - return size; + return virt_to_cache(objp)->object_size; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); diff --git a/mm/slab_common.c b/mm/slab_common.c index 58251ba63e4a..b7c6a40e436a 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1597,6 +1597,32 @@ void kzfree(const void *p) } EXPORT_SYMBOL(kzfree); +/** + * ksize - get the actual amount of memory allocated for a given object + * @objp: Pointer to the object + * + * kmalloc may internally round up allocations and return more memory + * than requested. ksize() can be used to determine the actual amount of + * memory allocated. The caller may use this additional memory, even though + * a smaller amount of memory was initially specified with the kmalloc call. + * The caller must guarantee that objp points to a valid object previously + * allocated with either kmalloc() or kmem_cache_alloc(). The object + * must not be freed during the duration of the call. + * + * Return: size of the actual memory used by @objp in bytes + */ +size_t ksize(const void *objp) +{ + size_t size = __ksize(objp); + /* + * We assume that ksize callers could use whole allocated area, + * so we need to unpoison this area. + */ + kasan_unpoison_shadow(objp, size); + return size; +} +EXPORT_SYMBOL(ksize); + /* Tracepoints definitions. */ EXPORT_TRACEPOINT_SYMBOL(kmalloc); EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc); diff --git a/mm/slob.c b/mm/slob.c index 84aefd9b91ee..7f421d0ca9ab 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -527,7 +527,7 @@ void kfree(const void *block) EXPORT_SYMBOL(kfree); /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ -size_t ksize(const void *block) +size_t __ksize(const void *block) { struct page *sp; int align; @@ -545,7 +545,7 @@ size_t ksize(const void *block) m = (unsigned int *)(block - align); return SLOB_UNITS(*m) * SLOB_UNIT; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); int __kmem_cache_create(struct kmem_cache *c, slab_flags_t flags) { diff --git a/mm/slub.c b/mm/slub.c index cd04dbd2b5d0..05a8d17dd9b2 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3901,7 +3901,7 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, } #endif /* CONFIG_HARDENED_USERCOPY */ -static size_t __ksize(const void *object) +size_t __ksize(const void *object) { struct page *page; @@ -3917,17 +3917,7 @@ static size_t __ksize(const void *object) return slab_ksize(page->slab_cache); } - -size_t ksize(const void *object) -{ - size_t size = __ksize(object); - /* We assume that ksize callers could use whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(object, size); - return size; -} -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); void kfree(const void *x) { From patchwork Wed Jun 26 14:20:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11017971 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D5B99924 for ; Wed, 26 Jun 2019 14:28:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C761F288D0 for ; Wed, 26 Jun 2019 14:28:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BACFD2891B; Wed, 26 Jun 2019 14:28:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 07C1B288D0 for ; Wed, 26 Jun 2019 14:28:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 929588E0015; Wed, 26 Jun 2019 10:28:10 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8DB2F8E0002; Wed, 26 Jun 2019 10:28:10 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7F17D8E0015; Wed, 26 Jun 2019 10:28:10 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-yw1-f70.google.com (mail-yw1-f70.google.com [209.85.161.70]) by kanga.kvack.org (Postfix) with ESMTP id 5C5C08E0002 for ; Wed, 26 Jun 2019 10:28:10 -0400 (EDT) Received: by mail-yw1-f70.google.com with SMTP id o135so5227093ywo.16 for ; Wed, 26 Jun 2019 07:28:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=faSJHauNDZMNHqAQEQyENlJrk267vkTV0fUxMXAvovc=; b=NkSZdG46pCZ3UC3MWeRkRkfXYwm2zPE2HhZpB3jB9ykMABzCzI6t1N9VM76a0KDZ5r onjNd69YtaCqEji1WGcD30WtIWhkOsTvbyVQabWnrOodoXWSwfa7o9pSiKh2bPhEU/9H INs6EDFh/sF2DfIgFEg7xVxKi1LAs/0Ew/MQssI11gIegvtjtYdMBrUgK1jCgjz6mZFJ KVTtm72XGzTTaMpK2ULOxDtLyxlMrKMIH7dKJ9e+dHi9y5xYP/6/PhHNSKMC4ZuPOqWo CO4ClsL5YAs8tEVesqIlRmZZOG83XUAASIb3H0ekUD5HJSbZ13s5d8ixCx/tP+4POn+b T2Ag== X-Gm-Message-State: APjAAAV/FQCrDmNAa7KoWMg8pRgG466R/96x/whveqB3Qx7F5BqkBYkZ zwe5yhAeP0YAci/42PFfjyD41pVjsQm1ZptzDGi0g+q6hX9MTOXyrr0vwWoNkX3XXbeEOXmcY2c mG0fgzwf1KHSmHbrPAlhgHYhFs+nkwdxp1gsLPFUfkSKMDAnHJWp2vWcpa+YFZNzZvQ== X-Received: by 2002:a25:2f90:: with SMTP id v138mr3016504ybv.238.1561559290080; Wed, 26 Jun 2019 07:28:10 -0700 (PDT) X-Received: by 2002:a25:2f90:: with SMTP id v138mr3016469ybv.238.1561559289442; Wed, 26 Jun 2019 07:28:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561559289; cv=none; d=google.com; s=arc-20160816; b=RyrmvlCJ5iuDYZP9xmG5/CjCozqNJCdAvMKu6WyYAD7SlWXv3NYFKyiHpvL6OyRV0n xI/Zo9eFD5lf22yCfeBy6z7CdthtWXIAMqAijY4myB2Oa9192udzbB23tNfugObTuI/k mhLMCVrHOOQOjSaEns7tid6z9QkjeqYxHuz+JY6WYCG2Qq3c9MTbZ8zkbO6RaJWOArPv uNWVcsLzsVBwCjswUB9LZfRM53W8UG21Oq4yNXB+L0aCSUU/h8f4NXwu/G3o970SNSla +u+ShlZ2UC9W5N67H+pZicSAnlh+fVCxW5FQum0cHbG4mv/HPfGWm2SgG/0tEhR0Iip2 nF1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=faSJHauNDZMNHqAQEQyENlJrk267vkTV0fUxMXAvovc=; b=yn564ySOLH7CmRxDF3Mtv0JliRXUYXbUZUs+CoVWQwJmtwrWJlVflLrCQf0fsRhadP hZdr7Ra4GYK36c7F77+G62rUqJucwdHV1G7SjDDUNmRzzYpYZtzhwyNI9TPrwenEJQSU 0eA89y4MjK5LRi/beQCU9Isp0MLJeLPCMX8L/COKwbwXtGWeIqn3I6sGiN/SqtL5vyiw n6vt9TyQ/0+FWzP5j6TKgnE+GUki1Qq7pFjoQU4rBSpxlu/0o8f53t2aG5Co9VeOmcfC 3Hb0fwIvcbWVBRmYJQw1WC4bUja/EGuc2vnQJ5IOJskZNDAKuj5Nb3NCDqnvVGY0x2oQ 5/wA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Rpe/+hhA"; spf=pass (google.com: domain of 3-yatxqukcdgyfpylaiiafy.wigfchor-ggepuwe.ila@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3-YATXQUKCDgYfpYlaiiafY.Wigfchor-ggepUWe.ila@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id 127sor9863854ybg.106.2019.06.26.07.28.09 for (Google Transport Security); Wed, 26 Jun 2019 07:28:09 -0700 (PDT) Received-SPF: pass (google.com: domain of 3-yatxqukcdgyfpylaiiafy.wigfchor-ggepuwe.ila@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Rpe/+hhA"; spf=pass (google.com: domain of 3-yatxqukcdgyfpylaiiafy.wigfchor-ggepuwe.ila@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3-YATXQUKCDgYfpYlaiiafY.Wigfchor-ggepUWe.ila@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=faSJHauNDZMNHqAQEQyENlJrk267vkTV0fUxMXAvovc=; b=Rpe/+hhAuik4wEKF7ZnhSFTzCJWomnStiupdaRm5p3WH78LIhaqN01wh0/La2gPWd0 GiWq87RjANNNVjijGXlI/D5fMC4N2f3aQ6pFE1DkTOd5HtLbPcPyYUoZAXnRJDsX1bUI HqUFzIbq50jIdzQAGS74aQswueJLB6Gj1rTKk9dLogJ+8knw6wW5Dq2QR5NV7avh8n5D CPnMn+dJ4Gy6aUdvTo04WvF/Hj8UgmAZmMypmXnFNRO0cyKFQCWldDBg7rbeuKvkIu2f 3x75GlN+HPPBvLh1hinwDSnWPmtIEZ3O5tvDaGybq/sHn4keSYz0bdMNtEu2NdTPDdeQ Eocw== X-Google-Smtp-Source: APXvYqyJYKdUcCtVZqyt4moVcnw2f3kYsOmTBBGDeGBkbTpjuw8th3J9bd9qALY9ZOos9usZ38iNTR3hyg== X-Received: by 2002:a25:4d55:: with SMTP id a82mr2984762ybb.383.1561559289029; Wed, 26 Jun 2019 07:28:09 -0700 (PDT) Date: Wed, 26 Jun 2019 16:20:14 +0200 In-Reply-To: <20190626142014.141844-1-elver@google.com> Message-Id: <20190626142014.141844-6-elver@google.com> Mime-Version: 1.0 References: <20190626142014.141844-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v3 5/5] mm/kasan: Add object validation in ksize() From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP ksize() has been unconditionally unpoisoning the whole shadow memory region associated with an allocation. This can lead to various undetected bugs, for example, double-kzfree(). Specifically, kzfree() uses ksize() to determine the actual allocation size, and subsequently zeroes the memory. Since ksize() used to just unpoison the whole shadow memory region, no invalid free was detected. This patch addresses this as follows: 1. Add a check in ksize(), and only then unpoison the memory region. 2. Preserve kasan_unpoison_slab() semantics by explicitly unpoisoning the shadow memory region using the size obtained from __ksize(). Tested: 1. With SLAB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. 2. With SLUB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199359 Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- include/linux/kasan.h | 7 +++++-- mm/slab_common.c | 21 ++++++++++++++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index b40ea104dd36..cc8a03cc9674 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -76,8 +76,11 @@ void kasan_free_shadow(const struct vm_struct *vm); int kasan_add_zero_shadow(void *start, unsigned long size); void kasan_remove_zero_shadow(void *start, unsigned long size); -size_t ksize(const void *); -static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); } +size_t __ksize(const void *); +static inline void kasan_unpoison_slab(const void *ptr) +{ + kasan_unpoison_shadow(ptr, __ksize(ptr)); +} size_t kasan_metadata_size(struct kmem_cache *cache); bool kasan_save_enable_multi_shot(void); diff --git a/mm/slab_common.c b/mm/slab_common.c index b7c6a40e436a..ba4a859261d5 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1613,7 +1613,26 @@ EXPORT_SYMBOL(kzfree); */ size_t ksize(const void *objp) { - size_t size = __ksize(objp); + size_t size; + + BUG_ON(!objp); + /* + * We need to check that the pointed to object is valid, and only then + * unpoison the shadow memory below. We use __kasan_check_read(), to + * generate a more useful report at the time ksize() is called (rather + * than later where behaviour is undefined due to potential + * use-after-free or double-free). + * + * If the pointed to memory is invalid we return 0, to avoid users of + * ksize() writing to and potentially corrupting the memory region. + * + * We want to perform the check before __ksize(), to avoid potentially + * crashing in __ksize() due to accessing invalid metadata. + */ + if (unlikely(objp == ZERO_SIZE_PTR) || !__kasan_check_read(objp, 1)) + return 0; + + size = __ksize(objp); /* * We assume that ksize callers could use whole allocated area, * so we need to unpoison this area.