From patchwork Thu Jun 27 09:44:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11019231 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 69B11112C for ; Thu, 27 Jun 2019 09:45:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59950288FA for ; Thu, 27 Jun 2019 09:45:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4D528288AC; Thu, 27 Jun 2019 09:45:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BCF9128995 for ; Thu, 27 Jun 2019 09:45:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 85E268E0005; Thu, 27 Jun 2019 05:45:08 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 7E80C8E0002; Thu, 27 Jun 2019 05:45:08 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6AEE08E0005; Thu, 27 Jun 2019 05:45:08 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-yw1-f69.google.com (mail-yw1-f69.google.com [209.85.161.69]) by kanga.kvack.org (Postfix) with ESMTP id 495858E0002 for ; Thu, 27 Jun 2019 05:45:08 -0400 (EDT) Received: by mail-yw1-f69.google.com with SMTP id b75so2391233ywh.8 for ; Thu, 27 Jun 2019 02:45:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=M/VKnz1BZ+rvrIeSdLI9RxXAlLGL/xX/aFhsrhXW1SI=; b=GZlCFvIY0qJMy+q0DogyyfdI48HuIjjAI0iR+ZdUTzrsbpd7tngrwLs9+0szmM5AbF 5zDP5ehst0KJbAbG2xmixCq2dVuBgcEKT6gEI807XUzHSEEt/nAHzKiG1t8pI4oksR32 7affOpRDiHKlojQP2NDg+g38M/PmrF0mNQO2EajD/EfU9CG1DLEELS40b2nMSNAAVCFN CAsX6EI6SBdjKKpTBQBIho5USWsLML3XDQOH2dF3OPdtiRD39KTgGQDC4oAxJ4P634gu anbmsJwpC3Wo1NLToEW0fhnMRSipNJo0yY3FhKR+siUcuz79xHaF11kQWr3nLlDl1+IX S1cg== X-Gm-Message-State: APjAAAU3Wia3SjshqXhs+vQPIHkOOnANwHwK+BE8bPvd+PyhUqXwirGR 7IgRjGhWQ1Qj9aY+qR8rXE+nh8/0Z13EYkJFNVSnINbCLpH10oDxJqeqZvDPIdnvBXEw63FEf3R W8wh7op0U/W/UOTzOWePH31dGDJcD7s9USJn0/mLyFLo30Uj+RLfXJFImX/NTyAQokw== X-Received: by 2002:a81:32cc:: with SMTP id y195mr1665062ywy.195.1561628708026; Thu, 27 Jun 2019 02:45:08 -0700 (PDT) X-Received: by 2002:a81:32cc:: with SMTP id y195mr1665040ywy.195.1561628707474; Thu, 27 Jun 2019 02:45:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561628707; cv=none; d=google.com; s=arc-20160816; b=M9J460MRoxrrw2wtC31V9iHh9M0hDJcPlgRfGqi3ZbfCC8xoy0501RavMiUNA4+yJG PBb+0EYuDlYpttkA1piG0c3NCwSVKb8nCjOHo8K6lA+X1DI9EoDncuSfmJgOW16WUwui TLjPCUvYwrjQH+02+zw8MtXq+BNhtvVOcB5bJEa4szlZTiZmuPhtnr/JGGxM0Sf94V4P UAMAjJ+BDxY/CSXF6363GMbMrhjHbdTtuOPPn21qpapBUOe5AA+zSy7bSutIjUNyY0Km hBgc1Ka2NKdgFNEZG0ezNjZbitVVup6rYfrM7Y6qbLTrO8MOHaHMoiHXFw1mYqh8oWif caiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=M/VKnz1BZ+rvrIeSdLI9RxXAlLGL/xX/aFhsrhXW1SI=; b=B82dsaSDWwjlQ7cUasp7mBvDOL2GvDvgz8E8BPt75Xjp42iRNVT+aGrT772Oy6Z5jT Z6UN/NPKzSKar3DVfLXtP2jzLB0yCU2KVyIC/DfAgSXE4pCN/pUK6f2/LhhvX/bqG3H1 fthJBTnDBH4LeU0dyllL+r8wCp4uC/F1UAjoGgXHAD5h9BLXSZbmoZNFaA34gOj9tNDb yC4hTtVCmh4gIq/s+9SGJQMZOs8NLpeEB1JWLcmiFVEp5mvDYYlHMvPx0CMgLpESBwtj sOEjZXma9tJ0C5wczI40HfZFdk38f5dWSGypK3z8y1zRH1KsTjQFO3OE2gs1LYGp94N6 ObnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dTAP9e+5; spf=pass (google.com: domain of 3i5auxqukciqmt3mzowwotm.kwutqv25-uus3iks.wzo@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3I5AUXQUKCIQmt3mzowwotm.kwutqv25-uus3iks.wzo@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id i2sor900193ybe.188.2019.06.27.02.45.07 for (Google Transport Security); Thu, 27 Jun 2019 02:45:07 -0700 (PDT) Received-SPF: pass (google.com: domain of 3i5auxqukciqmt3mzowwotm.kwutqv25-uus3iks.wzo@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dTAP9e+5; spf=pass (google.com: domain of 3i5auxqukciqmt3mzowwotm.kwutqv25-uus3iks.wzo@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3I5AUXQUKCIQmt3mzowwotm.kwutqv25-uus3iks.wzo@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=M/VKnz1BZ+rvrIeSdLI9RxXAlLGL/xX/aFhsrhXW1SI=; b=dTAP9e+5cBvv1Fo1c9oAD6aT20tqv+ChITGWRAF6HBiV5h0A+cO/d3KW6e6bRHVLvG erLpdzNSnYBWnXbAlgOzQFymT1RWKDmLZwiJCIyx5PA/T5+1nmvNYgry/XQOnex69Uea jLWyToIrNx+PALPXS8zNvel0xSO6hmvfK2MHgRt7K1Dg/Km/TDLdJyfh4ZuBoL8aesNf rP3byfY8etaRRTUkuV1C1fUePUu4HjWIwxb3m+dYD8C+9D8ehGOQgMUHAYSQ4UddPvSk X3I0Blgf/z4Y6ytZeUMR5341999h9I4nU/8ggy7lRN8zBnWCOozRTxNtCa9uC6mOwamd m3Nw== X-Google-Smtp-Source: APXvYqyrysKf0nY6MA4eBDonEeUr1VDkNdQueTw63xxmxnWHB5Hteblcrv3Ft6+bD+my9MMcpuiIIfeGYQ== X-Received: by 2002:a25:c4c4:: with SMTP id u187mr1928035ybf.185.1561628707099; Thu, 27 Jun 2019 02:45:07 -0700 (PDT) Date: Thu, 27 Jun 2019 11:44:41 +0200 In-Reply-To: <20190627094445.216365-1-elver@google.com> Message-Id: <20190627094445.216365-2-elver@google.com> Mime-Version: 1.0 References: <20190627094445.216365-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v4 1/5] mm/kasan: Introduce __kasan_check_{read,write} From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This introduces __kasan_check_{read,write}. __kasan_check functions may be used from anywhere, even compilation units that disable instrumentation selectively. This change eliminates the need for the __KASAN_INTERNAL definition. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- v3: * Fix Formatting and split introduction of __kasan_check_* and returning bool into 2 patches. --- include/linux/kasan-checks.h | 31 ++++++++++++++++++++++++++++--- mm/kasan/common.c | 10 ++++------ 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index a61dc075e2ce..19a0175d2452 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -2,9 +2,34 @@ #ifndef _LINUX_KASAN_CHECKS_H #define _LINUX_KASAN_CHECKS_H -#if defined(__SANITIZE_ADDRESS__) || defined(__KASAN_INTERNAL) -void kasan_check_read(const volatile void *p, unsigned int size); -void kasan_check_write(const volatile void *p, unsigned int size); +/* + * __kasan_check_*: Always available when KASAN is enabled. This may be used + * even in compilation units that selectively disable KASAN, but must use KASAN + * to validate access to an address. Never use these in header files! + */ +#ifdef CONFIG_KASAN +void __kasan_check_read(const volatile void *p, unsigned int size); +void __kasan_check_write(const volatile void *p, unsigned int size); +#else +static inline void __kasan_check_read(const volatile void *p, unsigned int size) +{ } +static inline void __kasan_check_write(const volatile void *p, unsigned int size) +{ } +#endif + +/* + * kasan_check_*: Only available when the particular compilation unit has KASAN + * instrumentation enabled. May be used in header files. + */ +#ifdef __SANITIZE_ADDRESS__ +static inline void kasan_check_read(const volatile void *p, unsigned int size) +{ + __kasan_check_read(p, size); +} +static inline void kasan_check_write(const volatile void *p, unsigned int size) +{ + __kasan_check_read(p, size); +} #else static inline void kasan_check_read(const volatile void *p, unsigned int size) { } diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 242fdc01aaa9..6bada42cc152 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -14,8 +14,6 @@ * */ -#define __KASAN_INTERNAL - #include #include #include @@ -89,17 +87,17 @@ void kasan_disable_current(void) current->kasan_depth--; } -void kasan_check_read(const volatile void *p, unsigned int size) +void __kasan_check_read(const volatile void *p, unsigned int size) { check_memory_region((unsigned long)p, size, false, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_read); +EXPORT_SYMBOL(__kasan_check_read); -void kasan_check_write(const volatile void *p, unsigned int size) +void __kasan_check_write(const volatile void *p, unsigned int size) { check_memory_region((unsigned long)p, size, true, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_write); +EXPORT_SYMBOL(__kasan_check_write); #undef memset void *memset(void *addr, int c, size_t len) From patchwork Thu Jun 27 09:44:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11019233 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D6967112C for ; Thu, 27 Jun 2019 09:45:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C667A288AC for ; Thu, 27 Jun 2019 09:45:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BB0B7288F6; Thu, 27 Jun 2019 09:45:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3A2E28935 for ; Thu, 27 Jun 2019 09:45:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 94BAA8E0006; Thu, 27 Jun 2019 05:45:11 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8F9A48E0002; Thu, 27 Jun 2019 05:45:11 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7C2048E0006; Thu, 27 Jun 2019 05:45:11 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-vk1-f200.google.com (mail-vk1-f200.google.com [209.85.221.200]) by kanga.kvack.org (Postfix) with ESMTP id 538278E0002 for ; Thu, 27 Jun 2019 05:45:11 -0400 (EDT) Received: by mail-vk1-f200.google.com with SMTP id p64so515393vkp.13 for ; Thu, 27 Jun 2019 02:45:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=Rln2FP6BOxdiVf8wORphr5UbX/lGN9PNgnvsQm0pxfA=; b=lqKeMXWQddaxDW2qg0cZDMk8xAHJjJL8r0rulDzs+Q9C+ELm6r39ZzdH2trwg8Dmdz XivZJhbhd2cjR+YsuTynUukuFrb+wucAnuNhRDK1NbmyWGW0ENNC7GOKoIHqvCo3wpwO RuC5zt0+uvKCR5OqYOpR6gjc/Sqj/UDqHiHLQNvzIWH1V90XAsVZt7icxQ8hgc+/AFBW CX46zOo1IELNmQOG9HwB7Iz1n21ShMwOcryYmdiB/AcD6Eff1bdIs5h3lBCOERHKqpH9 QGx8NZskxBzrGBAV3S45jrYQ0Y93f6g0bUIO5IsamULZvf6qI/vU3b2cmAVj5A6LKfLM awow== X-Gm-Message-State: APjAAAWOHQ7Tw7A4IIOsYkT7t4VA9POeZgSyneXDMDw58bVgE96WE97R 1AY5cLweDF8rwfXm6trWeh8C1DLR0vi8sxULpIqb8ATY5hYyheeT+5Wg+p35SBhNJ0xSTQpsuJz lus3JmnNKKZW3U0HSV0ms6ipAJhbaouMTVRFblmqhu/hxNx6gWKvS5unXaqJingNoEQ== X-Received: by 2002:a67:f6cb:: with SMTP id v11mr2146576vso.16.1561628711089; Thu, 27 Jun 2019 02:45:11 -0700 (PDT) X-Received: by 2002:a67:f6cb:: with SMTP id v11mr2146557vso.16.1561628710504; Thu, 27 Jun 2019 02:45:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561628710; cv=none; d=google.com; s=arc-20160816; b=iZkopEnLPJZjCcsqx6nbr3Q4FZmg1bQNSqzZlrxXBHOkFOi7yJDsxpEascmW6tXjIp mFMeCeR1BgJ4TTrLAyIvOqpUdOnAoiFNXSfREnkFfNmRbOhYVaJo3ehm8+oTE/mF44Nr P+oNszSFjkSgDz2SU3VwX9ThyARLTjhiyRVxYv8bdNryRlj2/ptZp0e/m+aQmBvj5K7c k7exVyXptW6CuPGxpB6t1aIO+Kv5X5duUOfiQdWh23NUnta/oLyaRZR85WDEyZHzm7RV c9RtpkSoICou/AyH4GBQL7GmOLrqpqLGSWk5PmS1uFoencatYRnVzptvGP4Okt4/RczP 6Yug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=Rln2FP6BOxdiVf8wORphr5UbX/lGN9PNgnvsQm0pxfA=; b=M8YYck6mM2FNi55BtvBrgJdd9pPyqm9vMMKOs5Sb+75gFuUH5OYlxc7DimUJrReN3L y12D/B89dJMdIi8yN7ORktsPwpxxl3v+ga3TLj7NBqKtzYsvzLyQ04l8rJPd1MnaWgPF W6lEI9nv6nvD0+yB1bkwj9/EAGfF9r6vU6oJazLlTJ4Wci/kIvhyg8Ghj/tKo1o0Zlt8 hLq4Wt7bgipOC0faCyBwe4P7rCKku7FZoQXygiIsGInrtCHTLCiDs9/Rg+keR+7spBmf okQzHGMLLIxQsq9lId/FcFjYWngCtRHFL5eRzuHopXNi1zwBuV2o0NM8A62MFMw70OMo GNyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dkNaHYpO; spf=pass (google.com: domain of 3jpauxqukcicpw6p2rzzrwp.nzxwty58-xxv6lnv.z2r@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3JpAUXQUKCIcpw6p2rzzrwp.nzxwty58-xxv6lnv.z2r@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id h2sor459958vkf.39.2019.06.27.02.45.10 for (Google Transport Security); Thu, 27 Jun 2019 02:45:10 -0700 (PDT) Received-SPF: pass (google.com: domain of 3jpauxqukcicpw6p2rzzrwp.nzxwty58-xxv6lnv.z2r@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dkNaHYpO; spf=pass (google.com: domain of 3jpauxqukcicpw6p2rzzrwp.nzxwty58-xxv6lnv.z2r@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3JpAUXQUKCIcpw6p2rzzrwp.nzxwty58-xxv6lnv.z2r@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Rln2FP6BOxdiVf8wORphr5UbX/lGN9PNgnvsQm0pxfA=; b=dkNaHYpOwXYyjcEZP1bf6vT67gxnv61V5DkhsO3AvQB28nuMDnRgRztKsctxAk0fDo NF32HjYsnqwZeGB+JEy2xa/dmqzW1mxPdUDFx7RXJVh2ipYHy5fnjonuEq6XUmiBG10T edYVhu7z6vHZNK+2jf6spBkHacLTAuucYbW84sLTHHnVhC9z9Ckyaqo78A2GxVsoBy9a 60BirHmL2WU6muKj4oTpBp6rHMrp1CyZBClJ3vfto474veb5rZoPrqSZRWnOiUWogqhe ThWoTx3eK0RFvnlUy6amT3ORupTvUYcuf02zw72/XpsTh8chI/4twuFgieVHJm9L48no 2XaQ== X-Google-Smtp-Source: APXvYqyWZdgw2CsKA/62O2rW6VnwFiC7Kav89HOU1EeWitGXntN39ZV6iBcDXpaWPwEMg60FmsqhSoFJlA== X-Received: by 2002:a1f:3c82:: with SMTP id j124mr982314vka.47.1561628710024; Thu, 27 Jun 2019 02:45:10 -0700 (PDT) Date: Thu, 27 Jun 2019 11:44:42 +0200 In-Reply-To: <20190627094445.216365-1-elver@google.com> Message-Id: <20190627094445.216365-3-elver@google.com> Mime-Version: 1.0 References: <20190627094445.216365-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v4 2/5] mm/kasan: Change kasan_check_{read,write} to return boolean From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This changes {,__}kasan_check_{read,write} functions to return a boolean denoting if the access was valid or not. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- v3: * Fix Formatting and split introduction of __kasan_check_* and returning bool into 2 patches. --- include/linux/kasan-checks.h | 36 ++++++++++++++++++++++-------------- mm/kasan/common.c | 8 ++++---- mm/kasan/generic.c | 13 +++++++------ mm/kasan/kasan.h | 10 +++++++++- mm/kasan/tags.c | 12 +++++++----- 5 files changed, 49 insertions(+), 30 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index 19a0175d2452..2c7f0b6307b2 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -8,13 +8,17 @@ * to validate access to an address. Never use these in header files! */ #ifdef CONFIG_KASAN -void __kasan_check_read(const volatile void *p, unsigned int size); -void __kasan_check_write(const volatile void *p, unsigned int size); +bool __kasan_check_read(const volatile void *p, unsigned int size); +bool __kasan_check_write(const volatile void *p, unsigned int size); #else -static inline void __kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void __kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool __kasan_check_read(const volatile void *p, unsigned int size) +{ + return true; +} +static inline bool __kasan_check_write(const volatile void *p, unsigned int size) +{ + return true; +} #endif /* @@ -22,19 +26,23 @@ static inline void __kasan_check_write(const volatile void *p, unsigned int size * instrumentation enabled. May be used in header files. */ #ifdef __SANITIZE_ADDRESS__ -static inline void kasan_check_read(const volatile void *p, unsigned int size) +static inline bool kasan_check_read(const volatile void *p, unsigned int size) { - __kasan_check_read(p, size); + return __kasan_check_read(p, size); } -static inline void kasan_check_write(const volatile void *p, unsigned int size) +static inline bool kasan_check_write(const volatile void *p, unsigned int size) { - __kasan_check_read(p, size); + return __kasan_check_read(p, size); } #else -static inline void kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool kasan_check_read(const volatile void *p, unsigned int size) +{ + return true; +} +static inline bool kasan_check_write(const volatile void *p, unsigned int size) +{ + return true; +} #endif #endif diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 6bada42cc152..2277b82902d8 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -87,15 +87,15 @@ void kasan_disable_current(void) current->kasan_depth--; } -void __kasan_check_read(const volatile void *p, unsigned int size) +bool __kasan_check_read(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, false, _RET_IP_); + return check_memory_region((unsigned long)p, size, false, _RET_IP_); } EXPORT_SYMBOL(__kasan_check_read); -void __kasan_check_write(const volatile void *p, unsigned int size) +bool __kasan_check_write(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, true, _RET_IP_); + return check_memory_region((unsigned long)p, size, true, _RET_IP_); } EXPORT_SYMBOL(__kasan_check_write); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 504c79363a34..616f9dd82d12 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -166,29 +166,30 @@ static __always_inline bool memory_is_poisoned(unsigned long addr, size_t size) return memory_is_poisoned_n(addr, size); } -static __always_inline void check_memory_region_inline(unsigned long addr, +static __always_inline bool check_memory_region_inline(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { if (unlikely(size == 0)) - return; + return true; if (unlikely((void *)addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } if (likely(!memory_is_poisoned(addr, size))) - return; + return true; kasan_report(addr, size, write, ret_ip); + return false; } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { - check_memory_region_inline(addr, size, write, ret_ip); + return check_memory_region_inline(addr, size, write, ret_ip); } void kasan_cache_shrink(struct kmem_cache *cache) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 3ce956efa0cb..e62ea45d02e3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -123,7 +123,15 @@ static inline bool addr_has_shadow(const void *addr) void kasan_poison_shadow(const void *address, size_t size, u8 value); -void check_memory_region(unsigned long addr, size_t size, bool write, +/** + * check_memory_region - Check memory region, and report if invalid access. + * @addr: the accessed address + * @size: the accessed size + * @write: true if access is a write access + * @ret_ip: return address + * @return: true if access was valid, false if invalid + */ +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip); void *find_first_bad_addr(void *addr, size_t size); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 63fca3172659..0e987c9ca052 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -76,7 +76,7 @@ void *kasan_reset_tag(const void *addr) return reset_tag(addr); } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { u8 tag; @@ -84,7 +84,7 @@ void check_memory_region(unsigned long addr, size_t size, bool write, void *untagged_addr; if (unlikely(size == 0)) - return; + return true; tag = get_tag((const void *)addr); @@ -106,22 +106,24 @@ void check_memory_region(unsigned long addr, size_t size, bool write, * set to KASAN_TAG_KERNEL (0xFF)). */ if (tag == KASAN_TAG_KERNEL) - return; + return true; untagged_addr = reset_tag((const void *)addr); if (unlikely(untagged_addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } shadow_first = kasan_mem_to_shadow(untagged_addr); shadow_last = kasan_mem_to_shadow(untagged_addr + size - 1); for (shadow = shadow_first; shadow <= shadow_last; shadow++) { if (*shadow != tag) { kasan_report(addr, size, write, ret_ip); - return; + return false; } } + + return true; } #define DEFINE_HWASAN_LOAD_STORE(size) \ From patchwork Thu Jun 27 09:44:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11019235 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 90E0F112C for ; Thu, 27 Jun 2019 09:45:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8062D288F6 for ; Thu, 27 Jun 2019 09:45:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 74D402894B; Thu, 27 Jun 2019 09:45:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E205A28935 for ; Thu, 27 Jun 2019 09:45:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8368E8E0007; Thu, 27 Jun 2019 05:45:14 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 7EB5D8E0002; Thu, 27 Jun 2019 05:45:14 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6AF928E0007; Thu, 27 Jun 2019 05:45:14 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-yb1-f197.google.com (mail-yb1-f197.google.com [209.85.219.197]) by kanga.kvack.org (Postfix) with ESMTP id 4A4398E0002 for ; Thu, 27 Jun 2019 05:45:14 -0400 (EDT) Received: by mail-yb1-f197.google.com with SMTP id v83so3242046ybv.17 for ; Thu, 27 Jun 2019 02:45:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=Nak00YJk+AEgPvXyyfa6aOMnYdoSdmwezqKF16kthRLX16cb4GMg398kM+468jXuEa ur1I8BjIF50xYCNdV5OdXwDcgM6hn4pwxeMAqZ4SnUcKW2CWlg/o3eTN5MDUhwuZ052T 13Nf2SGFgDbxQgeF9wk0GDbjhY9HfLDdK1hG+M0MJjhSqnvNpoEWH2OFP7u8oAilQbfE VvqAoWpb7A9lp3m2cwRV7a3wu7tKUVWTOoL3vGLpv3Wvzzfi2HdjVevNHHjVWEXqBmml Ra5TlL/Ehu0YO6OtMrkbRcC1V87AJMWpya8CJaFSykYRs7J3U6cRYpuRtzxXzOzYNWx6 dTyA== X-Gm-Message-State: APjAAAWf6K4PPmzEK7DYYtuRmSTFbifh133UjYAV1bFbbXu5nEC6pw5d Ox81ku3H+t1otrLQ6wWE3ul8qdMgC0HbLBdziPFqcZzG4AicidduecqzhIyBnsfk6mGgkW2qp4e ++w+gucaUsvrn2eGmcCOu49N2DauqORfeiG5feShX89vK95n2QFYG8qRqWb++Y4CsaQ== X-Received: by 2002:a25:d493:: with SMTP id m141mr576681ybf.230.1561628713997; Thu, 27 Jun 2019 02:45:13 -0700 (PDT) X-Received: by 2002:a25:d493:: with SMTP id m141mr576661ybf.230.1561628713583; Thu, 27 Jun 2019 02:45:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561628713; cv=none; d=google.com; s=arc-20160816; b=HRt/E/HQJja5z/eGt0N0Xez1jbw9JN+oRyVtiyto7Xoog4ZxJmNFsSjIkY6mlypRzs VcpHjB/CpEH7T4zkx7ldruGNWQQ7sytHXAHy3yGtWRWfQyRM48YwFaxxxeWHCMkksKLA PPP4J/7XPA1d4mJuZf21TdynLsg4ftTH8kR/el5CZZTzIgpR2M0dVN0XnBjPtxDRoLBD kdD3H199+3bjjBYBrop060/RMNn2j2njNlyHGnjJ7gPfCU55qEVytNNtUDoJYYNlkEhm 8vyi6xizFtW2CaqQicKW8nz0aPbaK3QrLprgw9QvUR5BcYqwmT+O8j3rgJYa03I4ASXO qQDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=OZR+q14u9dDxuUjgAM2kxiqJ/h7MIAHmwtzV4xcYIFOOpORS0Xs2jb0s6a394RKGdk 1buvOjjzSGOsIRWtIn3CQ2I4zDVIQ/xxMCv+CBye5r7tFskBADvdarYcmTL8CSTkQTzA oBIm9jH1ymWKetEXmSliiRLn3Jpdh2zTCJHLegKjCHvr9eGyAMaSY0Q6G2FgnvKlTwS/ W6SfrCyldBX4Rv7SbP5/BskXInyOoGY9JPBVgLEwEvqcCvlL4nvm+Jd6kjSGxrKrnF/K Q1HSD1RkbPX5IbOTAofJzGP4vrgWwq2yxQ5wCx+Q/+CCHcC8M01wjpW6cmR+qbTenfxH vL2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=J0Ci+Hl2; spf=pass (google.com: domain of 3kzauxqukciosz9s5u22uzs.q20zw18b-00y9oqy.25u@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3KZAUXQUKCIosz9s5u22uzs.q20zw18B-00y9oqy.25u@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id z204sor868199ybb.96.2019.06.27.02.45.13 for (Google Transport Security); Thu, 27 Jun 2019 02:45:13 -0700 (PDT) Received-SPF: pass (google.com: domain of 3kzauxqukciosz9s5u22uzs.q20zw18b-00y9oqy.25u@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=J0Ci+Hl2; spf=pass (google.com: domain of 3kzauxqukciosz9s5u22uzs.q20zw18b-00y9oqy.25u@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3KZAUXQUKCIosz9s5u22uzs.q20zw18B-00y9oqy.25u@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=/Bjb3ErsQTLw+YrlSLkjBcr6K+fvu3f9fORDBwR/vbU=; b=J0Ci+Hl2dklL61XlDu+L7c3zA5n+Cr6/DaQOIbrhOtnPcC74yySQ+I5nkFakrDmsxW 4bi1Q4JaIWXmIUOCc4DIdh/ds39jpfRXGtDW6mU0xdjNAlM9Jda9tH6hbUAdTGAZEeX8 49vYKspcn666nQb3sq8SwovKzlb21N9T7d8GljQX+tyOtgPUiOjtZI/gKE936+eoqNHx rxxaGWQaPKCugOiKAzguIJfywBy0nNvgisRy5RigGtGBtBdfJH3TJYPgtpjGV0zoyJTK ZjYB1aD0xLPDgs/tqbM7lVH6PjLItziSxZ1iovnz/Tq5P9P4Rc8eKOb7vfjUUS6OEaiR c5iQ== X-Google-Smtp-Source: APXvYqzrzpOQbBKJXfxXILWs07ouSrOOgu0C1a7VRkp0utCzl0DRrXpztivBKMFnbS0DUZY3rM1cYhRiLQ== X-Received: by 2002:a25:9a44:: with SMTP id r4mr1814342ybo.393.1561628713265; Thu, 27 Jun 2019 02:45:13 -0700 (PDT) Date: Thu, 27 Jun 2019 11:44:43 +0200 In-Reply-To: <20190627094445.216365-1-elver@google.com> Message-Id: <20190627094445.216365-4-elver@google.com> Mime-Version: 1.0 References: <20190627094445.216365-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v4 3/5] lib/test_kasan: Add test for double-kzfree detection From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Adds a simple test that checks if double-kzfree is being detected correctly. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- lib/test_kasan.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/test_kasan.c b/lib/test_kasan.c index e3c593c38eff..dda5da9f5bd4 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c @@ -619,6 +619,22 @@ static noinline void __init kasan_strings(void) strnlen(ptr, 1); } +static noinline void __init kmalloc_double_kzfree(void) +{ + char *ptr; + size_t size = 16; + + pr_info("double-free (kzfree)\n"); + ptr = kmalloc(size, GFP_KERNEL); + if (!ptr) { + pr_err("Allocation failed\n"); + return; + } + + kzfree(ptr); + kzfree(ptr); +} + static int __init kmalloc_tests_init(void) { /* @@ -660,6 +676,7 @@ static int __init kmalloc_tests_init(void) kasan_memchr(); kasan_memcmp(); kasan_strings(); + kmalloc_double_kzfree(); kasan_restore_multi_shot(multishot); From patchwork Thu Jun 27 09:44:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11019237 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7E2F313B4 for ; Thu, 27 Jun 2019 09:45:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6E0E4212D9 for ; Thu, 27 Jun 2019 09:45:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 624442897D; Thu, 27 Jun 2019 09:45:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A89D428935 for ; Thu, 27 Jun 2019 09:45:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F15A98E0008; Thu, 27 Jun 2019 05:45:17 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E77168E0002; Thu, 27 Jun 2019 05:45:17 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D8C1B8E0008; Thu, 27 Jun 2019 05:45:17 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-vk1-f198.google.com (mail-vk1-f198.google.com [209.85.221.198]) by kanga.kvack.org (Postfix) with ESMTP id B1F738E0002 for ; Thu, 27 Jun 2019 05:45:17 -0400 (EDT) Received: by mail-vk1-f198.google.com with SMTP id a185so527328vkb.0 for ; Thu, 27 Jun 2019 02:45:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=oH7fG20ofuChwybQZlZvB4s9y/2FFyk/2/68TRC/+KsyuE+fKFPnBEEWlxLFDeyBwp NKlrHir6S/WN26bysM+jbE4VJ5xYpkAw8GQNB+NsnkQ1tNDOAaVPR9jFlONRHb8Ts+mN u/WQEMQ7ulWFO0IuJb7PJaxOGCD6zxC0uuLTvOD0YzSPUTf/qbzm3odhhCZG1GoRcnad KzwAHbyChczSWuQQ/Vuzy6nMlfldfLcna4ON3ovDivnTDNoHx4z0d//tTMMt6L9AJhaY ORVpGZK28s/fP9otcy14v1tGUzofMOXXHr3IBm7JGFbdL9X9K/owWOnwgzXmO+tvy3D2 oVYg== X-Gm-Message-State: APjAAAXaarZEEtvjZ2q+XsdVnew1BoihOAumxAklwNmS1d4nO25UlUnW 7fOfr83gvWZcrlAm99QvBJQgM5eXPAHG1iLP4Nts4BZ3eT2jHcxWF3ltDO2ZHqOAExX8C22jHak UG02Chk3UOimhySIwCPRYpUdwpTc3o+AIEsmk3/xt5zNLrnGkSF95IxmietX5qiQykQ== X-Received: by 2002:a05:6102:db:: with SMTP id u27mr1968073vsp.83.1561628717447; Thu, 27 Jun 2019 02:45:17 -0700 (PDT) X-Received: by 2002:a05:6102:db:: with SMTP id u27mr1968048vsp.83.1561628716862; Thu, 27 Jun 2019 02:45:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561628716; cv=none; d=google.com; s=arc-20160816; b=jssQXOiuSDYJVhsulPDQ8QrynMdiVIvKIOXktMkZWN5MLlQ4Pf++0mRN2OqFrWPR5W l431PuL//pOyXT5mQpJyIv8W4aNzkM6LT/LWMbhN7b+cozhQlR65vhAs/Bb5cmGUCd4Q +2nSw/M3iTRhXu2BAxQdcs2qa1fT3IBMnZepSGue4Nso7L6lVRnjB6smT7h3UcDiiBpD 3LYSN5FoaQIdGOpccTjk/F0zxZDYtc6CKSwNtGlMfefeKbiI+JirvsuXgl4psBtohEqp xfixOARll3DcQf87buFPVAw9eXDn4TcOaHqpWwsgIqc6Ky6TxI2+byjsvnQwJ2Tt8QRD R3Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=K5w+unD7T0pVrenV0LNGvkucdLY95LFv4UdZ3tsN9Gog5ObO4OKObmsFZmRfQXXcY0 ohoYaE1B5kZnX4rsS74Jfk38T8vJeQW+qhs5/r08EvbJMk5O9wU+g2te7fwYaUXK8dDn c2/pVg5/0gSTygfVF1IGm/9n9RT8yfJ+s/7nZsX+1AAIZ89NxdpV+PbK9c2nyp7uXd0e aguNmOZvbZpu7c6+veXs1pl2FmgJY4p7e/xaYKc9hqB4rT0q/qJ+iUMFRZ9x7tMjevzV cyirgYb3JVET0oI/HJSWad4jtzNoDCwYyGOb4/oi8cq6KvMbeeb1BdL9oB9yxg+cfG4R Lyqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CDW3O1rc; spf=pass (google.com: domain of 3ljauxqukci0v2cv8x55x2v.t532z4be-331crt1.58x@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3LJAUXQUKCI0v2Cv8x55x2v.t532z4BE-331Crt1.58x@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id o20sor804545ual.12.2019.06.27.02.45.16 for (Google Transport Security); Thu, 27 Jun 2019 02:45:16 -0700 (PDT) Received-SPF: pass (google.com: domain of 3ljauxqukci0v2cv8x55x2v.t532z4be-331crt1.58x@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CDW3O1rc; spf=pass (google.com: domain of 3ljauxqukci0v2cv8x55x2v.t532z4be-331crt1.58x@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3LJAUXQUKCI0v2Cv8x55x2v.t532z4BE-331Crt1.58x@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3eGEWBsY8dqF2V6DSZ5u38cqY6eLJM9O9Aa4+MoaYxw=; b=CDW3O1rcoY4KC5X8v7CnZfCBKNlszgPAXmMim6QnSJLHB2FvypgwfFeyxvZwkjshAT NYkIEFDnXYo2OPrAB+NZMN0XeufHpI0aArN8OIWcXgxUUxzyt/As39iSabbDecmCok66 1GlpOjUwOjx08OQTiJC84NV+xWtQvHLk4cK56xLxJn/7JhxyywvnurM2xkT4zpajSVQ9 Xk4ZCLJmrlDDuokgNuAOAy3SHbdqSr0OAmgr3uIGV9MOFUFqTuwZZ4wk91clhD4nRKVT zIWom/rDBuJizXsYze+NXDx0nRqZZNjw6aRE9+/DLvq0WZwPqSmzvUKmog18ZmwAnJGq juwg== X-Google-Smtp-Source: APXvYqwn/gtVJbLpqQl+FnIy4IdAkHfEQzBvpEllKgR3L5YlFzAi8dr/fNtBE4bKwcMfpZhNOB3+p2DymQ== X-Received: by 2002:ab0:184e:: with SMTP id j14mr1746917uag.91.1561628716321; Thu, 27 Jun 2019 02:45:16 -0700 (PDT) Date: Thu, 27 Jun 2019 11:44:44 +0200 In-Reply-To: <20190627094445.216365-1-elver@google.com> Message-Id: <20190627094445.216365-5-elver@google.com> Mime-Version: 1.0 References: <20190627094445.216365-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v4 4/5] mm/slab: Refactor common ksize KASAN logic into slab_common.c From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This refactors common code of ksize() between the various allocators into slab_common.c: __ksize() is the allocator-specific implementation without instrumentation, whereas ksize() includes the required KASAN logic. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- include/linux/slab.h | 1 + mm/slab.c | 28 ++++++---------------------- mm/slab_common.c | 26 ++++++++++++++++++++++++++ mm/slob.c | 4 ++-- mm/slub.c | 14 ++------------ 5 files changed, 37 insertions(+), 36 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 9449b19c5f10..98c3d12b7275 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -184,6 +184,7 @@ void * __must_check __krealloc(const void *, size_t, gfp_t); void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); +size_t __ksize(const void *); size_t ksize(const void *); #ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR diff --git a/mm/slab.c b/mm/slab.c index f7117ad9b3a3..394e7c7a285e 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -4204,33 +4204,17 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, #endif /* CONFIG_HARDENED_USERCOPY */ /** - * ksize - get the actual amount of memory allocated for a given object - * @objp: Pointer to the object + * __ksize -- Uninstrumented ksize. * - * kmalloc may internally round up allocations and return more memory - * than requested. ksize() can be used to determine the actual amount of - * memory allocated. The caller may use this additional memory, even though - * a smaller amount of memory was initially specified with the kmalloc call. - * The caller must guarantee that objp points to a valid object previously - * allocated with either kmalloc() or kmem_cache_alloc(). The object - * must not be freed during the duration of the call. - * - * Return: size of the actual memory used by @objp in bytes + * Unlike ksize(), __ksize() is uninstrumented, and does not provide the same + * safety checks as ksize() with KASAN instrumentation enabled. */ -size_t ksize(const void *objp) +size_t __ksize(const void *objp) { - size_t size; - BUG_ON(!objp); if (unlikely(objp == ZERO_SIZE_PTR)) return 0; - size = virt_to_cache(objp)->object_size; - /* We assume that ksize callers could use the whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(objp, size); - - return size; + return virt_to_cache(objp)->object_size; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); diff --git a/mm/slab_common.c b/mm/slab_common.c index 58251ba63e4a..b7c6a40e436a 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1597,6 +1597,32 @@ void kzfree(const void *p) } EXPORT_SYMBOL(kzfree); +/** + * ksize - get the actual amount of memory allocated for a given object + * @objp: Pointer to the object + * + * kmalloc may internally round up allocations and return more memory + * than requested. ksize() can be used to determine the actual amount of + * memory allocated. The caller may use this additional memory, even though + * a smaller amount of memory was initially specified with the kmalloc call. + * The caller must guarantee that objp points to a valid object previously + * allocated with either kmalloc() or kmem_cache_alloc(). The object + * must not be freed during the duration of the call. + * + * Return: size of the actual memory used by @objp in bytes + */ +size_t ksize(const void *objp) +{ + size_t size = __ksize(objp); + /* + * We assume that ksize callers could use whole allocated area, + * so we need to unpoison this area. + */ + kasan_unpoison_shadow(objp, size); + return size; +} +EXPORT_SYMBOL(ksize); + /* Tracepoints definitions. */ EXPORT_TRACEPOINT_SYMBOL(kmalloc); EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc); diff --git a/mm/slob.c b/mm/slob.c index 84aefd9b91ee..7f421d0ca9ab 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -527,7 +527,7 @@ void kfree(const void *block) EXPORT_SYMBOL(kfree); /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ -size_t ksize(const void *block) +size_t __ksize(const void *block) { struct page *sp; int align; @@ -545,7 +545,7 @@ size_t ksize(const void *block) m = (unsigned int *)(block - align); return SLOB_UNITS(*m) * SLOB_UNIT; } -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); int __kmem_cache_create(struct kmem_cache *c, slab_flags_t flags) { diff --git a/mm/slub.c b/mm/slub.c index cd04dbd2b5d0..05a8d17dd9b2 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3901,7 +3901,7 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, } #endif /* CONFIG_HARDENED_USERCOPY */ -static size_t __ksize(const void *object) +size_t __ksize(const void *object) { struct page *page; @@ -3917,17 +3917,7 @@ static size_t __ksize(const void *object) return slab_ksize(page->slab_cache); } - -size_t ksize(const void *object) -{ - size_t size = __ksize(object); - /* We assume that ksize callers could use whole allocated area, - * so we need to unpoison this area. - */ - kasan_unpoison_shadow(object, size); - return size; -} -EXPORT_SYMBOL(ksize); +EXPORT_SYMBOL(__ksize); void kfree(const void *x) { From patchwork Thu Jun 27 09:44:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11019239 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B299513B4 for ; Thu, 27 Jun 2019 09:45:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A2151288F6 for ; Thu, 27 Jun 2019 09:45:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 962EC2894B; Thu, 27 Jun 2019 09:45:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E761E288F6 for ; Thu, 27 Jun 2019 09:45:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 06E168E0009; Thu, 27 Jun 2019 05:45:21 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id F3BA98E0002; Thu, 27 Jun 2019 05:45:20 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E29348E0009; Thu, 27 Jun 2019 05:45:20 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by kanga.kvack.org (Postfix) with ESMTP id C14FD8E0002 for ; Thu, 27 Jun 2019 05:45:20 -0400 (EDT) Received: by mail-qt1-f198.google.com with SMTP id r58so1798213qtb.5 for ; Thu, 27 Jun 2019 02:45:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=dExuKDG1Vocm7R5NxDrIVnD2CUOvxrQiPu2P2B60v+w=; b=Ky2zGBdtG6DclQoN7BnpessughNMxO0TQk7hT1LoVJaA35ptS6Q9dKuFJcOskR1pV4 tHfVTJQrTrV3QHUPveps11bCmNUSxJYCOUHDIaL3ZnVIyVtOFPvVi0sh9e1vZpRd6Mrj 2PUh5SEizi0xBiE1LoEiGynAwk9QFeHuH4NdDnFfoN94D8zNe/usAi6NZ6w6jKEteOht SmwqitY7LffYvLO8FYWL32zS9Qb+O0UCCLX+Ydp1j6fhm/8OREOoyMytuKwC+pFPRso7 aITMbfJiTwmx60SuRiZxf3UedfHphmyJgkSVmArJs6s8gZVK6YiJlmKk/DSorM0rx7vi F3Ug== X-Gm-Message-State: APjAAAXDvI0DvAru/BSNKVIMpLawLgW9M4kR1ySrqdMfZ091SG9WQhX1 8z+tQt4pOYCvjAFsHZm7f8SbfjlgWvuCslCH1eicNFVSWwqU76cMQaWFUURfgqoxPYO2xxkTAWf 7xhk2U2TeIX6FiBIduYjfobr18ZQJkuTZBtfBJPG8s6MRY/Qactb+hyBBseSUTaw28A== X-Received: by 2002:a0c:983b:: with SMTP id c56mr2262768qvd.131.1561628720466; Thu, 27 Jun 2019 02:45:20 -0700 (PDT) X-Received: by 2002:a0c:983b:: with SMTP id c56mr2262736qvd.131.1561628719911; Thu, 27 Jun 2019 02:45:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561628719; cv=none; d=google.com; s=arc-20160816; b=hmLSaFv7WGWwe8s/mGuMxp96WbC9aXn3lxO6TLliPivZJ9YK/+mQyJP8KHLcsXm7AS 7OxFw/Fmhi7dvxBdljjz34iK2nKvYWhRLtNMh3xUQu9cJEx08SAg5Z/AewdXJ8jZlLp7 6+M/J99XPthkJPyzwKbpzCHHy4SCQYmKjJCgrndXnbTnjLToj3UwjxvE3Uru9zhm/sPV frzG7iAo5GPEyRLqm4fRrOxkyPHnuUUyZyE4tB9AfgP+XhixccJrH5zneciL3lWVDfSV TAcnrLGc5XKBKAOGSPUUeP6uBOvU67aUdyHNNlCVyZemyYY5ZGPkSoUb3SyxaIPTDtw0 85Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:dkim-signature; bh=dExuKDG1Vocm7R5NxDrIVnD2CUOvxrQiPu2P2B60v+w=; b=MwO5yi7quXI2Y2rx2ZgCQSxVXyhbIq5D+lMqA/yElF8teFow+JpQd2YodeMiyagNYk 6ajAwWDq0AkBOLwudWnVG4tCr6+8Zr6/WYi1ACipXo2M74ZKv5dCYNT36/P6EZqZNGmB meF118HMbG062f0vaLxh3BLF3HX8ni2zR/ZfTdcMPc103yQVPKpmU9EhCM49jrSfFLvs Mtrk2I5EPhYsBycuWlzkDD2JCTUm/qjM81cNCn7Zos8YBRkgRdu3OnorUk+1cwluKrQg WHLD+5btnVuk6fqlK52ua98jAkHrItuz6G0b7ZVf/yVfPnY9BCulvpsFZGz/4+QMXn1r Lbvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WhKnnvq+; spf=pass (google.com: domain of 3l5auxqukcjay5fyb08805y.w86527eh-664fuw4.8b0@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3L5AUXQUKCJAy5FyB08805y.w86527EH-664Fuw4.8B0@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from mail-sor-f73.google.com (mail-sor-f73.google.com. [209.85.220.73]) by mx.google.com with SMTPS id z4sor968616qkf.122.2019.06.27.02.45.19 for (Google Transport Security); Thu, 27 Jun 2019 02:45:19 -0700 (PDT) Received-SPF: pass (google.com: domain of 3l5auxqukcjay5fyb08805y.w86527eh-664fuw4.8b0@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) client-ip=209.85.220.73; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WhKnnvq+; spf=pass (google.com: domain of 3l5auxqukcjay5fyb08805y.w86527eh-664fuw4.8b0@flex--elver.bounces.google.com designates 209.85.220.73 as permitted sender) smtp.mailfrom=3L5AUXQUKCJAy5FyB08805y.w86527EH-664Fuw4.8B0@flex--elver.bounces.google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=dExuKDG1Vocm7R5NxDrIVnD2CUOvxrQiPu2P2B60v+w=; b=WhKnnvq+eH098gHUsu9ljm8u7NiCcoAvG7V0jrd0jshrongcUzOBhvAkJkf73ihZp+ x3Y9xDvb/jKeuWHH2u6ckxKlX4aRRtMTvzfpLyoRC8ULamnLUoUk7RmzaQm3Pu+0A4e1 TVRXpAoOz57i7ofZgEmZe1BUe1IKn0PYDS/TQatmUcXMJo3QYgnPKgaJ7aOyp490eCa5 9/4AAlnsh7gejuJ1dXHGMgR2RQoI5pSXa+juORIs7YAWHwbX6FFBA3ntOIo9VgB1s9h6 itvb8QOBVqFPE3dXzuyMQc+JONF1LgPbfJqic6PD68Aab3oqz8ROjmqia26Mp4ZETGOh eYSQ== X-Google-Smtp-Source: APXvYqyL0gF7qx89YSATj6wfEvyEQdk9uqASJ2qWX9sOEiRzrIlqUKvFG2sTfdKb+6/6XSohTv4Fsmd10g== X-Received: by 2002:a05:620a:1228:: with SMTP id v8mr1133045qkj.357.1561628719562; Thu, 27 Jun 2019 02:45:19 -0700 (PDT) Date: Thu, 27 Jun 2019 11:44:45 +0200 In-Reply-To: <20190627094445.216365-1-elver@google.com> Message-Id: <20190627094445.216365-6-elver@google.com> Mime-Version: 1.0 References: <20190627094445.216365-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v4 5/5] mm/kasan: Add object validation in ksize() From: Marco Elver To: elver@google.com Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Dmitry Vyukov , Alexander Potapenko , Andrey Konovalov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Mark Rutland , Kees Cook , kasan-dev@googlegroups.com, linux-mm@kvack.org X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP ksize() has been unconditionally unpoisoning the whole shadow memory region associated with an allocation. This can lead to various undetected bugs, for example, double-kzfree(). Specifically, kzfree() uses ksize() to determine the actual allocation size, and subsequently zeroes the memory. Since ksize() used to just unpoison the whole shadow memory region, no invalid free was detected. This patch addresses this as follows: 1. Add a check in ksize(), and only then unpoison the memory region. 2. Preserve kasan_unpoison_slab() semantics by explicitly unpoisoning the shadow memory region using the size obtained from __ksize(). Tested: 1. With SLAB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. 2. With SLUB allocator: a) normal boot without warnings; b) verified the added double-kzfree() is detected. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199359 Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: Mark Rutland Cc: Kees Cook Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org Acked-by: Kees Cook --- v4: * Prefer WARN_ON_ONCE() instead of BUG_ON(). --- include/linux/kasan.h | 7 +++++-- mm/slab_common.c | 22 +++++++++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index b40ea104dd36..cc8a03cc9674 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -76,8 +76,11 @@ void kasan_free_shadow(const struct vm_struct *vm); int kasan_add_zero_shadow(void *start, unsigned long size); void kasan_remove_zero_shadow(void *start, unsigned long size); -size_t ksize(const void *); -static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); } +size_t __ksize(const void *); +static inline void kasan_unpoison_slab(const void *ptr) +{ + kasan_unpoison_shadow(ptr, __ksize(ptr)); +} size_t kasan_metadata_size(struct kmem_cache *cache); bool kasan_save_enable_multi_shot(void); diff --git a/mm/slab_common.c b/mm/slab_common.c index b7c6a40e436a..a09bb10aa026 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1613,7 +1613,27 @@ EXPORT_SYMBOL(kzfree); */ size_t ksize(const void *objp) { - size_t size = __ksize(objp); + size_t size; + + if (WARN_ON_ONCE(!objp)) + return 0; + /* + * We need to check that the pointed to object is valid, and only then + * unpoison the shadow memory below. We use __kasan_check_read(), to + * generate a more useful report at the time ksize() is called (rather + * than later where behaviour is undefined due to potential + * use-after-free or double-free). + * + * If the pointed to memory is invalid we return 0, to avoid users of + * ksize() writing to and potentially corrupting the memory region. + * + * We want to perform the check before __ksize(), to avoid potentially + * crashing in __ksize() due to accessing invalid metadata. + */ + if (unlikely(objp == ZERO_SIZE_PTR) || !__kasan_check_read(objp, 1)) + return 0; + + size = __ksize(objp); /* * We assume that ksize callers could use whole allocated area, * so we need to unpoison this area.