From: Haibo Li <haibo.li@mediatek.com> To: <jannh@google.com> Cc: <akpm@linux-foundation.org>, <andreyknvl@gmail.com>, <angelogioacchino.delregno@collabora.com>, <dvyukov@google.com>, <glider@google.com>, <haibo.li@mediatek.com>, <kasan-dev@googlegroups.com>, <linux-arm-kernel@lists.infradead.org>, <linux-kernel@vger.kernel.org>, <linux-mediatek@lists.infradead.org>, <linux-mm@kvack.org>, <mark.rutland@arm.com>, <matthias.bgg@gmail.com>, <ryabinin.a.a@gmail.com>, <vincenzo.frascino@arm.com>, <xiaoming.yu@mediatek.com> Subject: Re: [PATCH] kasan:fix access invalid shadow address when input is illegal Date: Mon, 18 Sep 2023 16:12:50 +0800 [thread overview] Message-ID: <20230918081250.143237-1-haibo.li@mediatek.com> (raw) In-Reply-To: <CAG48ez3GSubTFA8+hw=YDZoVHC79JVwNi+xFTQt9ssy_+O1aaw@mail.gmail.com> > On Fri, Sep 15, 2023 at 6:51 PM Andrey Konovalov <andreyknvl@gmail.com> wrote: > > On Fri, Sep 15, 2023 at 4:46 AM 'Haibo Li' via kasan-dev > > <kasan-dev@googlegroups.com> wrote: > > > > > > The patch checks each shadow address,so it introduces extra overhead. > > > > Ack. Could still be fine, depends on the overhead. > > > > But if the message printed by kasan_non_canonical_hook is good enough > > for your use case, I would rather stick to that. If we check shadow address before invalid access, we get below message before oops: " BUG: KASAN: invalid-access in do_ib_ob+0xf4/0x110 Read of size 8 at addr caffff80aaaaaaaa by task sh/100 " We get below message while using kasan_non_canonical_hook: " Unable to handle kernel paging request at virtual address ffffff80aaaaaaaa KASAN: maybe wild-memory-access in range [0xfffffc0aaaaaaaa0-0xfffffc0aaaaaaaaf] " Both indicate the original accessed address which causes oops. > > > > > Now kasan_non_canonical_hook only works for CONFIG_KASAN_INLINE. > > > > > > And CONFIG_KASAN_OUTLINE is set in my case. > > > > > > Is it possible to make kasan_non_canonical_hook works for both > > > INLINE and OUTLINE by simply remove the "#ifdef CONFIG_KASAN_INLINE"? > > > > Yes, it should just work if you remove the ifdefs in mm/kasan/report.c > > and in include/linux/kasan.h. > > > > Jann, do you have any objections to enabling kasan_non_canonical_hook > > for the outline mode too? > > No objections from me. Thanks. Shall I send a new patch to fix this problem by using kasan_non_canonical_hook
WARNING: multiple messages have this Message-ID (diff)
From: Haibo Li <haibo.li@mediatek.com> To: <jannh@google.com> Cc: <akpm@linux-foundation.org>, <andreyknvl@gmail.com>, <angelogioacchino.delregno@collabora.com>, <dvyukov@google.com>, <glider@google.com>, <haibo.li@mediatek.com>, <kasan-dev@googlegroups.com>, <linux-arm-kernel@lists.infradead.org>, <linux-kernel@vger.kernel.org>, <linux-mediatek@lists.infradead.org>, <linux-mm@kvack.org>, <mark.rutland@arm.com>, <matthias.bgg@gmail.com>, <ryabinin.a.a@gmail.com>, <vincenzo.frascino@arm.com>, <xiaoming.yu@mediatek.com> Subject: Re: [PATCH] kasan:fix access invalid shadow address when input is illegal Date: Mon, 18 Sep 2023 16:12:50 +0800 [thread overview] Message-ID: <20230918081250.143237-1-haibo.li@mediatek.com> (raw) In-Reply-To: <CAG48ez3GSubTFA8+hw=YDZoVHC79JVwNi+xFTQt9ssy_+O1aaw@mail.gmail.com> > On Fri, Sep 15, 2023 at 6:51 PM Andrey Konovalov <andreyknvl@gmail.com> wrote: > > On Fri, Sep 15, 2023 at 4:46 AM 'Haibo Li' via kasan-dev > > <kasan-dev@googlegroups.com> wrote: > > > > > > The patch checks each shadow address,so it introduces extra overhead. > > > > Ack. Could still be fine, depends on the overhead. > > > > But if the message printed by kasan_non_canonical_hook is good enough > > for your use case, I would rather stick to that. If we check shadow address before invalid access, we get below message before oops: " BUG: KASAN: invalid-access in do_ib_ob+0xf4/0x110 Read of size 8 at addr caffff80aaaaaaaa by task sh/100 " We get below message while using kasan_non_canonical_hook: " Unable to handle kernel paging request at virtual address ffffff80aaaaaaaa KASAN: maybe wild-memory-access in range [0xfffffc0aaaaaaaa0-0xfffffc0aaaaaaaaf] " Both indicate the original accessed address which causes oops. > > > > > Now kasan_non_canonical_hook only works for CONFIG_KASAN_INLINE. > > > > > > And CONFIG_KASAN_OUTLINE is set in my case. > > > > > > Is it possible to make kasan_non_canonical_hook works for both > > > INLINE and OUTLINE by simply remove the "#ifdef CONFIG_KASAN_INLINE"? > > > > Yes, it should just work if you remove the ifdefs in mm/kasan/report.c > > and in include/linux/kasan.h. > > > > Jann, do you have any objections to enabling kasan_non_canonical_hook > > for the outline mode too? > > No objections from me. Thanks. Shall I send a new patch to fix this problem by using kasan_non_canonical_hook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-09-18 8:14 UTC|newest] Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-09-14 8:08 [PATCH] kasan:fix access invalid shadow address when input is illegal Haibo Li 2023-09-14 8:08 ` Haibo Li 2023-09-14 17:46 ` Andrey Konovalov 2023-09-14 17:46 ` Andrey Konovalov 2023-09-14 18:29 ` Andrew Morton 2023-09-14 18:29 ` Andrew Morton 2023-09-14 20:34 ` Andrey Konovalov 2023-09-14 20:34 ` Andrey Konovalov 2023-09-14 20:40 ` Jann Horn 2023-09-14 20:40 ` Jann Horn 2023-09-15 1:51 ` Andrey Konovalov 2023-09-15 1:51 ` Andrey Konovalov 2023-09-15 2:45 ` Haibo Li 2023-09-15 2:45 ` Haibo Li 2023-09-15 9:40 ` Haibo Li 2023-09-15 9:40 ` Haibo Li 2023-09-15 16:53 ` Andrey Konovalov 2023-09-15 16:53 ` Andrey Konovalov 2023-09-15 16:50 ` Andrey Konovalov 2023-09-15 16:50 ` Andrey Konovalov 2023-09-15 17:04 ` Jann Horn 2023-09-15 17:04 ` Jann Horn 2023-09-18 8:12 ` Haibo Li [this message] 2023-09-18 8:12 ` Haibo Li 2023-09-18 7:25 ` Haibo Li 2023-09-18 7:25 ` Haibo Li
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230918081250.143237-1-haibo.li@mediatek.com \ --to=haibo.li@mediatek.com \ --cc=akpm@linux-foundation.org \ --cc=andreyknvl@gmail.com \ --cc=angelogioacchino.delregno@collabora.com \ --cc=dvyukov@google.com \ --cc=glider@google.com \ --cc=jannh@google.com \ --cc=kasan-dev@googlegroups.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mediatek@lists.infradead.org \ --cc=linux-mm@kvack.org \ --cc=mark.rutland@arm.com \ --cc=matthias.bgg@gmail.com \ --cc=ryabinin.a.a@gmail.com \ --cc=vincenzo.frascino@arm.com \ --cc=xiaoming.yu@mediatek.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.