From: andrey.konovalov@linux.dev To: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Konovalov <andreyknvl@gmail.com>, Marco Elver <elver@google.com>, Alexander Potapenko <glider@google.com>, Dmitry Vyukov <dvyukov@google.com>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, kasan-dev@googlegroups.com, linux-mm@kvack.org, Vincenzo Frascino <vincenzo.frascino@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>, linux-arm-kernel@lists.infradead.org, Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com>, linux-kernel@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH mm v5 24/39] kasan, vmalloc: add vmalloc tagging for SW_TAGS Date: Thu, 30 Dec 2021 20:14:49 +0100 [thread overview] Message-ID: <30d0da01e7ade09f28ed98191a274112408ec3c2.1640891329.git.andreyknvl@google.com> (raw) In-Reply-To: <cover.1640891329.git.andreyknvl@google.com> From: Andrey Konovalov <andreyknvl@google.com> Add vmalloc tagging support to SW_TAGS KASAN. - __kasan_unpoison_vmalloc() now assigns a random pointer tag, poisons the virtual mapping accordingly, and embeds the tag into the returned pointer. - __get_vm_area_node() (used by vmalloc() and vmap()) and pcpu_get_vm_areas() save the tagged pointer into vm_struct->addr (note: not into vmap_area->addr). This requires putting kasan_unpoison_vmalloc() after setup_vmalloc_vm[_locked](); otherwise the latter will overwrite the tagged pointer. The tagged pointer then is naturally propagateed to vmalloc() and vmap(). - vm_map_ram() returns the tagged pointer directly. As a result of this change, vm_struct->addr is now tagged. Enabling KASAN_VMALLOC with SW_TAGS is not yet allowed. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- Changes v2->v3: - Drop accidentally added kasan_unpoison_vmalloc() argument for when KASAN is off. - Drop __must_check for kasan_unpoison_vmalloc(), as its result is sometimes intentionally ignored. - Move allowing enabling KASAN_VMALLOC with SW_TAGS into a separate patch. - Update patch description. Changes v1->v2: - Allow enabling KASAN_VMALLOC with SW_TAGS in this patch. --- include/linux/kasan.h | 16 ++++++++++------ mm/kasan/shadow.c | 6 ++++-- mm/vmalloc.c | 14 ++++++++------ 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index da320069e7cf..92c5dfa29a35 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -424,12 +424,13 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, unsigned long free_region_end); -void __kasan_unpoison_vmalloc(const void *start, unsigned long size); -static __always_inline void kasan_unpoison_vmalloc(const void *start, - unsigned long size) +void *__kasan_unpoison_vmalloc(const void *start, unsigned long size); +static __always_inline void *kasan_unpoison_vmalloc(const void *start, + unsigned long size) { if (kasan_enabled()) - __kasan_unpoison_vmalloc(start, size); + return __kasan_unpoison_vmalloc(start, size); + return (void *)start; } void __kasan_poison_vmalloc(const void *start, unsigned long size); @@ -454,8 +455,11 @@ static inline void kasan_release_vmalloc(unsigned long start, unsigned long free_region_start, unsigned long free_region_end) { } -static inline void kasan_unpoison_vmalloc(const void *start, unsigned long size) -{ } +static inline void *kasan_unpoison_vmalloc(const void *start, + unsigned long size) +{ + return (void *)start; +} static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 39d0b32ebf70..5a866f6663fc 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -475,12 +475,14 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, } } -void __kasan_unpoison_vmalloc(const void *start, unsigned long size) +void *__kasan_unpoison_vmalloc(const void *start, unsigned long size) { if (!is_vmalloc_or_module_addr(start)) - return; + return (void *)start; + start = set_tag(start, kasan_random_tag()); kasan_unpoison(start, size, false); + return (void *)start; } /* diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 52336b034fbb..da419db620ba 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2210,7 +2210,7 @@ void *vm_map_ram(struct page **pages, unsigned int count, int node) mem = (void *)addr; } - kasan_unpoison_vmalloc(mem, size); + mem = kasan_unpoison_vmalloc(mem, size); if (vmap_pages_range(addr, addr + size, PAGE_KERNEL, pages, PAGE_SHIFT) < 0) { @@ -2443,10 +2443,10 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, return NULL; } - kasan_unpoison_vmalloc((void *)va->va_start, requested_size); - setup_vmalloc_vm(area, va, flags, caller); + area->addr = kasan_unpoison_vmalloc(area->addr, requested_size); + return area; } @@ -3802,9 +3802,6 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, for (area = 0; area < nr_vms; area++) { if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area])) goto err_free_shadow; - - kasan_unpoison_vmalloc((void *)vas[area]->va_start, - sizes[area]); } /* insert all vm's */ @@ -3817,6 +3814,11 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, } spin_unlock(&vmap_area_lock); + /* mark allocated areas as accessible */ + for (area = 0; area < nr_vms; area++) + vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, + vms[area]->size); + kfree(vas); return vms; -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: andrey.konovalov@linux.dev To: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Konovalov <andreyknvl@gmail.com>, Marco Elver <elver@google.com>, Alexander Potapenko <glider@google.com>, Dmitry Vyukov <dvyukov@google.com>, Andrey Ryabinin <ryabinin.a.a@gmail.com>, kasan-dev@googlegroups.com, linux-mm@kvack.org, Vincenzo Frascino <vincenzo.frascino@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>, linux-arm-kernel@lists.infradead.org, Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com>, linux-kernel@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH mm v5 24/39] kasan, vmalloc: add vmalloc tagging for SW_TAGS Date: Thu, 30 Dec 2021 20:14:49 +0100 [thread overview] Message-ID: <30d0da01e7ade09f28ed98191a274112408ec3c2.1640891329.git.andreyknvl@google.com> (raw) In-Reply-To: <cover.1640891329.git.andreyknvl@google.com> From: Andrey Konovalov <andreyknvl@google.com> Add vmalloc tagging support to SW_TAGS KASAN. - __kasan_unpoison_vmalloc() now assigns a random pointer tag, poisons the virtual mapping accordingly, and embeds the tag into the returned pointer. - __get_vm_area_node() (used by vmalloc() and vmap()) and pcpu_get_vm_areas() save the tagged pointer into vm_struct->addr (note: not into vmap_area->addr). This requires putting kasan_unpoison_vmalloc() after setup_vmalloc_vm[_locked](); otherwise the latter will overwrite the tagged pointer. The tagged pointer then is naturally propagateed to vmalloc() and vmap(). - vm_map_ram() returns the tagged pointer directly. As a result of this change, vm_struct->addr is now tagged. Enabling KASAN_VMALLOC with SW_TAGS is not yet allowed. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- Changes v2->v3: - Drop accidentally added kasan_unpoison_vmalloc() argument for when KASAN is off. - Drop __must_check for kasan_unpoison_vmalloc(), as its result is sometimes intentionally ignored. - Move allowing enabling KASAN_VMALLOC with SW_TAGS into a separate patch. - Update patch description. Changes v1->v2: - Allow enabling KASAN_VMALLOC with SW_TAGS in this patch. --- include/linux/kasan.h | 16 ++++++++++------ mm/kasan/shadow.c | 6 ++++-- mm/vmalloc.c | 14 ++++++++------ 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index da320069e7cf..92c5dfa29a35 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -424,12 +424,13 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, unsigned long free_region_end); -void __kasan_unpoison_vmalloc(const void *start, unsigned long size); -static __always_inline void kasan_unpoison_vmalloc(const void *start, - unsigned long size) +void *__kasan_unpoison_vmalloc(const void *start, unsigned long size); +static __always_inline void *kasan_unpoison_vmalloc(const void *start, + unsigned long size) { if (kasan_enabled()) - __kasan_unpoison_vmalloc(start, size); + return __kasan_unpoison_vmalloc(start, size); + return (void *)start; } void __kasan_poison_vmalloc(const void *start, unsigned long size); @@ -454,8 +455,11 @@ static inline void kasan_release_vmalloc(unsigned long start, unsigned long free_region_start, unsigned long free_region_end) { } -static inline void kasan_unpoison_vmalloc(const void *start, unsigned long size) -{ } +static inline void *kasan_unpoison_vmalloc(const void *start, + unsigned long size) +{ + return (void *)start; +} static inline void kasan_poison_vmalloc(const void *start, unsigned long size) { } diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 39d0b32ebf70..5a866f6663fc 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -475,12 +475,14 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, } } -void __kasan_unpoison_vmalloc(const void *start, unsigned long size) +void *__kasan_unpoison_vmalloc(const void *start, unsigned long size) { if (!is_vmalloc_or_module_addr(start)) - return; + return (void *)start; + start = set_tag(start, kasan_random_tag()); kasan_unpoison(start, size, false); + return (void *)start; } /* diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 52336b034fbb..da419db620ba 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2210,7 +2210,7 @@ void *vm_map_ram(struct page **pages, unsigned int count, int node) mem = (void *)addr; } - kasan_unpoison_vmalloc(mem, size); + mem = kasan_unpoison_vmalloc(mem, size); if (vmap_pages_range(addr, addr + size, PAGE_KERNEL, pages, PAGE_SHIFT) < 0) { @@ -2443,10 +2443,10 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, return NULL; } - kasan_unpoison_vmalloc((void *)va->va_start, requested_size); - setup_vmalloc_vm(area, va, flags, caller); + area->addr = kasan_unpoison_vmalloc(area->addr, requested_size); + return area; } @@ -3802,9 +3802,6 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, for (area = 0; area < nr_vms; area++) { if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area])) goto err_free_shadow; - - kasan_unpoison_vmalloc((void *)vas[area]->va_start, - sizes[area]); } /* insert all vm's */ @@ -3817,6 +3814,11 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, } spin_unlock(&vmap_area_lock); + /* mark allocated areas as accessible */ + for (area = 0; area < nr_vms; area++) + vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr, + vms[area]->size); + kfree(vas); return vms; -- 2.25.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-12-30 19:15 UTC|newest] Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-12-30 19:12 [PATCH mm v5 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 01/39] kasan, page_alloc: deduplicate should_skip_kasan_poison andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 02/39] kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 03/39] kasan, page_alloc: merge kasan_free_pages into free_pages_prepare andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 04/39] kasan, page_alloc: simplify kasan_poison_pages call site andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 05/39] kasan, page_alloc: init memory of skipped pages on free andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 06/39] kasan: drop skip_kasan_poison variable in free_pages_prepare andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 07/39] mm: clarify __GFP_ZEROTAGS comment andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 08/39] kasan: only apply __GFP_ZEROTAGS when memory is zeroed andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 09/39] kasan, page_alloc: refactor init checks in post_alloc_hook andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 10/39] kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 11/39] kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 12/39] kasan, page_alloc: move SetPageSkipKASanPoison " andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 13/39] kasan, page_alloc: move kernel_init_free_pages " andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 14/39] kasan, page_alloc: rework kasan_unpoison_pages call site andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 15/39] kasan: clean up metadata byte definitions andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 16/39] kasan: define KASAN_VMALLOC_INVALID for SW_TAGS andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 17/39] kasan, x86, arm64, s390: rename functions for modules shadow andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:12 ` [PATCH mm v5 18/39] kasan, vmalloc: drop outdated VM_KASAN comment andrey.konovalov 2021-12-30 19:12 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 19/39] kasan: reorder vmalloc hooks andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 20/39] kasan: add wrappers for " andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 21/39] kasan, vmalloc: reset tags in vmalloc functions andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 22/39] kasan, fork: reset pointer tags of vmapped stacks andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 23/39] kasan, arm64: " andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov [this message] 2021-12-30 19:14 ` [PATCH mm v5 24/39] kasan, vmalloc: add vmalloc tagging for SW_TAGS andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 25/39] kasan, vmalloc, arm64: mark vmalloc mappings as pgprot_tagged andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 26/39] kasan, vmalloc: unpoison VM_ALLOC pages after mapping andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 27/39] kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 28/39] kasan, page_alloc: allow skipping unpoisoning for HW_TAGS andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 29/39] kasan, page_alloc: allow skipping memory init " andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2022-01-03 2:32 ` Kuan-Ying Lee 2022-01-03 2:32 ` Kuan-Ying Lee 2022-01-04 11:28 ` Andrey Konovalov 2022-01-04 11:28 ` Andrey Konovalov 2021-12-30 19:14 ` [PATCH mm v5 30/39] kasan, vmalloc: add vmalloc tagging " andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 31/39] kasan, vmalloc: only tag normal vmalloc allocations andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2022-01-01 0:25 ` kernel test robot 2021-12-30 19:14 ` [PATCH mm v5 32/39] kasan, arm64: don't tag executable " andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 33/39] kasan: mark kasan_arg_stacktrace as __initdata andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:14 ` [PATCH mm v5 34/39] kasan: clean up feature flags for HW_TAGS mode andrey.konovalov 2021-12-30 19:14 ` andrey.konovalov 2021-12-30 19:15 ` [PATCH mm v5 35/39] kasan: add kasan.vmalloc command line flag andrey.konovalov 2021-12-30 19:15 ` andrey.konovalov 2021-12-30 19:17 ` [PATCH mm v5 36/39] kasan: allow enabling KASAN_VMALLOC and SW/HW_TAGS andrey.konovalov 2021-12-30 19:17 ` andrey.konovalov 2021-12-30 19:17 ` [PATCH mm v5 37/39] arm64: select KASAN_VMALLOC for SW/HW_TAGS modes andrey.konovalov 2021-12-30 19:17 ` andrey.konovalov 2021-12-30 19:17 ` [PATCH mm v5 38/39] kasan: documentation updates andrey.konovalov 2021-12-30 19:17 ` andrey.konovalov 2021-12-30 19:17 ` [PATCH mm v5 39/39] kasan: improve vmalloc tests andrey.konovalov 2021-12-30 19:17 ` andrey.konovalov 2021-12-30 19:19 ` [PATCH mm v5 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS Andrey Konovalov 2021-12-30 19:19 ` Andrey Konovalov 2021-12-31 2:30 ` Andrew Morton 2021-12-31 2:30 ` Andrew Morton 2022-01-02 2:26 ` Andrey Konovalov 2022-01-02 2:26 ` Andrey Konovalov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=30d0da01e7ade09f28ed98191a274112408ec3c2.1640891329.git.andreyknvl@google.com \ --to=andrey.konovalov@linux.dev \ --cc=akpm@linux-foundation.org \ --cc=andreyknvl@gmail.com \ --cc=andreyknvl@google.com \ --cc=catalin.marinas@arm.com \ --cc=dvyukov@google.com \ --cc=elver@google.com \ --cc=eugenis@google.com \ --cc=glider@google.com \ --cc=kasan-dev@googlegroups.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=mark.rutland@arm.com \ --cc=pcc@google.com \ --cc=ryabinin.a.a@gmail.com \ --cc=vincenzo.frascino@arm.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.