From: Marco Elver <elver@google.com>
To: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Alexander Potapenko <glider@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org,
linux-mediatek@lists.infradead.org, wsd_upstream@mediatek.com,
chinwen.chang@mediatek.com, nicholas.tang@mediatek.com
Subject: Re: [PATCH v4 2/3] kasan: integrate the common part of two KASAN tag-based modes
Date: Mon, 28 Jun 2021 08:00:00 +0200 [thread overview]
Message-ID: <CANpmjNO6odUDsERDtw2Qrt9VOTXXfswtcFw06fiRoAUvqKaK2w@mail.gmail.com> (raw)
In-Reply-To: <20210626100931.22794-3-Kuan-Ying.Lee@mediatek.com>
On Sat, 26 Jun 2021 at 12:09, Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> wrote:
>
> 1. Move kasan_get_free_track() and kasan_set_free_info()
> into tags.c and combine these two functions for
> SW_TAGS and HW_TAGS kasan mode.
> 2. Move kasan_get_bug_type() to report_tags.c and
> make this function compatible for SW_TAGS and
> HW_TAGS kasan mode.
>
> Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
> Suggested-by: Marco Elver <elver@google.com>
> Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
> Cc: Alexander Potapenko <glider@google.com>
> Cc: Andrey Konovalov <andreyknvl@gmail.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Marco Elver <elver@google.com>
> ---
> mm/kasan/Makefile | 4 +--
> mm/kasan/hw_tags.c | 22 ---------------
> mm/kasan/report_hw_tags.c | 5 ----
> mm/kasan/report_sw_tags.c | 43 ----------------------------
> mm/kasan/report_tags.c | 51 +++++++++++++++++++++++++++++++++
> mm/kasan/sw_tags.c | 41 ---------------------------
> mm/kasan/tags.c | 59 +++++++++++++++++++++++++++++++++++++++
> 7 files changed, 112 insertions(+), 113 deletions(-)
> create mode 100644 mm/kasan/report_tags.c
> create mode 100644 mm/kasan/tags.c
>
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index 9fe39a66388a..adcd9acaef61 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -37,5 +37,5 @@ CFLAGS_sw_tags.o := $(CC_FLAGS_KASAN_RUNTIME)
>
> obj-$(CONFIG_KASAN) := common.o report.o
> obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o
> -obj-$(CONFIG_KASAN_HW_TAGS) += hw_tags.o report_hw_tags.o
> -obj-$(CONFIG_KASAN_SW_TAGS) += init.o report_sw_tags.o shadow.o sw_tags.o
> +obj-$(CONFIG_KASAN_HW_TAGS) += hw_tags.o report_hw_tags.o tags.o report_tags.o
> +obj-$(CONFIG_KASAN_SW_TAGS) += init.o report_sw_tags.o shadow.o sw_tags.o tags.o report_tags.o
> diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
> index ed5e5b833d61..4ea8c368b5b8 100644
> --- a/mm/kasan/hw_tags.c
> +++ b/mm/kasan/hw_tags.c
> @@ -216,28 +216,6 @@ void __init kasan_init_hw_tags(void)
> pr_info("KernelAddressSanitizer initialized\n");
> }
>
> -void kasan_set_free_info(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (alloc_meta)
> - kasan_set_track(&alloc_meta->free_track[0], GFP_NOWAIT);
> -}
> -
> -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return NULL;
> -
> - return &alloc_meta->free_track[0];
> -}
> -
> void kasan_alloc_pages(struct page *page, unsigned int order, gfp_t flags)
> {
> /*
> diff --git a/mm/kasan/report_hw_tags.c b/mm/kasan/report_hw_tags.c
> index 42b2168755d6..5dbbbb930e7a 100644
> --- a/mm/kasan/report_hw_tags.c
> +++ b/mm/kasan/report_hw_tags.c
> @@ -15,11 +15,6 @@
>
> #include "kasan.h"
>
> -const char *kasan_get_bug_type(struct kasan_access_info *info)
> -{
> - return "invalid-access";
> -}
> -
> void *kasan_find_first_bad_addr(void *addr, size_t size)
> {
> return kasan_reset_tag(addr);
> diff --git a/mm/kasan/report_sw_tags.c b/mm/kasan/report_sw_tags.c
> index 821a14a19a92..d2298c357834 100644
> --- a/mm/kasan/report_sw_tags.c
> +++ b/mm/kasan/report_sw_tags.c
> @@ -29,49 +29,6 @@
> #include "kasan.h"
> #include "../slab.h"
>
> -const char *kasan_get_bug_type(struct kasan_access_info *info)
> -{
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - struct kasan_alloc_meta *alloc_meta;
> - struct kmem_cache *cache;
> - struct page *page;
> - const void *addr;
> - void *object;
> - u8 tag;
> - int i;
> -
> - tag = get_tag(info->access_addr);
> - addr = kasan_reset_tag(info->access_addr);
> - page = kasan_addr_to_page(addr);
> - if (page && PageSlab(page)) {
> - cache = page->slab_cache;
> - object = nearest_obj(cache, page, (void *)addr);
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> -
> - if (alloc_meta) {
> - for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> - if (alloc_meta->free_pointer_tag[i] == tag)
> - return "use-after-free";
> - }
> - }
> - return "out-of-bounds";
> - }
> -
> -#endif
> - /*
> - * If access_size is a negative number, then it has reason to be
> - * defined as out-of-bounds bug type.
> - *
> - * Casting negative numbers to size_t would indeed turn up as
> - * a large size_t and its value will be larger than ULONG_MAX/2,
> - * so that this can qualify as out-of-bounds.
> - */
> - if (info->access_addr + info->access_size < info->access_addr)
> - return "out-of-bounds";
> -
> - return "invalid-access";
> -}
> -
> void *kasan_find_first_bad_addr(void *addr, size_t size)
> {
> u8 tag = get_tag(addr);
> diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c
> new file mode 100644
> index 000000000000..8a319fc16dab
> --- /dev/null
> +++ b/mm/kasan/report_tags.c
> @@ -0,0 +1,51 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2014 Samsung Electronics Co., Ltd.
> + * Copyright (c) 2020 Google, Inc.
> + */
> +
> +#include "kasan.h"
> +#include "../slab.h"
> +
> +const char *kasan_get_bug_type(struct kasan_access_info *info)
> +{
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + struct kasan_alloc_meta *alloc_meta;
> + struct kmem_cache *cache;
> + struct page *page;
> + const void *addr;
> + void *object;
> + u8 tag;
> + int i;
> +
> + tag = get_tag(info->access_addr);
> + addr = kasan_reset_tag(info->access_addr);
> + page = kasan_addr_to_page(addr);
> + if (page && PageSlab(page)) {
> + cache = page->slab_cache;
> + object = nearest_obj(cache, page, (void *)addr);
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> +
> + if (alloc_meta) {
> + for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> + if (alloc_meta->free_pointer_tag[i] == tag)
> + return "use-after-free";
> + }
> + }
> + return "out-of-bounds";
> + }
> +#endif
> +
> + /*
> + * If access_size is a negative number, then it has reason to be
> + * defined as out-of-bounds bug type.
> + *
> + * Casting negative numbers to size_t would indeed turn up as
> + * a large size_t and its value will be larger than ULONG_MAX/2,
> + * so that this can qualify as out-of-bounds.
> + */
> + if (info->access_addr + info->access_size < info->access_addr)
> + return "out-of-bounds";
> +
> + return "invalid-access";
> +}
> diff --git a/mm/kasan/sw_tags.c b/mm/kasan/sw_tags.c
> index dd05e6c801fa..bd3f540feb47 100644
> --- a/mm/kasan/sw_tags.c
> +++ b/mm/kasan/sw_tags.c
> @@ -167,47 +167,6 @@ void __hwasan_tag_memory(unsigned long addr, u8 tag, unsigned long size)
> }
> EXPORT_SYMBOL(__hwasan_tag_memory);
>
> -void kasan_set_free_info(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> - u8 idx = 0;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return;
> -
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - idx = alloc_meta->free_track_idx;
> - alloc_meta->free_pointer_tag[idx] = tag;
> - alloc_meta->free_track_idx = (idx + 1) % KASAN_NR_FREE_STACKS;
> -#endif
> -
> - kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT);
> -}
> -
> -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> - int i = 0;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return NULL;
> -
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> - if (alloc_meta->free_pointer_tag[i] == tag)
> - break;
> - }
> - if (i == KASAN_NR_FREE_STACKS)
> - i = alloc_meta->free_track_idx;
> -#endif
> -
> - return &alloc_meta->free_track[i];
> -}
> -
> void kasan_tag_mismatch(unsigned long addr, unsigned long access_info,
> unsigned long ret_ip)
> {
> diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
> new file mode 100644
> index 000000000000..8f48b9502a17
> --- /dev/null
> +++ b/mm/kasan/tags.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * This file contains common tag-based KASAN code.
> + *
> + * Copyright (c) 2018 Google, Inc.
> + * Copyright (c) 2020 Google, Inc.
> + */
> +
> +#include <linux/init.h>
> +#include <linux/kasan.h>
> +#include <linux/kernel.h>
> +#include <linux/memory.h>
> +#include <linux/mm.h>
> +#include <linux/static_key.h>
> +#include <linux/string.h>
> +#include <linux/types.h>
> +
> +#include "kasan.h"
> +
> +void kasan_set_free_info(struct kmem_cache *cache,
> + void *object, u8 tag)
> +{
> + struct kasan_alloc_meta *alloc_meta;
> + u8 idx = 0;
> +
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> + if (!alloc_meta)
> + return;
> +
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + idx = alloc_meta->free_track_idx;
> + alloc_meta->free_pointer_tag[idx] = tag;
> + alloc_meta->free_track_idx = (idx + 1) % KASAN_NR_FREE_STACKS;
> +#endif
> +
> + kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT);
> +}
> +
> +struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> + void *object, u8 tag)
> +{
> + struct kasan_alloc_meta *alloc_meta;
> + int i = 0;
> +
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> + if (!alloc_meta)
> + return NULL;
> +
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> + if (alloc_meta->free_pointer_tag[i] == tag)
> + break;
> + }
> + if (i == KASAN_NR_FREE_STACKS)
> + i = alloc_meta->free_track_idx;
> +#endif
> +
> + return &alloc_meta->free_track[i];
> +}
> --
> 2.18.0
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20210626100931.22794-3-Kuan-Ying.Lee%40mediatek.com.
WARNING: multiple messages have this Message-ID (diff)
From: Marco Elver <elver@google.com>
To: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Alexander Potapenko <glider@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org,
linux-mediatek@lists.infradead.org, wsd_upstream@mediatek.com,
chinwen.chang@mediatek.com, nicholas.tang@mediatek.com
Subject: Re: [PATCH v4 2/3] kasan: integrate the common part of two KASAN tag-based modes
Date: Mon, 28 Jun 2021 08:00:00 +0200 [thread overview]
Message-ID: <CANpmjNO6odUDsERDtw2Qrt9VOTXXfswtcFw06fiRoAUvqKaK2w@mail.gmail.com> (raw)
In-Reply-To: <20210626100931.22794-3-Kuan-Ying.Lee@mediatek.com>
On Sat, 26 Jun 2021 at 12:09, Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> wrote:
>
> 1. Move kasan_get_free_track() and kasan_set_free_info()
> into tags.c and combine these two functions for
> SW_TAGS and HW_TAGS kasan mode.
> 2. Move kasan_get_bug_type() to report_tags.c and
> make this function compatible for SW_TAGS and
> HW_TAGS kasan mode.
>
> Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
> Suggested-by: Marco Elver <elver@google.com>
> Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
> Cc: Alexander Potapenko <glider@google.com>
> Cc: Andrey Konovalov <andreyknvl@gmail.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Marco Elver <elver@google.com>
> ---
> mm/kasan/Makefile | 4 +--
> mm/kasan/hw_tags.c | 22 ---------------
> mm/kasan/report_hw_tags.c | 5 ----
> mm/kasan/report_sw_tags.c | 43 ----------------------------
> mm/kasan/report_tags.c | 51 +++++++++++++++++++++++++++++++++
> mm/kasan/sw_tags.c | 41 ---------------------------
> mm/kasan/tags.c | 59 +++++++++++++++++++++++++++++++++++++++
> 7 files changed, 112 insertions(+), 113 deletions(-)
> create mode 100644 mm/kasan/report_tags.c
> create mode 100644 mm/kasan/tags.c
>
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index 9fe39a66388a..adcd9acaef61 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -37,5 +37,5 @@ CFLAGS_sw_tags.o := $(CC_FLAGS_KASAN_RUNTIME)
>
> obj-$(CONFIG_KASAN) := common.o report.o
> obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o
> -obj-$(CONFIG_KASAN_HW_TAGS) += hw_tags.o report_hw_tags.o
> -obj-$(CONFIG_KASAN_SW_TAGS) += init.o report_sw_tags.o shadow.o sw_tags.o
> +obj-$(CONFIG_KASAN_HW_TAGS) += hw_tags.o report_hw_tags.o tags.o report_tags.o
> +obj-$(CONFIG_KASAN_SW_TAGS) += init.o report_sw_tags.o shadow.o sw_tags.o tags.o report_tags.o
> diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
> index ed5e5b833d61..4ea8c368b5b8 100644
> --- a/mm/kasan/hw_tags.c
> +++ b/mm/kasan/hw_tags.c
> @@ -216,28 +216,6 @@ void __init kasan_init_hw_tags(void)
> pr_info("KernelAddressSanitizer initialized\n");
> }
>
> -void kasan_set_free_info(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (alloc_meta)
> - kasan_set_track(&alloc_meta->free_track[0], GFP_NOWAIT);
> -}
> -
> -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return NULL;
> -
> - return &alloc_meta->free_track[0];
> -}
> -
> void kasan_alloc_pages(struct page *page, unsigned int order, gfp_t flags)
> {
> /*
> diff --git a/mm/kasan/report_hw_tags.c b/mm/kasan/report_hw_tags.c
> index 42b2168755d6..5dbbbb930e7a 100644
> --- a/mm/kasan/report_hw_tags.c
> +++ b/mm/kasan/report_hw_tags.c
> @@ -15,11 +15,6 @@
>
> #include "kasan.h"
>
> -const char *kasan_get_bug_type(struct kasan_access_info *info)
> -{
> - return "invalid-access";
> -}
> -
> void *kasan_find_first_bad_addr(void *addr, size_t size)
> {
> return kasan_reset_tag(addr);
> diff --git a/mm/kasan/report_sw_tags.c b/mm/kasan/report_sw_tags.c
> index 821a14a19a92..d2298c357834 100644
> --- a/mm/kasan/report_sw_tags.c
> +++ b/mm/kasan/report_sw_tags.c
> @@ -29,49 +29,6 @@
> #include "kasan.h"
> #include "../slab.h"
>
> -const char *kasan_get_bug_type(struct kasan_access_info *info)
> -{
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - struct kasan_alloc_meta *alloc_meta;
> - struct kmem_cache *cache;
> - struct page *page;
> - const void *addr;
> - void *object;
> - u8 tag;
> - int i;
> -
> - tag = get_tag(info->access_addr);
> - addr = kasan_reset_tag(info->access_addr);
> - page = kasan_addr_to_page(addr);
> - if (page && PageSlab(page)) {
> - cache = page->slab_cache;
> - object = nearest_obj(cache, page, (void *)addr);
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> -
> - if (alloc_meta) {
> - for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> - if (alloc_meta->free_pointer_tag[i] == tag)
> - return "use-after-free";
> - }
> - }
> - return "out-of-bounds";
> - }
> -
> -#endif
> - /*
> - * If access_size is a negative number, then it has reason to be
> - * defined as out-of-bounds bug type.
> - *
> - * Casting negative numbers to size_t would indeed turn up as
> - * a large size_t and its value will be larger than ULONG_MAX/2,
> - * so that this can qualify as out-of-bounds.
> - */
> - if (info->access_addr + info->access_size < info->access_addr)
> - return "out-of-bounds";
> -
> - return "invalid-access";
> -}
> -
> void *kasan_find_first_bad_addr(void *addr, size_t size)
> {
> u8 tag = get_tag(addr);
> diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c
> new file mode 100644
> index 000000000000..8a319fc16dab
> --- /dev/null
> +++ b/mm/kasan/report_tags.c
> @@ -0,0 +1,51 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2014 Samsung Electronics Co., Ltd.
> + * Copyright (c) 2020 Google, Inc.
> + */
> +
> +#include "kasan.h"
> +#include "../slab.h"
> +
> +const char *kasan_get_bug_type(struct kasan_access_info *info)
> +{
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + struct kasan_alloc_meta *alloc_meta;
> + struct kmem_cache *cache;
> + struct page *page;
> + const void *addr;
> + void *object;
> + u8 tag;
> + int i;
> +
> + tag = get_tag(info->access_addr);
> + addr = kasan_reset_tag(info->access_addr);
> + page = kasan_addr_to_page(addr);
> + if (page && PageSlab(page)) {
> + cache = page->slab_cache;
> + object = nearest_obj(cache, page, (void *)addr);
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> +
> + if (alloc_meta) {
> + for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> + if (alloc_meta->free_pointer_tag[i] == tag)
> + return "use-after-free";
> + }
> + }
> + return "out-of-bounds";
> + }
> +#endif
> +
> + /*
> + * If access_size is a negative number, then it has reason to be
> + * defined as out-of-bounds bug type.
> + *
> + * Casting negative numbers to size_t would indeed turn up as
> + * a large size_t and its value will be larger than ULONG_MAX/2,
> + * so that this can qualify as out-of-bounds.
> + */
> + if (info->access_addr + info->access_size < info->access_addr)
> + return "out-of-bounds";
> +
> + return "invalid-access";
> +}
> diff --git a/mm/kasan/sw_tags.c b/mm/kasan/sw_tags.c
> index dd05e6c801fa..bd3f540feb47 100644
> --- a/mm/kasan/sw_tags.c
> +++ b/mm/kasan/sw_tags.c
> @@ -167,47 +167,6 @@ void __hwasan_tag_memory(unsigned long addr, u8 tag, unsigned long size)
> }
> EXPORT_SYMBOL(__hwasan_tag_memory);
>
> -void kasan_set_free_info(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> - u8 idx = 0;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return;
> -
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - idx = alloc_meta->free_track_idx;
> - alloc_meta->free_pointer_tag[idx] = tag;
> - alloc_meta->free_track_idx = (idx + 1) % KASAN_NR_FREE_STACKS;
> -#endif
> -
> - kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT);
> -}
> -
> -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> - int i = 0;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return NULL;
> -
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> - if (alloc_meta->free_pointer_tag[i] == tag)
> - break;
> - }
> - if (i == KASAN_NR_FREE_STACKS)
> - i = alloc_meta->free_track_idx;
> -#endif
> -
> - return &alloc_meta->free_track[i];
> -}
> -
> void kasan_tag_mismatch(unsigned long addr, unsigned long access_info,
> unsigned long ret_ip)
> {
> diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
> new file mode 100644
> index 000000000000..8f48b9502a17
> --- /dev/null
> +++ b/mm/kasan/tags.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * This file contains common tag-based KASAN code.
> + *
> + * Copyright (c) 2018 Google, Inc.
> + * Copyright (c) 2020 Google, Inc.
> + */
> +
> +#include <linux/init.h>
> +#include <linux/kasan.h>
> +#include <linux/kernel.h>
> +#include <linux/memory.h>
> +#include <linux/mm.h>
> +#include <linux/static_key.h>
> +#include <linux/string.h>
> +#include <linux/types.h>
> +
> +#include "kasan.h"
> +
> +void kasan_set_free_info(struct kmem_cache *cache,
> + void *object, u8 tag)
> +{
> + struct kasan_alloc_meta *alloc_meta;
> + u8 idx = 0;
> +
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> + if (!alloc_meta)
> + return;
> +
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + idx = alloc_meta->free_track_idx;
> + alloc_meta->free_pointer_tag[idx] = tag;
> + alloc_meta->free_track_idx = (idx + 1) % KASAN_NR_FREE_STACKS;
> +#endif
> +
> + kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT);
> +}
> +
> +struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> + void *object, u8 tag)
> +{
> + struct kasan_alloc_meta *alloc_meta;
> + int i = 0;
> +
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> + if (!alloc_meta)
> + return NULL;
> +
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> + if (alloc_meta->free_pointer_tag[i] == tag)
> + break;
> + }
> + if (i == KASAN_NR_FREE_STACKS)
> + i = alloc_meta->free_track_idx;
> +#endif
> +
> + return &alloc_meta->free_track[i];
> +}
> --
> 2.18.0
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20210626100931.22794-3-Kuan-Ying.Lee%40mediatek.com.
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: Marco Elver <elver@google.com>
To: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Alexander Potapenko <glider@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org,
linux-mediatek@lists.infradead.org, wsd_upstream@mediatek.com,
chinwen.chang@mediatek.com, nicholas.tang@mediatek.com
Subject: Re: [PATCH v4 2/3] kasan: integrate the common part of two KASAN tag-based modes
Date: Mon, 28 Jun 2021 08:00:00 +0200 [thread overview]
Message-ID: <CANpmjNO6odUDsERDtw2Qrt9VOTXXfswtcFw06fiRoAUvqKaK2w@mail.gmail.com> (raw)
In-Reply-To: <20210626100931.22794-3-Kuan-Ying.Lee@mediatek.com>
On Sat, 26 Jun 2021 at 12:09, Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> wrote:
>
> 1. Move kasan_get_free_track() and kasan_set_free_info()
> into tags.c and combine these two functions for
> SW_TAGS and HW_TAGS kasan mode.
> 2. Move kasan_get_bug_type() to report_tags.c and
> make this function compatible for SW_TAGS and
> HW_TAGS kasan mode.
>
> Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
> Suggested-by: Marco Elver <elver@google.com>
> Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
> Cc: Alexander Potapenko <glider@google.com>
> Cc: Andrey Konovalov <andreyknvl@gmail.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Marco Elver <elver@google.com>
> ---
> mm/kasan/Makefile | 4 +--
> mm/kasan/hw_tags.c | 22 ---------------
> mm/kasan/report_hw_tags.c | 5 ----
> mm/kasan/report_sw_tags.c | 43 ----------------------------
> mm/kasan/report_tags.c | 51 +++++++++++++++++++++++++++++++++
> mm/kasan/sw_tags.c | 41 ---------------------------
> mm/kasan/tags.c | 59 +++++++++++++++++++++++++++++++++++++++
> 7 files changed, 112 insertions(+), 113 deletions(-)
> create mode 100644 mm/kasan/report_tags.c
> create mode 100644 mm/kasan/tags.c
>
> diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
> index 9fe39a66388a..adcd9acaef61 100644
> --- a/mm/kasan/Makefile
> +++ b/mm/kasan/Makefile
> @@ -37,5 +37,5 @@ CFLAGS_sw_tags.o := $(CC_FLAGS_KASAN_RUNTIME)
>
> obj-$(CONFIG_KASAN) := common.o report.o
> obj-$(CONFIG_KASAN_GENERIC) += init.o generic.o report_generic.o shadow.o quarantine.o
> -obj-$(CONFIG_KASAN_HW_TAGS) += hw_tags.o report_hw_tags.o
> -obj-$(CONFIG_KASAN_SW_TAGS) += init.o report_sw_tags.o shadow.o sw_tags.o
> +obj-$(CONFIG_KASAN_HW_TAGS) += hw_tags.o report_hw_tags.o tags.o report_tags.o
> +obj-$(CONFIG_KASAN_SW_TAGS) += init.o report_sw_tags.o shadow.o sw_tags.o tags.o report_tags.o
> diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
> index ed5e5b833d61..4ea8c368b5b8 100644
> --- a/mm/kasan/hw_tags.c
> +++ b/mm/kasan/hw_tags.c
> @@ -216,28 +216,6 @@ void __init kasan_init_hw_tags(void)
> pr_info("KernelAddressSanitizer initialized\n");
> }
>
> -void kasan_set_free_info(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (alloc_meta)
> - kasan_set_track(&alloc_meta->free_track[0], GFP_NOWAIT);
> -}
> -
> -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return NULL;
> -
> - return &alloc_meta->free_track[0];
> -}
> -
> void kasan_alloc_pages(struct page *page, unsigned int order, gfp_t flags)
> {
> /*
> diff --git a/mm/kasan/report_hw_tags.c b/mm/kasan/report_hw_tags.c
> index 42b2168755d6..5dbbbb930e7a 100644
> --- a/mm/kasan/report_hw_tags.c
> +++ b/mm/kasan/report_hw_tags.c
> @@ -15,11 +15,6 @@
>
> #include "kasan.h"
>
> -const char *kasan_get_bug_type(struct kasan_access_info *info)
> -{
> - return "invalid-access";
> -}
> -
> void *kasan_find_first_bad_addr(void *addr, size_t size)
> {
> return kasan_reset_tag(addr);
> diff --git a/mm/kasan/report_sw_tags.c b/mm/kasan/report_sw_tags.c
> index 821a14a19a92..d2298c357834 100644
> --- a/mm/kasan/report_sw_tags.c
> +++ b/mm/kasan/report_sw_tags.c
> @@ -29,49 +29,6 @@
> #include "kasan.h"
> #include "../slab.h"
>
> -const char *kasan_get_bug_type(struct kasan_access_info *info)
> -{
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - struct kasan_alloc_meta *alloc_meta;
> - struct kmem_cache *cache;
> - struct page *page;
> - const void *addr;
> - void *object;
> - u8 tag;
> - int i;
> -
> - tag = get_tag(info->access_addr);
> - addr = kasan_reset_tag(info->access_addr);
> - page = kasan_addr_to_page(addr);
> - if (page && PageSlab(page)) {
> - cache = page->slab_cache;
> - object = nearest_obj(cache, page, (void *)addr);
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> -
> - if (alloc_meta) {
> - for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> - if (alloc_meta->free_pointer_tag[i] == tag)
> - return "use-after-free";
> - }
> - }
> - return "out-of-bounds";
> - }
> -
> -#endif
> - /*
> - * If access_size is a negative number, then it has reason to be
> - * defined as out-of-bounds bug type.
> - *
> - * Casting negative numbers to size_t would indeed turn up as
> - * a large size_t and its value will be larger than ULONG_MAX/2,
> - * so that this can qualify as out-of-bounds.
> - */
> - if (info->access_addr + info->access_size < info->access_addr)
> - return "out-of-bounds";
> -
> - return "invalid-access";
> -}
> -
> void *kasan_find_first_bad_addr(void *addr, size_t size)
> {
> u8 tag = get_tag(addr);
> diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c
> new file mode 100644
> index 000000000000..8a319fc16dab
> --- /dev/null
> +++ b/mm/kasan/report_tags.c
> @@ -0,0 +1,51 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2014 Samsung Electronics Co., Ltd.
> + * Copyright (c) 2020 Google, Inc.
> + */
> +
> +#include "kasan.h"
> +#include "../slab.h"
> +
> +const char *kasan_get_bug_type(struct kasan_access_info *info)
> +{
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + struct kasan_alloc_meta *alloc_meta;
> + struct kmem_cache *cache;
> + struct page *page;
> + const void *addr;
> + void *object;
> + u8 tag;
> + int i;
> +
> + tag = get_tag(info->access_addr);
> + addr = kasan_reset_tag(info->access_addr);
> + page = kasan_addr_to_page(addr);
> + if (page && PageSlab(page)) {
> + cache = page->slab_cache;
> + object = nearest_obj(cache, page, (void *)addr);
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> +
> + if (alloc_meta) {
> + for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> + if (alloc_meta->free_pointer_tag[i] == tag)
> + return "use-after-free";
> + }
> + }
> + return "out-of-bounds";
> + }
> +#endif
> +
> + /*
> + * If access_size is a negative number, then it has reason to be
> + * defined as out-of-bounds bug type.
> + *
> + * Casting negative numbers to size_t would indeed turn up as
> + * a large size_t and its value will be larger than ULONG_MAX/2,
> + * so that this can qualify as out-of-bounds.
> + */
> + if (info->access_addr + info->access_size < info->access_addr)
> + return "out-of-bounds";
> +
> + return "invalid-access";
> +}
> diff --git a/mm/kasan/sw_tags.c b/mm/kasan/sw_tags.c
> index dd05e6c801fa..bd3f540feb47 100644
> --- a/mm/kasan/sw_tags.c
> +++ b/mm/kasan/sw_tags.c
> @@ -167,47 +167,6 @@ void __hwasan_tag_memory(unsigned long addr, u8 tag, unsigned long size)
> }
> EXPORT_SYMBOL(__hwasan_tag_memory);
>
> -void kasan_set_free_info(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> - u8 idx = 0;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return;
> -
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - idx = alloc_meta->free_track_idx;
> - alloc_meta->free_pointer_tag[idx] = tag;
> - alloc_meta->free_track_idx = (idx + 1) % KASAN_NR_FREE_STACKS;
> -#endif
> -
> - kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT);
> -}
> -
> -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> - void *object, u8 tag)
> -{
> - struct kasan_alloc_meta *alloc_meta;
> - int i = 0;
> -
> - alloc_meta = kasan_get_alloc_meta(cache, object);
> - if (!alloc_meta)
> - return NULL;
> -
> -#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> - for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> - if (alloc_meta->free_pointer_tag[i] == tag)
> - break;
> - }
> - if (i == KASAN_NR_FREE_STACKS)
> - i = alloc_meta->free_track_idx;
> -#endif
> -
> - return &alloc_meta->free_track[i];
> -}
> -
> void kasan_tag_mismatch(unsigned long addr, unsigned long access_info,
> unsigned long ret_ip)
> {
> diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
> new file mode 100644
> index 000000000000..8f48b9502a17
> --- /dev/null
> +++ b/mm/kasan/tags.c
> @@ -0,0 +1,59 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * This file contains common tag-based KASAN code.
> + *
> + * Copyright (c) 2018 Google, Inc.
> + * Copyright (c) 2020 Google, Inc.
> + */
> +
> +#include <linux/init.h>
> +#include <linux/kasan.h>
> +#include <linux/kernel.h>
> +#include <linux/memory.h>
> +#include <linux/mm.h>
> +#include <linux/static_key.h>
> +#include <linux/string.h>
> +#include <linux/types.h>
> +
> +#include "kasan.h"
> +
> +void kasan_set_free_info(struct kmem_cache *cache,
> + void *object, u8 tag)
> +{
> + struct kasan_alloc_meta *alloc_meta;
> + u8 idx = 0;
> +
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> + if (!alloc_meta)
> + return;
> +
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + idx = alloc_meta->free_track_idx;
> + alloc_meta->free_pointer_tag[idx] = tag;
> + alloc_meta->free_track_idx = (idx + 1) % KASAN_NR_FREE_STACKS;
> +#endif
> +
> + kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT);
> +}
> +
> +struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
> + void *object, u8 tag)
> +{
> + struct kasan_alloc_meta *alloc_meta;
> + int i = 0;
> +
> + alloc_meta = kasan_get_alloc_meta(cache, object);
> + if (!alloc_meta)
> + return NULL;
> +
> +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> + for (i = 0; i < KASAN_NR_FREE_STACKS; i++) {
> + if (alloc_meta->free_pointer_tag[i] == tag)
> + break;
> + }
> + if (i == KASAN_NR_FREE_STACKS)
> + i = alloc_meta->free_track_idx;
> +#endif
> +
> + return &alloc_meta->free_track[i];
> +}
> --
> 2.18.0
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20210626100931.22794-3-Kuan-Ying.Lee%40mediatek.com.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-06-28 6:00 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-26 10:09 [PATCH v4 0/3] kasan: add memory corruption identification support for hw tag-based kasan Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-26 10:09 ` [PATCH v4 1/3] kasan: rename CONFIG_KASAN_SW_TAGS_IDENTIFY to CONFIG_KASAN_TAGS_IDENTIFY Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
2021-06-26 10:09 ` [PATCH v4 2/3] kasan: integrate the common part of two KASAN tag-based modes Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-26 15:12 ` Andrey Konovalov
2021-06-26 15:12 ` Andrey Konovalov
2021-06-26 15:12 ` Andrey Konovalov
2021-06-26 15:12 ` Andrey Konovalov
2021-06-28 6:00 ` Marco Elver [this message]
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
2021-06-26 10:09 ` [PATCH v4 3/3] kasan: add memory corruption identification support for hardware tag-based mode Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-26 10:09 ` Kuan-Ying Lee
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
2021-06-28 6:00 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANpmjNO6odUDsERDtw2Qrt9VOTXXfswtcFw06fiRoAUvqKaK2w@mail.gmail.com \
--to=elver@google.com \
--cc=Kuan-Ying.Lee@mediatek.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=chinwen.chang@mediatek.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=matthias.bgg@gmail.com \
--cc=nicholas.tang@mediatek.com \
--cc=ryabinin.a.a@gmail.com \
--cc=wsd_upstream@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.