* [RFCv2 PATCH 0/4] powerpc: KASAN for 64-bit Book3E
@ 2019-03-12 1:23 Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 1/4] kasan: do not open-code addr_has_shadow Daniel Axtens
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Daniel Axtens @ 2019-03-12 1:23 UTC (permalink / raw)
To: aneesh.kumar, christophe.leroy, bsingharora
Cc: linuxppc-dev, kasan-dev, Daniel Axtens
Building on the work of Christophe, Aneesh and Balbir, I've ported
KASAN to the e6500, a 64-bit Book3E processor which doesn't have a
hashed page table. It applies on top of Christophe's series, v9, plus
the proposed new version of patch 2.
It requires some changes to the KASAN core; we use the less ugly
outline readiness check patch proposed by Christophe.
The KASAN shadow area is mapped into vmemmap space:
0x8000 0400 0000 0000 to 0x8000 0600 0000 0000.
To do this we require that vmemmap be disabled. (This is the default
in the kernel config that QorIQ provides for the machine in their
SDK anyway - they use flat memory.)
Only outline instrumentation is supported and only KASAN_MINIMAL works.
Only the kernel linear mapping (0xc000...) is checked. The vmalloc and
ioremap areas (also in 0x800...) are all mapped to a zero page. As
with the Book3S hash series, this requires overriding the memory <->
shadow mapping.
Also, as with both previous 64-bit series, early instrumentation is not
supported.
KVM, kexec and xmon have not been tested.
Thanks to those who have done the heavy lifting over the past several years:
- Christophe's 32 bit series: https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-February/185379.html
- Aneesh's Book3S hash series: https://lwn.net/Articles/655642/
- Balbir's Book3S radix series: https://patchwork.ozlabs.org/patch/795211/
While useful if you have an Book3E device, this is mostly intended as
a warm-up exercise for reviving Aneesh's series for book3s hash. I
expect that the changes to the KASAN core will be required for that
too, but I'll check against the book3s version before I send a non-RFC
version. Once I do that I'll revisit the vmemmap decision as well.
Changes from RFCv1:
- Use Christophe's new version of outline readiness check
- Rebase on top of Christophe's v9 + the proposed changes to
string/memory functions
Regards,
Daniel
Daniel Axtens (4):
kasan: do not open-code addr_has_shadow
kasan: allow architectures to manage the memory-to-shadow mapping
kasan: allow architectures to provide an outline readiness check
powerpc: KASAN for 64bit Book3E
arch/powerpc/Kconfig | 1 +
arch/powerpc/Kconfig.debug | 2 +-
arch/powerpc/include/asm/kasan.h | 73 +++++++++++++++++++-
arch/powerpc/mm/Makefile | 2 +
arch/powerpc/mm/kasan/Makefile | 1 +
arch/powerpc/mm/kasan/kasan_init_book3e_64.c | 53 ++++++++++++++
include/linux/kasan.h | 6 ++
mm/kasan/generic.c | 6 +-
mm/kasan/generic_report.c | 2 +-
mm/kasan/kasan.h | 6 +-
mm/kasan/report.c | 6 +-
mm/kasan/tags.c | 3 +-
12 files changed, 149 insertions(+), 12 deletions(-)
create mode 100644 arch/powerpc/mm/kasan/kasan_init_book3e_64.c
--
2.19.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [RFCv2 PATCH 1/4] kasan: do not open-code addr_has_shadow
2019-03-12 1:23 [RFCv2 PATCH 0/4] powerpc: KASAN for 64-bit Book3E Daniel Axtens
@ 2019-03-12 1:23 ` Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 2/4] kasan: allow architectures to manage the memory-to-shadow mapping Daniel Axtens
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Daniel Axtens @ 2019-03-12 1:23 UTC (permalink / raw)
To: aneesh.kumar, christophe.leroy, bsingharora
Cc: linuxppc-dev, kasan-dev, Daniel Axtens
We have a couple of places checking for the existence of a shadow
mapping for an address by open-coding the inverse of the check in
addr_has_shadow.
Replace the open-coded versions with the helper. This will be
needed in future to allow architectures to override the layout
of the shadow mapping.
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
mm/kasan/generic.c | 3 +--
mm/kasan/tags.c | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index ccb6207276e3..ffc64a9a97a5 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -173,8 +173,7 @@ static __always_inline void check_memory_region_inline(unsigned long addr,
if (unlikely(size == 0))
return;
- if (unlikely((void *)addr <
- kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
+ if (unlikely(!addr_has_shadow((void *)addr))) {
kasan_report(addr, size, write, ret_ip);
return;
}
diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
index 0777649e07c4..bc759f8f1c67 100644
--- a/mm/kasan/tags.c
+++ b/mm/kasan/tags.c
@@ -109,8 +109,7 @@ void check_memory_region(unsigned long addr, size_t size, bool write,
return;
untagged_addr = reset_tag((const void *)addr);
- if (unlikely(untagged_addr <
- kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
+ if (unlikely(!addr_has_shadow(untagged_addr))) {
kasan_report(addr, size, write, ret_ip);
return;
}
--
2.19.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [RFCv2 PATCH 2/4] kasan: allow architectures to manage the memory-to-shadow mapping
2019-03-12 1:23 [RFCv2 PATCH 0/4] powerpc: KASAN for 64-bit Book3E Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 1/4] kasan: do not open-code addr_has_shadow Daniel Axtens
@ 2019-03-12 1:23 ` Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 3/4] kasan: allow architectures to provide an outline readiness check Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 4/4] powerpc: KASAN for 64bit Book3E Daniel Axtens
3 siblings, 0 replies; 6+ messages in thread
From: Daniel Axtens @ 2019-03-12 1:23 UTC (permalink / raw)
To: aneesh.kumar, christophe.leroy, bsingharora
Cc: linuxppc-dev, kasan-dev, Daniel Axtens
Currently, shadow addresses are always addr >> shift + offset.
However, for powerpc, the virtual address space is fragmented in
ways that make this simple scheme impractical.
Allow architectures to override:
- kasan_shadow_to_mem
- kasan_mem_to_shadow
- addr_has_shadow
Rename addr_has_shadow to kasan_addr_has_shadow as if it is
overridden it will be available in more places, increasing the
risk of collisions.
If architectures do not #define their own versions, the generic
code will continue to run as usual.
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
include/linux/kasan.h | 2 ++
mm/kasan/generic.c | 2 +-
mm/kasan/generic_report.c | 2 +-
mm/kasan/kasan.h | 6 +++++-
mm/kasan/report.c | 6 +++---
mm/kasan/tags.c | 2 +-
6 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index b40ea104dd36..f6261840f94c 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -23,11 +23,13 @@ extern p4d_t kasan_early_shadow_p4d[MAX_PTRS_PER_P4D];
int kasan_populate_early_shadow(const void *shadow_start,
const void *shadow_end);
+#ifndef kasan_mem_to_shadow
static inline void *kasan_mem_to_shadow(const void *addr)
{
return (void *)((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
+ KASAN_SHADOW_OFFSET;
}
+#endif
/* Enable reporting bugs after kasan_disable_current() */
extern void kasan_enable_current(void);
diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index ffc64a9a97a5..bafa2f986660 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -173,7 +173,7 @@ static __always_inline void check_memory_region_inline(unsigned long addr,
if (unlikely(size == 0))
return;
- if (unlikely(!addr_has_shadow((void *)addr))) {
+ if (unlikely(!kasan_addr_has_shadow((void *)addr))) {
kasan_report(addr, size, write, ret_ip);
return;
}
diff --git a/mm/kasan/generic_report.c b/mm/kasan/generic_report.c
index 5e12035888f2..854f4de1fe10 100644
--- a/mm/kasan/generic_report.c
+++ b/mm/kasan/generic_report.c
@@ -110,7 +110,7 @@ static const char *get_wild_bug_type(struct kasan_access_info *info)
const char *get_bug_type(struct kasan_access_info *info)
{
- if (addr_has_shadow(info->access_addr))
+ if (kasan_addr_has_shadow(info->access_addr))
return get_shadow_bug_type(info);
return get_wild_bug_type(info);
}
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index ea51b2d898ec..57ec24cf7bd1 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -111,16 +111,20 @@ struct kasan_alloc_meta *get_alloc_info(struct kmem_cache *cache,
struct kasan_free_meta *get_free_info(struct kmem_cache *cache,
const void *object);
+#ifndef kasan_shadow_to_mem
static inline const void *kasan_shadow_to_mem(const void *shadow_addr)
{
return (void *)(((unsigned long)shadow_addr - KASAN_SHADOW_OFFSET)
<< KASAN_SHADOW_SCALE_SHIFT);
}
+#endif
-static inline bool addr_has_shadow(const void *addr)
+#ifndef kasan_addr_has_shadow
+static inline bool kasan_addr_has_shadow(const void *addr)
{
return (addr >= kasan_shadow_to_mem((void *)KASAN_SHADOW_START));
}
+#endif
void kasan_poison_shadow(const void *address, size_t size, u8 value);
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index ca9418fe9232..bc3355ee2dd0 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -298,7 +298,7 @@ void kasan_report(unsigned long addr, size_t size,
untagged_addr = reset_tag(tagged_addr);
info.access_addr = tagged_addr;
- if (addr_has_shadow(untagged_addr))
+ if (kasan_addr_has_shadow(untagged_addr))
info.first_bad_addr = find_first_bad_addr(tagged_addr, size);
else
info.first_bad_addr = untagged_addr;
@@ -309,11 +309,11 @@ void kasan_report(unsigned long addr, size_t size,
start_report(&flags);
print_error_description(&info);
- if (addr_has_shadow(untagged_addr))
+ if (kasan_addr_has_shadow(untagged_addr))
print_tags(get_tag(tagged_addr), info.first_bad_addr);
pr_err("\n");
- if (addr_has_shadow(untagged_addr)) {
+ if (kasan_addr_has_shadow(untagged_addr)) {
print_address_description(untagged_addr);
pr_err("\n");
print_shadow_for_address(info.first_bad_addr);
diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
index bc759f8f1c67..cdefd0fe1f5d 100644
--- a/mm/kasan/tags.c
+++ b/mm/kasan/tags.c
@@ -109,7 +109,7 @@ void check_memory_region(unsigned long addr, size_t size, bool write,
return;
untagged_addr = reset_tag((const void *)addr);
- if (unlikely(!addr_has_shadow(untagged_addr))) {
+ if (unlikely(!kasan_addr_has_shadow(untagged_addr))) {
kasan_report(addr, size, write, ret_ip);
return;
}
--
2.19.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [RFCv2 PATCH 3/4] kasan: allow architectures to provide an outline readiness check
2019-03-12 1:23 [RFCv2 PATCH 0/4] powerpc: KASAN for 64-bit Book3E Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 1/4] kasan: do not open-code addr_has_shadow Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 2/4] kasan: allow architectures to manage the memory-to-shadow mapping Daniel Axtens
@ 2019-03-12 1:23 ` Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 4/4] powerpc: KASAN for 64bit Book3E Daniel Axtens
3 siblings, 0 replies; 6+ messages in thread
From: Daniel Axtens @ 2019-03-12 1:23 UTC (permalink / raw)
To: aneesh.kumar, christophe.leroy, bsingharora
Cc: linuxppc-dev, Aneesh Kumar K . V, kasan-dev, Daniel Axtens
In powerpc (as I understand it), we spend a lot of time in boot
running in real mode before MMU paging is initalised. During
this time we call a lot of generic code, including printk(). If
we try to access the shadow region during this time, things fail.
My attempts to move early init before the first printk have not
been successful. (Both previous RFCs for ppc64 - by 2 different
people - have needed this trick too!)
So, allow architectures to define a kasan_arch_is_ready()
hook that bails out of check_memory_region_inline() unless the
arch has done all of the init.
Link: https://lore.kernel.org/patchwork/patch/592820/ # ppc64 hash series
Link: https://patchwork.ozlabs.org/patch/795211/ # ppc radix series
Originally-by: Balbir Singh <bsingharora@gmail.com>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
[check_return_arch_not_ready() ==> static inline kasan_arch_is_ready()]
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
---
include/linux/kasan.h | 4 ++++
mm/kasan/generic.c | 3 +++
2 files changed, 7 insertions(+)
diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index f6261840f94c..a630d53f1a36 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -14,6 +14,10 @@ struct task_struct;
#include <asm/kasan.h>
#include <asm/pgtable.h>
+#ifndef kasan_arch_is_ready
+static inline bool kasan_arch_is_ready(void) { return true; }
+#endif
+
extern unsigned char kasan_early_shadow_page[PAGE_SIZE];
extern pte_t kasan_early_shadow_pte[PTRS_PER_PTE];
extern pmd_t kasan_early_shadow_pmd[PTRS_PER_PMD];
diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index bafa2f986660..6c6c30643d51 100644
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -170,6 +170,9 @@ static __always_inline void check_memory_region_inline(unsigned long addr,
size_t size, bool write,
unsigned long ret_ip)
{
+ if (!kasan_arch_is_ready())
+ return;
+
if (unlikely(size == 0))
return;
--
2.19.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [RFCv2 PATCH 4/4] powerpc: KASAN for 64bit Book3E
2019-03-12 1:23 [RFCv2 PATCH 0/4] powerpc: KASAN for 64-bit Book3E Daniel Axtens
` (2 preceding siblings ...)
2019-03-12 1:23 ` [RFCv2 PATCH 3/4] kasan: allow architectures to provide an outline readiness check Daniel Axtens
@ 2019-03-12 1:23 ` Daniel Axtens
2019-03-12 8:30 ` Christophe Leroy
3 siblings, 1 reply; 6+ messages in thread
From: Daniel Axtens @ 2019-03-12 1:23 UTC (permalink / raw)
To: aneesh.kumar, christophe.leroy, bsingharora
Cc: linuxppc-dev, Aneesh Kumar K . V, kasan-dev, Daniel Axtens
Wire up KASAN. Only outline instrumentation is supported.
The KASAN shadow area is mapped into vmemmap space:
0x8000 0400 0000 0000 to 0x8000 0600 0000 0000.
To do this we require that vmemmap be disabled. (This is the default
in the kernel config that QorIQ provides for the machine in their
SDK anyway - they use flat memory.)
Only the kernel linear mapping (0xc000...) is checked. The vmalloc and
ioremap areas (also in 0x800...) are all mapped to the zero page. As
with the Book3S hash series, this requires overriding the memory <->
shadow mapping.
Also, as with both previous 64-bit series, early instrumentation is not
supported. It would allow us to drop the check_return_arch_not_ready()
hook in the KASAN core, but it's tricky to get it set up early enough:
we need it setup before the first call to instrumented code like printk().
Perhaps in the future.
Only KASAN_MINIMAL works.
Tested on e6500. KVM, kexec and xmon have not been tested.
The test_kasan module fires warnings as expected, except for the
following tests:
- Expected/by design:
kasan test: memcg_accounted_kmem_cache allocate memcg accounted object
- Due to only supporting KASAN_MINIMAL:
kasan test: kasan_stack_oob out-of-bounds on stack
kasan test: kasan_global_oob out-of-bounds global variable
kasan test: kasan_alloca_oob_left out-of-bounds to left on alloca
kasan test: kasan_alloca_oob_right out-of-bounds to right on alloca
kasan test: use_after_scope_test use-after-scope on int
kasan test: use_after_scope_test use-after-scope on array
Thanks to those who have done the heavy lifting over the past several years:
- Christophe's 32 bit series: https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-February/185379.html
- Aneesh's Book3S hash series: https://lwn.net/Articles/655642/
- Balbir's Book3S radix series: https://patchwork.ozlabs.org/patch/795211/
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
While useful if you have a book3e device, this is mostly intended
as a warm-up exercise for reviving Aneesh's series for book3s hash.
In particular, changes to the kasan core are going to be required
for hash and radix as well.
---
arch/powerpc/Kconfig | 1 +
arch/powerpc/Kconfig.debug | 2 +-
arch/powerpc/include/asm/kasan.h | 73 +++++++++++++++++++-
arch/powerpc/mm/Makefile | 2 +
arch/powerpc/mm/kasan/Makefile | 1 +
arch/powerpc/mm/kasan/kasan_init_book3e_64.c | 53 ++++++++++++++
6 files changed, 129 insertions(+), 3 deletions(-)
create mode 100644 arch/powerpc/mm/kasan/kasan_init_book3e_64.c
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 8d6108c83299..01540873a79f 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -173,6 +173,7 @@ config PPC
select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_JUMP_LABEL
select HAVE_ARCH_KASAN if PPC32
+ select HAVE_ARCH_KASAN if PPC_BOOK3E_64 && !SPARSEMEM_VMEMMAP
select HAVE_ARCH_KGDB
select HAVE_ARCH_MMAP_RND_BITS
select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 61febbbdd02b..fc1f5fa7554e 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -369,5 +369,5 @@ config PPC_FAST_ENDIAN_SWITCH
config KASAN_SHADOW_OFFSET
hex
- depends on KASAN
+ depends on KASAN && PPC32
default 0xe0000000
diff --git a/arch/powerpc/include/asm/kasan.h b/arch/powerpc/include/asm/kasan.h
index e4adc6bc1e8f..661a5700869b 100644
--- a/arch/powerpc/include/asm/kasan.h
+++ b/arch/powerpc/include/asm/kasan.h
@@ -15,14 +15,16 @@
#ifndef __ASSEMBLY__
#include <asm/page.h>
+#include <asm/pgtable.h>
#define KASAN_SHADOW_SCALE_SHIFT 3
-#define KASAN_SHADOW_OFFSET ASM_CONST(CONFIG_KASAN_SHADOW_OFFSET)
-
#define KASAN_SHADOW_START (KASAN_SHADOW_OFFSET + \
(PAGE_OFFSET >> KASAN_SHADOW_SCALE_SHIFT))
+#ifdef CONFIG_PPC32
+#define KASAN_SHADOW_OFFSET ASM_CONST(CONFIG_KASAN_SHADOW_OFFSET)
+
#define KASAN_SHADOW_END 0UL
#define KASAN_SHADOW_SIZE (KASAN_SHADOW_END - KASAN_SHADOW_START)
@@ -30,6 +32,73 @@
#ifdef CONFIG_KASAN
void kasan_early_init(void);
void kasan_mmu_init(void);
+#endif
+#endif /* CONFIG_PPC32 */
+
+#ifdef CONFIG_PPC_BOOK3E_64
+
+/* we don't put this in Kconfig as we only support KASAN_MINIMAL, and
+ * that will be disabled if the symbol is availabe in Kconfig */
+#define KASAN_SHADOW_OFFSET ASM_CONST(0x6800040000000000)
+
+#define KASAN_SHADOW_SIZE (KERN_VIRT_SIZE >> KASAN_SHADOW_SCALE_SHIFT)
+
+extern struct static_key_false powerpc_kasan_enabled_key;
+static inline bool kasan_arch_is_ready_book3e(void) {
+ if (static_branch_likely(&powerpc_kasan_enabled_key))
+ return true;
+ return false;
+}
+#define kasan_arch_is_ready kasan_arch_is_ready_book3e
+
+extern unsigned char kasan_zero_page[PAGE_SIZE];
+static inline void *kasan_mem_to_shadow_book3e(const void *addr)
+{
+ if ((unsigned long)addr >= KERN_VIRT_START &&
+ (unsigned long)addr < (KERN_VIRT_START + KERN_VIRT_SIZE)) {
+ return (void *)kasan_zero_page;
+ }
+
+ return (void *)((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
+ + KASAN_SHADOW_OFFSET;
+}
+#define kasan_mem_to_shadow kasan_mem_to_shadow_book3e
+
+static inline void *kasan_shadow_to_mem_book3e(const void *shadow_addr)
+{
+ /*
+ * We map the entire non-linear virtual mapping onto the zero page so if
+ * we are asked to map the zero page back just pick the beginning of that
+ * area.
+ */
+ if (shadow_addr >= (void *)kasan_zero_page &&
+ shadow_addr < (void *)(kasan_zero_page + PAGE_SIZE)) {
+ return (void *)KERN_VIRT_START;
+ }
+
+ return (void *)(((unsigned long)shadow_addr - KASAN_SHADOW_OFFSET)
+ << KASAN_SHADOW_SCALE_SHIFT);
+}
+#define kasan_shadow_to_mem kasan_shadow_to_mem_book3e
+
+static inline bool kasan_addr_has_shadow_book3e(const void *addr)
+{
+ /*
+ * We want to specifically assert that the addresses in the 0x8000...
+ * region have a shadow, otherwise they are considered by the kasan
+ * core to be wild pointers
+ */
+ if ((unsigned long)addr >= KERN_VIRT_START &&
+ (unsigned long)addr < (KERN_VIRT_START + KERN_VIRT_SIZE)) {
+ return true;
+ }
+ return (addr >= kasan_shadow_to_mem((void *)KASAN_SHADOW_START));
+}
+#define kasan_addr_has_shadow kasan_addr_has_shadow_book3e
+
+#endif /* CONFIG_PPC_BOOK3E_64 */
+
+#ifdef CONFIG_KASAN
void kasan_init(void);
#else
static inline void kasan_init(void) { }
diff --git a/arch/powerpc/mm/Makefile b/arch/powerpc/mm/Makefile
index 80382a2d169b..fc49231f807c 100644
--- a/arch/powerpc/mm/Makefile
+++ b/arch/powerpc/mm/Makefile
@@ -8,9 +8,11 @@ ccflags-$(CONFIG_PPC64) := $(NO_MINIMAL_TOC)
CFLAGS_REMOVE_slb.o = $(CC_FLAGS_FTRACE)
KASAN_SANITIZE_ppc_mmu_32.o := n
+KASAN_SANITIZE_fsl_booke_mmu.o := n
ifdef CONFIG_KASAN
CFLAGS_ppc_mmu_32.o += -DDISABLE_BRANCH_PROFILING
+CFLAGS_fsl_booke_mmu.o += -DDISABLE_BRANCH_PROFILING
endif
obj-y := fault.o mem.o pgtable.o mmap.o \
diff --git a/arch/powerpc/mm/kasan/Makefile b/arch/powerpc/mm/kasan/Makefile
index 6577897673dd..f8f164ad8ade 100644
--- a/arch/powerpc/mm/kasan/Makefile
+++ b/arch/powerpc/mm/kasan/Makefile
@@ -3,3 +3,4 @@
KASAN_SANITIZE := n
obj-$(CONFIG_PPC32) += kasan_init_32.o
+obj-$(CONFIG_PPC_BOOK3E_64) += kasan_init_book3e_64.o
diff --git a/arch/powerpc/mm/kasan/kasan_init_book3e_64.c b/arch/powerpc/mm/kasan/kasan_init_book3e_64.c
new file mode 100644
index 000000000000..93b9afcf1020
--- /dev/null
+++ b/arch/powerpc/mm/kasan/kasan_init_book3e_64.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#define DISABLE_BRANCH_PROFILING
+
+#include <linux/kasan.h>
+#include <linux/printk.h>
+#include <linux/memblock.h>
+#include <linux/sched/task.h>
+#include <asm/pgalloc.h>
+
+DEFINE_STATIC_KEY_FALSE(powerpc_kasan_enabled_key);
+EXPORT_SYMBOL(powerpc_kasan_enabled_key);
+unsigned char kasan_zero_page[PAGE_SIZE] __page_aligned_bss;
+
+static void __init kasan_init_region(struct memblock_region *reg)
+{
+ void *start = __va(reg->base);
+ void *end = __va(reg->base + reg->size);
+ unsigned long k_start, k_end, k_cur;
+
+ if (start >= end)
+ return;
+
+ k_start = (unsigned long)kasan_mem_to_shadow(start);
+ k_end = (unsigned long)kasan_mem_to_shadow(end);
+
+ for (k_cur = k_start; k_cur < k_end; k_cur += PAGE_SIZE) {
+ void *va = memblock_alloc(PAGE_SIZE, PAGE_SIZE);
+ map_kernel_page(k_cur, __pa(va), PAGE_KERNEL);
+ }
+ flush_tlb_kernel_range(k_start, k_end);
+}
+
+void __init kasan_init(void)
+{
+ struct memblock_region *reg;
+
+ for_each_memblock(memory, reg)
+ kasan_init_region(reg);
+
+ /* map the zero page RO */
+ map_kernel_page((unsigned long)kasan_zero_page,
+ __pa(kasan_zero_page), PAGE_KERNEL_RO);
+
+ kasan_init_tags();
+
+ /* Turn on checking */
+ static_branch_inc(&powerpc_kasan_enabled_key);
+
+ /* Enable error messages */
+ init_task.kasan_depth = 0;
+ pr_info("KASAN init done (64-bit Book3E)\n");
+}
--
2.19.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [RFCv2 PATCH 4/4] powerpc: KASAN for 64bit Book3E
2019-03-12 1:23 ` [RFCv2 PATCH 4/4] powerpc: KASAN for 64bit Book3E Daniel Axtens
@ 2019-03-12 8:30 ` Christophe Leroy
0 siblings, 0 replies; 6+ messages in thread
From: Christophe Leroy @ 2019-03-12 8:30 UTC (permalink / raw)
To: Daniel Axtens, aneesh.kumar, bsingharora
Cc: linuxppc-dev, Aneesh Kumar K . V, kasan-dev
Hi,
Build failure with pmac32_defconfig.
CC arch/powerpc/kernel/asm-offsets.s
In file included from ./arch/powerpc/include/asm/book3s/32/pgtable.h:149:0,
from ./arch/powerpc/include/asm/book3s/pgtable.h:8,
from ./arch/powerpc/include/asm/pgtable.h:18,
from ./arch/powerpc/include/asm/kasan.h:18,
from ./include/linux/kasan.h:14,
from ./include/linux/slab.h:129,
from ./include/linux/crypto.h:24,
from ./include/crypto/hash.h:16,
from ./include/linux/uio.h:14,
from ./include/linux/socket.h:8,
from ./include/linux/compat.h:15,
from arch/powerpc/kernel/asm-offsets.c:18:
./include/asm-generic/fixmap.h: In function ‘fix_to_virt’:
./arch/powerpc/include/asm/fixmap.h:27:22: error: ‘KASAN_SHADOW_START’
undeclared (first use in this function)
#define FIXADDR_TOP (KASAN_SHADOW_START - PAGE_SIZE)
^
./include/asm-generic/fixmap.h:21:27: note: in expansion of macro
‘FIXADDR_TOP’
#define __fix_to_virt(x) (FIXADDR_TOP - ((x) << PAGE_SHIFT))
^
./include/asm-generic/fixmap.h:33:9: note: in expansion of macro
‘__fix_to_virt’
return __fix_to_virt(idx);
^
./arch/powerpc/include/asm/fixmap.h:27:22: note: each undeclared
identifier is reported only once for each function it appears in
#define FIXADDR_TOP (KASAN_SHADOW_START - PAGE_SIZE)
^
./include/asm-generic/fixmap.h:21:27: note: in expansion of macro
‘FIXADDR_TOP’
#define __fix_to_virt(x) (FIXADDR_TOP - ((x) << PAGE_SHIFT))
^
./include/asm-generic/fixmap.h:33:9: note: in expansion of macro
‘__fix_to_virt’
return __fix_to_virt(idx);
^
In file included from ./include/linux/bug.h:5:0,
from ./include/linux/thread_info.h:12,
from ./include/asm-generic/preempt.h:5,
from ./arch/powerpc/include/generated/asm/preempt.h:1,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:51,
from ./include/linux/seqlock.h:36,
from ./include/linux/time.h:6,
from ./include/linux/compat.h:10,
from arch/powerpc/kernel/asm-offsets.c:18:
./include/asm-generic/fixmap.h: In function ‘virt_to_fix’:
./arch/powerpc/include/asm/fixmap.h:27:22: error: ‘KASAN_SHADOW_START’
undeclared (first use in this function)
#define FIXADDR_TOP (KASAN_SHADOW_START - PAGE_SIZE)
^
./arch/powerpc/include/asm/bug.h:76:27: note: in definition of macro
‘BUG_ON’
if (__builtin_constant_p(x)) { \
^
./include/asm-generic/fixmap.h:38:18: note: in expansion of macro
‘FIXADDR_TOP’
BUG_ON(vaddr >= FIXADDR_TOP || vaddr < FIXADDR_START);
^
make[1]: *** [arch/powerpc/kernel/asm-offsets.s] Error 1
make: *** [prepare0] Error 2
Christophe
On 03/12/2019 01:23 AM, Daniel Axtens wrote:
> Wire up KASAN. Only outline instrumentation is supported.
>
> The KASAN shadow area is mapped into vmemmap space:
> 0x8000 0400 0000 0000 to 0x8000 0600 0000 0000.
> To do this we require that vmemmap be disabled. (This is the default
> in the kernel config that QorIQ provides for the machine in their
> SDK anyway - they use flat memory.)
>
> Only the kernel linear mapping (0xc000...) is checked. The vmalloc and
> ioremap areas (also in 0x800...) are all mapped to the zero page. As
> with the Book3S hash series, this requires overriding the memory <->
> shadow mapping.
>
> Also, as with both previous 64-bit series, early instrumentation is not
> supported. It would allow us to drop the check_return_arch_not_ready()
> hook in the KASAN core, but it's tricky to get it set up early enough:
> we need it setup before the first call to instrumented code like printk().
> Perhaps in the future.
>
> Only KASAN_MINIMAL works.
>
> Tested on e6500. KVM, kexec and xmon have not been tested.
>
> The test_kasan module fires warnings as expected, except for the
> following tests:
>
> - Expected/by design:
> kasan test: memcg_accounted_kmem_cache allocate memcg accounted object
>
> - Due to only supporting KASAN_MINIMAL:
> kasan test: kasan_stack_oob out-of-bounds on stack
> kasan test: kasan_global_oob out-of-bounds global variable
> kasan test: kasan_alloca_oob_left out-of-bounds to left on alloca
> kasan test: kasan_alloca_oob_right out-of-bounds to right on alloca
> kasan test: use_after_scope_test use-after-scope on int
> kasan test: use_after_scope_test use-after-scope on array
>
> Thanks to those who have done the heavy lifting over the past several years:
> - Christophe's 32 bit series: https://lists.ozlabs.org/pipermail/linuxppc-dev/2019-February/185379.html
> - Aneesh's Book3S hash series: https://lwn.net/Articles/655642/
> - Balbir's Book3S radix series: https://patchwork.ozlabs.org/patch/795211/
>
> Cc: Christophe Leroy <christophe.leroy@c-s.fr>
> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
> Cc: Balbir Singh <bsingharora@gmail.com>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
>
> ---
>
> While useful if you have a book3e device, this is mostly intended
> as a warm-up exercise for reviving Aneesh's series for book3s hash.
> In particular, changes to the kasan core are going to be required
> for hash and radix as well.
> ---
> arch/powerpc/Kconfig | 1 +
> arch/powerpc/Kconfig.debug | 2 +-
> arch/powerpc/include/asm/kasan.h | 73 +++++++++++++++++++-
> arch/powerpc/mm/Makefile | 2 +
> arch/powerpc/mm/kasan/Makefile | 1 +
> arch/powerpc/mm/kasan/kasan_init_book3e_64.c | 53 ++++++++++++++
> 6 files changed, 129 insertions(+), 3 deletions(-)
> create mode 100644 arch/powerpc/mm/kasan/kasan_init_book3e_64.c
>
> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
> index 8d6108c83299..01540873a79f 100644
> --- a/arch/powerpc/Kconfig
> +++ b/arch/powerpc/Kconfig
> @@ -173,6 +173,7 @@ config PPC
> select HAVE_ARCH_AUDITSYSCALL
> select HAVE_ARCH_JUMP_LABEL
> select HAVE_ARCH_KASAN if PPC32
> + select HAVE_ARCH_KASAN if PPC_BOOK3E_64 && !SPARSEMEM_VMEMMAP
> select HAVE_ARCH_KGDB
> select HAVE_ARCH_MMAP_RND_BITS
> select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
> diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
> index 61febbbdd02b..fc1f5fa7554e 100644
> --- a/arch/powerpc/Kconfig.debug
> +++ b/arch/powerpc/Kconfig.debug
> @@ -369,5 +369,5 @@ config PPC_FAST_ENDIAN_SWITCH
>
> config KASAN_SHADOW_OFFSET
> hex
> - depends on KASAN
> + depends on KASAN && PPC32
> default 0xe0000000
> diff --git a/arch/powerpc/include/asm/kasan.h b/arch/powerpc/include/asm/kasan.h
> index e4adc6bc1e8f..661a5700869b 100644
> --- a/arch/powerpc/include/asm/kasan.h
> +++ b/arch/powerpc/include/asm/kasan.h
> @@ -15,14 +15,16 @@
> #ifndef __ASSEMBLY__
>
> #include <asm/page.h>
> +#include <asm/pgtable.h>
>
> #define KASAN_SHADOW_SCALE_SHIFT 3
>
> -#define KASAN_SHADOW_OFFSET ASM_CONST(CONFIG_KASAN_SHADOW_OFFSET)
> -
> #define KASAN_SHADOW_START (KASAN_SHADOW_OFFSET + \
> (PAGE_OFFSET >> KASAN_SHADOW_SCALE_SHIFT))
>
> +#ifdef CONFIG_PPC32
> +#define KASAN_SHADOW_OFFSET ASM_CONST(CONFIG_KASAN_SHADOW_OFFSET)
> +
> #define KASAN_SHADOW_END 0UL
>
> #define KASAN_SHADOW_SIZE (KASAN_SHADOW_END - KASAN_SHADOW_START)
> @@ -30,6 +32,73 @@
> #ifdef CONFIG_KASAN
> void kasan_early_init(void);
> void kasan_mmu_init(void);
> +#endif
> +#endif /* CONFIG_PPC32 */
> +
> +#ifdef CONFIG_PPC_BOOK3E_64
> +
> +/* we don't put this in Kconfig as we only support KASAN_MINIMAL, and
> + * that will be disabled if the symbol is availabe in Kconfig */
> +#define KASAN_SHADOW_OFFSET ASM_CONST(0x6800040000000000)
> +
> +#define KASAN_SHADOW_SIZE (KERN_VIRT_SIZE >> KASAN_SHADOW_SCALE_SHIFT)
> +
> +extern struct static_key_false powerpc_kasan_enabled_key;
> +static inline bool kasan_arch_is_ready_book3e(void) {
> + if (static_branch_likely(&powerpc_kasan_enabled_key))
> + return true;
> + return false;
> +}
> +#define kasan_arch_is_ready kasan_arch_is_ready_book3e
> +
> +extern unsigned char kasan_zero_page[PAGE_SIZE];
> +static inline void *kasan_mem_to_shadow_book3e(const void *addr)
> +{
> + if ((unsigned long)addr >= KERN_VIRT_START &&
> + (unsigned long)addr < (KERN_VIRT_START + KERN_VIRT_SIZE)) {
> + return (void *)kasan_zero_page;
> + }
> +
> + return (void *)((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
> + + KASAN_SHADOW_OFFSET;
> +}
> +#define kasan_mem_to_shadow kasan_mem_to_shadow_book3e
> +
> +static inline void *kasan_shadow_to_mem_book3e(const void *shadow_addr)
> +{
> + /*
> + * We map the entire non-linear virtual mapping onto the zero page so if
> + * we are asked to map the zero page back just pick the beginning of that
> + * area.
> + */
> + if (shadow_addr >= (void *)kasan_zero_page &&
> + shadow_addr < (void *)(kasan_zero_page + PAGE_SIZE)) {
> + return (void *)KERN_VIRT_START;
> + }
> +
> + return (void *)(((unsigned long)shadow_addr - KASAN_SHADOW_OFFSET)
> + << KASAN_SHADOW_SCALE_SHIFT);
> +}
> +#define kasan_shadow_to_mem kasan_shadow_to_mem_book3e
> +
> +static inline bool kasan_addr_has_shadow_book3e(const void *addr)
> +{
> + /*
> + * We want to specifically assert that the addresses in the 0x8000...
> + * region have a shadow, otherwise they are considered by the kasan
> + * core to be wild pointers
> + */
> + if ((unsigned long)addr >= KERN_VIRT_START &&
> + (unsigned long)addr < (KERN_VIRT_START + KERN_VIRT_SIZE)) {
> + return true;
> + }
> + return (addr >= kasan_shadow_to_mem((void *)KASAN_SHADOW_START));
> +}
> +#define kasan_addr_has_shadow kasan_addr_has_shadow_book3e
> +
> +#endif /* CONFIG_PPC_BOOK3E_64 */
> +
> +#ifdef CONFIG_KASAN
> void kasan_init(void);
> #else
> static inline void kasan_init(void) { }
> diff --git a/arch/powerpc/mm/Makefile b/arch/powerpc/mm/Makefile
> index 80382a2d169b..fc49231f807c 100644
> --- a/arch/powerpc/mm/Makefile
> +++ b/arch/powerpc/mm/Makefile
> @@ -8,9 +8,11 @@ ccflags-$(CONFIG_PPC64) := $(NO_MINIMAL_TOC)
> CFLAGS_REMOVE_slb.o = $(CC_FLAGS_FTRACE)
>
> KASAN_SANITIZE_ppc_mmu_32.o := n
> +KASAN_SANITIZE_fsl_booke_mmu.o := n
>
> ifdef CONFIG_KASAN
> CFLAGS_ppc_mmu_32.o += -DDISABLE_BRANCH_PROFILING
> +CFLAGS_fsl_booke_mmu.o += -DDISABLE_BRANCH_PROFILING
> endif
>
> obj-y := fault.o mem.o pgtable.o mmap.o \
> diff --git a/arch/powerpc/mm/kasan/Makefile b/arch/powerpc/mm/kasan/Makefile
> index 6577897673dd..f8f164ad8ade 100644
> --- a/arch/powerpc/mm/kasan/Makefile
> +++ b/arch/powerpc/mm/kasan/Makefile
> @@ -3,3 +3,4 @@
> KASAN_SANITIZE := n
>
> obj-$(CONFIG_PPC32) += kasan_init_32.o
> +obj-$(CONFIG_PPC_BOOK3E_64) += kasan_init_book3e_64.o
> diff --git a/arch/powerpc/mm/kasan/kasan_init_book3e_64.c b/arch/powerpc/mm/kasan/kasan_init_book3e_64.c
> new file mode 100644
> index 000000000000..93b9afcf1020
> --- /dev/null
> +++ b/arch/powerpc/mm/kasan/kasan_init_book3e_64.c
> @@ -0,0 +1,53 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +#define DISABLE_BRANCH_PROFILING
> +
> +#include <linux/kasan.h>
> +#include <linux/printk.h>
> +#include <linux/memblock.h>
> +#include <linux/sched/task.h>
> +#include <asm/pgalloc.h>
> +
> +DEFINE_STATIC_KEY_FALSE(powerpc_kasan_enabled_key);
> +EXPORT_SYMBOL(powerpc_kasan_enabled_key);
> +unsigned char kasan_zero_page[PAGE_SIZE] __page_aligned_bss;
> +
> +static void __init kasan_init_region(struct memblock_region *reg)
> +{
> + void *start = __va(reg->base);
> + void *end = __va(reg->base + reg->size);
> + unsigned long k_start, k_end, k_cur;
> +
> + if (start >= end)
> + return;
> +
> + k_start = (unsigned long)kasan_mem_to_shadow(start);
> + k_end = (unsigned long)kasan_mem_to_shadow(end);
> +
> + for (k_cur = k_start; k_cur < k_end; k_cur += PAGE_SIZE) {
> + void *va = memblock_alloc(PAGE_SIZE, PAGE_SIZE);
> + map_kernel_page(k_cur, __pa(va), PAGE_KERNEL);
> + }
> + flush_tlb_kernel_range(k_start, k_end);
> +}
> +
> +void __init kasan_init(void)
> +{
> + struct memblock_region *reg;
> +
> + for_each_memblock(memory, reg)
> + kasan_init_region(reg);
> +
> + /* map the zero page RO */
> + map_kernel_page((unsigned long)kasan_zero_page,
> + __pa(kasan_zero_page), PAGE_KERNEL_RO);
> +
> + kasan_init_tags();
> +
> + /* Turn on checking */
> + static_branch_inc(&powerpc_kasan_enabled_key);
> +
> + /* Enable error messages */
> + init_task.kasan_depth = 0;
> + pr_info("KASAN init done (64-bit Book3E)\n");
> +}
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-03-12 8:32 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-12 1:23 [RFCv2 PATCH 0/4] powerpc: KASAN for 64-bit Book3E Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 1/4] kasan: do not open-code addr_has_shadow Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 2/4] kasan: allow architectures to manage the memory-to-shadow mapping Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 3/4] kasan: allow architectures to provide an outline readiness check Daniel Axtens
2019-03-12 1:23 ` [RFCv2 PATCH 4/4] powerpc: KASAN for 64bit Book3E Daniel Axtens
2019-03-12 8:30 ` Christophe Leroy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.