From: Maninder Singh <maninder1.s@samsung.com>
To: "linux@armlinux.org.uk" <linux@armlinux.org.uk>,
"cl@linux.com" <cl@linux.com>,
"penberg@kernel.org" <penberg@kernel.org>,
"rientjes@google.com" <rientjes@google.com>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"vbabka@suse.cz" <vbabka@suse.cz>
Cc: Maninder Singh <maninder1.s@samsung.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
AMIT SAHRAWAT <a.sahrawat@samsung.com>,
Vaneet Narang <v.narang@samsung.com>
Subject: RE: [PATCH v2] arm: print alloc free paths for address in registers
Date: Wed, 10 Mar 2021 11:20:35 +0530 [thread overview]
Message-ID: <20210310055035epcms5p230de287f0daec198eb334b3348d07924@epcms5p2> (raw)
In-Reply-To: <1614239800-27549-1-git-send-email-maninder1.s@samsung.com>
Hi,
Any comments or updates?
>Sender : Maninder Singh <maninder1.s@samsung.com> Engineer/Platform S/W Group /SRI-Delhi/Samsung Electronics
>Date : 2021-02-25 13:57 (GMT+5:30)
>Title : [PATCH v2] arm: print alloc free paths for address in registers
>
>In case of "Use After Free" kernel OOPs, free path of object
>is required to debug futher.
>And in most of cases object address is present in one of registers.
>
>Thus check for register address and if it belongs to slab,
>print its alloc and free path.
>
>e.g. in below issue register r6 belongs to slab, and use after free issue
>occurred on one of its derefer values:
>
>[ 124.310386] (ptrval)
>[ 124.312647] 8<--- cut here ---
>[ 124.313761] Unable to handle kernel paging request at virtual address 6b6b6b6f
>[ 124.315972] pgd = (ptrval)
>...
>[ 124.328290] pc : [<c052fc0c>] lr : [<c052fc00>] psr: 60000013
>[ 124.330349] sp : c8993d28 ip : 0000bff4 fp : c8ae2020
>[ 124.332071] r10: 00000000 r9 : 00000001 r8 : c1804cc8
>[ 124.333803] r7 : 00000000 r6 : c8ae9180 r5 : c1804a80 r4 : c8ae2008
>[ 124.335936] r3 : 6b6b6b6b r2 : 315049d6 r1 : 2d867000 r0 : c1396584
>..
>[ 124.365233] register r6: c8ae9180 belongs to slab object
>[ 124.366364] INFO: Allocated in meminfo_proc_show+0x3c/0x500 age=1 cpu=0 pid=69
>[ 124.367545] meminfo_proc_show+0x3c/0x500
>[ 124.368271] seq_read_iter+0x10c/0x4bc
>[ 124.368994] proc_reg_read_iter+0x74/0xa8
>[ 124.369712] generic_file_splice_read+0xe8/0x178
>[ 124.370496] splice_direct_to_actor+0xe0/0x2b8
>[ 124.371261] do_splice_direct+0xa4/0xdc
>[ 124.371917] do_sendfile+0x1c4/0x3ec
>[ 124.372550] sys_sendfile64+0x128/0x130
>[ 124.373109] ret_fast_syscall+0x0/0x54
>[ 124.373664] 0xbe9a2de4
>[ 124.374081] INFO: Freed in meminfo_proc_show+0x5c/0x500 age=1 cpu=0 pid=69
>[ 124.374933] meminfo_proc_show+0x5c/0x500
>[ 124.375485] seq_read_iter+0x10c/0x4bc
>[ 124.376020] proc_reg_read_iter+0x74/0xa8
>[ 124.376643] generic_file_splice_read+0xe8/0x178
>[ 124.377331] splice_direct_to_actor+0xe0/0x2b8
>[ 124.378022] do_splice_direct+0xa4/0xdc
>[ 124.378633] do_sendfile+0x1c4/0x3ec
>[ 124.379220] sys_sendfile64+0x128/0x130
>[ 124.379822] ret_fast_syscall+0x0/0x54
>[ 124.380421] 0xbe9a2de4
>
>Co-developed-by: Vaneet Narang <v.narang@samsung.com>
>Signed-off-by: Vaneet Narang <v.narang@samsung.com>
>Signed-off-by: Maninder Singh <maninder1.s@samsung.com>
>---
>v1 -> v2: do address sanity with virt_addr_valid
>
> arch/arm/include/asm/bug.h | 1 +
> arch/arm/kernel/process.c | 18 ++++++++++++++++++
> arch/arm/kernel/traps.c | 1 +
> include/linux/slab.h | 14 ++++++++++++++
> mm/slab.h | 7 -------
> mm/slub.c | 18 ++++++++++++++++++
> 6 files changed, 52 insertions(+), 7 deletions(-)
Thanks,
Maninder Singh
WARNING: multiple messages have this Message-ID (diff)
From: Maninder Singh <maninder1.s@samsung.com>
To: "linux@armlinux.org.uk" <linux@armlinux.org.uk>,
"cl@linux.com" <cl@linux.com>,
"penberg@kernel.org" <penberg@kernel.org>,
"rientjes@google.com" <rientjes@google.com>,
"iamjoonsoo.kim@lge.com" <iamjoonsoo.kim@lge.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"vbabka@suse.cz" <vbabka@suse.cz>
Cc: Maninder Singh <maninder1.s@samsung.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
AMIT SAHRAWAT <a.sahrawat@samsung.com>,
Vaneet Narang <v.narang@samsung.com>
Subject: RE: [PATCH v2] arm: print alloc free paths for address in registers
Date: Wed, 10 Mar 2021 11:20:35 +0530 [thread overview]
Message-ID: <20210310055035epcms5p230de287f0daec198eb334b3348d07924@epcms5p2> (raw)
In-Reply-To: <1614239800-27549-1-git-send-email-maninder1.s@samsung.com>
Hi,
Any comments or updates?
>Sender : Maninder Singh <maninder1.s@samsung.com> Engineer/Platform S/W Group /SRI-Delhi/Samsung Electronics
>Date : 2021-02-25 13:57 (GMT+5:30)
>Title : [PATCH v2] arm: print alloc free paths for address in registers
>
>In case of "Use After Free" kernel OOPs, free path of object
>is required to debug futher.
>And in most of cases object address is present in one of registers.
>
>Thus check for register address and if it belongs to slab,
>print its alloc and free path.
>
>e.g. in below issue register r6 belongs to slab, and use after free issue
>occurred on one of its derefer values:
>
>[ 124.310386] (ptrval)
>[ 124.312647] 8<--- cut here ---
>[ 124.313761] Unable to handle kernel paging request at virtual address 6b6b6b6f
>[ 124.315972] pgd = (ptrval)
>...
>[ 124.328290] pc : [<c052fc0c>] lr : [<c052fc00>] psr: 60000013
>[ 124.330349] sp : c8993d28 ip : 0000bff4 fp : c8ae2020
>[ 124.332071] r10: 00000000 r9 : 00000001 r8 : c1804cc8
>[ 124.333803] r7 : 00000000 r6 : c8ae9180 r5 : c1804a80 r4 : c8ae2008
>[ 124.335936] r3 : 6b6b6b6b r2 : 315049d6 r1 : 2d867000 r0 : c1396584
>..
>[ 124.365233] register r6: c8ae9180 belongs to slab object
>[ 124.366364] INFO: Allocated in meminfo_proc_show+0x3c/0x500 age=1 cpu=0 pid=69
>[ 124.367545] meminfo_proc_show+0x3c/0x500
>[ 124.368271] seq_read_iter+0x10c/0x4bc
>[ 124.368994] proc_reg_read_iter+0x74/0xa8
>[ 124.369712] generic_file_splice_read+0xe8/0x178
>[ 124.370496] splice_direct_to_actor+0xe0/0x2b8
>[ 124.371261] do_splice_direct+0xa4/0xdc
>[ 124.371917] do_sendfile+0x1c4/0x3ec
>[ 124.372550] sys_sendfile64+0x128/0x130
>[ 124.373109] ret_fast_syscall+0x0/0x54
>[ 124.373664] 0xbe9a2de4
>[ 124.374081] INFO: Freed in meminfo_proc_show+0x5c/0x500 age=1 cpu=0 pid=69
>[ 124.374933] meminfo_proc_show+0x5c/0x500
>[ 124.375485] seq_read_iter+0x10c/0x4bc
>[ 124.376020] proc_reg_read_iter+0x74/0xa8
>[ 124.376643] generic_file_splice_read+0xe8/0x178
>[ 124.377331] splice_direct_to_actor+0xe0/0x2b8
>[ 124.378022] do_splice_direct+0xa4/0xdc
>[ 124.378633] do_sendfile+0x1c4/0x3ec
>[ 124.379220] sys_sendfile64+0x128/0x130
>[ 124.379822] ret_fast_syscall+0x0/0x54
>[ 124.380421] 0xbe9a2de4
>
>Co-developed-by: Vaneet Narang <v.narang@samsung.com>
>Signed-off-by: Vaneet Narang <v.narang@samsung.com>
>Signed-off-by: Maninder Singh <maninder1.s@samsung.com>
>---
>v1 -> v2: do address sanity with virt_addr_valid
>
> arch/arm/include/asm/bug.h | 1 +
> arch/arm/kernel/process.c | 18 ++++++++++++++++++
> arch/arm/kernel/traps.c | 1 +
> include/linux/slab.h | 14 ++++++++++++++
> mm/slab.h | 7 -------
> mm/slub.c | 18 ++++++++++++++++++
> 6 files changed, 52 insertions(+), 7 deletions(-)
Thanks,
Maninder Singh
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-03-10 5:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20210225075653epcas5p3d9551f01177d0c851c9c37f6ae84f38d@epcas5p3.samsung.com>
2021-02-25 7:56 ` [PATCH v2] arm: print alloc free paths for address in registers Maninder Singh
2021-02-25 7:56 ` Maninder Singh
[not found] ` <CGME20210225075653epcas5p3d9551f01177d0c851c9c37f6ae84f38d@epcms5p2>
2021-03-10 5:50 ` Maninder Singh [this message]
2021-03-10 5:50 ` Maninder Singh
2021-03-10 5:50 ` Maninder Singh
2021-03-10 14:02 ` Vlastimil Babka
2021-03-10 14:02 ` Vlastimil Babka
[not found] ` <CGME20210225075653epcas5p3d9551f01177d0c851c9c37f6ae84f38d@epcms5p6>
[not found] ` <20210311105115epcms5p679b5dd4fb157f85a73f5a36632ee2c43@epcms5p6>
2021-03-12 9:21 ` Vlastimil Babka
2021-03-12 9:21 ` Vlastimil Babka
2021-03-12 9:21 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210310055035epcms5p230de287f0daec198eb334b3348d07924@epcms5p2 \
--to=maninder1.s@samsung.com \
--cc=a.sahrawat@samsung.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=v.narang@samsung.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.