* [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
@ 2015-09-08 1:42 ` Xishi Qiu
0 siblings, 0 replies; 10+ messages in thread
From: Xishi Qiu @ 2015-09-08 1:42 UTC (permalink / raw)
To: Andrew Morton, Andrey Ryabinin, adech.fo, rusty, mmarek
Cc: Linux MM, LKML, zhongjiang
The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
it calculates wrong, so fix it.
Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
---
mm/kasan/kasan.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 7b28e9c..8da2114 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
if (unlikely(*shadow_addr)) {
u16 shadow_first_bytes = *(u16 *)shadow_addr;
- s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
if (unlikely(shadow_first_bytes))
return true;
- if (likely(!last_byte))
+ if (likely(IS_ALIGNED(addr, 8)))
return false;
return memory_is_poisoned_1(addr + 15);
--
1.7.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
@ 2015-09-08 1:42 ` Xishi Qiu
0 siblings, 0 replies; 10+ messages in thread
From: Xishi Qiu @ 2015-09-08 1:42 UTC (permalink / raw)
To: Andrew Morton, Andrey Ryabinin, adech.fo, rusty, mmarek
Cc: Linux MM, LKML, zhongjiang
The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
it calculates wrong, so fix it.
Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
---
mm/kasan/kasan.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 7b28e9c..8da2114 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
if (unlikely(*shadow_addr)) {
u16 shadow_first_bytes = *(u16 *)shadow_addr;
- s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
if (unlikely(shadow_first_bytes))
return true;
- if (likely(!last_byte))
+ if (likely(IS_ALIGNED(addr, 8)))
return false;
return memory_is_poisoned_1(addr + 15);
--
1.7.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
2015-09-08 1:42 ` Xishi Qiu
@ 2015-09-08 9:36 ` Andrey Ryabinin
-1 siblings, 0 replies; 10+ messages in thread
From: Andrey Ryabinin @ 2015-09-08 9:36 UTC (permalink / raw)
To: Xishi Qiu
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
> it calculates wrong, so fix it.
>
Please, be more specific. Describe what is wrong with the current code and why,
what's the effect of this bug and how you fixed it.
> Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
> ---
> mm/kasan/kasan.c | 3 +--
> 1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
> index 7b28e9c..8da2114 100644
> --- a/mm/kasan/kasan.c
> +++ b/mm/kasan/kasan.c
> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>
> if (unlikely(*shadow_addr)) {
> u16 shadow_first_bytes = *(u16 *)shadow_addr;
> - s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>
> if (unlikely(shadow_first_bytes))
> return true;
>
> - if (likely(!last_byte))
> + if (likely(IS_ALIGNED(addr, 8)))
> return false;
>
> return memory_is_poisoned_1(addr + 15);
> --
> 1.7.1
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
@ 2015-09-08 9:36 ` Andrey Ryabinin
0 siblings, 0 replies; 10+ messages in thread
From: Andrey Ryabinin @ 2015-09-08 9:36 UTC (permalink / raw)
To: Xishi Qiu
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
> it calculates wrong, so fix it.
>
Please, be more specific. Describe what is wrong with the current code and why,
what's the effect of this bug and how you fixed it.
> Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
> ---
> mm/kasan/kasan.c | 3 +--
> 1 files changed, 1 insertions(+), 2 deletions(-)
>
> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
> index 7b28e9c..8da2114 100644
> --- a/mm/kasan/kasan.c
> +++ b/mm/kasan/kasan.c
> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>
> if (unlikely(*shadow_addr)) {
> u16 shadow_first_bytes = *(u16 *)shadow_addr;
> - s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>
> if (unlikely(shadow_first_bytes))
> return true;
>
> - if (likely(!last_byte))
> + if (likely(IS_ALIGNED(addr, 8)))
> return false;
>
> return memory_is_poisoned_1(addr + 15);
> --
> 1.7.1
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
2015-09-08 9:36 ` Andrey Ryabinin
@ 2015-09-08 9:49 ` Xishi Qiu
-1 siblings, 0 replies; 10+ messages in thread
From: Xishi Qiu @ 2015-09-08 9:49 UTC (permalink / raw)
To: Andrey Ryabinin
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
On 2015/9/8 17:36, Andrey Ryabinin wrote:
> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>> it calculates wrong, so fix it.
>>
>
> Please, be more specific. Describe what is wrong with the current code and why,
> what's the effect of this bug and how you fixed it.
>
>
If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.
e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
continue to call "return memory_is_poisoned_1(addr + 15);"
Thanks,
Xishi Qiu
>> Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
>> ---
>> mm/kasan/kasan.c | 3 +--
>> 1 files changed, 1 insertions(+), 2 deletions(-)
>>
>> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
>> index 7b28e9c..8da2114 100644
>> --- a/mm/kasan/kasan.c
>> +++ b/mm/kasan/kasan.c
>> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>>
>> if (unlikely(*shadow_addr)) {
>> u16 shadow_first_bytes = *(u16 *)shadow_addr;
>> - s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>>
>> if (unlikely(shadow_first_bytes))
>> return true;
>>
>> - if (likely(!last_byte))
>> + if (likely(IS_ALIGNED(addr, 8)))
>> return false;
>>
>> return memory_is_poisoned_1(addr + 15);
>> --
>> 1.7.1
>>
>>
>
> .
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
@ 2015-09-08 9:49 ` Xishi Qiu
0 siblings, 0 replies; 10+ messages in thread
From: Xishi Qiu @ 2015-09-08 9:49 UTC (permalink / raw)
To: Andrey Ryabinin
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
On 2015/9/8 17:36, Andrey Ryabinin wrote:
> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>> it calculates wrong, so fix it.
>>
>
> Please, be more specific. Describe what is wrong with the current code and why,
> what's the effect of this bug and how you fixed it.
>
>
If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.
e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
continue to call "return memory_is_poisoned_1(addr + 15);"
Thanks,
Xishi Qiu
>> Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
>> ---
>> mm/kasan/kasan.c | 3 +--
>> 1 files changed, 1 insertions(+), 2 deletions(-)
>>
>> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
>> index 7b28e9c..8da2114 100644
>> --- a/mm/kasan/kasan.c
>> +++ b/mm/kasan/kasan.c
>> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>>
>> if (unlikely(*shadow_addr)) {
>> u16 shadow_first_bytes = *(u16 *)shadow_addr;
>> - s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>>
>> if (unlikely(shadow_first_bytes))
>> return true;
>>
>> - if (likely(!last_byte))
>> + if (likely(IS_ALIGNED(addr, 8)))
>> return false;
>>
>> return memory_is_poisoned_1(addr + 15);
>> --
>> 1.7.1
>>
>>
>
> .
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
2015-09-08 9:49 ` Xishi Qiu
@ 2015-09-08 9:52 ` Xishi Qiu
-1 siblings, 0 replies; 10+ messages in thread
From: Xishi Qiu @ 2015-09-08 9:52 UTC (permalink / raw)
To: Andrey Ryabinin
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
On 2015/9/8 17:49, Xishi Qiu wrote:
> On 2015/9/8 17:36, Andrey Ryabinin wrote:
>
>> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
>>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>>> it calculates wrong, so fix it.
>>>
>>
>> Please, be more specific. Describe what is wrong with the current code and why,
>> what's the effect of this bug and how you fixed it.
>>
>>
>
> If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
> So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
> The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.
Sorry, a mistake, The code "if (likely(!last_byte))" is wrong judgement.
> e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
> continue to call "return memory_is_poisoned_1(addr + 15);"
>
> Thanks,
> Xishi Qiu
>
>>> Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
>>> ---
>>> mm/kasan/kasan.c | 3 +--
>>> 1 files changed, 1 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
>>> index 7b28e9c..8da2114 100644
>>> --- a/mm/kasan/kasan.c
>>> +++ b/mm/kasan/kasan.c
>>> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>>>
>>> if (unlikely(*shadow_addr)) {
>>> u16 shadow_first_bytes = *(u16 *)shadow_addr;
>>> - s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>>>
>>> if (unlikely(shadow_first_bytes))
>>> return true;
>>>
>>> - if (likely(!last_byte))
>>> + if (likely(IS_ALIGNED(addr, 8)))
>>> return false;
>>>
>>> return memory_is_poisoned_1(addr + 15);
>>> --
>>> 1.7.1
>>>
>>>
>>
>> .
>>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
@ 2015-09-08 9:52 ` Xishi Qiu
0 siblings, 0 replies; 10+ messages in thread
From: Xishi Qiu @ 2015-09-08 9:52 UTC (permalink / raw)
To: Andrey Ryabinin
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
On 2015/9/8 17:49, Xishi Qiu wrote:
> On 2015/9/8 17:36, Andrey Ryabinin wrote:
>
>> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
>>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>>> it calculates wrong, so fix it.
>>>
>>
>> Please, be more specific. Describe what is wrong with the current code and why,
>> what's the effect of this bug and how you fixed it.
>>
>>
>
> If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
> So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
> The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.
Sorry, a mistake, The code "if (likely(!last_byte))" is wrong judgement.
> e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
> continue to call "return memory_is_poisoned_1(addr + 15);"
>
> Thanks,
> Xishi Qiu
>
>>> Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
>>> ---
>>> mm/kasan/kasan.c | 3 +--
>>> 1 files changed, 1 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
>>> index 7b28e9c..8da2114 100644
>>> --- a/mm/kasan/kasan.c
>>> +++ b/mm/kasan/kasan.c
>>> @@ -135,12 +135,11 @@ static __always_inline bool memory_is_poisoned_16(unsigned long addr)
>>>
>>> if (unlikely(*shadow_addr)) {
>>> u16 shadow_first_bytes = *(u16 *)shadow_addr;
>>> - s8 last_byte = (addr + 15) & KASAN_SHADOW_MASK;
>>>
>>> if (unlikely(shadow_first_bytes))
>>> return true;
>>>
>>> - if (likely(!last_byte))
>>> + if (likely(IS_ALIGNED(addr, 8)))
>>> return false;
>>>
>>> return memory_is_poisoned_1(addr + 15);
>>> --
>>> 1.7.1
>>>
>>>
>>
>> .
>>
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
2015-09-08 9:52 ` Xishi Qiu
@ 2015-09-08 10:05 ` Andrey Ryabinin
-1 siblings, 0 replies; 10+ messages in thread
From: Andrey Ryabinin @ 2015-09-08 10:05 UTC (permalink / raw)
To: Xishi Qiu
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
2015-09-08 12:52 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
> On 2015/9/8 17:49, Xishi Qiu wrote:
>
>> On 2015/9/8 17:36, Andrey Ryabinin wrote:
>>
>>> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
>>>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>>>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>>>> it calculates wrong, so fix it.
>>>>
>>>
>>> Please, be more specific. Describe what is wrong with the current code and why,
>>> what's the effect of this bug and how you fixed it.
>>>
>>>
>>
>> If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
>> So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
>> The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.
>
> Sorry, a mistake, The code "if (likely(!last_byte))" is wrong judgement.
>
>> e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
>> continue to call "return memory_is_poisoned_1(addr + 15);"
>>
Right, put this into changelog please.
>> Thanks,
>> Xishi Qiu
>>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16()
@ 2015-09-08 10:05 ` Andrey Ryabinin
0 siblings, 0 replies; 10+ messages in thread
From: Andrey Ryabinin @ 2015-09-08 10:05 UTC (permalink / raw)
To: Xishi Qiu
Cc: Andrew Morton, Andrey Konovalov, Rusty Russell, Michal Marek,
Linux MM, LKML, zhongjiang
2015-09-08 12:52 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
> On 2015/9/8 17:49, Xishi Qiu wrote:
>
>> On 2015/9/8 17:36, Andrey Ryabinin wrote:
>>
>>> 2015-09-08 4:42 GMT+03:00 Xishi Qiu <qiuxishi@huawei.com>:
>>>> The shadow which correspond 16 bytes may span 2 or 3 bytes. If shadow
>>>> only take 2 bytes, we can return in "if (likely(!last_byte)) ...", but
>>>> it calculates wrong, so fix it.
>>>>
>>>
>>> Please, be more specific. Describe what is wrong with the current code and why,
>>> what's the effect of this bug and how you fixed it.
>>>
>>>
>>
>> If the 16 bytes memory is aligned on 8, then the shadow takes only 2 bytes.
>> So we check "shadow_first_bytes" is enough, and need not to call "memory_is_poisoned_1(addr + 15);".
>> The code "if (likely(IS_ALIGNED(addr, 8)))" is wrong judgement.
>
> Sorry, a mistake, The code "if (likely(!last_byte))" is wrong judgement.
>
>> e.g. addr=0, so last_byte = 15 & KASAN_SHADOW_MASK = 7, then the code will
>> continue to call "return memory_is_poisoned_1(addr + 15);"
>>
Right, put this into changelog please.
>> Thanks,
>> Xishi Qiu
>>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2015-09-08 10:06 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-08 1:42 [PATCH] kasan: fix last shadow judgement in memory_is_poisoned_16() Xishi Qiu
2015-09-08 1:42 ` Xishi Qiu
2015-09-08 9:36 ` Andrey Ryabinin
2015-09-08 9:36 ` Andrey Ryabinin
2015-09-08 9:49 ` Xishi Qiu
2015-09-08 9:49 ` Xishi Qiu
2015-09-08 9:52 ` Xishi Qiu
2015-09-08 9:52 ` Xishi Qiu
2015-09-08 10:05 ` Andrey Ryabinin
2015-09-08 10:05 ` Andrey Ryabinin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.