All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/4] kasan: prevent tracing of tags.c
@ 2019-02-20 12:45 Andrey Konovalov
  2019-02-20 12:45 ` [PATCH 2/4] kasan, slab: fix conflicts with CONFIG_HARDENED_USERCOPY Andrey Konovalov
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Andrey Konovalov @ 2019-02-20 12:45 UTC (permalink / raw)
  To: Andrey Ryabinin, Alexander Potapenko, Dmitry Vyukov,
	Catalin Marinas, Christoph Lameter, Pekka Enberg, David Rientjes,
	Joonsoo Kim, Andrew Morton, kasan-dev, linux-mm, linux-kernel
  Cc: Qian Cai, Vincenzo Frascino, Kostya Serebryany, Evgeniy Stepanov,
	Andrey Konovalov

Similarly to 0d0c8de8 ("kasan: mark file common so ftrace doesn't trace
it") add the -pg flag to mm/kasan/tags.c to prevent conflicts with
tracing.

Reported-by: Qian Cai <cai@lca.pw>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 mm/kasan/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mm/kasan/Makefile b/mm/kasan/Makefile
index e2bb06c1b45e..5d1065efbd47 100644
--- a/mm/kasan/Makefile
+++ b/mm/kasan/Makefile
@@ -7,6 +7,8 @@ KCOV_INSTRUMENT := n
 
 CFLAGS_REMOVE_common.o = -pg
 CFLAGS_REMOVE_generic.o = -pg
+CFLAGS_REMOVE_tags.o = -pg
+
 # Function splitter causes unnecessary splits in __asan_load1/__asan_store1
 # see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63533
 
-- 
2.21.0.rc0.258.g878e2cd30e-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 2/4] kasan, slab: fix conflicts with CONFIG_HARDENED_USERCOPY
  2019-02-20 12:45 [PATCH 1/4] kasan: prevent tracing of tags.c Andrey Konovalov
@ 2019-02-20 12:45 ` Andrey Konovalov
  2019-02-20 12:45 ` [PATCH 3/4] kasan, slab: make freelist stored without tags Andrey Konovalov
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Andrey Konovalov @ 2019-02-20 12:45 UTC (permalink / raw)
  To: Andrey Ryabinin, Alexander Potapenko, Dmitry Vyukov,
	Catalin Marinas, Christoph Lameter, Pekka Enberg, David Rientjes,
	Joonsoo Kim, Andrew Morton, kasan-dev, linux-mm, linux-kernel
  Cc: Qian Cai, Vincenzo Frascino, Kostya Serebryany, Evgeniy Stepanov,
	Andrey Konovalov

Similarly to 96fedce2 ("kasan: make tag based mode work with
CONFIG_HARDENED_USERCOPY"), we need to reset pointer tags in
__check_heap_object() in mm/slab.c before doing any pointer math.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 mm/slab.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mm/slab.c b/mm/slab.c
index 78eb8c5bf4e4..c84458281a88 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -4408,6 +4408,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page,
 	unsigned int objnr;
 	unsigned long offset;
 
+	ptr = kasan_reset_tag(ptr);
+
 	/* Find and validate object. */
 	cachep = page->slab_cache;
 	objnr = obj_to_index(cachep, page, (void *)ptr);
-- 
2.21.0.rc0.258.g878e2cd30e-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 3/4] kasan, slab: make freelist stored without tags
  2019-02-20 12:45 [PATCH 1/4] kasan: prevent tracing of tags.c Andrey Konovalov
  2019-02-20 12:45 ` [PATCH 2/4] kasan, slab: fix conflicts with CONFIG_HARDENED_USERCOPY Andrey Konovalov
@ 2019-02-20 12:45 ` Andrey Konovalov
  2019-02-20 12:45 ` [PATCH 4/4] kasan, slab: remove redundant kasan_slab_alloc hooks Andrey Konovalov
  2019-02-20 14:04 ` [PATCH 1/4] kasan: prevent tracing of tags.c Qian Cai
  3 siblings, 0 replies; 5+ messages in thread
From: Andrey Konovalov @ 2019-02-20 12:45 UTC (permalink / raw)
  To: Andrey Ryabinin, Alexander Potapenko, Dmitry Vyukov,
	Catalin Marinas, Christoph Lameter, Pekka Enberg, David Rientjes,
	Joonsoo Kim, Andrew Morton, kasan-dev, linux-mm, linux-kernel
  Cc: Qian Cai, Vincenzo Frascino, Kostya Serebryany, Evgeniy Stepanov,
	Andrey Konovalov

Similarly to 680c37ae ("kasan, slub: move kasan_poison_slab hook before
page_address"), move kasan_poison_slab() before alloc_slabmgmt(), which
calls page_address(), to make page_address() return value to be
non-tagged. This, combined with calling kasan_reset_tag() for off-slab
slab management object, leads to freelist being stored non-tagged.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 mm/slab.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/mm/slab.c b/mm/slab.c
index c84458281a88..4ad95fcb1686 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -2359,7 +2359,7 @@ static void *alloc_slabmgmt(struct kmem_cache *cachep,
 	void *freelist;
 	void *addr = page_address(page);
 
-	page->s_mem = kasan_reset_tag(addr) + colour_off;
+	page->s_mem = addr + colour_off;
 	page->active = 0;
 
 	if (OBJFREELIST_SLAB(cachep))
@@ -2368,6 +2368,7 @@ static void *alloc_slabmgmt(struct kmem_cache *cachep,
 		/* Slab management obj is off-slab. */
 		freelist = kmem_cache_alloc_node(cachep->freelist_cache,
 					      local_flags, nodeid);
+		freelist = kasan_reset_tag(freelist);
 		if (!freelist)
 			return NULL;
 	} else {
@@ -2681,6 +2682,13 @@ static struct page *cache_grow_begin(struct kmem_cache *cachep,
 
 	offset *= cachep->colour_off;
 
+	/*
+	 * Call kasan_poison_slab() before calling alloc_slabmgmt(), so
+	 * page_address() in the latter returns a non-tagged pointer,
+	 * as it should be for slab pages.
+	 */
+	kasan_poison_slab(page);
+
 	/* Get slab management. */
 	freelist = alloc_slabmgmt(cachep, page, offset,
 			local_flags & ~GFP_CONSTRAINT_MASK, page_node);
@@ -2689,7 +2697,6 @@ static struct page *cache_grow_begin(struct kmem_cache *cachep,
 
 	slab_map_pages(cachep, page, freelist);
 
-	kasan_poison_slab(page);
 	cache_init_objs(cachep, page);
 
 	if (gfpflags_allow_blocking(local_flags))
-- 
2.21.0.rc0.258.g878e2cd30e-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 4/4] kasan, slab: remove redundant kasan_slab_alloc hooks
  2019-02-20 12:45 [PATCH 1/4] kasan: prevent tracing of tags.c Andrey Konovalov
  2019-02-20 12:45 ` [PATCH 2/4] kasan, slab: fix conflicts with CONFIG_HARDENED_USERCOPY Andrey Konovalov
  2019-02-20 12:45 ` [PATCH 3/4] kasan, slab: make freelist stored without tags Andrey Konovalov
@ 2019-02-20 12:45 ` Andrey Konovalov
  2019-02-20 14:04 ` [PATCH 1/4] kasan: prevent tracing of tags.c Qian Cai
  3 siblings, 0 replies; 5+ messages in thread
From: Andrey Konovalov @ 2019-02-20 12:45 UTC (permalink / raw)
  To: Andrey Ryabinin, Alexander Potapenko, Dmitry Vyukov,
	Catalin Marinas, Christoph Lameter, Pekka Enberg, David Rientjes,
	Joonsoo Kim, Andrew Morton, kasan-dev, linux-mm, linux-kernel
  Cc: Qian Cai, Vincenzo Frascino, Kostya Serebryany, Evgeniy Stepanov,
	Andrey Konovalov

kasan_slab_alloc() calls in kmem_cache_alloc() and kmem_cache_alloc_node()
are redundant as they are already called via slab_alloc/slab_alloc_node()->
slab_post_alloc_hook()->kasan_slab_alloc(). Remove them.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 mm/slab.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/mm/slab.c b/mm/slab.c
index 4ad95fcb1686..91c1863df93d 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -3547,7 +3547,6 @@ void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
 {
 	void *ret = slab_alloc(cachep, flags, _RET_IP_);
 
-	ret = kasan_slab_alloc(cachep, ret, flags);
 	trace_kmem_cache_alloc(_RET_IP_, ret,
 			       cachep->object_size, cachep->size, flags);
 
@@ -3637,7 +3636,6 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t flags, int nodeid)
 {
 	void *ret = slab_alloc_node(cachep, flags, nodeid, _RET_IP_);
 
-	ret = kasan_slab_alloc(cachep, ret, flags);
 	trace_kmem_cache_alloc_node(_RET_IP_, ret,
 				    cachep->object_size, cachep->size,
 				    flags, nodeid);
-- 
2.21.0.rc0.258.g878e2cd30e-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/4] kasan: prevent tracing of tags.c
  2019-02-20 12:45 [PATCH 1/4] kasan: prevent tracing of tags.c Andrey Konovalov
                   ` (2 preceding siblings ...)
  2019-02-20 12:45 ` [PATCH 4/4] kasan, slab: remove redundant kasan_slab_alloc hooks Andrey Konovalov
@ 2019-02-20 14:04 ` Qian Cai
  3 siblings, 0 replies; 5+ messages in thread
From: Qian Cai @ 2019-02-20 14:04 UTC (permalink / raw)
  To: Andrey Konovalov, Andrey Ryabinin, Alexander Potapenko,
	Dmitry Vyukov, Catalin Marinas, Christoph Lameter, Pekka Enberg,
	David Rientjes, Joonsoo Kim, Andrew Morton, kasan-dev, linux-mm,
	linux-kernel
  Cc: Vincenzo Frascino, Kostya Serebryany, Evgeniy Stepanov



On 2/20/19 7:45 AM, Andrey Konovalov wrote:
> Similarly to 0d0c8de8 ("kasan: mark file common so ftrace doesn't trace
> it") add the -pg flag to mm/kasan/tags.c to prevent conflicts with
> tracing.
> 
> Reported-by: Qian Cai <cai@lca.pw>
> Signed-off-by: Andrey Konovalov <andreyknvl@google.com>

Tested-by: Qian Cai <cai@lca.pw>

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-02-20 14:04 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-20 12:45 [PATCH 1/4] kasan: prevent tracing of tags.c Andrey Konovalov
2019-02-20 12:45 ` [PATCH 2/4] kasan, slab: fix conflicts with CONFIG_HARDENED_USERCOPY Andrey Konovalov
2019-02-20 12:45 ` [PATCH 3/4] kasan, slab: make freelist stored without tags Andrey Konovalov
2019-02-20 12:45 ` [PATCH 4/4] kasan, slab: remove redundant kasan_slab_alloc hooks Andrey Konovalov
2019-02-20 14:04 ` [PATCH 1/4] kasan: prevent tracing of tags.c Qian Cai

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.