* [RFC] kasan: include the hashed pointer for an object's location
@ 2019-10-22 2:18 Lyude Paul
2019-10-22 2:27 ` Dmitry Vyukov
0 siblings, 1 reply; 5+ messages in thread
From: Lyude Paul @ 2019-10-22 2:18 UTC (permalink / raw)
To: linux-mm, kasan-dev
Cc: Sean Paul, Daniel Vetter, Andrey Ryabinin, Alexander Potapenko,
Dmitry Vyukov, linux-kernel
The vast majority of the kernel that needs to print out pointers as a
way to keep track of a specific object in the kernel for debugging
purposes does so using hashed pointers, since these are "good enough".
Ironically, the one place we don't do this is within kasan. While
simply printing a hashed version of where an out of bounds memory access
occurred isn't too useful, printing out the hashed address of the object
in question usually is since that's the format most of the kernel is
likely to be using in debugging output.
Of course this isn't perfect though-having the object's originating
address doesn't help users at all that need to do things like printing
the address of a struct which is embedded within another struct, but
it's certainly better then not printing any hashed addresses. And users
which need to handle less trivial cases like that can simply fall back
to careful usage of %px.
Signed-off-by: Lyude Paul <lyude@redhat.com>
Cc: Sean Paul <sean@poorly.run>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: kasan-dev@googlegroups.com
---
mm/kasan/report.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 621782100eaa..0a5663fee1f7 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -128,8 +128,9 @@ static void describe_object_addr(struct kmem_cache *cache, void *object,
int rel_bytes;
pr_err("The buggy address belongs to the object at %px\n"
- " which belongs to the cache %s of size %d\n",
- object, cache->name, cache->object_size);
+ " (aka %p) which belongs to the cache\n"
+ " %s of size %d\n",
+ object, object, cache->name, cache->object_size);
if (!addr)
return;
--
2.21.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC] kasan: include the hashed pointer for an object's location
2019-10-22 2:18 [RFC] kasan: include the hashed pointer for an object's location Lyude Paul
@ 2019-10-22 2:27 ` Dmitry Vyukov
0 siblings, 0 replies; 5+ messages in thread
From: Dmitry Vyukov @ 2019-10-22 2:27 UTC (permalink / raw)
To: Lyude Paul
Cc: Linux-MM, kasan-dev, Sean Paul, Daniel Vetter, Andrey Ryabinin,
Alexander Potapenko, LKML
On Tue, Oct 22, 2019 at 4:19 AM Lyude Paul <lyude@redhat.com> wrote:
>
> The vast majority of the kernel that needs to print out pointers as a
> way to keep track of a specific object in the kernel for debugging
> purposes does so using hashed pointers, since these are "good enough".
> Ironically, the one place we don't do this is within kasan. While
> simply printing a hashed version of where an out of bounds memory access
> occurred isn't too useful, printing out the hashed address of the object
> in question usually is since that's the format most of the kernel is
> likely to be using in debugging output.
>
> Of course this isn't perfect though-having the object's originating
> address doesn't help users at all that need to do things like printing
> the address of a struct which is embedded within another struct, but
> it's certainly better then not printing any hashed addresses. And users
> which need to handle less trivial cases like that can simply fall back
> to careful usage of %px.
>
> Signed-off-by: Lyude Paul <lyude@redhat.com>
> Cc: Sean Paul <sean@poorly.run>
> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
> Cc: Alexander Potapenko <glider@google.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: kasan-dev@googlegroups.com
> ---
> mm/kasan/report.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 621782100eaa..0a5663fee1f7 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -128,8 +128,9 @@ static void describe_object_addr(struct kmem_cache *cache, void *object,
> int rel_bytes;
>
> pr_err("The buggy address belongs to the object at %px\n"
> - " which belongs to the cache %s of size %d\n",
> - object, cache->name, cache->object_size);
> + " (aka %p) which belongs to the cache\n"
> + " %s of size %d\n",
> + object, object, cache->name, cache->object_size);
Hi Lyude,
This only prints hashed address for heap objects, but
print_address_description() has 4 different code paths for different
types of addresses (heap, global, stack, page). Plus there is a case
for address without shadow.
Should we print the hashed address at least for all cases in
print_address_description()?
> if (!addr)
> return;
> --
> 2.21.0
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] kasan: include the hashed pointer for an object's location
@ 2019-10-22 2:27 ` Dmitry Vyukov
0 siblings, 0 replies; 5+ messages in thread
From: Dmitry Vyukov @ 2019-10-22 2:27 UTC (permalink / raw)
To: Lyude Paul
Cc: Linux-MM, kasan-dev, Sean Paul, Daniel Vetter, Andrey Ryabinin,
Alexander Potapenko, LKML
On Tue, Oct 22, 2019 at 4:19 AM Lyude Paul <lyude@redhat.com> wrote:
>
> The vast majority of the kernel that needs to print out pointers as a
> way to keep track of a specific object in the kernel for debugging
> purposes does so using hashed pointers, since these are "good enough".
> Ironically, the one place we don't do this is within kasan. While
> simply printing a hashed version of where an out of bounds memory access
> occurred isn't too useful, printing out the hashed address of the object
> in question usually is since that's the format most of the kernel is
> likely to be using in debugging output.
>
> Of course this isn't perfect though-having the object's originating
> address doesn't help users at all that need to do things like printing
> the address of a struct which is embedded within another struct, but
> it's certainly better then not printing any hashed addresses. And users
> which need to handle less trivial cases like that can simply fall back
> to careful usage of %px.
>
> Signed-off-by: Lyude Paul <lyude@redhat.com>
> Cc: Sean Paul <sean@poorly.run>
> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
> Cc: Alexander Potapenko <glider@google.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: kasan-dev@googlegroups.com
> ---
> mm/kasan/report.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 621782100eaa..0a5663fee1f7 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -128,8 +128,9 @@ static void describe_object_addr(struct kmem_cache *cache, void *object,
> int rel_bytes;
>
> pr_err("The buggy address belongs to the object at %px\n"
> - " which belongs to the cache %s of size %d\n",
> - object, cache->name, cache->object_size);
> + " (aka %p) which belongs to the cache\n"
> + " %s of size %d\n",
> + object, object, cache->name, cache->object_size);
Hi Lyude,
This only prints hashed address for heap objects, but
print_address_description() has 4 different code paths for different
types of addresses (heap, global, stack, page). Plus there is a case
for address without shadow.
Should we print the hashed address at least for all cases in
print_address_description()?
> if (!addr)
> return;
> --
> 2.21.0
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] kasan: include the hashed pointer for an object's location
2019-10-22 2:27 ` Dmitry Vyukov
@ 2019-10-22 17:22 ` Lyude Paul
-1 siblings, 0 replies; 5+ messages in thread
From: Lyude Paul @ 2019-10-22 17:22 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: Linux-MM, kasan-dev, Sean Paul, Daniel Vetter, Andrey Ryabinin,
Alexander Potapenko, LKML
On Tue, 2019-10-22 at 04:27 +0200, Dmitry Vyukov wrote:
> On Tue, Oct 22, 2019 at 4:19 AM Lyude Paul <lyude@redhat.com> wrote:
> > The vast majority of the kernel that needs to print out pointers as a
> > way to keep track of a specific object in the kernel for debugging
> > purposes does so using hashed pointers, since these are "good enough".
> > Ironically, the one place we don't do this is within kasan. While
> > simply printing a hashed version of where an out of bounds memory access
> > occurred isn't too useful, printing out the hashed address of the object
> > in question usually is since that's the format most of the kernel is
> > likely to be using in debugging output.
> >
> > Of course this isn't perfect though-having the object's originating
> > address doesn't help users at all that need to do things like printing
> > the address of a struct which is embedded within another struct, but
> > it's certainly better then not printing any hashed addresses. And users
> > which need to handle less trivial cases like that can simply fall back
> > to careful usage of %px.
> >
> > Signed-off-by: Lyude Paul <lyude@redhat.com>
> > Cc: Sean Paul <sean@poorly.run>
> > Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> > Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
> > Cc: Alexander Potapenko <glider@google.com>
> > Cc: Dmitry Vyukov <dvyukov@google.com>
> > Cc: kasan-dev@googlegroups.com
> > ---
> > mm/kasan/report.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > index 621782100eaa..0a5663fee1f7 100644
> > --- a/mm/kasan/report.c
> > +++ b/mm/kasan/report.c
> > @@ -128,8 +128,9 @@ static void describe_object_addr(struct kmem_cache
> > *cache, void *object,
> > int rel_bytes;
> >
> > pr_err("The buggy address belongs to the object at %px\n"
> > - " which belongs to the cache %s of size %d\n",
> > - object, cache->name, cache->object_size);
> > + " (aka %p) which belongs to the cache\n"
> > + " %s of size %d\n",
> > + object, object, cache->name, cache->object_size);
>
> Hi Lyude,
>
> This only prints hashed address for heap objects, but
> print_address_description() has 4 different code paths for different
> types of addresses (heap, global, stack, page). Plus there is a case
> for address without shadow.
> Should we print the hashed address at least for all cases in
> print_address_description()?
Yep-this is probably a good idea. Will send a respin in a little bit
>
>
> > if (!addr)
> > return;
> > --
> > 2.21.0
> >
--
Cheers,
Lyude Paul
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] kasan: include the hashed pointer for an object's location
@ 2019-10-22 17:22 ` Lyude Paul
0 siblings, 0 replies; 5+ messages in thread
From: Lyude Paul @ 2019-10-22 17:22 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: Linux-MM, kasan-dev, Sean Paul, Daniel Vetter, Andrey Ryabinin,
Alexander Potapenko, LKML
On Tue, 2019-10-22 at 04:27 +0200, Dmitry Vyukov wrote:
> On Tue, Oct 22, 2019 at 4:19 AM Lyude Paul <lyude@redhat.com> wrote:
> > The vast majority of the kernel that needs to print out pointers as a
> > way to keep track of a specific object in the kernel for debugging
> > purposes does so using hashed pointers, since these are "good enough".
> > Ironically, the one place we don't do this is within kasan. While
> > simply printing a hashed version of where an out of bounds memory access
> > occurred isn't too useful, printing out the hashed address of the object
> > in question usually is since that's the format most of the kernel is
> > likely to be using in debugging output.
> >
> > Of course this isn't perfect though-having the object's originating
> > address doesn't help users at all that need to do things like printing
> > the address of a struct which is embedded within another struct, but
> > it's certainly better then not printing any hashed addresses. And users
> > which need to handle less trivial cases like that can simply fall back
> > to careful usage of %px.
> >
> > Signed-off-by: Lyude Paul <lyude@redhat.com>
> > Cc: Sean Paul <sean@poorly.run>
> > Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> > Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
> > Cc: Alexander Potapenko <glider@google.com>
> > Cc: Dmitry Vyukov <dvyukov@google.com>
> > Cc: kasan-dev@googlegroups.com
> > ---
> > mm/kasan/report.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> > index 621782100eaa..0a5663fee1f7 100644
> > --- a/mm/kasan/report.c
> > +++ b/mm/kasan/report.c
> > @@ -128,8 +128,9 @@ static void describe_object_addr(struct kmem_cache
> > *cache, void *object,
> > int rel_bytes;
> >
> > pr_err("The buggy address belongs to the object at %px\n"
> > - " which belongs to the cache %s of size %d\n",
> > - object, cache->name, cache->object_size);
> > + " (aka %p) which belongs to the cache\n"
> > + " %s of size %d\n",
> > + object, object, cache->name, cache->object_size);
>
> Hi Lyude,
>
> This only prints hashed address for heap objects, but
> print_address_description() has 4 different code paths for different
> types of addresses (heap, global, stack, page). Plus there is a case
> for address without shadow.
> Should we print the hashed address at least for all cases in
> print_address_description()?
Yep-this is probably a good idea. Will send a respin in a little bit
>
>
> > if (!addr)
> > return;
> > --
> > 2.21.0
> >
--
Cheers,
Lyude Paul
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-10-22 17:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-22 2:18 [RFC] kasan: include the hashed pointer for an object's location Lyude Paul
2019-10-22 2:27 ` Dmitry Vyukov
2019-10-22 2:27 ` Dmitry Vyukov
2019-10-22 17:22 ` Lyude Paul
2019-10-22 17:22 ` Lyude Paul
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.