From: Alexander Potapenko <glider@google.com>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Dave Jones <davej@codemonkey.org.uk>,
Vegard Nossum <vegard.nossum@oracle.com>,
Sasha Levin <alexander.levin@verizon.com>,
Dmitry Vyukov <dvyukov@google.com>,
kasan-dev <kasan-dev@googlegroups.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux Memory Management List <linux-mm@kvack.org>
Subject: Re: [PATCH 6/6] kasan: improve double-free reports.
Date: Tue, 2 Aug 2016 14:53:50 +0200 [thread overview]
Message-ID: <CAG_fn=ViiZ+WnL_c6vMg5-4HFeBjMJfm9RU15XO6uVKet+YD_w@mail.gmail.com> (raw)
In-Reply-To: <57A0933F.8000706@virtuozzo.com>
On Tue, Aug 2, 2016 at 2:34 PM, Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
>
>
> On 08/02/2016 02:39 PM, Alexander Potapenko wrote:
>
>>> +static void kasan_end_report(unsigned long *flags)
>>> +{
>>> + pr_err("==================================================================\n");
>>> + add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
>> Don't we want to add the taint as early as possible once we've
>> detected the error?
>
> What for?
> It certainly shouldn't be before dump_stack(), otherwise on the first report the kernel will claimed as tainted.
Ah, got it. Fair enough.
>
>>>
>>> +void kasan_report_double_free(struct kmem_cache *cache, void *object,
>>> + s8 shadow)
>>> +{
>>> + unsigned long flags;
>>> +
>>> + kasan_start_report(&flags);
>>> + pr_err("BUG: Double free or corrupt pointer\n");
>> How about "Double free or freeing an invalid pointer\n"?
>> I think "corrupt pointer" doesn't exactly reflect where the bug is.
>
> Ok
>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
WARNING: multiple messages have this Message-ID (diff)
From: Alexander Potapenko <glider@google.com>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Dave Jones <davej@codemonkey.org.uk>,
Vegard Nossum <vegard.nossum@oracle.com>,
Sasha Levin <alexander.levin@verizon.com>,
Dmitry Vyukov <dvyukov@google.com>,
kasan-dev <kasan-dev@googlegroups.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux Memory Management List <linux-mm@kvack.org>
Subject: Re: [PATCH 6/6] kasan: improve double-free reports.
Date: Tue, 2 Aug 2016 14:53:50 +0200 [thread overview]
Message-ID: <CAG_fn=ViiZ+WnL_c6vMg5-4HFeBjMJfm9RU15XO6uVKet+YD_w@mail.gmail.com> (raw)
In-Reply-To: <57A0933F.8000706@virtuozzo.com>
On Tue, Aug 2, 2016 at 2:34 PM, Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
>
>
> On 08/02/2016 02:39 PM, Alexander Potapenko wrote:
>
>>> +static void kasan_end_report(unsigned long *flags)
>>> +{
>>> + pr_err("==================================================================\n");
>>> + add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
>> Don't we want to add the taint as early as possible once we've
>> detected the error?
>
> What for?
> It certainly shouldn't be before dump_stack(), otherwise on the first report the kernel will claimed as tainted.
Ah, got it. Fair enough.
>
>>>
>>> +void kasan_report_double_free(struct kmem_cache *cache, void *object,
>>> + s8 shadow)
>>> +{
>>> + unsigned long flags;
>>> +
>>> + kasan_start_report(&flags);
>>> + pr_err("BUG: Double free or corrupt pointer\n");
>> How about "Double free or freeing an invalid pointer\n"?
>> I think "corrupt pointer" doesn't exactly reflect where the bug is.
>
> Ok
>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-08-02 12:57 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-01 14:45 [PATCH 1/6] mm/kasan: fix corruptions and false positive reports Andrey Ryabinin
2016-08-01 14:45 ` Andrey Ryabinin
2016-08-01 14:45 ` [PATCH 2/6] mm/kasan: don't reduce quarantine in atomic contexts Andrey Ryabinin
2016-08-01 14:45 ` Andrey Ryabinin
2016-08-02 11:42 ` Alexander Potapenko
2016-08-02 11:42 ` Alexander Potapenko
2016-08-01 14:45 ` [PATCH 3/6] mm/kasan, slub: don't disable interrupts when object leaves quarantine Andrey Ryabinin
2016-08-01 14:45 ` Andrey Ryabinin
2016-08-01 14:47 ` Alexander Potapenko
2016-08-01 14:47 ` Alexander Potapenko
2016-08-01 14:45 ` [PATCH 4/6] mm/kasan: get rid of ->alloc_size in struct kasan_alloc_meta Andrey Ryabinin
2016-08-01 14:45 ` Andrey Ryabinin
2016-08-01 14:45 ` [PATCH 5/6] mm/kasan: get rid of ->state " Andrey Ryabinin
2016-08-01 14:45 ` Andrey Ryabinin
2016-08-02 12:37 ` Alexander Potapenko
2016-08-02 12:37 ` Alexander Potapenko
2016-08-01 14:45 ` [PATCH 6/6] kasan: improve double-free reports Andrey Ryabinin
2016-08-01 14:45 ` Andrey Ryabinin
2016-08-02 11:39 ` Alexander Potapenko
2016-08-02 11:39 ` Alexander Potapenko
2016-08-02 12:05 ` Alexander Potapenko
2016-08-02 12:05 ` Alexander Potapenko
2016-08-02 12:34 ` Andrey Ryabinin
2016-08-02 12:34 ` Andrey Ryabinin
2016-08-02 12:53 ` Alexander Potapenko [this message]
2016-08-02 12:53 ` Alexander Potapenko
2016-08-02 16:00 ` [PATCH] kasan-improve-double-free-reports-fix Andrey Ryabinin
2016-08-02 16:00 ` Andrey Ryabinin
2016-08-01 14:45 ` [PATCH 1/6] mm/kasan: fix corruptions and false positive reports Alexander Potapenko
2016-08-01 14:45 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG_fn=ViiZ+WnL_c6vMg5-4HFeBjMJfm9RU15XO6uVKet+YD_w@mail.gmail.com' \
--to=glider@google.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.levin@verizon.com \
--cc=aryabinin@virtuozzo.com \
--cc=davej@codemonkey.org.uk \
--cc=dvyukov@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.