From: liuwenliang@huawei.com (Abbott Liu)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 00/11] KASan for arm
Date: Wed, 11 Oct 2017 16:22:16 +0800 [thread overview]
Message-ID: <20171011082227.20546-1-liuwenliang@huawei.com> (raw)
Hi,all:
These patches add arch specific code for kernel address sanitizer
(see Documentation/kasan.txt).
1/8 of kernel addresses reserved for shadow memory. There was no
big enough hole for this, so virtual addresses for shadow were
stolen from user space.
At early boot stage the whole shadow region populated with just
one physical page (kasan_zero_page). Later, this page reused
as readonly zero shadow for some memory that KASan currently
don't track (vmalloc).
After mapping the physical memory, pages for shadow memory are
allocated and mapped.
KASan's stack instrumentation significantly increases stack's
consumption, so CONFIG_KASAN doubles THREAD_SIZE.
Functions like memset/memmove/memcpy do a lot of memory accesses.
If bad pointer passed to one of these function it is important
to catch this. Compiler's instrumentation cannot do this since
these functions are written in assembly.
KASan replaces memory functions with manually instrumented variants.
Original functions declared as weak symbols so strong definitions
in mm/kasan/kasan.c could replace them. Original functions have aliases
with '__' prefix in name, so we could call non-instrumented variant
if needed.
Some files built without kasan instrumentation (e.g. mm/slub.c).
Original mem* function replaced (via #define) with prefixed variants
to disable memory access checks for such files.
On arm LPAE architecture, the mapping table of KASan shadow memory(if
PAGE_OFFSET is 0xc0000000, the KASan shadow memory's virtual space is
0xb6e000000~0xbf000000) can't be filled in do_translation_fault function,
because kasan instrumentation maybe cause do_translation_fault function
accessing KASan shadow memory. The accessing of KASan shadow memory in
do_translation_fault function maybe cause dead circle. So the mapping table
of KASan shadow memory need be copyed in pgd_alloc function.
Most of the code comes from:
https://github.com/aryabinin/linux/commit/0b54f17e70ff50a902c4af05bb92716eb95acefe.
These patches are tested on vexpress-ca15, vexpress-ca9
Cc: Andrey Ryabinin <a.ryabinin@samsung.com>
Tested-by: Abbott Liu <liuwenliang@huawei.com>
Signed-off-by: Abbott Liu <liuwenliang@huawei.com>
Abbott Liu (6):
Define the virtual space of KASan's shadow region
change memory_is_poisoned_16 for aligned error
Add support arm LPAE
Don't need to map the shadow of KASan's shadow memory
Change mapping of kasan_zero_page int readonly
Add KASan layout
Andrey Ryabinin (5):
Initialize the mapping of KASan shadow memory
replace memory function
arm: Kconfig: enable KASan
Disable kasan's instrumentation
Avoid cleaning the KASan shadow area's mapping table
arch/arm/Kconfig | 1 +
arch/arm/boot/compressed/Makefile | 1 +
arch/arm/include/asm/kasan.h | 20 +++
arch/arm/include/asm/kasan_def.h | 51 +++++++
arch/arm/include/asm/memory.h | 5 +
arch/arm/include/asm/pgalloc.h | 5 +-
arch/arm/include/asm/pgtable.h | 1 +
arch/arm/include/asm/proc-fns.h | 33 +++++
arch/arm/include/asm/string.h | 18 ++-
arch/arm/include/asm/thread_info.h | 4 +
arch/arm/kernel/entry-armv.S | 7 +-
arch/arm/kernel/head-common.S | 4 +
arch/arm/kernel/setup.c | 2 +
arch/arm/kernel/unwind.c | 3 +-
arch/arm/lib/memcpy.S | 3 +
arch/arm/lib/memmove.S | 5 +-
arch/arm/lib/memset.S | 3 +
arch/arm/mm/Makefile | 5 +
arch/arm/mm/init.c | 6 +
arch/arm/mm/kasan_init.c | 265 +++++++++++++++++++++++++++++++++++++
arch/arm/mm/mmu.c | 7 +-
arch/arm/mm/pgd.c | 12 ++
arch/arm/vdso/Makefile | 2 +
mm/kasan/kasan.c | 22 ++-
24 files changed, 478 insertions(+), 7 deletions(-)
create mode 100644 arch/arm/include/asm/kasan.h
create mode 100644 arch/arm/include/asm/kasan_def.h
create mode 100644 arch/arm/mm/kasan_init.c
--
2.9.0
next reply other threads:[~2017-10-11 8:22 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-11 8:22 Abbott Liu [this message]
2017-10-11 8:22 ` [PATCH 01/11] Initialize the mapping of KASan shadow memory Abbott Liu
2017-10-11 19:39 ` Florian Fainelli
2017-10-11 21:41 ` Russell King - ARM Linux
2017-10-17 13:28 ` Liuwenliang (Lamb)
2017-10-11 23:42 ` Dmitry Osipenko
2017-10-19 6:52 ` Liuwenliang (Lamb)
2017-10-19 12:01 ` Russell King - ARM Linux
2018-02-26 13:09 ` 答复: " Liuwenliang (Abbott Liu)
2017-10-12 7:58 ` Marc Zyngier
2017-11-09 7:46 ` Liuwenliang (Abbott Liu)
2017-11-09 10:10 ` Marc Zyngier
2017-11-15 10:20 ` Liuwenliang (Abbott Liu)
2017-11-15 10:35 ` Marc Zyngier
2017-11-15 13:16 ` Liuwenliang (Abbott Liu)
2017-11-15 13:54 ` Marc Zyngier
2017-11-16 3:07 ` Liuwenliang (Abbott Liu)
2017-11-16 9:54 ` Marc Zyngier
2017-11-16 14:24 ` Liuwenliang (Abbott Liu)
2017-11-16 14:40 ` Marc Zyngier
2017-11-17 1:39 ` 答复: " Liuwenliang (Abbott Liu)
2017-11-17 7:18 ` Liuwenliang (Abbott Liu)
2017-11-17 7:35 ` Christoffer Dall
2017-11-18 10:40 ` Liuwenliang (Abbott Liu)
2017-11-18 13:48 ` Marc Zyngier
2017-11-21 7:59 ` 答复: " Liuwenliang (Abbott Liu)
2017-11-21 9:40 ` Russell King - ARM Linux
2017-11-21 9:46 ` Marc Zyngier
2017-11-21 12:29 ` Mark Rutland
2017-11-22 12:56 ` Liuwenliang (Abbott Liu)
2017-11-22 13:06 ` Marc Zyngier
2017-11-23 1:54 ` Liuwenliang (Abbott Liu)
2017-11-23 15:22 ` Russell King - ARM Linux
2017-11-27 1:23 ` Liuwenliang (Abbott Liu)
2017-11-23 15:31 ` Mark Rutland
2017-11-27 1:26 ` 答复: " Liuwenliang (Abbott Liu)
2017-10-19 11:09 ` Russell King - ARM Linux
2018-02-24 14:28 ` Liuwenliang (Abbott Liu)
2017-10-11 8:22 ` [PATCH 02/11] replace memory function Abbott Liu
2017-10-19 12:05 ` Russell King - ARM Linux
2017-10-22 12:42 ` 答复: " Liuwenliang (Lamb)
2017-10-11 8:22 ` [PATCH 03/11] arm: Kconfig: enable KASan Abbott Liu
2017-10-11 19:15 ` Florian Fainelli
2017-10-19 12:34 ` Russell King - ARM Linux
2017-10-22 12:27 ` Liuwenliang (Lamb)
2017-10-11 8:22 ` [PATCH 04/11] Define the virtual space of KASan's shadow region Abbott Liu
2017-10-14 11:41 ` kbuild test robot
2017-10-16 11:42 ` Liuwenliang (Lamb)
2017-10-16 12:14 ` Ard Biesheuvel
2017-10-17 11:27 ` Liuwenliang (Lamb)
2017-10-17 11:52 ` Ard Biesheuvel
2017-10-17 13:02 ` Liuwenliang (Lamb)
2017-10-19 12:43 ` Russell King - ARM Linux
2017-10-22 12:12 ` Liuwenliang (Lamb)
2017-10-19 12:41 ` Russell King - ARM Linux
2017-10-19 12:40 ` Russell King - ARM Linux
2017-10-11 8:22 ` [PATCH 05/11] Disable kasan's instrumentation Abbott Liu
2017-10-11 19:16 ` Florian Fainelli
2017-10-19 12:47 ` Russell King - ARM Linux
2017-11-15 10:19 ` Liuwenliang (Abbott Liu)
2017-10-11 8:22 ` [PATCH 06/11] change memory_is_poisoned_16 for aligned error Abbott Liu
2017-10-11 23:23 ` Andrew Morton
2017-10-12 7:16 ` Dmitry Vyukov
2017-10-12 11:27 ` Liuwenliang (Lamb)
2017-10-19 12:51 ` Russell King - ARM Linux
2017-12-05 14:19 ` Liuwenliang (Abbott Liu)
2017-12-05 17:08 ` Ard Biesheuvel
2017-10-11 8:22 ` [PATCH 07/11] Avoid cleaning the KASan shadow area's mapping table Abbott Liu
2017-10-11 8:22 ` [PATCH 08/11] Add support arm LPAE Abbott Liu
2017-10-11 8:22 ` [PATCH 09/11] Don't need to map the shadow of KASan's shadow memory Abbott Liu
2017-10-19 12:55 ` Russell King - ARM Linux
2017-10-22 12:31 ` Liuwenliang (Lamb)
2017-10-11 8:22 ` [PATCH 10/11] Change mapping of kasan_zero_page int readonly Abbott Liu
2017-10-11 19:19 ` Florian Fainelli
2017-10-11 8:22 ` [PATCH 11/11] Add KASan layout Abbott Liu
2017-10-11 19:13 ` [PATCH 00/11] KASan for arm Florian Fainelli
2017-10-11 19:50 ` Florian Fainelli
[not found] ` <44c86924-930b-3eff-55b8-b02c9060ebe3@gmail.com>
2017-10-11 22:10 ` Laura Abbott
2017-10-11 22:58 ` Russell King - ARM Linux
2017-10-17 12:41 ` Liuwenliang (Lamb)
2017-10-12 4:55 ` Liuwenliang (Lamb)
2017-10-12 7:38 ` Arnd Bergmann
2017-10-17 1:04 ` 答复: " Liuwenliang (Lamb)
2018-02-13 18:40 ` Florian Fainelli
2018-02-23 2:10 ` Liuwenliang (Abbott Liu)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171011082227.20546-1-liuwenliang@huawei.com \
--to=liuwenliang@huawei.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).