From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96FBDC54EE9 for ; Tue, 13 Sep 2022 04:00:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C18996B0072; Tue, 13 Sep 2022 00:00:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BC6018D0001; Tue, 13 Sep 2022 00:00:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A8F036B0074; Tue, 13 Sep 2022 00:00:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 995626B0072 for ; Tue, 13 Sep 2022 00:00:13 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 73CEC8088F for ; Tue, 13 Sep 2022 04:00:13 +0000 (UTC) X-FDA: 79905709506.12.3F2CCA9 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by imf07.hostedemail.com (Postfix) with ESMTP id 1CD474008B for ; Tue, 13 Sep 2022 04:00:12 +0000 (UTC) Received: by mail-wr1-f50.google.com with SMTP id z12so397699wrp.9 for ; Mon, 12 Sep 2022 21:00:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=tLzfemK94ccJN8xFwB/gjaf5FTSGs6wi566JJO0+Q0k=; b=f7LnaQLYkZqS9SBkr6eJ3S6O+IMFV80vICMwvsDtWhXqe/r4PMg4ocxZK/bLg49G3l VEwnlZUeXbzXXI75Fp/KQvzKQkG2msIFBQnZS7FZMH5uC90pNXz2Vn0pUhVJqMkMJ+PG xNUvfkeP6q+q4QoIja63P+joCJ1l4NjzE0GoByIOVT4AYlS4TsZ5yMBt0rWE1zA2tzCt p0W/leMQKo4NWItdy/kYv4rMvUQe3FuXeRDf7NYLTNx3XTrwqozUVLAp2dnK/2nHT0IP 6/C+BbvzTq0vkJ/OiMcNTJlV5fO/+9rWbCOvu3RgpHgiwi/B50oc4W5OTR+J7tMqEX1a W2Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=tLzfemK94ccJN8xFwB/gjaf5FTSGs6wi566JJO0+Q0k=; b=V08gAw8BrtXqNFUTl7lT9ezHTlfMZdEKphN+YEMnv6vft6PUMjvcLLJ+Wrk79EBZPV /XKkM9AWChspGxpaUS99GFlwhcY2NmxPA8RCUCMRfHGGFWdrqxep3G3fMMfiOw20H9lt evYGZ5tWGrVVvNQA5O/DxM/WKBbz6YwZdcA+puxFK3S8Mfh0uofB65JXzPvSi5FMREVo ajUMcRNWUMIV3bPyPMNEGj+nFZWz5OVz4TigeiRgr+RvKkIoroIv/1zPLiOoCWhvfXKh uGSXonPs5E/jqD/Yz/LCOAUQ9ivV/jNgvp+R76pyx/x+rRGI6J8/ufNmGNHxOxBMxtEi QTfA== X-Gm-Message-State: ACgBeo2XUqhjOArUGJ7zzE331VAbzj3KvKfeOjxhlQNaSWMR5SFAJJtC idnqt8kDpIrht8sQ23R5ScBafUOVNwqFZ1qx86oRIw== X-Google-Smtp-Source: AA6agR5dhKOUJQvVlKANom/q3QBP/nDnS2xLHZNBDvUa95hbiLH8nhLXpo//pTAZL00BYily2tRzWzpp2V834MogRe4= X-Received: by 2002:a5d:4090:0:b0:22a:3ba5:18fd with SMTP id o16-20020a5d4090000000b0022a3ba518fdmr11212886wrp.572.1663041611318; Mon, 12 Sep 2022 21:00:11 -0700 (PDT) MIME-Version: 1.0 References: <20220910052426.943376-1-pcc@google.com> In-Reply-To: From: Peter Collingbourne Date: Mon, 12 Sep 2022 21:00:00 -0700 Message-ID: Subject: Re: [PATCH] kasan: also display registers for reports from HW exceptions To: Andrey Konovalov Cc: Catalin Marinas , Vincenzo Frascino , Andrew Morton , Linux ARM , kasan-dev , Linux Memory Management List Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1663041613; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=tLzfemK94ccJN8xFwB/gjaf5FTSGs6wi566JJO0+Q0k=; b=FpRPoi6D9Qn1HXyBoHK5sNqnu077j/SEoCHdmJlhMMAY829DgM3IyuXj6ux7ojBEDTc7yK XsqpQQdIIkDUyzZurqt9ATUsamSo/kD9Ix006Gm9N4eEnE6yNyW4+ucgeDOXlWGWmDHUhP iQ86J251x1+diJaTBp/pMydo8V7Y7II= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=f7LnaQLY; spf=pass (imf07.hostedemail.com: domain of pcc@google.com designates 209.85.221.50 as permitted sender) smtp.mailfrom=pcc@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1663041613; a=rsa-sha256; cv=none; b=PfkGIon089P1Yfy9vx30OHkXI+hNo2ciUUTn8dcKz+ewBRMzMmctU5YU4q5PgCz5pvjOdO YO0uTG64D0hM5mc+VBRJmn24ufYr8kij1HPHADzRwzsaWvsKOAQ5WpPT7dg+fsngUMql5g CdMJLiHGc4EGr4bYb79iTGzsawxsxIU= X-Stat-Signature: 8qsj3qf4b1zedt3ph7zkpduthffpdoam X-Rspamd-Queue-Id: 1CD474008B Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=f7LnaQLY; spf=pass (imf07.hostedemail.com: domain of pcc@google.com designates 209.85.221.50 as permitted sender) smtp.mailfrom=pcc@google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1663041612-358057 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Sep 10, 2022 at 2:40 PM Andrey Konovalov wrote: > > On Sat, Sep 10, 2022 at 7:24 AM Peter Collingbourne wrote: > > > > It is sometimes useful to know the values of the registers when a KASAN > > report is generated. > > Hi Peter, > > What are the cases when the register values are useful? They are > "corrupted" by KASAN runtime anyway and thus are not relevant to the > place in code where the bad access happened. > > Thanks! Hi Andrey, The most useful case would be for tag check faults with HW tags based KASAN where the errant instruction would result in an immediate exception which gives the kernel the opportunity to save all of the registers to the struct pt_regs. For SW tags based KASAN with inline checks it is less useful because some registers will have been used to perform the check but I imagine that in some cases even that could be better than nothing. Peter > > We can do this easily for reports that resulted from > > a hardware exception by passing the struct pt_regs from the exception into > > the report function; do so. > > > > Signed-off-by: Peter Collingbourne > > --- > > Applies to -next. > > > > arch/arm64/kernel/traps.c | 3 +-- > > arch/arm64/mm/fault.c | 2 +- > > include/linux/kasan.h | 10 ++++++++++ > > mm/kasan/kasan.h | 1 + > > mm/kasan/report.c | 27 ++++++++++++++++++++++----- > > 5 files changed, 35 insertions(+), 8 deletions(-) > > > > diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c > > index b7fed33981f7..42f05f38c90a 100644 > > --- a/arch/arm64/kernel/traps.c > > +++ b/arch/arm64/kernel/traps.c > > @@ -1019,9 +1019,8 @@ static int kasan_handler(struct pt_regs *regs, unsigned long esr) > > bool write = esr & KASAN_ESR_WRITE; > > size_t size = KASAN_ESR_SIZE(esr); > > u64 addr = regs->regs[0]; > > - u64 pc = regs->pc; > > > > - kasan_report(addr, size, write, pc); > > + kasan_report_regs(addr, size, write, regs); > > > > /* > > * The instrumentation allows to control whether we can proceed after > > diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c > > index 5b391490e045..c4b91f5d8cc8 100644 > > --- a/arch/arm64/mm/fault.c > > +++ b/arch/arm64/mm/fault.c > > @@ -316,7 +316,7 @@ static void report_tag_fault(unsigned long addr, unsigned long esr, > > * find out access size. > > */ > > bool is_write = !!(esr & ESR_ELx_WNR); > > - kasan_report(addr, 0, is_write, regs->pc); > > + kasan_report_regs(addr, 0, is_write, regs); > > } > > #else > > /* Tag faults aren't enabled without CONFIG_KASAN_HW_TAGS. */ > > diff --git a/include/linux/kasan.h b/include/linux/kasan.h > > index d811b3d7d2a1..381aea149353 100644 > > --- a/include/linux/kasan.h > > +++ b/include/linux/kasan.h > > @@ -353,6 +353,16 @@ static inline void *kasan_reset_tag(const void *addr) > > bool kasan_report(unsigned long addr, size_t size, > > bool is_write, unsigned long ip); > > > > +/** > > + * kasan_report_regs - print a report about a bad memory access detected by KASAN > > + * @addr: address of the bad access > > + * @size: size of the bad access > > + * @is_write: whether the bad access is a write or a read > > + * @regs: register values at the point of the bad memory access > > + */ > > +bool kasan_report_regs(unsigned long addr, size_t size, bool is_write, > > + struct pt_regs *regs); > > + > > #else /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ > > > > static inline void *kasan_reset_tag(const void *addr) > > diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h > > index abbcc1b0eec5..39772c21a8ae 100644 > > --- a/mm/kasan/kasan.h > > +++ b/mm/kasan/kasan.h > > @@ -175,6 +175,7 @@ struct kasan_report_info { > > size_t access_size; > > bool is_write; > > unsigned long ip; > > + struct pt_regs *regs; > > > > /* Filled in by the common reporting code. */ > > void *first_bad_addr; > > diff --git a/mm/kasan/report.c b/mm/kasan/report.c > > index 39e8e5a80b82..eac9cd45b4a1 100644 > > --- a/mm/kasan/report.c > > +++ b/mm/kasan/report.c > > @@ -24,6 +24,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -284,7 +285,6 @@ static void print_address_description(void *addr, u8 tag, > > { > > struct page *page = addr_to_page(addr); > > > > - dump_stack_lvl(KERN_ERR); > > pr_err("\n"); > > > > if (info->cache && info->object) { > > @@ -394,11 +394,14 @@ static void print_report(struct kasan_report_info *info) > > kasan_print_tags(tag, info->first_bad_addr); > > pr_err("\n"); > > > > + if (info->regs) > > + show_regs(info->regs); > > + else > > + dump_stack_lvl(KERN_ERR); > > + > > if (addr_has_metadata(addr)) { > > print_address_description(addr, tag, info); > > print_memory_metadata(info->first_bad_addr); > > - } else { > > - dump_stack_lvl(KERN_ERR); > > } > > } > > > > @@ -458,8 +461,8 @@ void kasan_report_invalid_free(void *ptr, unsigned long ip, enum kasan_report_ty > > * user_access_save/restore(): kasan_report_invalid_free() cannot be called > > * from a UACCESS region, and kasan_report_async() is not used on x86. > > */ > > -bool kasan_report(unsigned long addr, size_t size, bool is_write, > > - unsigned long ip) > > +static bool __kasan_report(unsigned long addr, size_t size, bool is_write, > > + unsigned long ip, struct pt_regs *regs) > > { > > bool ret = true; > > void *ptr = (void *)addr; > > @@ -480,6 +483,7 @@ bool kasan_report(unsigned long addr, size_t size, bool is_write, > > info.access_size = size; > > info.is_write = is_write; > > info.ip = ip; > > + info.regs = regs; > > > > complete_report_info(&info); > > > > @@ -493,6 +497,19 @@ bool kasan_report(unsigned long addr, size_t size, bool is_write, > > return ret; > > } > > > > +bool kasan_report(unsigned long addr, size_t size, bool is_write, > > + unsigned long ip) > > +{ > > + return __kasan_report(addr, size, is_write, ip, NULL); > > +} > > + > > +bool kasan_report_regs(unsigned long addr, size_t size, bool is_write, > > + struct pt_regs *regs) > > +{ > > + return __kasan_report(addr, size, is_write, instruction_pointer(regs), > > + regs); > > +} > > + > > #ifdef CONFIG_KASAN_HW_TAGS > > void kasan_report_async(void) > > { > > -- > > 2.37.2.789.g6183377224-goog > >