From: Andrew Morton <akpm@linux-foundation.org>
To: akpm@linux-foundation.org, andreyknvl@google.com,
aryabinin@virtuozzo.com, catalin.marinas@arm.com,
dvyukov@google.com, glider@google.com, leonro@mellanox.com,
linux-mm@kvack.org, mark.rutland@arm.com,
mm-commits@vger.kernel.org, naresh.kamboju@linaro.org,
paulmck@kernel.org, torvalds@linux-foundation.org,
vincenzo.frascino@arm.com, will@kernel.org
Subject: [patch 14/18] kasan: add explicit preconditions to kasan_report()
Date: Thu, 04 Feb 2021 18:32:49 -0800 [thread overview]
Message-ID: <20210205023249.Y8UAdjnLD%akpm@linux-foundation.org> (raw)
In-Reply-To: <20210204183135.e123f0d6027529f2cf500cf2@linux-foundation.org>
From: Vincenzo Frascino <vincenzo.frascino@arm.com>
Subject: kasan: add explicit preconditions to kasan_report()
Patch series "kasan: Fix metadata detection for KASAN_HW_TAGS", v5.
With the introduction of KASAN_HW_TAGS, kasan_report() currently assumes
that every location in memory has valid metadata associated. This is due
to the fact that addr_has_metadata() returns always true.
As a consequence of this, an invalid address (e.g. NULL pointer address)
passed to kasan_report() when KASAN_HW_TAGS is enabled, leads to a kernel
panic.
Example below, based on arm64:
==================================================================
BUG: KASAN: invalid-access in 0x0
Read at addr 0000000000000000 by task swapper/0/1
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
ESR = 0x96000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
...
Call trace:
mte_get_mem_tag+0x24/0x40
kasan_report+0x1a4/0x410
alsa_sound_last_init+0x8c/0xa4
do_one_initcall+0x50/0x1b0
kernel_init_freeable+0x1d4/0x23c
kernel_init+0x14/0x118
ret_from_fork+0x10/0x34
Code: d65f03c0 9000f021 f9428021 b6cfff61 (d9600000)
---[ end trace 377c8bb45bdd3a1a ]---
hrtimer: interrupt took 48694256 ns
note: swapper/0[1] exited with preempt_count 1
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
SMP: stopping secondary CPUs
Kernel Offset: 0x35abaf140000 from 0xffff800010000000
PHYS_OFFSET: 0x40000000
CPU features: 0x0a7e0152,61c0a030
Memory Limit: none
---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
This series fixes the behavior of addr_has_metadata() that now returns
true only when the address is valid.
This patch (of 2):
With the introduction of KASAN_HW_TAGS, kasan_report() accesses the
metadata only when addr_has_metadata() succeeds.
Add a comment to make sure that the preconditions to the function are
explicitly clarified.
Link: https://lkml.kernel.org/r/20210126134409.47894-1-vincenzo.frascino@arm.com
Link: https://lkml.kernel.org/r/20210126134409.47894-2-vincenzo.frascino@arm.com
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Leon Romanovsky <leonro@mellanox.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: "Paul E . McKenney" <paulmck@kernel.org>
Cc: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
include/linux/kasan.h | 7 +++++++
1 file changed, 7 insertions(+)
--- a/include/linux/kasan.h~kasan-add-explicit-preconditions-to-kasan_report
+++ a/include/linux/kasan.h
@@ -333,6 +333,13 @@ static inline void *kasan_reset_tag(cons
return (void *)arch_kasan_reset_tag(addr);
}
+/**
+ * kasan_report - print a report about a bad memory access detected by KASAN
+ * @addr: address of the bad access
+ * @size: size of the bad access
+ * @is_write: whether the bad access is a write or a read
+ * @ip: instruction pointer for the accessibility check or the bad access itself
+ */
bool kasan_report(unsigned long addr, size_t size,
bool is_write, unsigned long ip);
_
next prev parent reply other threads:[~2021-02-05 2:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-05 2:31 incoming Andrew Morton
2021-02-05 2:32 ` [patch 01/18] mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page Andrew Morton
2021-02-05 2:32 ` [patch 02/18] mm: hugetlb: fix a race between freeing and dissolving the page Andrew Morton
2021-02-05 2:32 ` [patch 03/18] mm: hugetlb: fix a race between isolating and freeing page Andrew Morton
2021-02-05 2:32 ` [patch 04/18] mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active Andrew Morton
2021-02-05 2:32 ` [patch 05/18] mm: migrate: do not migrate HugeTLB page whose refcount is one Andrew Morton
2021-02-05 2:32 ` [patch 06/18] mm, compaction: move high_pfn to the for loop scope Andrew Morton
2021-02-05 2:32 ` [patch 07/18] mm/vmalloc: separate put pages and flush VM flags Andrew Morton
2021-02-05 2:32 ` [patch 08/18] init/gcov: allow CONFIG_CONSTRUCTORS on UML to fix module gcov Andrew Morton
2021-02-05 2:32 ` [patch 09/18] mm: thp: fix MADV_REMOVE deadlock on shmem THP Andrew Morton
2021-02-05 2:32 ` [patch 10/18] memblock: do not start bottom-up allocations with kernel_end Andrew Morton
2021-02-05 2:32 ` [patch 11/18] mailmap: fix name/email for Viresh Kumar Andrew Morton
2021-02-05 2:32 ` [patch 12/18] mailmap: add entries for Manivannan Sadhasivam Andrew Morton
2021-02-05 2:32 ` [patch 13/18] mm/filemap: add missing mem_cgroup_uncharge() to __add_to_page_cache_locked() Andrew Morton
2021-02-05 2:32 ` Andrew Morton [this message]
2021-02-05 2:32 ` [patch 15/18] kasan: make addr_has_metadata() return true for valid addresses Andrew Morton
2021-02-05 2:32 ` [patch 16/18] ubsan: implement __ubsan_handle_alignment_assumption Andrew Morton
2021-02-05 2:33 ` [patch 17/18] mm: hugetlb: fix missing put_page in gather_surplus_pages() Andrew Morton
2021-02-05 2:33 ` [patch 18/18] MAINTAINERS/.mailmap: use my @kernel.org address Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210205023249.Y8UAdjnLD%akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=leonro@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=mm-commits@vger.kernel.org \
--cc=naresh.kamboju@linaro.org \
--cc=paulmck@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.