From patchwork Mon Nov 6 20:10:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162159 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2901647vqu; Mon, 6 Nov 2023 12:11:09 -0800 (PST) X-Google-Smtp-Source: AGHT+IGzpjGXamGS9kZL2TO5+BjxSLvl7E9asAELrHBv0sb//rwV+CLKk+6i+IBzO1cyQ4MPA0SA X-Received: by 2002:a05:6a20:9185:b0:15e:7323:5bf3 with SMTP id v5-20020a056a20918500b0015e73235bf3mr685452pzd.26.1699301469112; Mon, 06 Nov 2023 12:11:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301469; cv=none; d=google.com; s=arc-20160816; b=ny9/8JjM80HN5GlXsFzFDGY8feHH+wC7k8RG+pJjrzue+QIcSXMFCcykpuQcSSW86P 11sctjShxAfieA/Lj6xKlCL01dgpEngMSVW6mvs/5BfmLv/L/EyiiQah0HV7uiNFZxFY ZvIvm+KF80mhVoy04K6ZC0F81CaNCDLD79XrOPVwFnqXiBVkZeq+nJEpVpC704RDk/Vu 3/1OrsdbfSoqEgQQtLSvsK6ACKxgGqOtZIuLGwIJO+nP7Fo6omzjuiDwxTVGPM17MHUy P4kSEpxgBpXqMGdTYoHcn5vrxAOm/Gtbd9XC3CxbCU9lVthAsj/fNaUbXx/Vujh7Yxah hhBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5zUveeaHubKwNWv/mUHyod8asGDxf8HEl2nDgxq3m5s=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=RSBbEBXiLUfIobWRUNaUwms4X2qrPA/AIAC0sDmdljo1vnw/gD2EMbg/2/PXI6gIdR Eg984BRrKd3RQoCqX/4EgSLEPfQjV8kdidcfMr5hf/v1dTiwkcpRoDpNvRMJp5O5PGth 3RaCybKkR4Wy3Fn47NB6kGDdHC2TM3lSDXgZMZ/GJzEpNuA0B4JuEPuQyJ3GRzlzyLV2 3PrL3+EBMtnTSZN9TD7Elm73uQ4FwoJsZ06aNrwIQWHQbJJ2iU2QaL0wY2nb/Hg330/p yb8pxaxQwoa5HZZI/Cm1SNxLQGsINShK74p9ZV0CGC+JtLUQW628KtV8xAOM/N3qM7t8 TwNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=L3cpdQsl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id bs69-20020a632848000000b005b3b8896199si362589pgb.591.2023.11.06.12.11.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:11:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=L3cpdQsl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id A9EDB8032A13; Mon, 6 Nov 2023 12:10:57 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232940AbjKFUKl (ORCPT + 34 others); Mon, 6 Nov 2023 15:10:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46538 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232321AbjKFUKk (ORCPT ); Mon, 6 Nov 2023 15:10:40 -0500 Received: from out-176.mta1.migadu.com (out-176.mta1.migadu.com [IPv6:2001:41d0:203:375::b0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EA45BD77 for ; Mon, 6 Nov 2023 12:10:35 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301434; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5zUveeaHubKwNWv/mUHyod8asGDxf8HEl2nDgxq3m5s=; b=L3cpdQsl8rkb7JZtwAIC4eCSnezYGVtiw98SxiDVzYCV5xe1AfbsSj6usun1a4l+c+qqRu z1J/4gwLmo5D3p+Kwl2i4n8TQXJgQGILOLkaKmpXlQWt0svPMKOeoNq+e2E1zahPLmA8Hc UdUKlPDzpckCJ729haSLr62Qg8EuqI4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 01/20] kasan: rename kasan_slab_free_mempool to kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:10 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:10:57 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846736890380378 X-GMAIL-MSGID: 1781846736890380378 From: Andrey Konovalov Rename kasan_slab_free_mempool to kasan_mempool_poison_object. kasan_slab_free_mempool is a slightly confusing name: it is unclear whether this function poisons the object when it is freed into mempool or does something when the object is freed from mempool to the underlying allocator. The new name also aligns with other mempool-related KASAN hooks added in the following patches in this series. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 8 ++++---- io_uring/alloc_cache.h | 3 +-- mm/kasan/common.c | 4 ++-- mm/mempool.c | 2 +- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 72cb693b075b..6310435f528b 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -172,11 +172,11 @@ static __always_inline void kasan_kfree_large(void *ptr) __kasan_kfree_large(ptr, _RET_IP_); } -void __kasan_slab_free_mempool(void *ptr, unsigned long ip); -static __always_inline void kasan_slab_free_mempool(void *ptr) +void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +static __always_inline void kasan_mempool_poison_object(void *ptr) { if (kasan_enabled()) - __kasan_slab_free_mempool(ptr, _RET_IP_); + __kasan_mempool_poison_object(ptr, _RET_IP_); } void * __must_check __kasan_slab_alloc(struct kmem_cache *s, @@ -256,7 +256,7 @@ static inline bool kasan_slab_free(struct kmem_cache *s, void *object, bool init return false; } static inline void kasan_kfree_large(void *ptr) {} -static inline void kasan_slab_free_mempool(void *ptr) {} +static inline void kasan_mempool_poison_object(void *ptr) {} static inline void *kasan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags, bool init) { diff --git a/io_uring/alloc_cache.h b/io_uring/alloc_cache.h index 241245cb54a6..8de0414e8efe 100644 --- a/io_uring/alloc_cache.h +++ b/io_uring/alloc_cache.h @@ -16,8 +16,7 @@ static inline bool io_alloc_cache_put(struct io_alloc_cache *cache, if (cache->nr_cached < cache->max_cached) { cache->nr_cached++; wq_stack_add_head(&entry->node, &cache->list); - /* KASAN poisons object */ - kasan_slab_free_mempool(entry); + kasan_mempool_poison_object(entry); return true; } return false; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 256930da578a..e42d6f349ae2 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -261,7 +261,7 @@ static inline bool ____kasan_kfree_large(void *ptr, unsigned long ip) /* * The object will be poisoned by kasan_poison_pages() or - * kasan_slab_free_mempool(). + * kasan_mempool_poison_object(). */ return false; @@ -272,7 +272,7 @@ void __kasan_kfree_large(void *ptr, unsigned long ip) ____kasan_kfree_large(ptr, ip); } -void __kasan_slab_free_mempool(void *ptr, unsigned long ip) +void __kasan_mempool_poison_object(void *ptr, unsigned long ip) { struct folio *folio; diff --git a/mm/mempool.c b/mm/mempool.c index 734bcf5afbb7..768cb39dc5e2 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -107,7 +107,7 @@ static inline void poison_element(mempool_t *pool, void *element) static __always_inline void kasan_poison_element(mempool_t *pool, void *element) { if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc) - kasan_slab_free_mempool(element); + kasan_mempool_poison_object(element); else if (pool->alloc == mempool_alloc_pages) kasan_poison_pages(element, (unsigned long)pool->pool_data, false); From patchwork Mon Nov 6 20:10:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162161 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2901757vqu; Mon, 6 Nov 2023 12:11:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IG/zmv7bPZmDSEtn8m7RK7ff0tFpepDG0sc76rnYHZme6s37rUnEN0lG0cKEWJBxuXHnGXq X-Received: by 2002:a17:903:20d4:b0:1cc:2dad:7ae9 with SMTP id i20-20020a17090320d400b001cc2dad7ae9mr24982926plb.32.1699301481614; Mon, 06 Nov 2023 12:11:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301481; cv=none; d=google.com; s=arc-20160816; b=OEstZm66L+BSQMUeDRoKFrY01cLVR8s3MBOoMt651hWrayR5AA2i6ln02xgtvFbVtp /MQiAigxYMocwzjyiIzI3kFcXFK25zc3P/R1blFsdUg5WjeJSiEzigfUGPHSiKUc35vV Jrav8ZTln5+XUC8jUaQFIxot3NiWQ1PNMheq5ULc1kOmN5yMdh9L9PQbP5EyuvX24F+u HeZq3+dsyZc2lWMBLfqab4gYLVh8e3q7E+qrYZz9uzAVyug647oxSnnG5NM5gtpUGoZG 7f1asKw/IWFzSUCJyJEfDWP3TO84umpAuMvut9T4YMrTSuWBcfx0ycJwPmkLJGt7PwLO FyUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=t/Tz91brdE21dTNWs0et2BZxKBCaFAccIIB/OCqkFS0=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=c3DmatketSSFApDSCXXOhiLRa5OM6BnANYswgf/m2AX8vsHKbCzUGkAtH3x5WyRuFa Etzt/8X5TIL+WO/nT+aff5KZCVrA+cKPsLClsiPcRU7xpsFKGjTmd/yJxqGZwTWi6Xcn 09R74jey4adMSxkwUjGMJ6ppQlQNqKAdN516WUTLJlamWrY7v1Knl1YdVHTCXNg0vDsR fSWoI+BfhDP8I7Jybb9JCW69RKHsdOAOYWW02gqjjA3H3seON3epW0UU8hgYLJ7vbd/e pgh5PdY8fkp/DTzCYAj/lfIMCxvvJOgFwIRurGk6yGzVgQTGkQMUiWynbvQxFeZk6wdc rF1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=aaX6KV+U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id k3-20020a170902f28300b001caac2f7aa0si8105615plc.27.2023.11.06.12.11.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:11:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=aaX6KV+U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id E9F3280886B0; Mon, 6 Nov 2023 12:11:02 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233005AbjKFUKw (ORCPT + 34 others); Mon, 6 Nov 2023 15:10:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46570 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232918AbjKFUKl (ORCPT ); Mon, 6 Nov 2023 15:10:41 -0500 Received: from out-171.mta1.migadu.com (out-171.mta1.migadu.com [95.215.58.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 83FB0D7D for ; Mon, 6 Nov 2023 12:10:36 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t/Tz91brdE21dTNWs0et2BZxKBCaFAccIIB/OCqkFS0=; b=aaX6KV+UWkGgoc/tFbUJHDU1fecvP/ug5k2WlsFn/kBP4/GWVGypJrvpu3Uccqw9G1op6n rqju0no4iU0SSp8Rg71WkOaGPzeamqnNgb+RhCgZ6NsdAvgl7d/PZXBvDZBn2USk1I6Xh7 af1WOsyuVc57E+UwVLOlLz3OCEp+fkY= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 02/20] kasan: move kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:11 +0100 Message-Id: <8bf615539d11dba005e01a65267be1c0298887bc.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:11:03 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846750655441643 X-GMAIL-MSGID: 1781846750655441643 From: Andrey Konovalov Move kasan_mempool_poison_object after all slab-related KASAN hooks. This is a preparatory change for the following patches in this series. No functional changes. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 16 +++++++-------- mm/kasan/common.c | 46 +++++++++++++++++++++---------------------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 6310435f528b..0d1f925c136d 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -172,13 +172,6 @@ static __always_inline void kasan_kfree_large(void *ptr) __kasan_kfree_large(ptr, _RET_IP_); } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip); -static __always_inline void kasan_mempool_poison_object(void *ptr) -{ - if (kasan_enabled()) - __kasan_mempool_poison_object(ptr, _RET_IP_); -} - void * __must_check __kasan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags, bool init); static __always_inline void * __must_check kasan_slab_alloc( @@ -219,6 +212,13 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, return (void *)object; } +void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +static __always_inline void kasan_mempool_poison_object(void *ptr) +{ + if (kasan_enabled()) + __kasan_mempool_poison_object(ptr, _RET_IP_); +} + /* * Unlike kasan_check_read/write(), kasan_check_byte() is performed even for * the hardware tag-based mode that doesn't rely on compiler instrumentation. @@ -256,7 +256,6 @@ static inline bool kasan_slab_free(struct kmem_cache *s, void *object, bool init return false; } static inline void kasan_kfree_large(void *ptr) {} -static inline void kasan_mempool_poison_object(void *ptr) {} static inline void *kasan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags, bool init) { @@ -276,6 +275,7 @@ static inline void *kasan_krealloc(const void *object, size_t new_size, { return (void *)object; } +static inline void kasan_mempool_poison_object(void *ptr) {} static inline bool kasan_check_byte(const void *address) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index e42d6f349ae2..69f4c66f0da3 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -272,29 +272,6 @@ void __kasan_kfree_large(void *ptr, unsigned long ip) ____kasan_kfree_large(ptr, ip); } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip) -{ - struct folio *folio; - - folio = virt_to_folio(ptr); - - /* - * Even though this function is only called for kmem_cache_alloc and - * kmalloc backed mempool allocations, those allocations can still be - * !PageSlab() when the size provided to kmalloc is larger than - * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. - */ - if (unlikely(!folio_test_slab(folio))) { - if (____kasan_kfree_large(ptr, ip)) - return; - kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); - } else { - struct slab *slab = folio_slab(folio); - - ____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); - } -} - void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, void *object, gfp_t flags, bool init) { @@ -442,6 +419,29 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag return ____kasan_kmalloc(slab->slab_cache, object, size, flags); } +void __kasan_mempool_poison_object(void *ptr, unsigned long ip) +{ + struct folio *folio; + + folio = virt_to_folio(ptr); + + /* + * Even though this function is only called for kmem_cache_alloc and + * kmalloc backed mempool allocations, those allocations can still be + * !PageSlab() when the size provided to kmalloc is larger than + * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. + */ + if (unlikely(!folio_test_slab(folio))) { + if (____kasan_kfree_large(ptr, ip)) + return; + kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); + } else { + struct slab *slab = folio_slab(folio); + + ____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); + } +} + bool __kasan_check_byte(const void *address, unsigned long ip) { if (!kasan_byte_accessible(address)) { From patchwork Mon Nov 6 20:10:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162160 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2901746vqu; Mon, 6 Nov 2023 12:11:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IFAW573Y+haoVYnmL7uyh4KNO82GbSWHr0QORXsEdUvbqwDx7mT7ujcXj65NvFYYH9YT6mE X-Received: by 2002:a05:6358:6f8d:b0:16b:7049:e8f8 with SMTP id s13-20020a0563586f8d00b0016b7049e8f8mr2300599rwn.12.1699301480683; Mon, 06 Nov 2023 12:11:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301480; cv=none; d=google.com; s=arc-20160816; b=kr8+3doVgk0GgQtMSV95+gqdyNN5zqD5GKwn3qpU3C/l+eFwGe6gvm04X3wK9fGfQe w0RfG9KnbZ5LI6JfqSc8bJDg1NXbLePS7f0SGfnbbO1cUQmPtimzpSAsMFDFoxnSQ0jP 9glJVlN+eE4mYVpumXbp7itiaNsh0rcYhn+CLbShMRLeHL2S5MhB8n3b44MFiHYyGGUI nFxSDDuSF1yzCp46/ktbCGZIe3phBVwjfspXiSJPbg0ni0o0hGOM9o6oZqgh2UMlPYrZ azwO+mXOLSKVHTNvQ+QlNAcwaUIM71em5BYMSdJWp1bUE4Y8eSRMCtqfvFean7/vOTks jzoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=nDVhwjjwJnVTlqgIL3b0i6xOOMbmQ8bjgeF5HzBvdls=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=vnaZR3QKPH7lvevjccb302RTbUb3zg2Wl2vLLEUkpGF/cU6SiXfEB5BAdioB64KNX/ J6h7bBzen7hAJXvPXJm3rLLsiXMwuduN4wuEaWHIT1YMaaeexXsDdXiQ0ZHLexptBl2K V3ELipkibTxsQA6gUa5F1sK3/BQFHRrAVOerJdvpExKwjMd5Se1bXNqchrAzrkDdYofW 4OsxWNWBysPoLPiKVl+9fr/hFZUD3J8NSZB7IodgWGOslk5GPItNFNvkG/wuBU+erGmM tUP0N96hkhcbP6C1t+7UPW7lxtSVmLjFSvkfo5TUwHAJ9vint7dh37HTh3rgssnoHPih rOZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=Z07E7O2S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id v191-20020a6389c8000000b005b96c4292bbsi362472pgd.420.2023.11.06.12.11.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:11:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=Z07E7O2S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 9C04180886AA; Mon, 6 Nov 2023 12:10:59 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232992AbjKFUKs (ORCPT + 34 others); Mon, 6 Nov 2023 15:10:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46552 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232380AbjKFUKk (ORCPT ); Mon, 6 Nov 2023 15:10:40 -0500 Received: from out-175.mta1.migadu.com (out-175.mta1.migadu.com [95.215.58.175]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32D5A10C0 for ; Mon, 6 Nov 2023 12:10:37 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301435; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nDVhwjjwJnVTlqgIL3b0i6xOOMbmQ8bjgeF5HzBvdls=; b=Z07E7O2SjDMyBRw/gSN9ci3NIZpunAPyyaCA7cmKpuMNMpB9/xhAR5qE7hyZk1t7jX+DKx 14Ptj42a2mWVBNIixSLaxs56Zs4E+ThuwbFOTv55BULKHRjR18asj8U8MJh/Z0FNeXZws6 6EI38tuAtGntOeBhrd01a+m6ax6bdrc= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 03/20] kasan: document kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:12 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:10:59 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846749231127678 X-GMAIL-MSGID: 1781846749231127678 From: Andrey Konovalov Add documentation comment for kasan_mempool_poison_object. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 0d1f925c136d..bbf6e2fa4ffd 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -213,6 +213,24 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, } void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +/** + * kasan_mempool_poison_object - Check and poison a mempool slab allocation. + * @ptr: Pointer to the slab allocation. + * + * This function is intended for kernel subsystems that cache slab allocations + * to reuse them instead of freeing them back to the slab allocator (e.g. + * mempool). + * + * This function poisons a slab allocation without initializing its memory and + * without putting it into the quarantine (for the Generic mode). + * + * This function also performs checks to detect double-free and invalid-free + * bugs and reports them. + * + * This function operates on all slab allocations including large kmalloc + * allocations (the ones returned by kmalloc_large() or by kmalloc() with the + * size > KMALLOC_MAX_SIZE). + */ static __always_inline void kasan_mempool_poison_object(void *ptr) { if (kasan_enabled()) From patchwork Mon Nov 6 20:10:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162158 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2901545vqu; Mon, 6 Nov 2023 12:10:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IEyTH95quAURgfSpdVzwbz3rIABA78D4ZcT7QHfZudTsqYc2mXEhf++Xnh/d7+PfzpV7Is+ X-Received: by 2002:a05:6358:16c7:b0:168:eb78:e177 with SMTP id r7-20020a05635816c700b00168eb78e177mr31516527rwl.15.1699301454244; Mon, 06 Nov 2023 12:10:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301454; cv=none; d=google.com; s=arc-20160816; b=f9zrsMQcB3ewplkn8xhMnj64gjHGRjnRX2XAnh0JHFIBoSE12Ro6x/SIQbe0cC3MDw ofgneNmPt3PhUed0bUQIlhychffeIWmbhSGR4q4HlpLlNMjj5//ofj2E+SHrt6s82BYC yskJS6tJiXEhiUWTgzyqTxsTZYEgmZ4jtt09wRUDWS8TtJzhBWghpaIEAlgwUedSmqj4 B4chvW/M0Fpb1XJUt13iTbVw/r+hyr7MDpUOXcLYa3eqZG6v5q1p4x3dPNpedGFyeML8 XOqOwG475rkxbBrGNld8iewqN4L7GRlTt3n5jkI2gvBXVgxCc7oa1KbFj01AErxOjxvt JFaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Hi9wxEG5hyOM24yVF5pvgyGm+UDfsaiMZW2KqzysWxs=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=WRCbCClrz151INKATy+kLLn4wnvs5XEoems0QO9jbIPhpOVlxxQNLACwOOkK34yEJw I/1zTdOHMweMqlicmlgycEFKOouMXtfYSclYR6/nng8+LUhLHzvhgLCa46edAxlJmj9i XKuqIjSx6wfazi6W452hpGJ1z4vriSv07DLI0NN0NTxrsTmgo2tKJm9L+BmDrQzxd3HT 8pinNUK2KLsD921bauz5StCPnN3SXiS4yAZ6CBueaIoOpSE3ZdXkYnqOxDBo6gLRCa6Z OfGso5nEPTGYDp0ur0XSCLlWS8OQ3dUWQKXPe1TwTgq/B+88QDYsUPfGgpdfcRlfwTSE Tf9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=mSKMvKXc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id cf5-20020a056a02084500b005b891b74b31si360274pgb.625.2023.11.06.12.10.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:10:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=mSKMvKXc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id B6BFB801D4B5; Mon, 6 Nov 2023 12:10:52 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232975AbjKFUKo (ORCPT + 34 others); Mon, 6 Nov 2023 15:10:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46558 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232686AbjKFUKk (ORCPT ); Mon, 6 Nov 2023 15:10:40 -0500 Received: from out-175.mta1.migadu.com (out-175.mta1.migadu.com [95.215.58.175]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2AA310C1 for ; Mon, 6 Nov 2023 12:10:37 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hi9wxEG5hyOM24yVF5pvgyGm+UDfsaiMZW2KqzysWxs=; b=mSKMvKXcLKjjTcyMkClrC36gOqKSe1PvNKyag40bJ4xtUzbPDJFYH5kFaBHKeVRgaBbWYV GIZXX51aID/GYcIpaL4fQ+N0sAMZRrmnx9/AYcnXe7Vz4JkkXEyYOmwLRJOMKQdsT311zO FHVzZWec6HA/wWLZY3SvOuHIPVsbkv8= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 04/20] kasan: add return value for kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:13 +0100 Message-Id: <673406599a04fc9ea0111dac01ae9c84f9a01524.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:10:52 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846721545528646 X-GMAIL-MSGID: 1781846721545528646 From: Andrey Konovalov Add a return value for kasan_mempool_poison_object that lets the caller know whether the allocation is affected by a double-free or an invalid-free bug. The caller can use this return value to stop operating on the object. Also introduce a check_page_allocation helper function to improve the code readability. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 17 ++++++++++++----- mm/kasan/common.c | 21 ++++++++++----------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index bbf6e2fa4ffd..33387e254caa 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -212,7 +212,7 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, return (void *)object; } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip); +bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); /** * kasan_mempool_poison_object - Check and poison a mempool slab allocation. * @ptr: Pointer to the slab allocation. @@ -225,16 +225,20 @@ void __kasan_mempool_poison_object(void *ptr, unsigned long ip); * without putting it into the quarantine (for the Generic mode). * * This function also performs checks to detect double-free and invalid-free - * bugs and reports them. + * bugs and reports them. The caller can use the return value of this function + * to find out if the allocation is buggy. * * This function operates on all slab allocations including large kmalloc * allocations (the ones returned by kmalloc_large() or by kmalloc() with the * size > KMALLOC_MAX_SIZE). + * + * Return: true if the allocation can be safely reused; false otherwise. */ -static __always_inline void kasan_mempool_poison_object(void *ptr) +static __always_inline bool kasan_mempool_poison_object(void *ptr) { if (kasan_enabled()) - __kasan_mempool_poison_object(ptr, _RET_IP_); + return __kasan_mempool_poison_object(ptr, _RET_IP_); + return true; } /* @@ -293,7 +297,10 @@ static inline void *kasan_krealloc(const void *object, size_t new_size, { return (void *)object; } -static inline void kasan_mempool_poison_object(void *ptr) {} +static inline bool kasan_mempool_poison_object(void *ptr) +{ + return true; +} static inline bool kasan_check_byte(const void *address) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 69f4c66f0da3..087f93629132 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -244,7 +244,7 @@ bool __kasan_slab_free(struct kmem_cache *cache, void *object, return ____kasan_slab_free(cache, object, ip, true, init); } -static inline bool ____kasan_kfree_large(void *ptr, unsigned long ip) +static inline bool check_page_allocation(void *ptr, unsigned long ip) { if (!kasan_arch_is_ready()) return false; @@ -259,17 +259,14 @@ static inline bool ____kasan_kfree_large(void *ptr, unsigned long ip) return true; } - /* - * The object will be poisoned by kasan_poison_pages() or - * kasan_mempool_poison_object(). - */ - return false; } void __kasan_kfree_large(void *ptr, unsigned long ip) { - ____kasan_kfree_large(ptr, ip); + check_page_allocation(ptr, ip); + + /* The object will be poisoned by kasan_poison_pages(). */ } void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, @@ -419,7 +416,7 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag return ____kasan_kmalloc(slab->slab_cache, object, size, flags); } -void __kasan_mempool_poison_object(void *ptr, unsigned long ip) +bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) { struct folio *folio; @@ -432,13 +429,15 @@ void __kasan_mempool_poison_object(void *ptr, unsigned long ip) * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. */ if (unlikely(!folio_test_slab(folio))) { - if (____kasan_kfree_large(ptr, ip)) - return; + if (check_page_allocation(ptr, ip)) + return false; kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); + return true; } else { struct slab *slab = folio_slab(folio); - ____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); + return !____kasan_slab_free(slab->slab_cache, ptr, ip, + false, false); } } From patchwork Mon Nov 6 20:10:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162162 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2901772vqu; Mon, 6 Nov 2023 12:11:23 -0800 (PST) X-Google-Smtp-Source: AGHT+IEZK5XPM0R13c/hg8x6Sp/HmK7TFzXttZMrFaudoW+tlGdokzzBQpFsiB1qcROQFYEEMwWk X-Received: by 2002:a05:6a00:2490:b0:6be:559:d013 with SMTP id c16-20020a056a00249000b006be0559d013mr28401061pfv.10.1699301483649; Mon, 06 Nov 2023 12:11:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301483; cv=none; d=google.com; s=arc-20160816; b=KQHIKPyzuv1qRz9HDGa68bOzPhct98j4i4hrRnOp0dH1AWevOrcuOhn4szrd0CQXex SktZhzAl2u1z5MMEsDMcqgpXe0H7YZGyoCoKRYE8KTAGiXsyxz4kMJ1GKzVAE67/EF+E hFlwMw1tpBftiHDyzNaiMiybdekHnc/l4OaZ5sp+hHopbtXuIGPf3h0fMWsWXKsFoG6L nppiaQ8gRKTflC1APpkZJOQHatB2HV/ZcQwYkyr4TdePc4Nc9cInGUdGAsFpDEZIpvVj oqq7E6EwWUVU7VUb6m+jQ91vcSd+HQ4oVtcKesD9ixlZvDAGOHxxslUjURzqbFzQy4D1 y9+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VrpDyLzZeYtu1H7+z0aR/HPyxv+dwo0N2+jHNRcNovg=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=VNX1POuXmQWbYZf6GPKIKkw09ROcaShg4zqYrClDbxCFBKrRns4cwvcwXs85L5y1uQ VyRIlQyGHy3p0iWZJV10RWk3ilb8GwWi5d3tAz97d8PZ/Li2d/c0tUJ2Ld/SLIRhJBMc WLCOwLmXrLhWD6R242YSItWkYkpSCK3tZ+G25i71NXdXmrtyGgdqqZ5i5swQbo4Cy/vb VL7YDBNu/xA+RwthfBgRni24JnMl0ea+6KkCGNA0a4O1OEcCCXlBeh+vMHJN9iNPIWZc o4p1sxlK6oZo62p2uWUzWcMR9q5P8eCxvv+iSLEBzO8me/mw2tnGYxnIzgHAo+iQE9+T /xdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=IRiR9duy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id q1-20020a056a00084100b006be0f4747e3si9146845pfk.123.2023.11.06.12.11.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:11:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=IRiR9duy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id D91478032A1A; Mon, 6 Nov 2023 12:11:19 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233039AbjKFUKz (ORCPT + 34 others); Mon, 6 Nov 2023 15:10:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232927AbjKFUKl (ORCPT ); Mon, 6 Nov 2023 15:10:41 -0500 Received: from out-174.mta1.migadu.com (out-174.mta1.migadu.com [95.215.58.174]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41C7210C2 for ; Mon, 6 Nov 2023 12:10:38 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VrpDyLzZeYtu1H7+z0aR/HPyxv+dwo0N2+jHNRcNovg=; b=IRiR9duyySKTYMlcSCduunnoFku2ROSf7vVls3D3d5l3t64Tp6PJw5Tzev1W2QXnSS/iWi scQl4qOULKDYkIq8kuBLwHryMfjiAPS/Y+ufLRnA9LEHL20nZi55MDGuAm5yVuXtUNIc/i InULrYEGV1Mdxdx3Gw/YrKrgNHW65dM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 05/20] kasan: introduce kasan_mempool_unpoison_object Date: Mon, 6 Nov 2023 21:10:14 +0100 Message-Id: <6b096bcf531f457b13959ea99b1e270b96d5ca34.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:11:19 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846752896609494 X-GMAIL-MSGID: 1781846752896609494 From: Andrey Konovalov Introduce and document a kasan_mempool_unpoison_object hook. This hook serves as a replacement for the generic kasan_unpoison_range that the mempool code relies on right now. mempool will be updated to use the new hook in one of the following patches. For now, define the new hook to be identical to kasan_unpoison_range. One of the following patches will update it to add stack trace collection. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 31 +++++++++++++++++++++++++++++++ mm/kasan/common.c | 5 +++++ 2 files changed, 36 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 33387e254caa..c5fe303bc1c2 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -228,6 +228,9 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); * bugs and reports them. The caller can use the return value of this function * to find out if the allocation is buggy. * + * Before the poisoned allocation can be reused, it must be unpoisoned via + * kasan_mempool_unpoison_object(). + * * This function operates on all slab allocations including large kmalloc * allocations (the ones returned by kmalloc_large() or by kmalloc() with the * size > KMALLOC_MAX_SIZE). @@ -241,6 +244,32 @@ static __always_inline bool kasan_mempool_poison_object(void *ptr) return true; } +void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip); +/** + * kasan_mempool_unpoison_object - Unpoison a mempool slab allocation. + * @ptr: Pointer to the slab allocation. + * @size: Size to be unpoisoned. + * + * This function is intended for kernel subsystems that cache slab allocations + * to reuse them instead of freeing them back to the slab allocator (e.g. + * mempool). + * + * This function unpoisons a slab allocation that was previously poisoned via + * kasan_mempool_poison_object() without initializing its memory. For the + * tag-based modes, this function does not assign a new tag to the allocation + * and instead restores the original tags based on the pointer value. + * + * This function operates on all slab allocations including large kmalloc + * allocations (the ones returned by kmalloc_large() or by kmalloc() with the + * size > KMALLOC_MAX_SIZE). + */ +static __always_inline void kasan_mempool_unpoison_object(void *ptr, + size_t size) +{ + if (kasan_enabled()) + __kasan_mempool_unpoison_object(ptr, size, _RET_IP_); +} + /* * Unlike kasan_check_read/write(), kasan_check_byte() is performed even for * the hardware tag-based mode that doesn't rely on compiler instrumentation. @@ -301,6 +330,8 @@ static inline bool kasan_mempool_poison_object(void *ptr) { return true; } +static inline void kasan_mempool_unpoison_object(void *ptr, size_t size) {} + static inline bool kasan_check_byte(const void *address) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 087f93629132..033c860afe51 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -441,6 +441,11 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) } } +void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) +{ + kasan_unpoison(ptr, size, false); +} + bool __kasan_check_byte(const void *address, unsigned long ip) { if (!kasan_byte_accessible(address)) { From patchwork Mon Nov 6 20:10:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162166 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902447vqu; Mon, 6 Nov 2023 12:12:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IH2qPSLPea2LhpM3SbH9x4+vBOh0PpZcDWHXMiIpi8N6qwto18hPpk8nQyHoDY89lOzi5EY X-Received: by 2002:a05:6a20:daa4:b0:133:1d62:dcbd with SMTP id iy36-20020a056a20daa400b001331d62dcbdmr635489pzb.28.1699301561726; Mon, 06 Nov 2023 12:12:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301561; cv=none; d=google.com; s=arc-20160816; b=mwG0xzqOkcaRj4MxDK6ESYrbX49x21cWaswsYshCTZFyFeukTXML2VE6XEWdc4PH3g lv6tBJJ6zZOA+IbZUIDiaHmCjq5eIZ6STinK8KUJVY2Nv/wZ86RCplVjKwwm80sgjiCs nxR+8q0hpqKxlwYBHpjkeVw4rV3Ncngo00X5dr+xyCkkMxxvfCgzETWkfzdU81YKWzDv 24iekdD/Wk8lokdtrWdtVJsJNDRYVZYbaSnc7VSKmV67QPO+6SKrrBO46x8Mm8+IiSXc Dsn9A/f24PyGk2MTqEBd757TgrJRMdWb/PQXzZPJoU8zA4VVZGdgUvmRj6ZYCzpLDn33 jd5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=wOW8bM5LUt0/83cpSlqfBj0DKQkCrWZjISfEAI+z8F8=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=lqVezQGs+TjABoU7I/Zw+aqiEdQ+v+h07JQSVfURd+/26cFKfkMBWkOyjoUhcLVTxH sOCBXz9gsTUd0wyZ4L9oAfEijTs4JkUVwQOY9ENGqVHuNc4ODnQVagUwiZHlT/EvJV0m UO4uIuUhC8nmosSNzLBUeH9Bx3TpYyHQuwCPBSCropS5cHLScFkyY498DKyjY4TN4Bl6 u3aJ2quEB1E/F+iQDtwvmw9E6Ugt1trbl+Mtltu0dbjf/hRmycpRo23RRvKdiN/AftSg Rd+bYtBJ74AC42qPOACW68VMdd1/SBJweuky+FjMVS5RfuUld9Q94lJf6aHPu8dM9K0m 3Bwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=whzKutAZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id j190-20020a6380c7000000b005ad727cfd10si369842pgd.132.2023.11.06.12.12.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:12:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=whzKutAZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 6E35180689B1; Mon, 6 Nov 2023 12:12:39 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232949AbjKFULu (ORCPT + 34 others); Mon, 6 Nov 2023 15:11:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41218 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233009AbjKFULp (ORCPT ); Mon, 6 Nov 2023 15:11:45 -0500 Received: from out-180.mta1.migadu.com (out-180.mta1.migadu.com [IPv6:2001:41d0:203:375::b4]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94D8210C2 for ; Mon, 6 Nov 2023 12:11:40 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301498; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wOW8bM5LUt0/83cpSlqfBj0DKQkCrWZjISfEAI+z8F8=; b=whzKutAZQjowRwHa43pazOIwGIr0bQTB71FOqN2VXFxSHeCtofhsbtvlLPo7irVUIhiyw6 pancxW7Jzm82f5iCk4fHMKj/CtH9ujxzi66CbOwDe/5jAaY5Ge9UJvVHW0GX5ta8Tzklfq sce+wX6Wcualha3H+6sfIg6SEBbZJSo= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 06/20] kasan: introduce kasan_mempool_poison_pages Date: Mon, 6 Nov 2023 21:10:15 +0100 Message-Id: <3a377ec3223f9c98f3ac471845e084abe7fd6fe0.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:12:39 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846834515851954 X-GMAIL-MSGID: 1781846834515851954 From: Andrey Konovalov Introduce and document a kasan_mempool_poison_pages hook to be used by the mempool code instead of kasan_poison_pages. Compated to kasan_poison_pages, the new hook: 1. For the tag-based modes, skips checking and poisoning allocations that were not tagged due to sampling. 2. Checks for double-free and invalid-free bugs. In the future, kasan_poison_pages can also be updated to handle #2, but this is out-of-scope of this series. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 27 +++++++++++++++++++++++++++ mm/kasan/common.c | 23 +++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index c5fe303bc1c2..de2a695ad34d 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -212,6 +212,29 @@ static __always_inline void * __must_check kasan_krealloc(const void *object, return (void *)object; } +bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, + unsigned long ip); +/** + * kasan_mempool_poison_pages - Check and poison a mempool page allocation. + * @page: Pointer to the page allocation. + * @order: Order of the allocation. + * + * This function is intended for kernel subsystems that cache page allocations + * to reuse them instead of freeing them back to page_alloc (e.g. mempool). + * + * This function is similar to kasan_mempool_poison_object() but operates on + * page allocations. + * + * Return: true if the allocation can be safely reused; false otherwise. + */ +static __always_inline bool kasan_mempool_poison_pages(struct page *page, + unsigned int order) +{ + if (kasan_enabled()) + return __kasan_mempool_poison_pages(page, order, _RET_IP_); + return true; +} + bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); /** * kasan_mempool_poison_object - Check and poison a mempool slab allocation. @@ -326,6 +349,10 @@ static inline void *kasan_krealloc(const void *object, size_t new_size, { return (void *)object; } +static inline bool kasan_mempool_poison_pages(struct page *page, unsigned int order) +{ + return true; +} static inline bool kasan_mempool_poison_object(void *ptr) { return true; diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 033c860afe51..9ccc78b20cf2 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -416,6 +416,29 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag return ____kasan_kmalloc(slab->slab_cache, object, size, flags); } +bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, + unsigned long ip) +{ + unsigned long *ptr; + + if (unlikely(PageHighMem(page))) + return true; + + /* Bail out if allocation was excluded due to sampling. */ + if (!IS_ENABLED(CONFIG_KASAN_GENERIC) && + page_kasan_tag(page) == KASAN_TAG_KERNEL) + return true; + + ptr = page_address(page); + + if (check_page_allocation(ptr, ip)) + return false; + + kasan_poison(ptr, PAGE_SIZE << order, KASAN_PAGE_FREE, false); + + return true; +} + bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) { struct folio *folio; From patchwork Mon Nov 6 20:10:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162163 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902061vqu; Mon, 6 Nov 2023 12:11:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IEiPR+h/fPgNLmE3Ck//axkZBvQ9EfMYKYCGY2Nh3tdakTs0yYHBO0pGRgd9KWwlL4/LL1x X-Received: by 2002:a05:6870:1792:b0:1e9:c28f:45b9 with SMTP id r18-20020a056870179200b001e9c28f45b9mr855780oae.19.1699301517939; Mon, 06 Nov 2023 12:11:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301517; cv=none; d=google.com; s=arc-20160816; b=hwkWCbY5cu4iJPIU4/xtj/BlEpiZtLOILXtdiSUj4QiSqCv9WMFIeyl2SCE9uCrFTP lrOVGasQmDvD8yvs4AguWNoWXsmfN6HsQ9gwLruQ39qrDerv+AVqNcqvMEJ7VKIB5kRV bFjnIIN6dqJxOfY2RnFIfu7WucePzf1Iv7EWA2gncT4CREi1049rwpITyY+yaZRMMso2 LASVvZa0XGf/PAqbPLKCW+AdO1VYRM3FM6vLkr191BcqmNwXghezWamRI4fhF+Gmbw1I fWhIAaa0BSMU8HCT7IGeLIn1wDCmNpOO+doEwMHzkhy02D1abu4uvjxft6qGl8dzrt5X 2b8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XVuFmnWl7Ai+GOwJv1yuDcJd9SrRUciNhjDptmGZnZI=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=iZ9/QislLjNyzd5PQwaeW7FgK7VOxWJVF9V9/CNPbjSL2FoUCGruk4xq0nNfu+97dM 3/ROWrrhm0Pc7vkr7IrgyvadfbpUDBPHXYUedwOC0BGjxFx+hx4OalRyP4v+eYT5vNU1 Gx1fUM+XMXiPYxUgjbtTo+Rn29oPJZMagDdPp3zF/0FLyXvc6/vIgjqy7qVBpEKxay61 rY5mdzXwSezpeavVbMfRkjdwUjQdszuxBO0i/sQuJ4dn+JVlOdqhDTnxHYDzLuvhx5IU gakwn88DGjuACwnPS0YqFvz4PZNbaQNCao3y8uqalqiq97Oo78POp0jo4TmyYMMaqTvu ASGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=vvDAFFN6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id k16-20020a635a50000000b00578fe1bdfcasi387055pgm.860.2023.11.06.12.11.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:11:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=vvDAFFN6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 1C8258087275; Mon, 6 Nov 2023 12:11:57 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233023AbjKFULx (ORCPT + 34 others); Mon, 6 Nov 2023 15:11:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232940AbjKFULp (ORCPT ); Mon, 6 Nov 2023 15:11:45 -0500 Received: from out-184.mta1.migadu.com (out-184.mta1.migadu.com [IPv6:2001:41d0:203:375::b8]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B10210C9 for ; Mon, 6 Nov 2023 12:11:41 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301499; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XVuFmnWl7Ai+GOwJv1yuDcJd9SrRUciNhjDptmGZnZI=; b=vvDAFFN6FcYKWYAGx5sCoYZo2aE996ZHT27ORsBGzAXwAllc9a/mweQGGLH+tNqC9ukgoo kfT6X1bqAgw8fHV/cuj8owqV2YMiINk9I1HHRRwNCkZiOyFphUoExea/Wc88Wdh/Xw3yFD ieHf70kObAwysIDH+u5fgJoaxYfbcAM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 08/20] kasan: clean up __kasan_mempool_poison_object Date: Mon, 6 Nov 2023 21:10:17 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:11:57 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846788000583639 X-GMAIL-MSGID: 1781846788000583639 From: Andrey Konovalov Reorganize the code and reword the comment in __kasan_mempool_poison_object to improve the code readability. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 6283f0206ef6..7c28d0a5af2c 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -447,27 +447,22 @@ void __kasan_mempool_unpoison_pages(struct page *page, unsigned int order, bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) { - struct folio *folio; - - folio = virt_to_folio(ptr); + struct folio *folio = virt_to_folio(ptr); + struct slab *slab; /* - * Even though this function is only called for kmem_cache_alloc and - * kmalloc backed mempool allocations, those allocations can still be - * !PageSlab() when the size provided to kmalloc is larger than - * KMALLOC_MAX_SIZE, and kmalloc falls back onto page_alloc. + * This function can be called for large kmalloc allocation that get + * their memory from page_alloc. Thus, the folio might not be a slab. */ if (unlikely(!folio_test_slab(folio))) { if (check_page_allocation(ptr, ip)) return false; kasan_poison(ptr, folio_size(folio), KASAN_PAGE_FREE, false); return true; - } else { - struct slab *slab = folio_slab(folio); - - return !____kasan_slab_free(slab->slab_cache, ptr, ip, - false, false); } + + slab = folio_slab(folio); + return !____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); } void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) From patchwork Mon Nov 6 20:10:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162164 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902158vqu; Mon, 6 Nov 2023 12:12:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IE+jhrf5LhA8REdTEi46dOh0NlJt48PqeiNSUzgeDx9598Gh8MwSN4f/wSZOdKFNa4YN9JQ X-Received: by 2002:a05:6a00:190b:b0:6c3:69b9:44db with SMTP id y11-20020a056a00190b00b006c369b944dbmr9950987pfi.22.1699301527313; Mon, 06 Nov 2023 12:12:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301527; cv=none; d=google.com; s=arc-20160816; b=IxhDQZ2oyyi59FIDaxwHsG3+bvbAYQouSkl1JsKN7T3RKku7cXCf4gak3jnVsCnzqy U5dltAUYYRv7wYitsX9ZNXdfELbacuNhEfFb30+h1+3Bavjp93RTGvWHwseBgofsrzWr G9RUVfLakXoQdbBx0fRS7rMH5B2Mp6GZcVYRdV8e/4ufG94GSMcL9gQ7/DRyp1AiQK1g UAZIghY/SmJc4prFmk5CENyrp2MpMx693t1mVtmB5jW3Y4e01q2R8bWqTd35z0zefmTz hJTy5mgQsVipwWnT7T+p+7B91hFDR6nCXNX8e2zrwnpJrzh2qtTbHv5z9snrkQGf2QxR i2XA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=22d9hHWXVi8zazHV61QMl0VMY5WvMEtggwgAvi4OURE=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=My0bzsAqWV6nFL7CzH3oP9GEWKBKYsSpncCANwADaLN4ujr97rlcGP2Ciyl/uQysB5 oJ53cbejIWikhNWZhGifULY+EdLJP0D/mhKYZ9nslbF903219/ttAVYh/EbWmeZW+mrO 63SpaeW6lu4eV7R28Pw7n9d+kgJnImiaZ42PkAiijSpKGbQr/ohN6k6pfV5dRGrVnLjl IbYoywbUPhIVrgHI4/KevpXpQ1uWvlkgQXUrN6rRfVfyJJYUeQNaN/VksWDpRXnhWAc9 +k/QSiKCF6mAMdVtp54VjWADhirS4vhUeWs92+OSXtC/aDHh03t6rerxq5f0ZrlcNH1L d3fw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=uCxP18Kq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id i196-20020a636dcd000000b005b99c0de7b5si356129pgc.664.2023.11.06.12.12.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:12:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=uCxP18Kq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 42A7B8032A32; Mon, 6 Nov 2023 12:12:01 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233005AbjKFULs (ORCPT + 34 others); Mon, 6 Nov 2023 15:11:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41262 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233015AbjKFULp (ORCPT ); Mon, 6 Nov 2023 15:11:45 -0500 Received: from out-178.mta1.migadu.com (out-178.mta1.migadu.com [95.215.58.178]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A84E10CC for ; Mon, 6 Nov 2023 12:11:42 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=22d9hHWXVi8zazHV61QMl0VMY5WvMEtggwgAvi4OURE=; b=uCxP18KqioH8DesdZGPrQhB9iAWKsetIiyp+iZWAll3HfZniU6A5CfSfVvg/YBXwUWgOgp g7au6m059IPietJorP9ETACRyTK+wluf8gUh/M/fKwcPWO9JGxfNf9EdEiOA8l56yCB+on SoSVmK/iZ+6LRI96vDxmC3Xr0mWe7BI= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 09/20] kasan: save free stack traces for slab mempools Date: Mon, 6 Nov 2023 21:10:18 +0100 Message-Id: <52d80b4c1d42b10b6c2c3cba57b628a88cb58e03.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:12:01 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846798157850098 X-GMAIL-MSGID: 1781846798157850098 From: Andrey Konovalov Make kasan_mempool_poison_object save free stack traces for slab and kmalloc mempools when the object is freed into the mempool. Also simplify and rename ____kasan_slab_free to poison_slab_object and do a few other reability changes. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 5 +++-- mm/kasan/common.c | 20 +++++++++----------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index f8ebde384bd7..e636a00e26ba 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -268,8 +268,9 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip); * to reuse them instead of freeing them back to the slab allocator (e.g. * mempool). * - * This function poisons a slab allocation without initializing its memory and - * without putting it into the quarantine (for the Generic mode). + * This function poisons a slab allocation and saves a free stack trace for it + * without initializing the allocation's memory and without putting it into the + * quarantine (for the Generic mode). * * This function also performs checks to detect double-free and invalid-free * bugs and reports them. The caller can use the return value of this function diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 7c28d0a5af2c..683d0dad32f2 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -197,8 +197,8 @@ void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache, return (void *)object; } -static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *object, - unsigned long ip, bool quarantine, bool init) +static inline bool poison_slab_object(struct kmem_cache *cache, void *object, + unsigned long ip, bool init) { void *tagged_object; @@ -211,13 +211,12 @@ static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *object, if (is_kfence_address(object)) return false; - if (unlikely(nearest_obj(cache, virt_to_slab(object), object) != - object)) { + if (unlikely(nearest_obj(cache, virt_to_slab(object), object) != object)) { kasan_report_invalid_free(tagged_object, ip, KASAN_REPORT_INVALID_FREE); return true; } - /* RCU slabs could be legally used after free within the RCU period */ + /* RCU slabs could be legally used after free within the RCU period. */ if (unlikely(cache->flags & SLAB_TYPESAFE_BY_RCU)) return false; @@ -229,19 +228,18 @@ static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *object, kasan_poison(object, round_up(cache->object_size, KASAN_GRANULE_SIZE), KASAN_SLAB_FREE, init); - if ((IS_ENABLED(CONFIG_KASAN_GENERIC) && !quarantine)) - return false; - if (kasan_stack_collection_enabled()) kasan_save_free_info(cache, tagged_object); - return kasan_quarantine_put(cache, object); + return false; } bool __kasan_slab_free(struct kmem_cache *cache, void *object, unsigned long ip, bool init) { - return ____kasan_slab_free(cache, object, ip, true, init); + bool buggy_object = poison_slab_object(cache, object, ip, init); + + return buggy_object ? true : kasan_quarantine_put(cache, object); } static inline bool check_page_allocation(void *ptr, unsigned long ip) @@ -462,7 +460,7 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) } slab = folio_slab(folio); - return !____kasan_slab_free(slab->slab_cache, ptr, ip, false, false); + return !poison_slab_object(slab->slab_cache, ptr, ip, false); } void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) From patchwork Mon Nov 6 20:10:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162165 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902289vqu; Mon, 6 Nov 2023 12:12:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IH0f6KSnU2Wm8XDA7E4TmPNQYLUeHljcB7Vv+I3Vs2YbL3KmZHT8FSEgxxc8v8M5B0DVUvF X-Received: by 2002:a05:6a20:144f:b0:157:d7cd:ebd with SMTP id a15-20020a056a20144f00b00157d7cd0ebdmr38807136pzi.1.1699301540025; Mon, 06 Nov 2023 12:12:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301540; cv=none; d=google.com; s=arc-20160816; b=lDz7DRjDDqqBKjZtkmyGc0rykmtnv78sN8UZ2KK2ixVx9lpZPM3E9L4eSex0pM0vuC W1PZou/m1VHDPSFqFDmOz49xeTP5YlVfx+NTWYdrsDeabct+vuGQf6c2a+5TeVG+Kn6/ HUejRgdxH86N1tMpVw/lqmvTUaZN/AQ5r8Fa0VsrQqyzd/S/GMgL4b9LmmYq5EVO7foD kbW+cEhb38oMT8I2HiEdNG25nRdnvC4Tbmf66dhOQPji8QQ8THHRQU9x7rgvX3uD+PmN KCHjsvP6F8P/wo8LxQ42sc4WsWSwL5t1DyQkS+I3jMr4SZQBD4BbIe1IW9CByfN+joce iIGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CJgfMj/P7YPw/LlXCqtrAgQfJMC0kIuIB9F1taTDejA=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=w6rnERPrFsA008lcojUUDniD8pkwGMAy9eQmFyQH5FUVi+m+fklU0WJdYyyVsZDkWK /NTuhv2krJf9B1TVKZsApc+p5dRqCkaenKoBqAK43sH9Krbu9hVM8KbQjSIw6SqGQpkK cXx7PBYy1+ZuZKVQdJwbzh98gRfoNmrRxfZbb3XBbATHLIHxm3mxtMSOfdCcwNQQuu94 o3ls9qejayfLaVcXn6j/x5pG7egPGg7QmLlYY4QQSAv2GbORhWtSVJeqE8hUY0JfXF03 dBgEEt0GQ2nTbhNHOLGs9KeWGKlgwnAxVmbAs5aHBydpwl+Jhi8E7W1z3t7sHwOsWil/ uGIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=RItIssP+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id j3-20020a056a00174300b00690fe0f6e0dsi9418408pfc.68.2023.11.06.12.12.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:12:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=RItIssP+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 8BACF8032A2C; Mon, 6 Nov 2023 12:12:13 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233018AbjKFUL7 (ORCPT + 34 others); Mon, 6 Nov 2023 15:11:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232987AbjKFULq (ORCPT ); Mon, 6 Nov 2023 15:11:46 -0500 Received: from out-178.mta1.migadu.com (out-178.mta1.migadu.com [95.215.58.178]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BFAED77 for ; Mon, 6 Nov 2023 12:11:43 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CJgfMj/P7YPw/LlXCqtrAgQfJMC0kIuIB9F1taTDejA=; b=RItIssP+VxjIXsAX7VSo3+5Kc1Se3hq8f7f/cbQzFTUM6RKLnsGl4CAP/yG2vvcChay10m sSL9QfjTxiEsvbgUXV80kI0/hG2Tid6pbZndkQAOOqmBYC5P+q26F0bUqJ3gTSejNUH0wQ 8h5rzVebWZwZH9+D6V1P/RwTQQDBARw= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 11/20] kasan: introduce poison_kmalloc_large_redzone Date: Mon, 6 Nov 2023 21:10:20 +0100 Message-Id: <79f306b7713aa06876975bbc782c392087652383.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:12:13 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846811778072135 X-GMAIL-MSGID: 1781846811778072135 From: Andrey Konovalov Split out a poison_kmalloc_large_redzone helper from __kasan_kmalloc_large and use it in the caller's code. This is a preparatory change for the following patches in this series. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index ceb06d5f169f..b50e4fbaf238 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -353,23 +353,12 @@ void * __must_check __kasan_kmalloc(struct kmem_cache *cache, const void *object } EXPORT_SYMBOL(__kasan_kmalloc); -void * __must_check __kasan_kmalloc_large(const void *ptr, size_t size, +static inline void poison_kmalloc_large_redzone(const void *ptr, size_t size, gfp_t flags) { unsigned long redzone_start; unsigned long redzone_end; - if (gfpflags_allow_blocking(flags)) - kasan_quarantine_reduce(); - - if (unlikely(ptr == NULL)) - return NULL; - - /* - * The object has already been unpoisoned by kasan_unpoison_pages() for - * alloc_pages() or by kasan_krealloc() for krealloc(). - */ - /* * The redzone has byte-level precision for the generic mode. * Partially poison the last object granule to cover the unaligned @@ -379,12 +368,25 @@ void * __must_check __kasan_kmalloc_large(const void *ptr, size_t size, kasan_poison_last_granule(ptr, size); /* Poison the aligned part of the redzone. */ - redzone_start = round_up((unsigned long)(ptr + size), - KASAN_GRANULE_SIZE); + redzone_start = round_up((unsigned long)(ptr + size), KASAN_GRANULE_SIZE); redzone_end = (unsigned long)ptr + page_size(virt_to_page(ptr)); kasan_poison((void *)redzone_start, redzone_end - redzone_start, KASAN_PAGE_REDZONE, false); +} +void * __must_check __kasan_kmalloc_large(const void *ptr, size_t size, + gfp_t flags) +{ + if (gfpflags_allow_blocking(flags)) + kasan_quarantine_reduce(); + + if (unlikely(ptr == NULL)) + return NULL; + + /* The object has already been unpoisoned by kasan_unpoison_pages(). */ + poison_kmalloc_large_redzone(ptr, size, flags); + + /* Keep the tag that was set by alloc_pages(). */ return (void *)ptr; } @@ -392,6 +394,9 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag { struct slab *slab; + if (gfpflags_allow_blocking(flags)) + kasan_quarantine_reduce(); + if (unlikely(object == ZERO_SIZE_PTR)) return (void *)object; @@ -409,11 +414,11 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag /* Piggy-back on kmalloc() instrumentation to poison the redzone. */ if (unlikely(!slab)) - return __kasan_kmalloc_large(object, size, flags); - else { + poison_kmalloc_large_redzone(object, size, flags); + else poison_kmalloc_redzone(slab->slab_cache, object, size, flags); - return (void *)object; - } + + return (void *)object; } bool __kasan_mempool_poison_pages(struct page *page, unsigned int order, From patchwork Mon Nov 6 20:10:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162171 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2903105vqu; Mon, 6 Nov 2023 12:14:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IGu4pqnDCFwh3ODM2dui/0er2jGHYJYDeIB6KT/hzLrL843aElKCt5Jv+XiCt9UFXyqIOJ7 X-Received: by 2002:a05:6a20:a220:b0:17b:e0a3:f6f4 with SMTP id u32-20020a056a20a22000b0017be0a3f6f4mr21918406pzk.25.1699301643076; Mon, 06 Nov 2023 12:14:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301643; cv=none; d=google.com; s=arc-20160816; b=ER/KOFyroJ6nhVyMpNvq7UQA/kwSvWFfcjcou1LTLPfxq/7roqTL2I8JzxBO1YT+WI nkDoQeWAj1oXewshsEnB+M2AN/Q6a+HROCQVgAyc7mevkzHPWdQJ5NY7cj94xinyTELj 2R2iOkzuuTDsi9gTHPrXMTibRSjfQ+VyJ6q9/13exhOunVur53qbxcY8RHkyosG7hyRM iRWw3roxz/M3ZXkvu5x/FizsfNATWdFQTsZLbJ9zBtzw9MVAsFdyfpSUB6SvdY99Syyt ZUVh04dxM/mHr4hC1YnaXybkxJJnzsEfKwzCc0AGFDYfAkZskEt+Kc3LLVmOZkY6MxOO GavQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pzcd7T6SaBRo5t2Dalks3vRx+ahOG8KGm+CRn7Qcn4c=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=bP2Wo52AjbV27HbYLdh2ixAa7p1l/b2CnmsdSSrXhcGeyCa60mPd8otInGlABEntfk oo4uyhzU5yhVOY96DscYGh7F92SJhU6eXenUNjiIyhbwyylS1t6cPM0gvYzvSnDw399s GmNcry6PZtyBU82JL+BT4zmVIPIMkoXxF1r5+TMjr2PK7yfGGvEqjl23mkdoEClr8ftM D5i0iclhG41xmR35JjyJBhfUz1Z7PB5yJyLWZzkL/F2cOeShmCW6jgwKTy8Wc7kLlBJR tsVHliVkCr0OcLNYgQvmWgaFCIZ+Z6+GDV9UY9XsanYQVBbVERgqzwuZFbjjejtcrxz5 Rpxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=pwv3dkzf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id l12-20020a170903120c00b001b9e82a6beesi9498066plh.548.2023.11.06.12.14.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:14:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=pwv3dkzf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id B7FF6803BE80; Mon, 6 Nov 2023 12:14:00 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233068AbjKFUM6 (ORCPT + 34 others); Mon, 6 Nov 2023 15:12:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233015AbjKFUMs (ORCPT ); Mon, 6 Nov 2023 15:12:48 -0500 Received: from out-188.mta1.migadu.com (out-188.mta1.migadu.com [IPv6:2001:41d0:203:375::bc]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53A76D75 for ; Mon, 6 Nov 2023 12:12:45 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301563; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pzcd7T6SaBRo5t2Dalks3vRx+ahOG8KGm+CRn7Qcn4c=; b=pwv3dkzff3LD7yWHcbYcgAz4JV6yfUR59dhP8YxPHgOJqBy44vK2HoY3LSsvhd8ac/r+Kw YjUTxsAxtuUXSOSqxissVE/DJambefCo5UZhQA3OpygTzSXNBEkWw+ttz9+sRuo965g4Qr dO5rxteHGvoYv4f78rDOUpqGsj2A/J4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 12/20] kasan: save alloc stack traces for mempool Date: Mon, 6 Nov 2023 21:10:21 +0100 Message-Id: <325b1285d95f7bb6d2865750aa0088ab4cb5e0c3.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:14:00 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846919854105261 X-GMAIL-MSGID: 1781846919854105261 From: Andrey Konovalov Update kasan_mempool_unpoison_object to properly poison the redzone and save alloc strack traces for kmalloc and slab pools. As a part of this change, split out and use a unpoison_slab_object helper function from __kasan_slab_alloc. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 7 +++--- mm/kasan/common.c | 50 ++++++++++++++++++++++++++++++++++--------- 2 files changed, 44 insertions(+), 13 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index e636a00e26ba..7392c5d89b92 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -303,9 +303,10 @@ void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip); * mempool). * * This function unpoisons a slab allocation that was previously poisoned via - * kasan_mempool_poison_object() without initializing its memory. For the - * tag-based modes, this function does not assign a new tag to the allocation - * and instead restores the original tags based on the pointer value. + * kasan_mempool_poison_object() and saves an alloc stack trace for it without + * initializing the allocation's memory. For the tag-based modes, this function + * does not assign a new tag to the allocation and instead restores the + * original tags based on the pointer value. * * This function operates on all slab allocations including large kmalloc * allocations (the ones returned by kmalloc_large() or by kmalloc() with the diff --git a/mm/kasan/common.c b/mm/kasan/common.c index b50e4fbaf238..65850d37fd27 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -267,6 +267,20 @@ void __kasan_kfree_large(void *ptr, unsigned long ip) /* The object will be poisoned by kasan_poison_pages(). */ } +void unpoison_slab_object(struct kmem_cache *cache, void *object, gfp_t flags, + bool init) +{ + /* + * Unpoison the whole object. For kmalloc() allocations, + * poison_kmalloc_redzone() will do precise poisoning. + */ + kasan_unpoison(object, cache->object_size, init); + + /* Save alloc info (if possible) for non-kmalloc() allocations. */ + if (kasan_stack_collection_enabled() && !is_kmalloc_cache(cache)) + kasan_save_alloc_info(cache, object, flags); +} + void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, void *object, gfp_t flags, bool init) { @@ -289,15 +303,8 @@ void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, tag = assign_tag(cache, object, false); tagged_object = set_tag(object, tag); - /* - * Unpoison the whole object. - * For kmalloc() allocations, kasan_kmalloc() will do precise poisoning. - */ - kasan_unpoison(tagged_object, cache->object_size, init); - - /* Save alloc info (if possible) for non-kmalloc() allocations. */ - if (kasan_stack_collection_enabled() && !is_kmalloc_cache(cache)) - kasan_save_alloc_info(cache, tagged_object, flags); + /* Unpoison the object and save alloc info for non-kmalloc() allocations. */ + unpoison_slab_object(cache, tagged_object, flags, init); return tagged_object; } @@ -472,7 +479,30 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned long ip) void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) { - kasan_unpoison(ptr, size, false); + struct slab *slab; + gfp_t flags = 0; /* Might be executing under a lock. */ + + if (is_kfence_address(kasan_reset_tag(ptr))) + return; + + slab = virt_to_slab(ptr); + + /* + * This function can be called for large kmalloc allocation that get + * their memory from page_alloc. + */ + if (unlikely(!slab)) { + kasan_unpoison(ptr, size, false); + poison_kmalloc_large_redzone(ptr, size, flags); + return; + } + + /* Unpoison the object and save alloc info for non-kmalloc() allocations. */ + unpoison_slab_object(slab->slab_cache, ptr, size, flags); + + /* Poison the redzone and save alloc info for kmalloc() allocations. */ + if (is_kmalloc_cache(slab->slab_cache)) + poison_kmalloc_redzone(slab->slab_cache, ptr, size, flags); } bool __kasan_check_byte(const void *address, unsigned long ip) From patchwork Mon Nov 6 20:10:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162170 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902951vqu; Mon, 6 Nov 2023 12:13:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IEP6bwJYO5D2oewKcL8YW3hDu3z+ygx3+6RCeNuxPgG6yCwj96jfM+iDC+OOqevay4Khg68 X-Received: by 2002:a05:6e02:b48:b0:357:f41c:8bf6 with SMTP id f8-20020a056e020b4800b00357f41c8bf6mr827610ilu.17.1699301624385; Mon, 06 Nov 2023 12:13:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301624; cv=none; d=google.com; s=arc-20160816; b=C+SoMIm/geO9prpyDJxVj1Qcb1Q3vcQZkoKfAHhzdulqXwUoumM8H44YxT1/xsFEik NGHSTBL1vwAJOHS/Da6Bxu1fUm3Hyp4msEh+p99fh/gO2a+7MCL7bdqjeaZnEiTYFhDJ VdOIMEa62bJ7PfDjd1o8vds1XerpWArbsjJQrKbI1eABoGgUydLmSMVqI19W5mezmwVI IAEi2jIloOkyPwibJPpiFp+qqhb9kJvRcKqn3y4ilxbsNrzssA1ULuBg8dbEEEZqaIxB Py6Y/jVwNV4+5ndtRh+wvxDjhAa1TgRpJkZco3CUFtJrCTXwgm6A4Vivwm5UA57vofY8 mbhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Y7WYl7BvMbHXvuo0GG2Dw3ttgTpXyQGpBAxBpCO6Yug=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=fGgsJzzFqtC2ctvP18j5/n8o7+R6K8mbhrnYdMAdQNiuwsHJpz1aVCvg3wp7xbTRoA 0m9wAvujiV727tYj3Ob+r002il1fw4+VrKr8fO+m3Ex8kcSawnlccULK0COm9D9rOI1Y r2D+9VPMvHPMJBt1chbSc4p7NA6HbqT8enlUVr1Dz29TyYty/LfH4G0UqL4caNhkGy5/ 85qY/ioxWalrDmyL//hAE6uhqZ3MBE4XjweLrPpo2mb2o2xHapJR2+MkWdzAceQbYF3M 6vLfgqfXDUIKiM83rx/cjH71k/xbXO9LhiERoADqU3bim3Nzgp4R14E3X0Z4wJS/rHdW 5wZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=Se8wvGtj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id t23-20020a656097000000b005bd5a60d73csi380582pgu.708.2023.11.06.12.13.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:13:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=Se8wvGtj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 0F62280321F0; Mon, 6 Nov 2023 12:13:32 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233076AbjKFUNC (ORCPT + 34 others); Mon, 6 Nov 2023 15:13:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233023AbjKFUMs (ORCPT ); Mon, 6 Nov 2023 15:12:48 -0500 Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com [IPv6:2001:41d0:203:375::ba]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD9D0D7D for ; Mon, 6 Nov 2023 12:12:45 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301564; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y7WYl7BvMbHXvuo0GG2Dw3ttgTpXyQGpBAxBpCO6Yug=; b=Se8wvGtj/WVgiMvB7sZyg/heScqMLOAwYAwTo7zIDTlOs7/E4MpQ3WkYM5OZWwaEklWfOa 6LljcHgyM247RHb2O+0uPsJYfuEgHjfHFdFXD7jDjGFaAlpmIDR4Qn3spNLTA9EIg7y9u6 nCPJ9UBSsabPf9Y6+LauRsZG7NRpK20= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 13/20] mempool: use new mempool KASAN hooks Date: Mon, 6 Nov 2023 21:10:22 +0100 Message-Id: <35771e9e5fc0fe2169c59f190fbd6bfc901b7c09.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:13:32 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846900084635861 X-GMAIL-MSGID: 1781846900084635861 From: Andrey Konovalov Update the mempool code to use the new mempool KASAN hooks. Rely on the return value of kasan_mempool_poison_object and kasan_mempool_poison_pages to prevent double-free and invalid-free bugs. Signed-off-by: Andrey Konovalov --- mm/mempool.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/mm/mempool.c b/mm/mempool.c index 768cb39dc5e2..f67ca6753332 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -104,32 +104,34 @@ static inline void poison_element(mempool_t *pool, void *element) } #endif /* CONFIG_DEBUG_SLAB || CONFIG_SLUB_DEBUG_ON */ -static __always_inline void kasan_poison_element(mempool_t *pool, void *element) +static __always_inline bool kasan_poison_element(mempool_t *pool, void *element) { if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc) - kasan_mempool_poison_object(element); + return kasan_mempool_poison_object(element); else if (pool->alloc == mempool_alloc_pages) - kasan_poison_pages(element, (unsigned long)pool->pool_data, - false); + return kasan_mempool_poison_pages(element, + (unsigned long)pool->pool_data); + return true; } static void kasan_unpoison_element(mempool_t *pool, void *element) { if (pool->alloc == mempool_kmalloc) - kasan_unpoison_range(element, (size_t)pool->pool_data); + kasan_mempool_unpoison_object(element, (size_t)pool->pool_data); else if (pool->alloc == mempool_alloc_slab) - kasan_unpoison_range(element, kmem_cache_size(pool->pool_data)); + kasan_mempool_unpoison_object(element, + kmem_cache_size(pool->pool_data)); else if (pool->alloc == mempool_alloc_pages) - kasan_unpoison_pages(element, (unsigned long)pool->pool_data, - false); + kasan_mempool_unpoison_pages(element, + (unsigned long)pool->pool_data); } static __always_inline void add_element(mempool_t *pool, void *element) { BUG_ON(pool->curr_nr >= pool->min_nr); poison_element(pool, element); - kasan_poison_element(pool, element); - pool->elements[pool->curr_nr++] = element; + if (kasan_poison_element(pool, element)) + pool->elements[pool->curr_nr++] = element; } static void *remove_element(mempool_t *pool) From patchwork Mon Nov 6 20:10:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162172 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2903271vqu; Mon, 6 Nov 2023 12:14:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IH7FLFCN8VNk8Q2C9jgaVY35zUFgYyOriCHKXoC+1gl8ySrjggxhJ6dZxq0CWB3SvlkFqTV X-Received: by 2002:a05:6870:961c:b0:1eb:1fa3:7b05 with SMTP id d28-20020a056870961c00b001eb1fa37b05mr931691oaq.27.1699301664836; Mon, 06 Nov 2023 12:14:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301664; cv=none; d=google.com; s=arc-20160816; b=sZmwI6DlLSd/Tah3HAePZZlCe3+Uz0q/pj6YSnS0ly0dcsnXjG9bcEsR+OUb/ouQRp zPXs3CYzDlwabuJyhVMbBCUuae+5vF2EeFjFrnOmWc3qrPzTUknO82bIfqKKjcKcI3V8 Zyq7CNMR6Dm8uMowHuZ2l6U07wVaGEUirnBRd3G0plmJNQ8jStjzMXdb/Lb6aIsgo8DA hlclg3bEQ9ypAin/MiDWi6nAtWQyIAOf8rTmLGsG7FrLxktYTyDvCg0qKACpcYMwDxz1 HR4mzwBCEqbzdcF9s8xbKuqp1WHNt4jhJWCva0gdCoLteu6uetPqBj4q0mjR+w6DSXqx VChw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=lOIDRjZO1avx1i6mH90OIJOQ1dfwcpWT2tH0Qop8VTU=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=QDUowQhIJQb+OPzVo2RT/hOn2KOTNqq6fvv6/cNL1Kc+BvgYqZrumvL2zutCDJjekN oh0fyoBtst9oIAMfSnSgBjViPKQ13oCqQM+hmwej6UoA6yVs0MFCWlMaTvcJP8KHY9H9 /dRbVFUs986vOpZaDVveKgdfumCFNpnV/ppNq7LW/XDVfykxcjCsMMSl58giLDA9VA45 zgLvYUEWY1LL2IacGfbgcjSbuGJ/jDWdA9w4OFFvGjDxAbHik3L+GxA02MQNpckXF4a7 e2/R3anRHJUw/ELt8PoChGJgi86yLB9ERNKs3I9lJY46Jj1gofTObZQfXaTHqZ/kKhn1 pwAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=t8CeOtDw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id bv63-20020a632e42000000b00565e865d381si391153pgb.447.2023.11.06.12.14.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:14:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=t8CeOtDw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 703B2804A62D; Mon, 6 Nov 2023 12:14:09 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231483AbjKFUNO (ORCPT + 34 others); Mon, 6 Nov 2023 15:13:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233033AbjKFUMt (ORCPT ); Mon, 6 Nov 2023 15:12:49 -0500 Received: from out-176.mta1.migadu.com (out-176.mta1.migadu.com [95.215.58.176]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6614810C8 for ; Mon, 6 Nov 2023 12:12:46 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lOIDRjZO1avx1i6mH90OIJOQ1dfwcpWT2tH0Qop8VTU=; b=t8CeOtDwG84XGm08T/bHl0dU0SgTNjwxEbFpQe0150BlnXaBD0GRxcGWFE3gsolklSS+ox lTkeYhEYrQQ5j6iilU4kS0eMM5/B2HVjeNJmRJ19p/j/CS/27IgI29IHA++NsiwgXZYidM ve2wNSyQK1IC+l9HF2etSKPK0c0wFik= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 14/20] mempool: introduce mempool_use_prealloc_only Date: Mon, 6 Nov 2023 21:10:23 +0100 Message-Id: <9752c5fc4763e7533a44a7c9368f056c47b52f34.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:14:09 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846942825022408 X-GMAIL-MSGID: 1781846942825022408 From: Andrey Konovalov Introduce a new mempool_use_prealloc_only API that tells the mempool to only use the elements preallocated during the mempool's creation and to not attempt allocating new ones. This API is required to test the KASAN poisoning/unpoisoning functinality in KASAN tests, but it might be also useful on its own. Signed-off-by: Andrey Konovalov --- include/linux/mempool.h | 2 ++ mm/mempool.c | 27 ++++++++++++++++++++++++--- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/include/linux/mempool.h b/include/linux/mempool.h index 4aae6c06c5f2..822adf1e7567 100644 --- a/include/linux/mempool.h +++ b/include/linux/mempool.h @@ -18,6 +18,7 @@ typedef struct mempool_s { int min_nr; /* nr of elements at *elements */ int curr_nr; /* Current nr of elements at *elements */ void **elements; + bool use_prealloc_only; /* Use only preallocated elements */ void *pool_data; mempool_alloc_t *alloc; @@ -48,6 +49,7 @@ extern mempool_t *mempool_create_node(int min_nr, mempool_alloc_t *alloc_fn, mempool_free_t *free_fn, void *pool_data, gfp_t gfp_mask, int nid); +extern void mempool_use_prealloc_only(mempool_t *pool); extern int mempool_resize(mempool_t *pool, int new_min_nr); extern void mempool_destroy(mempool_t *pool); extern void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask) __malloc; diff --git a/mm/mempool.c b/mm/mempool.c index f67ca6753332..59f7fcd355b3 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -365,6 +365,20 @@ int mempool_resize(mempool_t *pool, int new_min_nr) } EXPORT_SYMBOL(mempool_resize); +/** + * mempool_use_prealloc_only - mark a pool to only use preallocated elements + * @pool: pointer to the memory pool that should be marked + * + * This function should only be called right after the pool creation via + * mempool_init() or mempool_create() and must not be called concurrently with + * mempool_alloc(). + */ +void mempool_use_prealloc_only(mempool_t *pool) +{ + pool->use_prealloc_only = true; +} +EXPORT_SYMBOL(mempool_use_prealloc_only); + /** * mempool_alloc - allocate an element from a specific memory pool * @pool: pointer to the memory pool which was allocated via @@ -397,9 +411,11 @@ void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask) repeat_alloc: - element = pool->alloc(gfp_temp, pool->pool_data); - if (likely(element != NULL)) - return element; + if (!pool->use_prealloc_only) { + element = pool->alloc(gfp_temp, pool->pool_data); + if (likely(element != NULL)) + return element; + } spin_lock_irqsave(&pool->lock, flags); if (likely(pool->curr_nr)) { @@ -415,6 +431,11 @@ void *mempool_alloc(mempool_t *pool, gfp_t gfp_mask) return element; } + if (pool->use_prealloc_only) { + spin_unlock_irqrestore(&pool->lock, flags); + return NULL; + } + /* * We use gfp mask w/o direct reclaim or IO for the first round. If * alloc failed with that and @pool was empty, retry immediately. From patchwork Mon Nov 6 20:10:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162167 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902723vqu; Mon, 6 Nov 2023 12:13:15 -0800 (PST) X-Google-Smtp-Source: AGHT+IGFyg0IyMd/nGNKl9B7U31PnexnHgWo1q76+FawFEQoTQKYRcNRohhXlwjFnX16WSxZWEXf X-Received: by 2002:a17:90b:38c2:b0:281:b37:2038 with SMTP id nn2-20020a17090b38c200b002810b372038mr2778491pjb.1.1699301595172; Mon, 06 Nov 2023 12:13:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301595; cv=none; d=google.com; s=arc-20160816; b=TO31GvNkyxn6tQY2J1YkVIMp4ayywSFTNOxwxyPBAasS1Sh3ucNrpA33HbtSQjQLUh XbDWnDbPB11U9XC14NTfsfZyIIfwyuzL6KhGLr/+/15SgNRRma7QpXLCCqvCyexV7Ga1 OSFRTgeAZ9WL8LP4sOsdXuqNbJfe31JZMGsDe2Hvl5JjvdY7tFNt4MolbPOoaH3zkM9k kub8yVRNmP/LlwYHcGh6bUgzi099uvRC0ZUCOLN/4SCzZ1OGqIJ+e3d9lDy9XCWXxobW 4W82o92gQutx0WTdflu2/sjhZpjp/6l004kKnwbdXpZPCANm6GpSCwkbv7eswSy8czVs ilMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=J0FZGClDjGLvLD3TemnnZlVkckK/FbBcRM13VFu32PM=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=09S+YUocmaJE5e88BzUUW6eXbzyeD0GLxE7rdHBEkLG4fLgqOwJhobU5nGdnIlbjos aNZGykgGc0HS9E8mM2mGWyKC7o+b/G8BHwcaVenaO0uXj/klVE85C9sd+GznHMG4kkzk M/tGa373U42A0KGUc6qgDaMqv9I9i6nLjMCGP4Ln8rGW2E8uFHG1KqQs514uDlefv+tg 5f1qPsusx77A0TBslZrx5DIif5dHiH4nwyaSrMw4E55+FZ1oFDohYf+JSGEZbneHkl2N kzRQp+d8Fafjtlr7lr76uGX5kYOPBmqWp1n2Iz401xHKpiwmQukQulqvtJHQ1hwjgf01 SWKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="u66VHtu/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id u18-20020a170902e5d200b001b9be39eaa8si9367360plf.348.2023.11.06.12.13.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:13:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="u66VHtu/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 2D3E3801BA63; Mon, 6 Nov 2023 12:13:14 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232938AbjKFUNI (ORCPT + 34 others); Mon, 6 Nov 2023 15:13:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232983AbjKFUMu (ORCPT ); Mon, 6 Nov 2023 15:12:50 -0500 Received: from out-178.mta1.migadu.com (out-178.mta1.migadu.com [95.215.58.178]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 312FC10D0 for ; Mon, 6 Nov 2023 12:12:47 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J0FZGClDjGLvLD3TemnnZlVkckK/FbBcRM13VFu32PM=; b=u66VHtu/jQ8awmrPx0sqAT3awrwRy7LoUZT6YuP/AeVFLTV8z6gU99EDSnmB7b+vlP8GiH kLVdU8feP/LvgjDFYRFlJYBJnYVG/BCUZebuMkwHoBpVhV+QpImR3lWmGnjoTkYHo9queI m9qLnEnZnW6Qbh8fHp4S9bL0AaSkd1M= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 15/20] kasan: add mempool tests Date: Mon, 6 Nov 2023 21:10:24 +0100 Message-Id: <389467628f04e7defb81cc08079cdc9c983f71a4.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:13:14 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846869546570955 X-GMAIL-MSGID: 1781846869546570955 From: Andrey Konovalov Add KASAN tests for mempool. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 325 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 325 insertions(+) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 8281eb42464b..9adbcd04259b 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -798,6 +799,318 @@ static void kmem_cache_bulk(struct kunit *test) kmem_cache_destroy(cache); } +static void *mempool_prepare_kmalloc(struct kunit *test, mempool_t *pool, size_t size) +{ + int pool_size = 4; + int ret; + void *elem; + + memset(pool, 0, sizeof(*pool)); + ret = mempool_init_kmalloc_pool(pool, pool_size, size); + KUNIT_ASSERT_EQ(test, ret, 0); + + /* Tell mempool to only use preallocated elements. */ + mempool_use_prealloc_only(pool); + + /* + * Allocate one element to prevent mempool from freeing elements to the + * underlying allocator and instead make it add them to the element + * list when the tests trigger double-free and invalid-free bugs. + * This allows testing KASAN annotations in add_element(). + */ + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + return elem; +} + +static struct kmem_cache *mempool_prepare_slab(struct kunit *test, mempool_t *pool, size_t size) +{ + struct kmem_cache *cache; + int pool_size = 4; + int ret; + + cache = kmem_cache_create("test_cache", size, 0, 0, NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + + memset(pool, 0, sizeof(*pool)); + ret = mempool_init_slab_pool(pool, pool_size, cache); + KUNIT_ASSERT_EQ(test, ret, 0); + + mempool_use_prealloc_only(pool); + + /* + * Do not allocate one preallocated element, as we skip the double-free + * and invalid-free tests for slab mempool for simplicity. + */ + + return cache; +} + +static void *mempool_prepare_page(struct kunit *test, mempool_t *pool, int order) +{ + int pool_size = 4; + int ret; + void *elem; + + memset(pool, 0, sizeof(*pool)); + ret = mempool_init_page_pool(pool, pool_size, order); + KUNIT_ASSERT_EQ(test, ret, 0); + + mempool_use_prealloc_only(pool); + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + return elem; +} + +static void mempool_oob_right_helper(struct kunit *test, mempool_t *pool, size_t size) +{ + char *elem; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + OPTIMIZER_HIDE_VAR(elem); + + if (IS_ENABLED(CONFIG_KASAN_GENERIC)) + KUNIT_EXPECT_KASAN_FAIL(test, elem[size] = 'x'); + else + KUNIT_EXPECT_KASAN_FAIL(test, + elem[round_up(size, KASAN_GRANULE_SIZE)] = 'x'); + + mempool_free(elem, pool); +} + +static void mempool_kmalloc_oob_right(struct kunit *test) +{ + mempool_t pool; + size_t size = 128 - KASAN_GRANULE_SIZE - 5; + void *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_oob_right_helper(test, &pool, size); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_oob_right(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + void *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_oob_right_helper(test, &pool, size); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_slab_oob_right(struct kunit *test) +{ + mempool_t pool; + size_t size = 123; + struct kmem_cache *cache; + + cache = mempool_prepare_slab(test, &pool, size); + + mempool_oob_right_helper(test, &pool, size); + + mempool_exit(&pool); + kmem_cache_destroy(cache); +} + +/* + * Skip the out-of-bounds test for page mempool. With Generic KASAN, page + * allocations have no redzones, and thus the out-of-bounds detection is not + * guaranteed; see https://bugzilla.kernel.org/show_bug.cgi?id=210503. With + * the tag-based KASAN modes, the neighboring allocation might have the same + * tag; see https://bugzilla.kernel.org/show_bug.cgi?id=203505. + */ + +static void mempool_uaf_helper(struct kunit *test, mempool_t *pool, bool page) +{ + char *elem, *ptr; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + mempool_free(elem, pool); + + ptr = page ? page_address((struct page *)elem) : elem; + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); +} + +static void mempool_kmalloc_uaf(struct kunit *test) +{ + mempool_t pool; + size_t size = 128; + void *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_uaf_helper(test, &pool, false); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_uaf(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + void *extra_elem; + + /* page_alloc fallback is only implemented for SLUB. */ + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_uaf_helper(test, &pool, false); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_slab_uaf(struct kunit *test) +{ + mempool_t pool; + size_t size = 123; + struct kmem_cache *cache; + + cache = mempool_prepare_slab(test, &pool, size); + + mempool_uaf_helper(test, &pool, false); + + mempool_exit(&pool); + kmem_cache_destroy(cache); +} + +static void mempool_page_alloc_uaf(struct kunit *test) +{ + mempool_t pool; + int order = 2; + void *extra_elem; + + extra_elem = mempool_prepare_page(test, &pool, order); + + mempool_uaf_helper(test, &pool, true); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_double_free_helper(struct kunit *test, mempool_t *pool) +{ + char *elem; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + mempool_free(elem, pool); + + KUNIT_EXPECT_KASAN_FAIL(test, mempool_free(elem, pool)); +} + +static void mempool_kmalloc_double_free(struct kunit *test) +{ + mempool_t pool; + size_t size = 128; + char *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_double_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_double_free(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + char *extra_elem; + + /* page_alloc fallback is only implemented for SLUB. */ + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_double_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_page_alloc_double_free(struct kunit *test) +{ + mempool_t pool; + int order = 2; + char *extra_elem; + + extra_elem = mempool_prepare_page(test, &pool, order); + + mempool_double_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_invalid_free_helper(struct kunit *test, mempool_t *pool) +{ + char *elem; + + elem = mempool_alloc(pool, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elem); + + KUNIT_EXPECT_KASAN_FAIL(test, mempool_free(elem + 1, pool)); + + mempool_free(elem, pool); +} + +static void mempool_kmalloc_invalid_free(struct kunit *test) +{ + mempool_t pool; + size_t size = 128; + char *extra_elem; + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_kmalloc_invalid_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +static void mempool_kmalloc_large_invalid_free(struct kunit *test) +{ + mempool_t pool; + size_t size = KMALLOC_MAX_CACHE_SIZE + 1; + char *extra_elem; + + /* page_alloc fallback is only implemented for SLUB. */ + KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); + + extra_elem = mempool_prepare_kmalloc(test, &pool, size); + + mempool_kmalloc_invalid_free_helper(test, &pool); + + mempool_free(extra_elem, &pool); + mempool_exit(&pool); +} + +/* + * Skip the invalid-free test for page mempool. The invalid-free detection only + * works for compound pages and mempool preallocates all page elements without + * the __GFP_COMP flag. + */ + static char global_array[10]; static void kasan_global_oob_right(struct kunit *test) @@ -1538,6 +1851,18 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmem_cache_oob), KUNIT_CASE(kmem_cache_accounted), KUNIT_CASE(kmem_cache_bulk), + KUNIT_CASE(mempool_kmalloc_oob_right), + KUNIT_CASE(mempool_kmalloc_large_oob_right), + KUNIT_CASE(mempool_slab_oob_right), + KUNIT_CASE(mempool_kmalloc_uaf), + KUNIT_CASE(mempool_kmalloc_large_uaf), + KUNIT_CASE(mempool_slab_uaf), + KUNIT_CASE(mempool_page_alloc_uaf), + KUNIT_CASE(mempool_kmalloc_double_free), + KUNIT_CASE(mempool_kmalloc_large_double_free), + KUNIT_CASE(mempool_page_alloc_double_free), + KUNIT_CASE(mempool_kmalloc_invalid_free), + KUNIT_CASE(mempool_kmalloc_large_invalid_free), KUNIT_CASE(kasan_global_oob_right), KUNIT_CASE(kasan_global_oob_left), KUNIT_CASE(kasan_stack_oob), From patchwork Mon Nov 6 20:10:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162168 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902816vqu; Mon, 6 Nov 2023 12:13:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IF5N29QbM2xK6WNeTKifOqYrGi0NuMcfqK7YTIxL8bw2OsAdiQK/n2Oq6/sNULLLxJosWvA X-Received: by 2002:a17:902:c945:b0:1cc:5388:a908 with SMTP id i5-20020a170902c94500b001cc5388a908mr22938702pla.63.1699301607517; Mon, 06 Nov 2023 12:13:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301607; cv=none; d=google.com; s=arc-20160816; b=qAhPmpzw+hCte04VRRdFY30TlmUELc1h31PJLU2GVwtQKJBNerWsLPPLta6WwQlFyw 2NoLsh796wyYgjFiyaOcS/N51Xl33si/I7ePRRstSM8NeZk5c2nHmSlYXtqQNlTDCOl/ SJYMrM4ezzXt+6dH6BiE1vi8M3B/+u6BauzamfKXIoNPtNG+o4kxeZTqwVdRdFdYmkKt eidNzklVs0pSt01yj1/IgQkxnLDvxh8yth/qvKwmFLNETbwV3IJAifnba30CIGI05tvG J3EdkgXFLgYBJ/GsHwlQMKnX6UR3g4VezC9+Bqfku+T9JOsTaBaWcCfTelk7pqykRkS4 kyBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kJM+A7peUz+3HNFpMd2AaQcsySYXWlMk/hSPbyjpTN8=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=pyVNQtiB3uaJMDlODboocurFqbQWd57ifEcNsQZUgx5yJbl53EtfdT4nb6trfeByhP ewk/CPB4RsVePJwehwupf0oDBC+oXOpPhxwxcPRqvmwu4SrHfh53EhoMiNidNAtNPs5+ vBMLiVhP8ywuIjYI/7PE1QINqvb/ttcBLG1V2bJIfJsEinaPHqipLR6cy98e/UdkEC4x GJrn+jWVgLCW52XESq0WarWRIMj2yUwLvsigTncvz8cmUKh4OTploRqkNWdh6EpegMyP k2gCWpI4uAoVJEaDqb63sEvRnj+aHfJlLu7fKyubuDfWXLH07E3gkvorJuGX7EomcFTW eLJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="UlmlCS1/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id m11-20020a1709026bcb00b001c9ad94f614si8378699plt.244.2023.11.06.12.13.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:13:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="UlmlCS1/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 80086801B9E1; Mon, 6 Nov 2023 12:13:26 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233189AbjKFUNS (ORCPT + 34 others); Mon, 6 Nov 2023 15:13:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232954AbjKFUMv (ORCPT ); Mon, 6 Nov 2023 15:12:51 -0500 Received: from out-177.mta1.migadu.com (out-177.mta1.migadu.com [95.215.58.177]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D64AF10D3 for ; Mon, 6 Nov 2023 12:12:47 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kJM+A7peUz+3HNFpMd2AaQcsySYXWlMk/hSPbyjpTN8=; b=UlmlCS1/Z5dNByDcL6mE/0uoH62A1+s+Ul8OA7cSjRv8NsKOsAjlfXrZLnkR3VwZsnhqQm BCWlrEHz9Npwsl36SjkhbQgtrNkJApwPl+NiWrTyhnCPtmdiUaVoCUKg2oM4RE/0RN1Uw9 TCk2g0lBq9wUxkhNuVfEb1cqa6QfF3g= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 16/20] kasan: rename pagealloc tests Date: Mon, 6 Nov 2023 21:10:25 +0100 Message-Id: <0cf5eb3ea000a76c48554bbc80acb6135ebbb94a.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:13:26 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846882379127734 X-GMAIL-MSGID: 1781846882379127734 From: Andrey Konovalov Rename "pagealloc" KASAN tests: 1. Use "kmalloc_large" for tests that use large kmalloc allocations. 2. Use "page_alloc" for tests that use page_alloc. Also clean up the comments. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 51 ++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 9adbcd04259b..4ea403653a39 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -214,12 +214,13 @@ static void kmalloc_node_oob_right(struct kunit *test) } /* - * These kmalloc_pagealloc_* tests try allocating a memory chunk that doesn't - * fit into a slab cache and therefore is allocated via the page allocator - * fallback. Since this kind of fallback is only implemented for SLUB, these - * tests are limited to that allocator. + * The kmalloc_large_* tests below use kmalloc() to allocate a memory chunk + * that does not fit into the largest slab cache and therefore is allocated via + * the page_alloc fallback for SLUB. SLAB has no such fallback, and thus these + * tests are not supported for it. */ -static void kmalloc_pagealloc_oob_right(struct kunit *test) + +static void kmalloc_large_oob_right(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE + 10; @@ -235,7 +236,7 @@ static void kmalloc_pagealloc_oob_right(struct kunit *test) kfree(ptr); } -static void kmalloc_pagealloc_uaf(struct kunit *test) +static void kmalloc_large_uaf(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE + 10; @@ -249,7 +250,7 @@ static void kmalloc_pagealloc_uaf(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } -static void kmalloc_pagealloc_invalid_free(struct kunit *test) +static void kmalloc_large_invalid_free(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE + 10; @@ -262,7 +263,7 @@ static void kmalloc_pagealloc_invalid_free(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, kfree(ptr + 1)); } -static void pagealloc_oob_right(struct kunit *test) +static void page_alloc_oob_right(struct kunit *test) { char *ptr; struct page *pages; @@ -284,7 +285,7 @@ static void pagealloc_oob_right(struct kunit *test) free_pages((unsigned long)ptr, order); } -static void pagealloc_uaf(struct kunit *test) +static void page_alloc_uaf(struct kunit *test) { char *ptr; struct page *pages; @@ -298,15 +299,15 @@ static void pagealloc_uaf(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } -static void kmalloc_large_oob_right(struct kunit *test) +/* + * Check that KASAN detects an out-of-bounds access for a big object allocated + * via kmalloc(). But not as big as to trigger the page_alloc fallback for SLUB. + */ +static void kmalloc_big_oob_right(struct kunit *test) { char *ptr; size_t size = KMALLOC_MAX_CACHE_SIZE - 256; - /* - * Allocate a chunk that is large enough, but still fits into a slab - * and does not trigger the page allocator fallback in SLUB. - */ ptr = kmalloc(size, GFP_KERNEL); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); @@ -404,18 +405,18 @@ static void krealloc_less_oob(struct kunit *test) krealloc_less_oob_helper(test, 235, 201); } -static void krealloc_pagealloc_more_oob(struct kunit *test) +static void krealloc_large_more_oob(struct kunit *test) { - /* page_alloc fallback in only implemented for SLUB. */ + /* page_alloc fallback is only implemented for SLUB. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); krealloc_more_oob_helper(test, KMALLOC_MAX_CACHE_SIZE + 201, KMALLOC_MAX_CACHE_SIZE + 235); } -static void krealloc_pagealloc_less_oob(struct kunit *test) +static void krealloc_large_less_oob(struct kunit *test) { - /* page_alloc fallback in only implemented for SLUB. */ + /* page_alloc fallback is only implemented for SLUB. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); krealloc_less_oob_helper(test, KMALLOC_MAX_CACHE_SIZE + 235, @@ -1822,16 +1823,16 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmalloc_oob_right), KUNIT_CASE(kmalloc_oob_left), KUNIT_CASE(kmalloc_node_oob_right), - KUNIT_CASE(kmalloc_pagealloc_oob_right), - KUNIT_CASE(kmalloc_pagealloc_uaf), - KUNIT_CASE(kmalloc_pagealloc_invalid_free), - KUNIT_CASE(pagealloc_oob_right), - KUNIT_CASE(pagealloc_uaf), KUNIT_CASE(kmalloc_large_oob_right), + KUNIT_CASE(kmalloc_large_uaf), + KUNIT_CASE(kmalloc_large_invalid_free), + KUNIT_CASE(page_alloc_oob_right), + KUNIT_CASE(page_alloc_uaf), + KUNIT_CASE(kmalloc_big_oob_right), KUNIT_CASE(krealloc_more_oob), KUNIT_CASE(krealloc_less_oob), - KUNIT_CASE(krealloc_pagealloc_more_oob), - KUNIT_CASE(krealloc_pagealloc_less_oob), + KUNIT_CASE(krealloc_large_more_oob), + KUNIT_CASE(krealloc_large_less_oob), KUNIT_CASE(krealloc_uaf), KUNIT_CASE(kmalloc_oob_16), KUNIT_CASE(kmalloc_uaf_16), From patchwork Mon Nov 6 20:10:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162169 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2902855vqu; Mon, 6 Nov 2023 12:13:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IFQkIr8LP5+LJQVzoSdvhHiLUl1mx2smuegm5h3/POd9aDdogRnMwsoQqh1AQBe9OC0FcO0 X-Received: by 2002:a05:6a20:a128:b0:17b:40:ccc6 with SMTP id q40-20020a056a20a12800b0017b0040ccc6mr670550pzk.4.1699301613724; Mon, 06 Nov 2023 12:13:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301613; cv=none; d=google.com; s=arc-20160816; b=vpH7NStdOYCFoPXwlTAtOxOwd9+q0YYjE1/4gK+L7WwctY48ZEcUKi6C0OrVHU7AKt Riqtr/5uFYrlLCxHhw2Lm1WiGddH846DRUNCYUwELm1vBhQbrsVIFUCqfDfQ/X9IIuAA Ea/7pV2/VgJ1/6DY+n3V1R98/J7j3LuO7VSv2f81N9aNZuwF05RRhclZZgBqSYJxyS9V QF6dwc7KvaMRjbSXzUwiJ7yNbH6HC5frw8gi6eWYb5+J3zutNlRFCeiqtWvDBK/cVUvf 0tErhFANTLRJ0X1buw/a7uyTd6yk/1+4XQctKRgvxKhq5mgrpvfwmj0Z5p5p/yDSvnBw U3lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FpmYov1aH1316OEV0hzDWuWRApXC9pzAf5GrPoQwwQE=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=ysCa2E68/tQlZ+CtpqKBs22ENWjRZKW0cPwwByNDrWfsJPEdSIx/SIETeSr2cCJtST LXIemgv/KR6ijtozHGOSfRzpo2ZAIJcnkz0lI5EtvuF0v3cFg8ByMJBr+SF+jkme3qc0 HsNsCYIHtAbrk8XKNwdKlBH6ufs5kZA1wVnLwVsPoONqDC5riPDPBG+NuQi6MVnOPa6X 8pxQHhgqbNwE61KgzovtySnrb7Gulmp0bXZPeBADiLEVg3XTCdYHDwYCa/iVW5b0Z8qc /bgmvuYcHsNqzvZOekwSlPykqLAQKlulVp6JhcLTF7g4STZUhIxGZaOpg0BQqfcer6qP SpUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=FgwksLN8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id u12-20020a63f64c000000b005bd0432d9b0si408526pgj.100.2023.11.06.12.13.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:13:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=FgwksLN8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id C4E29801B9EA; Mon, 6 Nov 2023 12:13:32 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233192AbjKFUNX (ORCPT + 34 others); Mon, 6 Nov 2023 15:13:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233034AbjKFUMw (ORCPT ); Mon, 6 Nov 2023 15:12:52 -0500 Received: from out-185.mta1.migadu.com (out-185.mta1.migadu.com [95.215.58.185]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 645F910C3 for ; Mon, 6 Nov 2023 12:12:48 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FpmYov1aH1316OEV0hzDWuWRApXC9pzAf5GrPoQwwQE=; b=FgwksLN8aysaSZtwoYOKI1noktDySIqALWEt8eIDOA37kM5+nQFR36VjYWjdvMHSYOiZSB U5qxNgDH42TiixtLjkdrfCsLZMwoMST5/Z7rYYxnjZsSHjJkCwefw8l0CxPmxQpMFrg4wn oNPg94RExuW29qqQXFjSvALdPkpS8gs= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 17/20] kasan: reorder tests Date: Mon, 6 Nov 2023 21:10:26 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:13:32 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846888841614301 X-GMAIL-MSGID: 1781846888841614301 From: Andrey Konovalov Put closely related tests next to each other. No functional changes. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 418 +++++++++++++++++++++--------------------- 1 file changed, 209 insertions(+), 209 deletions(-) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 4ea403653a39..9a1bdd6ca8c4 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -213,6 +213,23 @@ static void kmalloc_node_oob_right(struct kunit *test) kfree(ptr); } +/* + * Check that KASAN detects an out-of-bounds access for a big object allocated + * via kmalloc(). But not as big as to trigger the page_alloc fallback for SLUB. + */ +static void kmalloc_big_oob_right(struct kunit *test) +{ + char *ptr; + size_t size = KMALLOC_MAX_CACHE_SIZE - 256; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + OPTIMIZER_HIDE_VAR(ptr); + KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); + kfree(ptr); +} + /* * The kmalloc_large_* tests below use kmalloc() to allocate a memory chunk * that does not fit into the largest slab cache and therefore is allocated via @@ -299,23 +316,6 @@ static void page_alloc_uaf(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); } -/* - * Check that KASAN detects an out-of-bounds access for a big object allocated - * via kmalloc(). But not as big as to trigger the page_alloc fallback for SLUB. - */ -static void kmalloc_big_oob_right(struct kunit *test) -{ - char *ptr; - size_t size = KMALLOC_MAX_CACHE_SIZE - 256; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - OPTIMIZER_HIDE_VAR(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ptr[size] = 0); - kfree(ptr); -} - static void krealloc_more_oob_helper(struct kunit *test, size_t size1, size_t size2) { @@ -698,6 +698,126 @@ static void kmalloc_uaf3(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr1)[8]); } +static void kmalloc_double_kzfree(struct kunit *test) +{ + char *ptr; + size_t size = 16; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + kfree_sensitive(ptr); + KUNIT_EXPECT_KASAN_FAIL(test, kfree_sensitive(ptr)); +} + +/* Check that ksize() does NOT unpoison whole object. */ +static void ksize_unpoisons_memory(struct kunit *test) +{ + char *ptr; + size_t size = 128 - KASAN_GRANULE_SIZE - 5; + size_t real_size; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + real_size = ksize(ptr); + KUNIT_EXPECT_GT(test, real_size, size); + + OPTIMIZER_HIDE_VAR(ptr); + + /* These accesses shouldn't trigger a KASAN report. */ + ptr[0] = 'x'; + ptr[size - 1] = 'x'; + + /* These must trigger a KASAN report. */ + if (IS_ENABLED(CONFIG_KASAN_GENERIC)) + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size + 5]); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size - 1]); + + kfree(ptr); +} + +/* + * Check that a use-after-free is detected by ksize() and via normal accesses + * after it. + */ +static void ksize_uaf(struct kunit *test) +{ + char *ptr; + int size = 128 - KASAN_GRANULE_SIZE; + + ptr = kmalloc(size, GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + kfree(ptr); + + OPTIMIZER_HIDE_VAR(ptr); + KUNIT_EXPECT_KASAN_FAIL(test, ksize(ptr)); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); + KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); +} + +/* + * The two tests below check that Generic KASAN prints auxiliary stack traces + * for RCU callbacks and workqueues. The reports need to be inspected manually. + * + * These tests are still enabled for other KASAN modes to make sure that all + * modes report bad accesses in tested scenarios. + */ + +static struct kasan_rcu_info { + int i; + struct rcu_head rcu; +} *global_rcu_ptr; + +static void rcu_uaf_reclaim(struct rcu_head *rp) +{ + struct kasan_rcu_info *fp = + container_of(rp, struct kasan_rcu_info, rcu); + + kfree(fp); + ((volatile struct kasan_rcu_info *)fp)->i; +} + +static void rcu_uaf(struct kunit *test) +{ + struct kasan_rcu_info *ptr; + + ptr = kmalloc(sizeof(struct kasan_rcu_info), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); + + global_rcu_ptr = rcu_dereference_protected( + (struct kasan_rcu_info __rcu *)ptr, NULL); + + KUNIT_EXPECT_KASAN_FAIL(test, + call_rcu(&global_rcu_ptr->rcu, rcu_uaf_reclaim); + rcu_barrier()); +} + +static void workqueue_uaf_work(struct work_struct *work) +{ + kfree(work); +} + +static void workqueue_uaf(struct kunit *test) +{ + struct workqueue_struct *workqueue; + struct work_struct *work; + + workqueue = create_workqueue("kasan_workqueue_test"); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, workqueue); + + work = kmalloc(sizeof(struct work_struct), GFP_KERNEL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, work); + + INIT_WORK(work, workqueue_uaf_work); + queue_work(workqueue, work); + destroy_workqueue(workqueue); + + KUNIT_EXPECT_KASAN_FAIL(test, + ((volatile struct work_struct *)work)->data); +} + static void kfree_via_page(struct kunit *test) { char *ptr; @@ -748,6 +868,69 @@ static void kmem_cache_oob(struct kunit *test) kmem_cache_destroy(cache); } +static void kmem_cache_double_free(struct kunit *test) +{ + char *p; + size_t size = 200; + struct kmem_cache *cache; + + cache = kmem_cache_create("test_cache", size, 0, 0, NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + + p = kmem_cache_alloc(cache, GFP_KERNEL); + if (!p) { + kunit_err(test, "Allocation failed: %s\n", __func__); + kmem_cache_destroy(cache); + return; + } + + kmem_cache_free(cache, p); + KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p)); + kmem_cache_destroy(cache); +} + +static void kmem_cache_invalid_free(struct kunit *test) +{ + char *p; + size_t size = 200; + struct kmem_cache *cache; + + cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU, + NULL); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + + p = kmem_cache_alloc(cache, GFP_KERNEL); + if (!p) { + kunit_err(test, "Allocation failed: %s\n", __func__); + kmem_cache_destroy(cache); + return; + } + + /* Trigger invalid free, the object doesn't get freed. */ + KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1)); + + /* + * Properly free the object to prevent the "Objects remaining in + * test_cache on __kmem_cache_shutdown" BUG failure. + */ + kmem_cache_free(cache, p); + + kmem_cache_destroy(cache); +} + +static void empty_cache_ctor(void *object) { } + +static void kmem_cache_double_destroy(struct kunit *test) +{ + struct kmem_cache *cache; + + /* Provide a constructor to prevent cache merging. */ + cache = kmem_cache_create("test_cache", 200, 0, 0, empty_cache_ctor); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); + kmem_cache_destroy(cache); + KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_destroy(cache)); +} + static void kmem_cache_accounted(struct kunit *test) { int i; @@ -1151,53 +1334,6 @@ static void kasan_global_oob_left(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p); } -/* Check that ksize() does NOT unpoison whole object. */ -static void ksize_unpoisons_memory(struct kunit *test) -{ - char *ptr; - size_t size = 128 - KASAN_GRANULE_SIZE - 5; - size_t real_size; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - real_size = ksize(ptr); - KUNIT_EXPECT_GT(test, real_size, size); - - OPTIMIZER_HIDE_VAR(ptr); - - /* These accesses shouldn't trigger a KASAN report. */ - ptr[0] = 'x'; - ptr[size - 1] = 'x'; - - /* These must trigger a KASAN report. */ - if (IS_ENABLED(CONFIG_KASAN_GENERIC)) - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size + 5]); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[real_size - 1]); - - kfree(ptr); -} - -/* - * Check that a use-after-free is detected by ksize() and via normal accesses - * after it. - */ -static void ksize_uaf(struct kunit *test) -{ - char *ptr; - int size = 128 - KASAN_GRANULE_SIZE; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - kfree(ptr); - - OPTIMIZER_HIDE_VAR(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, ksize(ptr)); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[0]); - KUNIT_EXPECT_KASAN_FAIL(test, ((volatile char *)ptr)[size]); -} - static void kasan_stack_oob(struct kunit *test) { char stack_array[10]; @@ -1240,69 +1376,6 @@ static void kasan_alloca_oob_right(struct kunit *test) KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p); } -static void kmem_cache_double_free(struct kunit *test) -{ - char *p; - size_t size = 200; - struct kmem_cache *cache; - - cache = kmem_cache_create("test_cache", size, 0, 0, NULL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); - - p = kmem_cache_alloc(cache, GFP_KERNEL); - if (!p) { - kunit_err(test, "Allocation failed: %s\n", __func__); - kmem_cache_destroy(cache); - return; - } - - kmem_cache_free(cache, p); - KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p)); - kmem_cache_destroy(cache); -} - -static void kmem_cache_invalid_free(struct kunit *test) -{ - char *p; - size_t size = 200; - struct kmem_cache *cache; - - cache = kmem_cache_create("test_cache", size, 0, SLAB_TYPESAFE_BY_RCU, - NULL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); - - p = kmem_cache_alloc(cache, GFP_KERNEL); - if (!p) { - kunit_err(test, "Allocation failed: %s\n", __func__); - kmem_cache_destroy(cache); - return; - } - - /* Trigger invalid free, the object doesn't get freed. */ - KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_free(cache, p + 1)); - - /* - * Properly free the object to prevent the "Objects remaining in - * test_cache on __kmem_cache_shutdown" BUG failure. - */ - kmem_cache_free(cache, p); - - kmem_cache_destroy(cache); -} - -static void empty_cache_ctor(void *object) { } - -static void kmem_cache_double_destroy(struct kunit *test) -{ - struct kmem_cache *cache; - - /* Provide a constructor to prevent cache merging. */ - cache = kmem_cache_create("test_cache", 200, 0, 0, empty_cache_ctor); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cache); - kmem_cache_destroy(cache); - KUNIT_EXPECT_KASAN_FAIL(test, kmem_cache_destroy(cache)); -} - static void kasan_memchr(struct kunit *test) { char *ptr; @@ -1464,79 +1537,6 @@ static void kasan_bitops_tags(struct kunit *test) kfree(bits); } -static void kmalloc_double_kzfree(struct kunit *test) -{ - char *ptr; - size_t size = 16; - - ptr = kmalloc(size, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - kfree_sensitive(ptr); - KUNIT_EXPECT_KASAN_FAIL(test, kfree_sensitive(ptr)); -} - -/* - * The two tests below check that Generic KASAN prints auxiliary stack traces - * for RCU callbacks and workqueues. The reports need to be inspected manually. - * - * These tests are still enabled for other KASAN modes to make sure that all - * modes report bad accesses in tested scenarios. - */ - -static struct kasan_rcu_info { - int i; - struct rcu_head rcu; -} *global_rcu_ptr; - -static void rcu_uaf_reclaim(struct rcu_head *rp) -{ - struct kasan_rcu_info *fp = - container_of(rp, struct kasan_rcu_info, rcu); - - kfree(fp); - ((volatile struct kasan_rcu_info *)fp)->i; -} - -static void rcu_uaf(struct kunit *test) -{ - struct kasan_rcu_info *ptr; - - ptr = kmalloc(sizeof(struct kasan_rcu_info), GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); - - global_rcu_ptr = rcu_dereference_protected( - (struct kasan_rcu_info __rcu *)ptr, NULL); - - KUNIT_EXPECT_KASAN_FAIL(test, - call_rcu(&global_rcu_ptr->rcu, rcu_uaf_reclaim); - rcu_barrier()); -} - -static void workqueue_uaf_work(struct work_struct *work) -{ - kfree(work); -} - -static void workqueue_uaf(struct kunit *test) -{ - struct workqueue_struct *workqueue; - struct work_struct *work; - - workqueue = create_workqueue("kasan_workqueue_test"); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, workqueue); - - work = kmalloc(sizeof(struct work_struct), GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, work); - - INIT_WORK(work, workqueue_uaf_work); - queue_work(workqueue, work); - destroy_workqueue(workqueue); - - KUNIT_EXPECT_KASAN_FAIL(test, - ((volatile struct work_struct *)work)->data); -} - static void vmalloc_helpers_tags(struct kunit *test) { void *ptr; @@ -1823,12 +1823,12 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmalloc_oob_right), KUNIT_CASE(kmalloc_oob_left), KUNIT_CASE(kmalloc_node_oob_right), + KUNIT_CASE(kmalloc_big_oob_right), KUNIT_CASE(kmalloc_large_oob_right), KUNIT_CASE(kmalloc_large_uaf), KUNIT_CASE(kmalloc_large_invalid_free), KUNIT_CASE(page_alloc_oob_right), KUNIT_CASE(page_alloc_uaf), - KUNIT_CASE(kmalloc_big_oob_right), KUNIT_CASE(krealloc_more_oob), KUNIT_CASE(krealloc_less_oob), KUNIT_CASE(krealloc_large_more_oob), @@ -1847,9 +1847,17 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kmalloc_uaf_memset), KUNIT_CASE(kmalloc_uaf2), KUNIT_CASE(kmalloc_uaf3), + KUNIT_CASE(kmalloc_double_kzfree), + KUNIT_CASE(ksize_unpoisons_memory), + KUNIT_CASE(ksize_uaf), + KUNIT_CASE(rcu_uaf), + KUNIT_CASE(workqueue_uaf), KUNIT_CASE(kfree_via_page), KUNIT_CASE(kfree_via_phys), KUNIT_CASE(kmem_cache_oob), + KUNIT_CASE(kmem_cache_double_free), + KUNIT_CASE(kmem_cache_invalid_free), + KUNIT_CASE(kmem_cache_double_destroy), KUNIT_CASE(kmem_cache_accounted), KUNIT_CASE(kmem_cache_bulk), KUNIT_CASE(mempool_kmalloc_oob_right), @@ -1869,19 +1877,11 @@ static struct kunit_case kasan_kunit_test_cases[] = { KUNIT_CASE(kasan_stack_oob), KUNIT_CASE(kasan_alloca_oob_left), KUNIT_CASE(kasan_alloca_oob_right), - KUNIT_CASE(ksize_unpoisons_memory), - KUNIT_CASE(ksize_uaf), - KUNIT_CASE(kmem_cache_double_free), - KUNIT_CASE(kmem_cache_invalid_free), - KUNIT_CASE(kmem_cache_double_destroy), KUNIT_CASE(kasan_memchr), KUNIT_CASE(kasan_memcmp), KUNIT_CASE(kasan_strings), KUNIT_CASE(kasan_bitops_generic), KUNIT_CASE(kasan_bitops_tags), - KUNIT_CASE(kmalloc_double_kzfree), - KUNIT_CASE(rcu_uaf), - KUNIT_CASE(workqueue_uaf), KUNIT_CASE(vmalloc_helpers_tags), KUNIT_CASE(vmalloc_oob), KUNIT_CASE(vmap_tags), From patchwork Mon Nov 6 20:10:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162173 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2903497vqu; Mon, 6 Nov 2023 12:14:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IHzMIX16PpMtasNcSoIFQOe88AD97DWw/maVJsz2kQl5lwzgQ7qyyEodOy2qzYd6CQCiZYp X-Received: by 2002:a05:6870:fe96:b0:1e9:de31:8000 with SMTP id qm22-20020a056870fe9600b001e9de318000mr810049oab.9.1699301690716; Mon, 06 Nov 2023 12:14:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301690; cv=none; d=google.com; s=arc-20160816; b=CxSBl8joxIirQ+IjMe2dHPSVmCbINsylwDsLc8htBnlU5iRF8VJFglJ+LRP81n2X+M MiNE8KgIq0LU/hZwVcweNceDVBHrLgcpVsv88p5Qy5kOPlKZhAmuk8IGzk+RFrSbKKm+ f+gBH7Lssrd2oDTzY9xc5R9ChbDM4+pxE2VlhWsw4+MkJGoAWRe9Hc73OiDwVp7iFZnf WwTICswKU7fZhjc/o/YaxopAQif+z2wdpoqbMATxY10iyDrFbNZtri6M2x5OXgeSPmXF kHG+eBl+v2cadlIHE/dvte3vCtI8dvtIErPa9El3qoxcUQKY9955fUb6Z4uNwn7DU3f9 G8/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FAC2S7cvKWC0F44BA8JFK/nUEMkMZjl2M4MUzuWuDcc=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=ZD1eM2Mm+Msfw6Pyg6WNgS49TQz712u5GyKmC97HRrivGrYz444kCdNBgnsDdcysDv HIZVmw5inuXQsL7ZRyjspF16HOvRDF7AH92bgwNyqB1E91ud2LWp5gQif/oUvNXFTxMn HBDN9UILdUABMBezZcAmwT7MEeNad9CFFM8IETzUBsavSDlEYvhwta33mCAQ03luYQVH FHDHP3B9HL11Mhyv0rP3/HvKL0ouPR3oRm5uFSwHyVWkLWtNS1KY6Wn9/AGNpnL1NMj5 lIp7lIMTpjFa5lTlvu7gZrSODwE2b71tcTz++m8lwTGP+/nzqXmEParE9WffaZfEQiWU iqZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="gW/TzhDf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id i123-20020a639d81000000b005bdbcf5e6c5si69318pgd.870.2023.11.06.12.14.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:14:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="gW/TzhDf"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id F3B1780C6DEC; Mon, 6 Nov 2023 12:14:43 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233116AbjKFUOb (ORCPT + 34 others); Mon, 6 Nov 2023 15:14:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233126AbjKFUOG (ORCPT ); Mon, 6 Nov 2023 15:14:06 -0500 Received: from out-186.mta0.migadu.com (out-186.mta0.migadu.com [IPv6:2001:41d0:1004:224b::ba]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2AB7173D for ; Mon, 6 Nov 2023 12:13:51 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FAC2S7cvKWC0F44BA8JFK/nUEMkMZjl2M4MUzuWuDcc=; b=gW/TzhDfZHPF/6G1OrNDQlLOWzEZX/fdM1cYbnvPQJyE+kylQJLDKf+bdGnEZPKJYJFBTJ 4QEyp11eHyzBaGYnGOiz5gn3Q6Jl2PEmI90MIeHA3Z1ZMwOIDu2AEjJhNEEem2iCH7tksZ EO/mX3B4YVf6+hMEYQMPvEmF3YvoFx4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 18/20] kasan: rename and document kasan_(un)poison_object_data Date: Mon, 6 Nov 2023 21:10:27 +0100 Message-Id: <1128fd5cf1051270bc7e5978479a983a918626f5.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:14:44 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846969767949497 X-GMAIL-MSGID: 1781846969767949497 From: Andrey Konovalov Rename kasan_unpoison_object_data to kasan_unpoison_new_object and add a documentation comment. Do the same for kasan_poison_object_data. The new names and the comments should suggest the users that these hooks are intended for internal use by the slab allocator. The following patch will remove non-slab-internal uses of these hooks. No functional changes. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 35 +++++++++++++++++++++++++++-------- mm/kasan/common.c | 4 ++-- mm/slab.c | 10 ++++------ mm/slub.c | 4 ++-- net/core/skbuff.c | 8 ++++---- 5 files changed, 39 insertions(+), 22 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 7392c5d89b92..d49e3d4c099e 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -129,20 +129,39 @@ static __always_inline void kasan_poison_slab(struct slab *slab) __kasan_poison_slab(slab); } -void __kasan_unpoison_object_data(struct kmem_cache *cache, void *object); -static __always_inline void kasan_unpoison_object_data(struct kmem_cache *cache, +void __kasan_unpoison_new_object(struct kmem_cache *cache, void *object); +/** + * kasan_unpoison_new_object - Temporarily unpoison a new slab object. + * @cache: Cache the object belong to. + * @object: Pointer to the object. + * + * This function is intended for the slab allocator's internal use. It + * temporarily unpoisons an object from a newly allocated slab without doing + * anything else. The object must later be repoisoned by + * kasan_poison_new_object(). + */ +static __always_inline void kasan_unpoison_new_object(struct kmem_cache *cache, void *object) { if (kasan_enabled()) - __kasan_unpoison_object_data(cache, object); + __kasan_unpoison_new_object(cache, object); } -void __kasan_poison_object_data(struct kmem_cache *cache, void *object); -static __always_inline void kasan_poison_object_data(struct kmem_cache *cache, +void __kasan_poison_new_object(struct kmem_cache *cache, void *object); +/** + * kasan_unpoison_new_object - Repoison a new slab object. + * @cache: Cache the object belong to. + * @object: Pointer to the object. + * + * This function is intended for the slab allocator's internal use. It + * repoisons an object that was previously unpoisoned by + * kasan_unpoison_new_object() without doing anything else. + */ +static __always_inline void kasan_poison_new_object(struct kmem_cache *cache, void *object) { if (kasan_enabled()) - __kasan_poison_object_data(cache, object); + __kasan_poison_new_object(cache, object); } void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache, @@ -342,9 +361,9 @@ static inline bool kasan_unpoison_pages(struct page *page, unsigned int order, return false; } static inline void kasan_poison_slab(struct slab *slab) {} -static inline void kasan_unpoison_object_data(struct kmem_cache *cache, +static inline void kasan_unpoison_new_object(struct kmem_cache *cache, void *object) {} -static inline void kasan_poison_object_data(struct kmem_cache *cache, +static inline void kasan_poison_new_object(struct kmem_cache *cache, void *object) {} static inline void *kasan_init_slab_obj(struct kmem_cache *cache, const void *object) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 65850d37fd27..9f11be6b00a8 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -133,12 +133,12 @@ void __kasan_poison_slab(struct slab *slab) KASAN_SLAB_REDZONE, false); } -void __kasan_unpoison_object_data(struct kmem_cache *cache, void *object) +void __kasan_unpoison_new_object(struct kmem_cache *cache, void *object) { kasan_unpoison(object, cache->object_size, false); } -void __kasan_poison_object_data(struct kmem_cache *cache, void *object) +void __kasan_poison_new_object(struct kmem_cache *cache, void *object) { kasan_poison(object, round_up(cache->object_size, KASAN_GRANULE_SIZE), KASAN_SLAB_REDZONE, false); diff --git a/mm/slab.c b/mm/slab.c index 9ad3d0f2d1a5..773c79e153f3 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -2327,11 +2327,9 @@ static void cache_init_objs_debug(struct kmem_cache *cachep, struct slab *slab) * They must also be threaded. */ if (cachep->ctor && !(cachep->flags & SLAB_POISON)) { - kasan_unpoison_object_data(cachep, - objp + obj_offset(cachep)); + kasan_unpoison_new_object(cachep, objp + obj_offset(cachep)); cachep->ctor(objp + obj_offset(cachep)); - kasan_poison_object_data( - cachep, objp + obj_offset(cachep)); + kasan_poison_new_object(cachep, objp + obj_offset(cachep)); } if (cachep->flags & SLAB_RED_ZONE) { @@ -2472,9 +2470,9 @@ static void cache_init_objs(struct kmem_cache *cachep, /* constructor could break poison info */ if (DEBUG == 0 && cachep->ctor) { - kasan_unpoison_object_data(cachep, objp); + kasan_unpoison_new_object(cachep, objp); cachep->ctor(objp); - kasan_poison_object_data(cachep, objp); + kasan_poison_new_object(cachep, objp); } if (!shuffled) diff --git a/mm/slub.c b/mm/slub.c index 63d281dfacdb..973f091ec5d1 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1849,9 +1849,9 @@ static void *setup_object(struct kmem_cache *s, void *object) setup_object_debug(s, object); object = kasan_init_slab_obj(s, object); if (unlikely(s->ctor)) { - kasan_unpoison_object_data(s, object); + kasan_unpoison_new_object(s, object); s->ctor(object); - kasan_poison_object_data(s, object); + kasan_poison_new_object(s, object); } return object; } diff --git a/net/core/skbuff.c b/net/core/skbuff.c index b157efea5dea..63bb6526399d 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -337,7 +337,7 @@ static struct sk_buff *napi_skb_cache_get(void) } skb = nc->skb_cache[--nc->skb_count]; - kasan_unpoison_object_data(skbuff_cache, skb); + kasan_unpoison_new_object(skbuff_cache, skb); return skb; } @@ -1309,13 +1309,13 @@ static void napi_skb_cache_put(struct sk_buff *skb) struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); u32 i; - kasan_poison_object_data(skbuff_cache, skb); + kasan_poison_new_object(skbuff_cache, skb); nc->skb_cache[nc->skb_count++] = skb; if (unlikely(nc->skb_count == NAPI_SKB_CACHE_SIZE)) { for (i = NAPI_SKB_CACHE_HALF; i < NAPI_SKB_CACHE_SIZE; i++) - kasan_unpoison_object_data(skbuff_cache, - nc->skb_cache[i]); + kasan_unpoison_new_object(skbuff_cache, + nc->skb_cache[i]); kmem_cache_free_bulk(skbuff_cache, NAPI_SKB_CACHE_HALF, nc->skb_cache + NAPI_SKB_CACHE_HALF); From patchwork Mon Nov 6 20:10:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162174 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2903578vqu; Mon, 6 Nov 2023 12:15:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IERO6HIJFvZGtQ2RC/Cqza5zBi6q25ZmlibWPlv6WPXDxiegB6scH55mnd1/jP2wwVijInh X-Received: by 2002:a05:6358:c3a1:b0:168:f48f:4414 with SMTP id fl33-20020a056358c3a100b00168f48f4414mr28564745rwb.25.1699301701483; Mon, 06 Nov 2023 12:15:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301701; cv=none; d=google.com; s=arc-20160816; b=x0AsJ1Z3VSjE5o5F+5+Npkbd3Oddud5AjvbI71hTpI3/chseplAUAv4GeyB0mAa6/I EmlV/EpGmJEQ5OmKwlpp54+azDpfgGgvqw680wzeYfGflF/BSfI7AUitrCgLbxLnGiN8 HJwFU1XmSWUF4nD8ceTXEWW+umuV4VpRMQzbcNNPhfqEB04yAmTwulEcO5c/98dnKNYZ /kRI2HvWWq/qRtm8hGyIDqKqQwiPxFNZAV1o6wMyndsIHh/Lg8W7TMNoatALMTHPjdvD GnTNOV5mn5V3/5QLxjM/+wcNPwYCCKUqQL0XZFMOJGdxw7OlE7/1+lgzAkaba4tA5405 H0eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=e29xpsueqsta+pB4dpMwNezQWpITpFZrOcR7dgpqXnM=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=hLaQNX4gpYQLEgoXR41uoMvYCQ4xHcLWcY4+qx+RNynviAhjNB5xmJXeOlxRU5rjmd 7umtYNG/jRpCuhUCCVcLXsIxdPRtsWbDxjL0AHkjDMeLTYq+efLqiMLHEwhqj4xr7RIj hL1wAZeqiD7QKdnivaDmk2/07NwZzsRYyzDlpVz0/0KgvaOWHm0cp0WIlI0r1IC0aVvz 0lVil3+dIZoTsagJz5+LLdZJlUAXGXev/FR2Ghdo2LRzbyiJA1nT9g+9OedIZE3rJnqb FjDIl8TxDfymmJOFycRYtCh29YM4bT4Pf+OXyhlH3SEB2iN739HIhAQlXiTczEUhA/DV p9iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="cb/DYhw0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id f7-20020a656287000000b00578af609d05si392947pgv.244.2023.11.06.12.15.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:15:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b="cb/DYhw0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id CD0F980320CD; Mon, 6 Nov 2023 12:14:57 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232990AbjKFUOf (ORCPT + 34 others); Mon, 6 Nov 2023 15:14:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233158AbjKFUOO (ORCPT ); Mon, 6 Nov 2023 15:14:14 -0500 Received: from out-174.mta0.migadu.com (out-174.mta0.migadu.com [IPv6:2001:41d0:1004:224b::ae]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 260671986 for ; Mon, 6 Nov 2023 12:13:52 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301630; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e29xpsueqsta+pB4dpMwNezQWpITpFZrOcR7dgpqXnM=; b=cb/DYhw0AcKTI1pVz3p5Uc8ghHAi9yPw0pCvEZBvaYr82je3xMtKhMD9iTFLNv661L48Eq HUw3/4UfBzgyqKFgTfXOU3WP5GDlN3MF7k6C82pIbPfG6hYKtEzn5y09GxVAaKf1nIbuQV MZc8fQIvmv/Ni7E4wK5ggRDzTvGHEZ0= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 19/20] skbuff: use mempool KASAN hooks Date: Mon, 6 Nov 2023 21:10:28 +0100 Message-Id: <13e15a27958e63070970ca4d7bb52c8c156bfa02.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:14:57 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781846980559068450 X-GMAIL-MSGID: 1781846980559068450 From: Andrey Konovalov Instead of using slab-internal KASAN hooks for poisoning and unpoisoning cached objects, use the proper mempool KASAN hooks. Also check the return value of kasan_mempool_poison_object to prevent double-free and invali-free bugs. Signed-off-by: Andrey Konovalov --- net/core/skbuff.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 63bb6526399d..bb75b4272992 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -337,7 +337,7 @@ static struct sk_buff *napi_skb_cache_get(void) } skb = nc->skb_cache[--nc->skb_count]; - kasan_unpoison_new_object(skbuff_cache, skb); + kasan_mempool_unpoison_object(skb, kmem_cache_size(skbuff_cache)); return skb; } @@ -1309,13 +1309,15 @@ static void napi_skb_cache_put(struct sk_buff *skb) struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); u32 i; - kasan_poison_new_object(skbuff_cache, skb); + if (!kasan_mempool_poison_object(skb)) + return; + nc->skb_cache[nc->skb_count++] = skb; if (unlikely(nc->skb_count == NAPI_SKB_CACHE_SIZE)) { for (i = NAPI_SKB_CACHE_HALF; i < NAPI_SKB_CACHE_SIZE; i++) - kasan_unpoison_new_object(skbuff_cache, - nc->skb_cache[i]); + kasan_mempool_unpoison_object(nc->skb_cache[i], + kmem_cache_size(skbuff_cache)); kmem_cache_free_bulk(skbuff_cache, NAPI_SKB_CACHE_HALF, nc->skb_cache + NAPI_SKB_CACHE_HALF); From patchwork Mon Nov 6 20:10:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 162176 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:8f47:0:b0:403:3b70:6f57 with SMTP id j7csp2904190vqu; Mon, 6 Nov 2023 12:16:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IEOfEC9jWYjZaZbc08YgKeNrU3Yct0I4x6TF84OQBDpf8eqz2dRFWwYAyaM3GhaP8PCRtpF X-Received: by 2002:a17:902:f391:b0:1cc:fd1:c85f with SMTP id f17-20020a170902f39100b001cc0fd1c85fmr21122836ple.22.1699301771016; Mon, 06 Nov 2023 12:16:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699301771; cv=none; d=google.com; s=arc-20160816; b=jhL9nZ694uCqmKRH3xgG1mkLwh0/Gxav6telMHjoGqznmFBRxYiqOm0+U2gTzJZyHf utNPKruhFlfVAfBxYypTxwnSgt2jEeBKJnxVUEq/rKfD1DNXowN6Fg7Z3oAeMIMWkS7Y ug4pTv/8jVUAt/3aeSlYz3ra0XNQuwf4AxmY7ezB2FpZdnE2YMba1N5gINhoTwYfV9+0 aDaF5Ki5Gq+jPb0UVH7KUep5XW6iuBdKsoeRO/Vz/2O5ut9tPideHwRjGUhJYrATED4I Qx5Mh231yRdzXiQ4q6iNZRWNiwTumeZYPL4A43GAPmv4QrHNNA7TJMkqaAVTABzE9NSr KSKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=EPGVjwO+qP/d7FcuwPK2D6CcDKWjvT42oG4AsVrb0Go=; fh=n5KN85tQTomq0Sa/nFFC9xbnc77mxkBzF8HoolO/QOw=; b=JDEghi3cpOOFaCE1gIzbWrFdZXNNd056Y4I//GCn3TBhTuZjvU3rOXR0FCNaLBqd3m 4kQcf/pJ47ilSWJLxzzdt+5VZFWoAq2LJ+UvMqKzQhHMmoVFhoIabOxMcBAeI9DcoeKO F3AJqWmSLeBfWT2no0DNKK7C4tzE6qAIdI82cxzVyuh1UgWW4iWppPFn9vcPW+s8NMjs jOuzURgoVyeoghnFWIGBG8sfbLKyvR5Nd1vTTuAuveolO4byrK0eaKPK25dHtNjav1Dp V3cJudmfr1jvAk4AOCihTtK7YQHMYvWCwPxT15C/GR9xs9uTTnyQvhDd5aS/jiWy7W+Y 0yug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=VvwPI2ke; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id w9-20020a170902c78900b001bdf6eb05f2si8242685pla.227.2023.11.06.12.16.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 12:16:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=VvwPI2ke; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 6D75D804A9F9; Mon, 6 Nov 2023 12:15:01 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233142AbjKFUOd (ORCPT + 34 others); Mon, 6 Nov 2023 15:14:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53590 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233151AbjKFUON (ORCPT ); Mon, 6 Nov 2023 15:14:13 -0500 Received: from out-172.mta0.migadu.com (out-172.mta0.migadu.com [91.218.175.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33275198D for ; Mon, 6 Nov 2023 12:13:53 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1699301631; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EPGVjwO+qP/d7FcuwPK2D6CcDKWjvT42oG4AsVrb0Go=; b=VvwPI2keLXzkzqlZ3FnvGVKGg5TiKAVIbhEfe4q4zBpcT7eCPN3B9NQON+ibMnBGElwnGf eWdKn2N728sPwjXJ2GuPBYYG5XnlY5BH2yy4FnLjIp2Sa6KToE0S7E2SFjTIoYB0IY5KEk KahIGvyWN2K+2fQ0a2nUKxfLXrFjdms= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Evgenii Stepanov , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH RFC 20/20] io_uring: use mempool KASAN hook Date: Mon, 6 Nov 2023 21:10:29 +0100 Message-Id: <4f2fc546ce7b494c99c08e282c4d697d6dd58a8f.1699297309.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 06 Nov 2023 12:15:01 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781847053887514149 X-GMAIL-MSGID: 1781847053887514149 From: Andrey Konovalov Use the proper kasan_mempool_unpoison_object hook for unpoisoning cached objects. A future change might also update io_uring to check the return value of kasan_mempool_poison_object to prevent double-free and invalid-free bugs. This proves to be non-trivial with the current way io_uring caches objects, so this is left out-of-scope of this series. Signed-off-by: Andrey Konovalov --- io_uring/alloc_cache.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/io_uring/alloc_cache.h b/io_uring/alloc_cache.h index 8de0414e8efe..bf2fb26a6539 100644 --- a/io_uring/alloc_cache.h +++ b/io_uring/alloc_cache.h @@ -33,7 +33,7 @@ static inline struct io_cache_entry *io_alloc_cache_get(struct io_alloc_cache *c struct io_cache_entry *entry; entry = container_of(cache->list.next, struct io_cache_entry, node); - kasan_unpoison_range(entry, cache->elem_size); + kasan_mempool_unpoison_object(entry, cache->elem_size); cache->list.next = cache->list.next->next; cache->nr_cached--; return entry;