From: Borislav Petkov <bp@alien8.de>
To: Ingo Molnar <mingo@kernel.org>
Cc: Andrey Ryabinin <a.ryabinin@samsung.com>,
Alexander Popov <alpopov@ptsecurity.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Andrey Konovalov <adech.fo@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Alexander Kuleshov <kuleshovmail@gmail.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <keescook@chromium.org>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 1/1] x86_64: fix KASan shadow region page tables
Date: Fri, 19 Jun 2015 16:06:22 +0200 [thread overview]
Message-ID: <20150619140622.GF17826@pd.tnic> (raw)
In-Reply-To: <20150619140051.GA18930@gmail.com>
On Fri, Jun 19, 2015 at 04:00:51PM +0200, Ingo Molnar wrote:
> It should also printk a one line message at bootup, so that people can
> be sure they are running a KASan-enabled kernel.
Yeah, especially if it slows down teh kernel by orders of magnitude.
In any case, here's what it says in the guest:
[ 117.061393] kasan test: kmalloc_oob_right out-of-bounds to right
[ 117.067973] ==================================================================
[ 117.071656] BUG: KASan: out of bounds access in kmalloc_oob_right+0x65/0x75 [test_kasan] at addr ffff88006816915b
[ 117.071656] Write of size 1 by task insmod/3942
[ 117.071656] =============================================================================
[ 117.071656] BUG kmalloc-128 (Not tainted): kasan: bad access detected
[ 117.071656] -----------------------------------------------------------------------------
[ 117.071656]
[ 117.071656] Disabling lock debugging due to kernel taint
[ 117.071656] INFO: Allocated in kmalloc_oob_right+0x3d/0x75 [test_kasan] age=5 cpu=1 pid=3942
[ 117.071656] __slab_alloc.isra.60.constprop.62+0x4c4/0x5e0
[ 117.071656] kmem_cache_alloc_trace+0x167/0x330
[ 117.071656] kmalloc_oob_right+0x3d/0x75 [test_kasan]
[ 117.071656] kmalloc_tests_init+0x9/0x51 [test_kasan]
[ 117.071656] do_one_initcall+0xb1/0x220
[ 117.071656] do_init_module+0xf7/0x2f8
[ 117.071656] load_module+0x2fe7/0x3e00
[ 117.071656] SyS_init_module+0x10d/0x120
[ 117.071656] system_call_fastpath+0x16/0x73
[ 117.071656] INFO: Freed in rcu_process_callbacks+0x3d3/0xd90 age=1511 cpu=6 pid=0
[ 117.071656] __slab_free+0x433/0x610
[ 117.071656] kfree+0x279/0x380
[ 117.071656] rcu_process_callbacks+0x3d3/0xd90
[ 117.071656] __do_softirq+0x154/0x7b0
[ 117.071656] irq_exit+0xba/0xe0
[ 117.071656] smp_apic_timer_interrupt+0x6a/0x80
[ 117.071656] apic_timer_interrupt+0x6d/0x80
[ 117.071656] arch_cpu_idle+0xf/0x20
[ 117.071656] cpu_startup_entry+0x5f1/0x7a0
[ 117.071656] start_secondary+0x21d/0x230
[ 117.071656] INFO: Slab 0xffffea0001a05a00 objects=37 used=31 fp=0xffff880068169290 flags=0x4000000000004080
[ 117.071656] INFO: Object 0xffff8800681690e0 @offset=4320 fp=0xffff88006816a880
[ 117.071656]
[ 117.071656] Bytes b4 ffff8800681690d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 117.071656] Object ffff8800681690e0: 80 a8 16 68 00 88 ff ff ff ff ff ff 00 00 00 00 ...h............
[ 117.071656] Object ffff8800681690f0: ff ff ff ff ff ff ff ff c0 f2 01 83 ff ff ff ff ................
[ 117.071656] Object ffff880068169100: 60 91 87 82 ff ff ff ff 00 00 00 00 00 00 00 00 `...............
[ 117.071656] Object ffff880068169110: 05 0a c4 81 ff ff ff ff 06 00 00 00 1c 00 1b 00 ................
[ 117.071656] Object ffff880068169120: 74 d6 0d 81 ff ff ff ff 28 91 16 68 00 88 ff ff t.......(..h....
[ 117.071656] Object ffff880068169130: 28 91 16 68 00 88 ff ff 00 00 00 00 00 00 00 00 (..h............
[ 117.071656] Object ffff880068169140: 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 ........`.......
[ 117.071656] Object ffff880068169150: 00 00 00 00 40 00 38 00 07 00 40 00 18 00 17 00 ....@.8...@.....
[ 117.071656] CPU: 1 PID: 3942 Comm: insmod Tainted: G B 4.1.0-rc8+ #3
[ 117.071656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 117.071656] 0000000000000001 ffff880061c77a28 ffffffff819af359 00000000000001b0
[ 117.071656] ffff88006ac07800 ffff880061c77a58 ffffffff8121280d ffff88006ac07800
[ 117.071656] ffffea0001a05a00 ffff8800681690e0 ffffffffa0008765 ffff880061c77a88
[ 117.071656] Call Trace:
[ 117.071656] [<ffffffff819af359>] dump_stack+0x4f/0x7b
[ 117.071656] [<ffffffff8121280d>] print_trailer+0xfd/0x160
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffff81218501>] object_err+0x41/0x50
[ 117.071656] [<ffffffff8121a4b8>] kasan_report_error+0x1e8/0x410
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffff8121ab90>] kasan_report+0x40/0x50
[ 117.071656] [<ffffffffa0008111>] ? kmalloc_oob_right+0x65/0x75 [test_kasan]
[ 117.071656] [<ffffffff81219c54>] __asan_store1+0x54/0x80
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffffa0008111>] kmalloc_oob_right+0x65/0x75 [test_kasan]
[ 117.071656] [<ffffffffa000876e>] kmalloc_tests_init+0x9/0x51 [test_kasan]
[ 117.071656] [<ffffffff81000301>] do_one_initcall+0xb1/0x220
[ 117.071656] [<ffffffff81219d19>] ? kasan_kmalloc+0x49/0x50
[ 117.071656] [<ffffffff812170f6>] ? kmem_cache_alloc_trace+0x106/0x330
[ 117.071656] [<ffffffff819ae865>] ? do_init_module+0x3b/0x2f8
[ 117.071656] [<ffffffff819ae921>] do_init_module+0xf7/0x2f8
[ 117.071656] [<ffffffff8114aa37>] load_module+0x2fe7/0x3e00
[ 117.071656] [<ffffffff811454d0>] ? store_uevent+0x50/0x50
[ 117.071656] [<ffffffff8114b95d>] SyS_init_module+0x10d/0x120
[ 117.071656] [<ffffffff819ba31b>] system_call_fastpath+0x16/0x73
[ 117.071656] Memory state around the buggy address:
[ 117.071656] ffff880068169000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ffff880068169080: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[ 117.071656] >ffff880068169100: 00 00 00 00 00 00 00 00 00 00 00 03 fc fc fc fc
[ 117.071656] ^
[ 117.071656] ffff880068169180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ffff880068169200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ==================================================================
...
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2015-06-19 14:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-18 7:36 [PATCH v6 1/1] x86_64: fix KASan shadow region page tables Alexander Popov
2015-06-18 9:08 ` Borislav Petkov
2015-06-18 12:22 ` Andrey Ryabinin
2015-06-18 14:55 ` Borislav Petkov
2015-06-18 16:05 ` Andrey Ryabinin
2015-06-18 16:38 ` Borislav Petkov
2015-06-19 11:49 ` Andrey Ryabinin
2015-06-19 12:06 ` Borislav Petkov
2015-06-19 13:36 ` Andrey Ryabinin
2015-06-19 14:00 ` Ingo Molnar
2015-06-19 14:06 ` Borislav Petkov [this message]
2015-06-19 14:16 ` Andrey Ryabinin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150619140622.GF17826@pd.tnic \
--to=bp@alien8.de \
--cc=a.ryabinin@samsung.com \
--cc=adech.fo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alpopov@ptsecurity.com \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kuleshovmail@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.