From: Steve Capper <steve.capper@arm.com>
To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu
Cc: catalin.marinas@arm.com, ard.biesheuvel@linaro.org
Subject: [PATCH 08/12] arm64: kasan: Switch to using KASAN_SHADOW_OFFSET
Date: Mon, 4 Dec 2017 14:13:09 +0000 [thread overview]
Message-ID: <20171204141313.31604-9-steve.capper@arm.com> (raw)
In-Reply-To: <20171204141313.31604-1-steve.capper@arm.com>
KASAN_SHADOW_OFFSET is a constant that is supplied to gcc as a command
line argument and affects the codegen of the inline address sanetiser.
Essentially, for an example memory access:
*ptr1 = val;
The compiler will insert logic similar to the below:
shadowValue = *(ptr1 >> 3 + KASAN_SHADOW_OFFSET)
if (somethingWrong(shadowValue))
flagAnError();
As this code sequence is inserted into many places, and
KASAN_SHADOW_OFFSET is essentially baked into many places in the kernel
.text, the only sane thing we can do at compile time is to check that
the KASAN_SHADOW_OFFSET gives us a memory region that is valid,
otherwise BUILD_BUG on a discrepancy.
i.e. If we want to run a single kernel binary with multiple address
spaces, then we need to do this with KASAN_SHADOW_OFFSET fixed.
Thankfully, due to the way the KASAN_SHADOW_OFFSET is used to provide
shadow addresses we know that the end of the shadow region is constant
w.r.t. VA space size:
KASAN_SHADOW_END = ~0 >> 3 + KASAN_SHADOW_OFFSET
This means that if we increase the size of the VA space, the KASAN
region expands upwards into the new space that is provided.
This patch removes the logic to compute the KASAN_SHADOW_OFFSET in the
arm64 Makefile, and instead we adopt the approach used by x86 to supply
offset values in kConfig. To help debug/develop future VA space changes,
the Makefile logic has been preserved in a script file in the arm64
Documentation folder.
Signed-off-by: Steve Capper <steve.capper@arm.com>
---
Documentation/arm64/kasan-offsets.sh | 17 +++++++++++++++++
arch/arm64/Kconfig | 10 ++++++++++
arch/arm64/Makefile | 7 -------
arch/arm64/include/asm/kasan.h | 24 +++++++++++-------------
arch/arm64/include/asm/pgtable.h | 7 ++++++-
arch/arm64/mm/kasan_init.c | 1 -
6 files changed, 44 insertions(+), 22 deletions(-)
create mode 100644 Documentation/arm64/kasan-offsets.sh
diff --git a/Documentation/arm64/kasan-offsets.sh b/Documentation/arm64/kasan-offsets.sh
new file mode 100644
index 000000000000..d07a95518770
--- /dev/null
+++ b/Documentation/arm64/kasan-offsets.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Print out the KASAN_SHADOW_OFFSETS required to place the KASAN SHADOW
+# start address at the mid-point of the kernel VA space
+
+print_kasan_offset () {
+ printf "%02d\t" $1
+ printf "0x%08x00000000\n" $(( (0xffffffff & (-1 << ($1 - 1 - 32))) \
+ + (1 << ($1 - 32 - 3)) \
+ - (1 << (64 - 32 - 3)) ))
+}
+
+printf "VABITS\tKASAN_SHADOW_OFFSET\n"
+print_kasan_offset 48
+print_kasan_offset 42
+print_kasan_offset 39
+print_kasan_offset 36
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a93339f5178f..0fa430326825 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -272,6 +272,16 @@ config ARCH_SUPPORTS_UPROBES
config ARCH_PROC_KCORE_TEXT
def_bool y
+config KASAN_SHADOW_OFFSET
+ hex
+ depends on KASAN
+ default 0xdfffa00000000000 if ARM64_VA_BITS_48
+ default 0xdfffd00000000000 if ARM64_VA_BITS_47
+ default 0xdffffe8000000000 if ARM64_VA_BITS_42
+ default 0xdfffffd000000000 if ARM64_VA_BITS_39
+ default 0xdffffffa00000000 if ARM64_VA_BITS_36
+ default 0xffffffffffffffff
+
source "init/Kconfig"
source "kernel/Kconfig.freezer"
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 7eaff48d2a39..13cc9311ef7d 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -97,13 +97,6 @@ else
TEXT_OFFSET := 0x00080000
endif
-# KASAN_SHADOW_OFFSET = VA_START + (1 << (VA_BITS - 3)) - (1 << 61)
-# in 32-bit arithmetic
-KASAN_SHADOW_OFFSET := $(shell printf "0x%08x00000000\n" $$(( \
- (0xffffffff & (-1 << ($(CONFIG_ARM64_VA_BITS) - 1 - 32))) \
- + (1 << ($(CONFIG_ARM64_VA_BITS) - 32 - 3)) \
- - (1 << (64 - 32 - 3)) )) )
-
export TEXT_OFFSET GZFLAGS
core-y += arch/arm64/kernel/ arch/arm64/mm/
diff --git a/arch/arm64/include/asm/kasan.h b/arch/arm64/include/asm/kasan.h
index e266f80e45b7..28b9d9cb7795 100644
--- a/arch/arm64/include/asm/kasan.h
+++ b/arch/arm64/include/asm/kasan.h
@@ -10,24 +10,22 @@
#include <asm/memory.h>
#include <asm/pgtable-types.h>
+#define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL)
+
/*
* KASAN_SHADOW_START: beginning of the kernel virtual addresses.
* KASAN_SHADOW_END: KASAN_SHADOW_START + 1/8 of kernel virtual addresses.
- */
-#define KASAN_SHADOW_START (VA_START)
-#define KASAN_SHADOW_END (KASAN_SHADOW_START + KASAN_SHADOW_SIZE)
-
-/*
- * This value is used to map an address to the corresponding shadow
- * address by the following formula:
- * shadow_addr = (address >> 3) + KASAN_SHADOW_OFFSET;
*
- * (1 << 61) shadow addresses - [KASAN_SHADOW_OFFSET,KASAN_SHADOW_END]
- * cover all 64-bits of virtual addresses. So KASAN_SHADOW_OFFSET
- * should satisfy the following equation:
- * KASAN_SHADOW_OFFSET = KASAN_SHADOW_END - (1ULL << 61)
+ * We derive these values from KASAN_SHADOW_OFFSET and the size of the VA
+ * space.
+ *
+ * KASAN shadow addresses are derived from the following formula:
+ * shadow_addr = (address >> 3) + KASAN_SHADOW_OFFSET;
+ *
*/
-#define KASAN_SHADOW_OFFSET (KASAN_SHADOW_END - (1ULL << (64 - 3)))
+#define KASAN_SHADOW_END ((1UL << 61) + KASAN_SHADOW_OFFSET)
+#define _KASAN_SHADOW_START(va) (KASAN_SHADOW_END - (1UL << ((va) - 3)))
+#define KASAN_SHADOW_START _KASAN_SHADOW_START(VA_BITS)
void kasan_init(void);
void kasan_copy_shadow(pgd_t *pgdir);
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index e8b4dcc11fed..5506f7d66bfa 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -19,6 +19,7 @@
#include <asm/bug.h>
#include <asm/proc-fns.h>
+#include <asm/kasan.h>
#include <asm/memory.h>
#include <asm/pgtable-hwdef.h>
#include <asm/pgtable-prot.h>
@@ -30,7 +31,11 @@
* VMALLOC_END: extends to the available space below vmmemmap, PCI I/O space
* and fixed mappings
*/
-#define VMALLOC_START (VA_START + KASAN_SHADOW_SIZE)
+#ifdef CONFIG_KASAN
+#define VMALLOC_START (KASAN_SHADOW_END)
+#else
+#define VMALLOC_START (VA_START)
+#endif
#define VMALLOC_END (FIXADDR_TOP - PUD_SIZE)
#define vmemmap ((struct page *)VMEMMAP_START - (memstart_addr >> PAGE_SHIFT))
diff --git a/arch/arm64/mm/kasan_init.c b/arch/arm64/mm/kasan_init.c
index 5aef679e61c6..968535789d13 100644
--- a/arch/arm64/mm/kasan_init.c
+++ b/arch/arm64/mm/kasan_init.c
@@ -135,7 +135,6 @@ static void __init kasan_pgd_populate(unsigned long addr, unsigned long end,
/* The early shadow maps everything to a single page of zeroes */
asmlinkage void __init kasan_early_init(void)
{
- BUILD_BUG_ON(KASAN_SHADOW_OFFSET != KASAN_SHADOW_END - (1UL << 61));
BUILD_BUG_ON(!IS_ALIGNED(KASAN_SHADOW_START, PGDIR_SIZE));
BUILD_BUG_ON(!IS_ALIGNED(KASAN_SHADOW_END, PGDIR_SIZE));
kasan_pgd_populate(KASAN_SHADOW_START, KASAN_SHADOW_END, NUMA_NO_NODE,
--
2.11.0
next prev parent reply other threads:[~2017-12-04 14:10 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-04 14:13 [PATCH 00/12] 52-bit kernel VAs for arm64 Steve Capper
2017-12-04 14:13 ` [PATCH 01/12] KVM: arm/arm64: vgic: Remove spurious call to kern_hyp_va Steve Capper
2017-12-04 14:30 ` Suzuki K Poulose
2017-12-12 11:53 ` Steve Capper
2017-12-04 14:13 ` [PATCH 02/12] arm64: KVM: Enforce injective kern_hyp_va mappings Steve Capper
2017-12-04 14:13 ` [PATCH 03/12] arm/arm64: KVM: Formalise end of direct linear map Steve Capper
2017-12-04 14:13 ` [PATCH 04/12] arm64: Initialise high_memory global variable earlier Steve Capper
2017-12-11 12:00 ` Catalin Marinas
2017-12-12 10:56 ` Steve Capper
2017-12-04 14:13 ` [PATCH 05/12] arm64: mm: Remove VMALLOC checks from update_mapping_prot(.) Steve Capper
2017-12-04 16:01 ` Ard Biesheuvel
2017-12-12 15:39 ` Steve Capper
2017-12-13 16:04 ` Catalin Marinas
2017-12-04 14:13 ` [PATCH 06/12] arm64: mm: Flip kernel VA space Steve Capper
2017-12-04 14:13 ` [PATCH 07/12] arm64: mm: Place kImage at bottom of " Steve Capper
2017-12-04 16:25 ` Ard Biesheuvel
2017-12-04 17:18 ` Steve Capper
2017-12-04 17:21 ` Steve Capper
2017-12-04 17:27 ` Ard Biesheuvel
2017-12-04 18:12 ` Steve Capper
2017-12-12 11:03 ` Steve Capper
2017-12-04 14:13 ` Steve Capper [this message]
2017-12-04 14:13 ` [PATCH 09/12] arm64: dump: Make kernel page table dumper dynamic again Steve Capper
2017-12-04 14:13 ` [PATCH 10/12] arm64: mm: Make VA_BITS variable, introduce VA_BITS_MIN Steve Capper
2017-12-04 14:13 ` [PATCH 11/12] arm64: KVM: Add support for an alternative VA space Steve Capper
2017-12-04 14:13 ` [PATCH 12/12] arm64: mm: Add 48/52-bit kernel VA support Steve Capper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171204141313.31604-9-steve.capper@arm.com \
--to=steve.capper@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox