* [PATCH v4 0/3] kasan: Fix metadata detection for KASAN_HW_TAGS
@ 2021-01-22 15:56 Vincenzo Frascino
2021-01-22 15:56 ` [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() Vincenzo Frascino
` (2 more replies)
0 siblings, 3 replies; 15+ messages in thread
From: Vincenzo Frascino @ 2021-01-22 15:56 UTC (permalink / raw)
To: linux-arm-kernel, linux-kernel, kasan-dev
Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju,
Leon Romanovsky, Alexander Potapenko, Catalin Marinas,
Andrey Ryabinin, Vincenzo Frascino, Will Deacon, Dmitry Vyukov
With the introduction of KASAN_HW_TAGS, kasan_report() currently assumes
that every location in memory has valid metadata associated. This is due
to the fact that addr_has_metadata() returns always true.
As a consequence of this, an invalid address (e.g. NULL pointer address)
passed to kasan_report() when KASAN_HW_TAGS is enabled, leads to a
kernel panic.
Example below, based on arm64:
==================================================================
BUG: KASAN: invalid-access in 0x0
Read at addr 0000000000000000 by task swapper/0/1
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
ESR = 0x96000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
...
Call trace:
mte_get_mem_tag+0x24/0x40
kasan_report+0x1a4/0x410
alsa_sound_last_init+0x8c/0xa4
do_one_initcall+0x50/0x1b0
kernel_init_freeable+0x1d4/0x23c
kernel_init+0x14/0x118
ret_from_fork+0x10/0x34
Code: d65f03c0 9000f021 f9428021 b6cfff61 (d9600000)
---[ end trace 377c8bb45bdd3a1a ]---
hrtimer: interrupt took 48694256 ns
note: swapper/0[1] exited with preempt_count 1
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
SMP: stopping secondary CPUs
Kernel Offset: 0x35abaf140000 from 0xffff800010000000
PHYS_OFFSET: 0x40000000
CPU features: 0x0a7e0152,61c0a030
Memory Limit: none
---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
This series fixes the behavior of addr_has_metadata() that now returns
true only when the address is valid.
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Leon Romanovsky <leonro@mellanox.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Paul E. McKenney <paulmck@kernel.org>
Cc: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Vincenzo Frascino (3):
arm64: Improve kernel address detection of __is_lm_address()
kasan: Add explicit preconditions to kasan_report()
kasan: Make addr_has_metadata() return true for valid addresses
arch/arm64/include/asm/memory.h | 6 ++++--
include/linux/kasan.h | 7 +++++++
mm/kasan/kasan.h | 2 +-
3 files changed, 12 insertions(+), 3 deletions(-)
--
2.30.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 15+ messages in thread* [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-22 15:56 [PATCH v4 0/3] kasan: Fix metadata detection for KASAN_HW_TAGS Vincenzo Frascino @ 2021-01-22 15:56 ` Vincenzo Frascino 2021-01-25 13:02 ` Mark Rutland 2021-01-22 15:56 ` [PATCH v4 2/3] kasan: Add explicit preconditions to kasan_report() Vincenzo Frascino 2021-01-22 15:56 ` [PATCH v4 3/3] kasan: Make addr_has_metadata() return true for valid addresses Vincenzo Frascino 2 siblings, 1 reply; 15+ messages in thread From: Vincenzo Frascino @ 2021-01-22 15:56 UTC (permalink / raw) To: linux-arm-kernel, linux-kernel, kasan-dev Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, Leon Romanovsky, Alexander Potapenko, Catalin Marinas, Andrey Ryabinin, Vincenzo Frascino, Will Deacon, Dmitry Vyukov Currently, the __is_lm_address() check just masks out the top 12 bits of the address, but if they are 0, it still yields a true result. This has as a side effect that virt_addr_valid() returns true even for invalid virtual addresses (e.g. 0x0). Improve the detection checking that it's actually a kernel address starting at PAGE_OFFSET. Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will@kernel.org> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> --- arch/arm64/include/asm/memory.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h index 18fce223b67b..99d7e1494aaa 100644 --- a/arch/arm64/include/asm/memory.h +++ b/arch/arm64/include/asm/memory.h @@ -247,9 +247,11 @@ static inline const void *__tag_set(const void *addr, u8 tag) /* - * The linear kernel range starts at the bottom of the virtual address space. + * Check whether an arbitrary address is within the linear map, which + * lives in the [PAGE_OFFSET, PAGE_END) interval at the bottom of the + * kernel's TTBR1 address range. */ -#define __is_lm_address(addr) (((u64)(addr) & ~PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) +#define __is_lm_address(addr) (((u64)(addr) ^ PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) #define __lm_to_phys(addr) (((addr) & ~PAGE_OFFSET) + PHYS_OFFSET) #define __kimg_to_phys(addr) ((addr) - kimage_voffset) -- 2.30.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-22 15:56 ` [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() Vincenzo Frascino @ 2021-01-25 13:02 ` Mark Rutland 2021-01-25 14:36 ` Vincenzo Frascino 0 siblings, 1 reply; 15+ messages in thread From: Mark Rutland @ 2021-01-25 13:02 UTC (permalink / raw) To: Vincenzo Frascino Cc: Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, linux-arm-kernel, Catalin Marinas, Andrey Ryabinin, Will Deacon, Dmitry Vyukov Hi Vincenzo, On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: > Currently, the __is_lm_address() check just masks out the top 12 bits > of the address, but if they are 0, it still yields a true result. > This has as a side effect that virt_addr_valid() returns true even for > invalid virtual addresses (e.g. 0x0). > > Improve the detection checking that it's actually a kernel address > starting at PAGE_OFFSET. > > Cc: Catalin Marinas <catalin.marinas@arm.com> > Cc: Will Deacon <will@kernel.org> > Suggested-by: Catalin Marinas <catalin.marinas@arm.com> > Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> > Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Looking around, it seems that there are some existing uses of virt_addr_valid() that expect it to reject addresses outside of the TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. Given that, I think we need something that's easy to backport to stable. This patch itself looks fine, but it's not going to backport very far, so I suspect we might need to write a preparatory patch that adds an explicit range check to virt_addr_valid() which can be trivially backported. For this patch: Acked-by: Mark Rutland <mark.rutland@arm.com> Thanks, Mark. > --- > arch/arm64/include/asm/memory.h | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h > index 18fce223b67b..99d7e1494aaa 100644 > --- a/arch/arm64/include/asm/memory.h > +++ b/arch/arm64/include/asm/memory.h > @@ -247,9 +247,11 @@ static inline const void *__tag_set(const void *addr, u8 tag) > > > /* > - * The linear kernel range starts at the bottom of the virtual address space. > + * Check whether an arbitrary address is within the linear map, which > + * lives in the [PAGE_OFFSET, PAGE_END) interval at the bottom of the > + * kernel's TTBR1 address range. > */ > -#define __is_lm_address(addr) (((u64)(addr) & ~PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) > +#define __is_lm_address(addr) (((u64)(addr) ^ PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) > > #define __lm_to_phys(addr) (((addr) & ~PAGE_OFFSET) + PHYS_OFFSET) > #define __kimg_to_phys(addr) ((addr) - kimage_voffset) > -- > 2.30.0 > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-25 13:02 ` Mark Rutland @ 2021-01-25 14:36 ` Vincenzo Frascino 2021-01-25 14:59 ` Catalin Marinas 0 siblings, 1 reply; 15+ messages in thread From: Vincenzo Frascino @ 2021-01-25 14:36 UTC (permalink / raw) To: Mark Rutland Cc: Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, linux-arm-kernel, Catalin Marinas, Andrey Ryabinin, Will Deacon, Dmitry Vyukov Hi Mark, On 1/25/21 1:02 PM, Mark Rutland wrote: > Hi Vincenzo, > > On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: >> Currently, the __is_lm_address() check just masks out the top 12 bits >> of the address, but if they are 0, it still yields a true result. >> This has as a side effect that virt_addr_valid() returns true even for >> invalid virtual addresses (e.g. 0x0). >> >> Improve the detection checking that it's actually a kernel address >> starting at PAGE_OFFSET. >> >> Cc: Catalin Marinas <catalin.marinas@arm.com> >> Cc: Will Deacon <will@kernel.org> >> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> >> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> >> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> > > Looking around, it seems that there are some existing uses of > virt_addr_valid() that expect it to reject addresses outside of the > TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. > > Given that, I think we need something that's easy to backport to stable. > I agree, I started looking at it this morning and I found cases even in the main allocators (slub and page_alloc) either then the one you mentioned. > This patch itself looks fine, but it's not going to backport very far, > so I suspect we might need to write a preparatory patch that adds an > explicit range check to virt_addr_valid() which can be trivially > backported. > I checked the old releases and I agree this is not back-portable as it stands. I propose therefore to add a preparatory patch with the check below: #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ (u64)(addr) < PAGE_END) If it works for you I am happy to take care of it and post a new version of my patches. Thanks! > For this patch: > > Acked-by: Mark Rutland <mark.rutland@arm.com> > > Thanks, > Mark. > >> --- >> arch/arm64/include/asm/memory.h | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h >> index 18fce223b67b..99d7e1494aaa 100644 >> --- a/arch/arm64/include/asm/memory.h >> +++ b/arch/arm64/include/asm/memory.h >> @@ -247,9 +247,11 @@ static inline const void *__tag_set(const void *addr, u8 tag) >> >> >> /* >> - * The linear kernel range starts at the bottom of the virtual address space. >> + * Check whether an arbitrary address is within the linear map, which >> + * lives in the [PAGE_OFFSET, PAGE_END) interval at the bottom of the >> + * kernel's TTBR1 address range. >> */ >> -#define __is_lm_address(addr) (((u64)(addr) & ~PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) >> +#define __is_lm_address(addr) (((u64)(addr) ^ PAGE_OFFSET) < (PAGE_END - PAGE_OFFSET)) >> >> #define __lm_to_phys(addr) (((addr) & ~PAGE_OFFSET) + PHYS_OFFSET) >> #define __kimg_to_phys(addr) ((addr) - kimage_voffset) >> -- >> 2.30.0 >> -- Regards, Vincenzo _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-25 14:36 ` Vincenzo Frascino @ 2021-01-25 14:59 ` Catalin Marinas 2021-01-25 16:09 ` Vincenzo Frascino 2021-01-25 17:38 ` Mark Rutland 0 siblings, 2 replies; 15+ messages in thread From: Catalin Marinas @ 2021-01-25 14:59 UTC (permalink / raw) To: Vincenzo Frascino Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin, Will Deacon, linux-arm-kernel On Mon, Jan 25, 2021 at 02:36:34PM +0000, Vincenzo Frascino wrote: > On 1/25/21 1:02 PM, Mark Rutland wrote: > > On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: > >> Currently, the __is_lm_address() check just masks out the top 12 bits > >> of the address, but if they are 0, it still yields a true result. > >> This has as a side effect that virt_addr_valid() returns true even for > >> invalid virtual addresses (e.g. 0x0). > >> > >> Improve the detection checking that it's actually a kernel address > >> starting at PAGE_OFFSET. > >> > >> Cc: Catalin Marinas <catalin.marinas@arm.com> > >> Cc: Will Deacon <will@kernel.org> > >> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> > >> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> > >> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> > > > > Looking around, it seems that there are some existing uses of > > virt_addr_valid() that expect it to reject addresses outside of the > > TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. > > > > Given that, I think we need something that's easy to backport to stable. > > > > I agree, I started looking at it this morning and I found cases even in the main > allocators (slub and page_alloc) either then the one you mentioned. > > > This patch itself looks fine, but it's not going to backport very far, > > so I suspect we might need to write a preparatory patch that adds an > > explicit range check to virt_addr_valid() which can be trivially > > backported. > > > > I checked the old releases and I agree this is not back-portable as it stands. > I propose therefore to add a preparatory patch with the check below: > > #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ > (u64)(addr) < PAGE_END) > > If it works for you I am happy to take care of it and post a new version of my > patches. I'm not entirely sure we need a preparatory patch. IIUC (it needs checking), virt_addr_valid() was fine until 5.4, broken by commit 14c127c957c1 ("arm64: mm: Flip kernel VA space"). Will addressed the flip case in 68dd8ef32162 ("arm64: memory: Fix virt_addr_valid() using __is_lm_address()") but this broke the <PAGE_OFFSET case. So in 5.4 a NULL address is considered valid. Ard's commit f4693c2716b3 ("arm64: mm: extend linear region for 52-bit VA configurations") changed the test to no longer rely on va_bits but did not change the broken semantics. If Ard's change plus the fix proposed in this test works on 5.4, I'd say we just merge this patch with the corresponding Cc stable and Fixes tags and tweak it slightly when doing the backports as it wouldn't apply cleanly. IOW, I wouldn't add another check to virt_addr_valid() as we did not need one prior to 5.4. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-25 14:59 ` Catalin Marinas @ 2021-01-25 16:09 ` Vincenzo Frascino 2021-01-25 17:56 ` Catalin Marinas 2021-01-25 17:38 ` Mark Rutland 1 sibling, 1 reply; 15+ messages in thread From: Vincenzo Frascino @ 2021-01-25 16:09 UTC (permalink / raw) To: Catalin Marinas Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin, Will Deacon, linux-arm-kernel On 1/25/21 2:59 PM, Catalin Marinas wrote: > On Mon, Jan 25, 2021 at 02:36:34PM +0000, Vincenzo Frascino wrote: >> On 1/25/21 1:02 PM, Mark Rutland wrote: >>> On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: >>>> Currently, the __is_lm_address() check just masks out the top 12 bits >>>> of the address, but if they are 0, it still yields a true result. >>>> This has as a side effect that virt_addr_valid() returns true even for >>>> invalid virtual addresses (e.g. 0x0). >>>> >>>> Improve the detection checking that it's actually a kernel address >>>> starting at PAGE_OFFSET. >>>> >>>> Cc: Catalin Marinas <catalin.marinas@arm.com> >>>> Cc: Will Deacon <will@kernel.org> >>>> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> >>>> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> >>>> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> >>> >>> Looking around, it seems that there are some existing uses of >>> virt_addr_valid() that expect it to reject addresses outside of the >>> TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. >>> >>> Given that, I think we need something that's easy to backport to stable. >>> >> >> I agree, I started looking at it this morning and I found cases even in the main >> allocators (slub and page_alloc) either then the one you mentioned. >> >>> This patch itself looks fine, but it's not going to backport very far, >>> so I suspect we might need to write a preparatory patch that adds an >>> explicit range check to virt_addr_valid() which can be trivially >>> backported. >>> >> >> I checked the old releases and I agree this is not back-portable as it stands. >> I propose therefore to add a preparatory patch with the check below: >> >> #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ >> (u64)(addr) < PAGE_END) >> >> If it works for you I am happy to take care of it and post a new version of my >> patches. > > I'm not entirely sure we need a preparatory patch. IIUC (it needs > checking), virt_addr_valid() was fine until 5.4, broken by commit > 14c127c957c1 ("arm64: mm: Flip kernel VA space"). Will addressed the > flip case in 68dd8ef32162 ("arm64: memory: Fix virt_addr_valid() using > __is_lm_address()") but this broke the <PAGE_OFFSET case. So in 5.4 a > NULL address is considered valid. > > Ard's commit f4693c2716b3 ("arm64: mm: extend linear region for 52-bit > VA configurations") changed the test to no longer rely on va_bits but > did not change the broken semantics. > > If Ard's change plus the fix proposed in this test works on 5.4, I'd say > we just merge this patch with the corresponding Cc stable and Fixes tags > and tweak it slightly when doing the backports as it wouldn't apply > cleanly. IOW, I wouldn't add another check to virt_addr_valid() as we > did not need one prior to 5.4. > Thank you for the detailed analysis. I checked on 5.4 and it seems that Ard patch (not a clean backport) plus my proposed fix works correctly and solves the issue. Tomorrow I will post a new version of the series that includes what you are suggesting. -- Regards, Vincenzo _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-25 16:09 ` Vincenzo Frascino @ 2021-01-25 17:56 ` Catalin Marinas 2021-01-26 11:58 ` Vincenzo Frascino 0 siblings, 1 reply; 15+ messages in thread From: Catalin Marinas @ 2021-01-25 17:56 UTC (permalink / raw) To: Vincenzo Frascino Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin, Will Deacon, linux-arm-kernel On Mon, Jan 25, 2021 at 04:09:57PM +0000, Vincenzo Frascino wrote: > On 1/25/21 2:59 PM, Catalin Marinas wrote: > > On Mon, Jan 25, 2021 at 02:36:34PM +0000, Vincenzo Frascino wrote: > >> On 1/25/21 1:02 PM, Mark Rutland wrote: > >>> On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: > >>>> Currently, the __is_lm_address() check just masks out the top 12 bits > >>>> of the address, but if they are 0, it still yields a true result. > >>>> This has as a side effect that virt_addr_valid() returns true even for > >>>> invalid virtual addresses (e.g. 0x0). > >>>> > >>>> Improve the detection checking that it's actually a kernel address > >>>> starting at PAGE_OFFSET. > >>>> > >>>> Cc: Catalin Marinas <catalin.marinas@arm.com> > >>>> Cc: Will Deacon <will@kernel.org> > >>>> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> > >>>> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> > >>>> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> > >>> > >>> Looking around, it seems that there are some existing uses of > >>> virt_addr_valid() that expect it to reject addresses outside of the > >>> TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. > >>> > >>> Given that, I think we need something that's easy to backport to stable. > >>> > >> > >> I agree, I started looking at it this morning and I found cases even in the main > >> allocators (slub and page_alloc) either then the one you mentioned. > >> > >>> This patch itself looks fine, but it's not going to backport very far, > >>> so I suspect we might need to write a preparatory patch that adds an > >>> explicit range check to virt_addr_valid() which can be trivially > >>> backported. > >>> > >> > >> I checked the old releases and I agree this is not back-portable as it stands. > >> I propose therefore to add a preparatory patch with the check below: > >> > >> #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ > >> (u64)(addr) < PAGE_END) > >> > >> If it works for you I am happy to take care of it and post a new version of my > >> patches. > > > > I'm not entirely sure we need a preparatory patch. IIUC (it needs > > checking), virt_addr_valid() was fine until 5.4, broken by commit > > 14c127c957c1 ("arm64: mm: Flip kernel VA space"). Will addressed the > > flip case in 68dd8ef32162 ("arm64: memory: Fix virt_addr_valid() using > > __is_lm_address()") but this broke the <PAGE_OFFSET case. So in 5.4 a > > NULL address is considered valid. > > > > Ard's commit f4693c2716b3 ("arm64: mm: extend linear region for 52-bit > > VA configurations") changed the test to no longer rely on va_bits but > > did not change the broken semantics. > > > > If Ard's change plus the fix proposed in this test works on 5.4, I'd say > > we just merge this patch with the corresponding Cc stable and Fixes tags > > and tweak it slightly when doing the backports as it wouldn't apply > > cleanly. IOW, I wouldn't add another check to virt_addr_valid() as we > > did not need one prior to 5.4. > > Thank you for the detailed analysis. I checked on 5.4 and it seems that Ard > patch (not a clean backport) plus my proposed fix works correctly and solves the > issue. I didn't mean the backport of the whole commit f4693c2716b3 as it probably has other dependencies, just the __is_lm_address() change in that patch. > Tomorrow I will post a new version of the series that includes what you are > suggesting. Please post the __is_lm_address() fix separately from the kasan patches. I'll pick it up as a fix via the arm64 tree. The kasan change can go in 5.12 since it's not currently broken but I'll leave the decision with Andrey. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-25 17:56 ` Catalin Marinas @ 2021-01-26 11:58 ` Vincenzo Frascino 2021-01-26 12:07 ` Catalin Marinas 0 siblings, 1 reply; 15+ messages in thread From: Vincenzo Frascino @ 2021-01-26 11:58 UTC (permalink / raw) To: Catalin Marinas Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin, Will Deacon, linux-arm-kernel On 1/25/21 5:56 PM, Catalin Marinas wrote: > On Mon, Jan 25, 2021 at 04:09:57PM +0000, Vincenzo Frascino wrote: >> On 1/25/21 2:59 PM, Catalin Marinas wrote: >>> On Mon, Jan 25, 2021 at 02:36:34PM +0000, Vincenzo Frascino wrote: >>>> On 1/25/21 1:02 PM, Mark Rutland wrote: >>>>> On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: >>>>>> Currently, the __is_lm_address() check just masks out the top 12 bits >>>>>> of the address, but if they are 0, it still yields a true result. >>>>>> This has as a side effect that virt_addr_valid() returns true even for >>>>>> invalid virtual addresses (e.g. 0x0). >>>>>> >>>>>> Improve the detection checking that it's actually a kernel address >>>>>> starting at PAGE_OFFSET. >>>>>> >>>>>> Cc: Catalin Marinas <catalin.marinas@arm.com> >>>>>> Cc: Will Deacon <will@kernel.org> >>>>>> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> >>>>>> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> >>>>>> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> >>>>> >>>>> Looking around, it seems that there are some existing uses of >>>>> virt_addr_valid() that expect it to reject addresses outside of the >>>>> TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. >>>>> >>>>> Given that, I think we need something that's easy to backport to stable. >>>>> >>>> >>>> I agree, I started looking at it this morning and I found cases even in the main >>>> allocators (slub and page_alloc) either then the one you mentioned. >>>> >>>>> This patch itself looks fine, but it's not going to backport very far, >>>>> so I suspect we might need to write a preparatory patch that adds an >>>>> explicit range check to virt_addr_valid() which can be trivially >>>>> backported. >>>>> >>>> >>>> I checked the old releases and I agree this is not back-portable as it stands. >>>> I propose therefore to add a preparatory patch with the check below: >>>> >>>> #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ >>>> (u64)(addr) < PAGE_END) >>>> >>>> If it works for you I am happy to take care of it and post a new version of my >>>> patches. >>> >>> I'm not entirely sure we need a preparatory patch. IIUC (it needs >>> checking), virt_addr_valid() was fine until 5.4, broken by commit >>> 14c127c957c1 ("arm64: mm: Flip kernel VA space"). Will addressed the >>> flip case in 68dd8ef32162 ("arm64: memory: Fix virt_addr_valid() using >>> __is_lm_address()") but this broke the <PAGE_OFFSET case. So in 5.4 a >>> NULL address is considered valid. >>> >>> Ard's commit f4693c2716b3 ("arm64: mm: extend linear region for 52-bit >>> VA configurations") changed the test to no longer rely on va_bits but >>> did not change the broken semantics. >>> >>> If Ard's change plus the fix proposed in this test works on 5.4, I'd say >>> we just merge this patch with the corresponding Cc stable and Fixes tags >>> and tweak it slightly when doing the backports as it wouldn't apply >>> cleanly. IOW, I wouldn't add another check to virt_addr_valid() as we >>> did not need one prior to 5.4. >> >> Thank you for the detailed analysis. I checked on 5.4 and it seems that Ard >> patch (not a clean backport) plus my proposed fix works correctly and solves the >> issue. > > I didn't mean the backport of the whole commit f4693c2716b3 as it > probably has other dependencies, just the __is_lm_address() change in > that patch. > Then call it preparatory patch ;) >> Tomorrow I will post a new version of the series that includes what you are >> suggesting. > > Please post the __is_lm_address() fix separately from the kasan patches. > I'll pick it up as a fix via the arm64 tree. The kasan change can go in > 5.12 since it's not currently broken but I'll leave the decision with > Andrey. > Ok, will do. -- Regards, Vincenzo _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-26 11:58 ` Vincenzo Frascino @ 2021-01-26 12:07 ` Catalin Marinas 2021-01-26 12:13 ` Vincenzo Frascino 0 siblings, 1 reply; 15+ messages in thread From: Catalin Marinas @ 2021-01-26 12:07 UTC (permalink / raw) To: Vincenzo Frascino Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin, Will Deacon, linux-arm-kernel On Tue, Jan 26, 2021 at 11:58:13AM +0000, Vincenzo Frascino wrote: > On 1/25/21 5:56 PM, Catalin Marinas wrote: > > On Mon, Jan 25, 2021 at 04:09:57PM +0000, Vincenzo Frascino wrote: > >> On 1/25/21 2:59 PM, Catalin Marinas wrote: > >>> On Mon, Jan 25, 2021 at 02:36:34PM +0000, Vincenzo Frascino wrote: > >>>> On 1/25/21 1:02 PM, Mark Rutland wrote: > >>>>> On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: > >>>>>> Currently, the __is_lm_address() check just masks out the top 12 bits > >>>>>> of the address, but if they are 0, it still yields a true result. > >>>>>> This has as a side effect that virt_addr_valid() returns true even for > >>>>>> invalid virtual addresses (e.g. 0x0). > >>>>>> > >>>>>> Improve the detection checking that it's actually a kernel address > >>>>>> starting at PAGE_OFFSET. > >>>>>> > >>>>>> Cc: Catalin Marinas <catalin.marinas@arm.com> > >>>>>> Cc: Will Deacon <will@kernel.org> > >>>>>> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> > >>>>>> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> > >>>>>> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> > >>>>> > >>>>> Looking around, it seems that there are some existing uses of > >>>>> virt_addr_valid() that expect it to reject addresses outside of the > >>>>> TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. > >>>>> > >>>>> Given that, I think we need something that's easy to backport to stable. > >>>>> > >>>> > >>>> I agree, I started looking at it this morning and I found cases even in the main > >>>> allocators (slub and page_alloc) either then the one you mentioned. > >>>> > >>>>> This patch itself looks fine, but it's not going to backport very far, > >>>>> so I suspect we might need to write a preparatory patch that adds an > >>>>> explicit range check to virt_addr_valid() which can be trivially > >>>>> backported. > >>>>> > >>>> > >>>> I checked the old releases and I agree this is not back-portable as it stands. > >>>> I propose therefore to add a preparatory patch with the check below: > >>>> > >>>> #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ > >>>> (u64)(addr) < PAGE_END) > >>>> > >>>> If it works for you I am happy to take care of it and post a new version of my > >>>> patches. > >>> > >>> I'm not entirely sure we need a preparatory patch. IIUC (it needs > >>> checking), virt_addr_valid() was fine until 5.4, broken by commit > >>> 14c127c957c1 ("arm64: mm: Flip kernel VA space"). Will addressed the > >>> flip case in 68dd8ef32162 ("arm64: memory: Fix virt_addr_valid() using > >>> __is_lm_address()") but this broke the <PAGE_OFFSET case. So in 5.4 a > >>> NULL address is considered valid. > >>> > >>> Ard's commit f4693c2716b3 ("arm64: mm: extend linear region for 52-bit > >>> VA configurations") changed the test to no longer rely on va_bits but > >>> did not change the broken semantics. > >>> > >>> If Ard's change plus the fix proposed in this test works on 5.4, I'd say > >>> we just merge this patch with the corresponding Cc stable and Fixes tags > >>> and tweak it slightly when doing the backports as it wouldn't apply > >>> cleanly. IOW, I wouldn't add another check to virt_addr_valid() as we > >>> did not need one prior to 5.4. > >> > >> Thank you for the detailed analysis. I checked on 5.4 and it seems that Ard > >> patch (not a clean backport) plus my proposed fix works correctly and solves the > >> issue. > > > > I didn't mean the backport of the whole commit f4693c2716b3 as it > > probably has other dependencies, just the __is_lm_address() change in > > that patch. > > Then call it preparatory patch ;) It's preparatory only for the stable backports, not for current mainline. But I'd rather change the upstream patch when backporting to apply cleanly, no need for a preparatory stable patch. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-26 12:07 ` Catalin Marinas @ 2021-01-26 12:13 ` Vincenzo Frascino 0 siblings, 0 replies; 15+ messages in thread From: Vincenzo Frascino @ 2021-01-26 12:13 UTC (permalink / raw) To: Catalin Marinas Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin, Will Deacon, linux-arm-kernel On 1/26/21 12:07 PM, Catalin Marinas wrote: > On Tue, Jan 26, 2021 at 11:58:13AM +0000, Vincenzo Frascino wrote: >> On 1/25/21 5:56 PM, Catalin Marinas wrote: >>> On Mon, Jan 25, 2021 at 04:09:57PM +0000, Vincenzo Frascino wrote: >>>> On 1/25/21 2:59 PM, Catalin Marinas wrote: >>>>> On Mon, Jan 25, 2021 at 02:36:34PM +0000, Vincenzo Frascino wrote: >>>>>> On 1/25/21 1:02 PM, Mark Rutland wrote: >>>>>>> On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: >>>>>>>> Currently, the __is_lm_address() check just masks out the top 12 bits >>>>>>>> of the address, but if they are 0, it still yields a true result. >>>>>>>> This has as a side effect that virt_addr_valid() returns true even for >>>>>>>> invalid virtual addresses (e.g. 0x0). >>>>>>>> >>>>>>>> Improve the detection checking that it's actually a kernel address >>>>>>>> starting at PAGE_OFFSET. >>>>>>>> >>>>>>>> Cc: Catalin Marinas <catalin.marinas@arm.com> >>>>>>>> Cc: Will Deacon <will@kernel.org> >>>>>>>> Suggested-by: Catalin Marinas <catalin.marinas@arm.com> >>>>>>>> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> >>>>>>>> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> >>>>>>> >>>>>>> Looking around, it seems that there are some existing uses of >>>>>>> virt_addr_valid() that expect it to reject addresses outside of the >>>>>>> TTBR1 range. For example, check_mem_type() in drivers/tee/optee/call.c. >>>>>>> >>>>>>> Given that, I think we need something that's easy to backport to stable. >>>>>>> >>>>>> >>>>>> I agree, I started looking at it this morning and I found cases even in the main >>>>>> allocators (slub and page_alloc) either then the one you mentioned. >>>>>> >>>>>>> This patch itself looks fine, but it's not going to backport very far, >>>>>>> so I suspect we might need to write a preparatory patch that adds an >>>>>>> explicit range check to virt_addr_valid() which can be trivially >>>>>>> backported. >>>>>>> >>>>>> >>>>>> I checked the old releases and I agree this is not back-portable as it stands. >>>>>> I propose therefore to add a preparatory patch with the check below: >>>>>> >>>>>> #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ >>>>>> (u64)(addr) < PAGE_END) >>>>>> >>>>>> If it works for you I am happy to take care of it and post a new version of my >>>>>> patches. >>>>> >>>>> I'm not entirely sure we need a preparatory patch. IIUC (it needs >>>>> checking), virt_addr_valid() was fine until 5.4, broken by commit >>>>> 14c127c957c1 ("arm64: mm: Flip kernel VA space"). Will addressed the >>>>> flip case in 68dd8ef32162 ("arm64: memory: Fix virt_addr_valid() using >>>>> __is_lm_address()") but this broke the <PAGE_OFFSET case. So in 5.4 a >>>>> NULL address is considered valid. >>>>> >>>>> Ard's commit f4693c2716b3 ("arm64: mm: extend linear region for 52-bit >>>>> VA configurations") changed the test to no longer rely on va_bits but >>>>> did not change the broken semantics. >>>>> >>>>> If Ard's change plus the fix proposed in this test works on 5.4, I'd say >>>>> we just merge this patch with the corresponding Cc stable and Fixes tags >>>>> and tweak it slightly when doing the backports as it wouldn't apply >>>>> cleanly. IOW, I wouldn't add another check to virt_addr_valid() as we >>>>> did not need one prior to 5.4. >>>> >>>> Thank you for the detailed analysis. I checked on 5.4 and it seems that Ard >>>> patch (not a clean backport) plus my proposed fix works correctly and solves the >>>> issue. >>> >>> I didn't mean the backport of the whole commit f4693c2716b3 as it >>> probably has other dependencies, just the __is_lm_address() change in >>> that patch. >> >> Then call it preparatory patch ;) > > It's preparatory only for the stable backports, not for current > mainline. But I'd rather change the upstream patch when backporting to > apply cleanly, no need for a preparatory stable patch. > Thanks for the clarification. -- Regards, Vincenzo _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() 2021-01-25 14:59 ` Catalin Marinas 2021-01-25 16:09 ` Vincenzo Frascino @ 2021-01-25 17:38 ` Mark Rutland 1 sibling, 0 replies; 15+ messages in thread From: Mark Rutland @ 2021-01-25 17:38 UTC (permalink / raw) To: Catalin Marinas Cc: Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, linux-kernel, kasan-dev, Leon Romanovsky, Alexander Potapenko, Dmitry Vyukov, Andrey Ryabinin, Vincenzo Frascino, Will Deacon, linux-arm-kernel On Mon, Jan 25, 2021 at 02:59:12PM +0000, Catalin Marinas wrote: > On Mon, Jan 25, 2021 at 02:36:34PM +0000, Vincenzo Frascino wrote: > > On 1/25/21 1:02 PM, Mark Rutland wrote: > > > On Fri, Jan 22, 2021 at 03:56:40PM +0000, Vincenzo Frascino wrote: > > > This patch itself looks fine, but it's not going to backport very far, > > > so I suspect we might need to write a preparatory patch that adds an > > > explicit range check to virt_addr_valid() which can be trivially > > > backported. > > > > I checked the old releases and I agree this is not back-portable as it stands. > > I propose therefore to add a preparatory patch with the check below: > > > > #define __is_ttrb1_address(addr) ((u64)(addr) >= PAGE_OFFSET && \ > > > > If it works for you I am happy to take care of it and post a new version of my > > patches. > > I'm not entirely sure we need a preparatory patch. IIUC (it needs > checking), virt_addr_valid() was fine until 5.4, broken by commit > 14c127c957c1 ("arm64: mm: Flip kernel VA space"). Ah, so it was; thanks for digging into the history! > Will addressed the > flip case in 68dd8ef32162 ("arm64: memory: Fix virt_addr_valid() using > __is_lm_address()") but this broke the <PAGE_OFFSET case. So in 5.4 a > NULL address is considered valid. > > Ard's commit f4693c2716b3 ("arm64: mm: extend linear region for 52-bit > VA configurations") changed the test to no longer rely on va_bits but > did not change the broken semantics. > > If Ard's change plus the fix proposed in this test works on 5.4, I'd say > we just merge this patch with the corresponding Cc stable and Fixes tags > and tweak it slightly when doing the backports as it wouldn't apply > cleanly. IOW, I wouldn't add another check to virt_addr_valid() as we > did not need one prior to 5.4. That makes sense to me; sorry for the noise! Thanks, Mark. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH v4 2/3] kasan: Add explicit preconditions to kasan_report() 2021-01-22 15:56 [PATCH v4 0/3] kasan: Fix metadata detection for KASAN_HW_TAGS Vincenzo Frascino 2021-01-22 15:56 ` [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() Vincenzo Frascino @ 2021-01-22 15:56 ` Vincenzo Frascino 2021-01-22 16:10 ` Andrey Konovalov 2021-01-22 15:56 ` [PATCH v4 3/3] kasan: Make addr_has_metadata() return true for valid addresses Vincenzo Frascino 2 siblings, 1 reply; 15+ messages in thread From: Vincenzo Frascino @ 2021-01-22 15:56 UTC (permalink / raw) To: linux-arm-kernel, linux-kernel, kasan-dev Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, Leon Romanovsky, Alexander Potapenko, Catalin Marinas, Andrey Ryabinin, Vincenzo Frascino, Will Deacon, Dmitry Vyukov With the introduction of KASAN_HW_TAGS, kasan_report() accesses the metadata only when addr_has_metadata() succeeds. Add a comment to make sure that the preconditions to the function are explicitly clarified. Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Leon Romanovsky <leonro@mellanox.com> Cc: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> --- include/linux/kasan.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index fe1ae73ff8b5..0aea9e2a2a01 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -333,6 +333,13 @@ static inline void *kasan_reset_tag(const void *addr) return (void *)arch_kasan_reset_tag(addr); } +/** + * kasan_report - print a report about a bad memory access detected by KASAN + * @addr: address of the bad access + * @size: size of the bad access + * @is_write: whether the bad access is a write or a read + * @ip: instruction pointer for the accessibility check or the bad access itself + */ bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip); -- 2.30.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH v4 2/3] kasan: Add explicit preconditions to kasan_report() 2021-01-22 15:56 ` [PATCH v4 2/3] kasan: Add explicit preconditions to kasan_report() Vincenzo Frascino @ 2021-01-22 16:10 ` Andrey Konovalov 0 siblings, 0 replies; 15+ messages in thread From: Andrey Konovalov @ 2021-01-22 16:10 UTC (permalink / raw) To: Vincenzo Frascino Cc: Mark Rutland, Paul E . McKenney, Catalin Marinas, Naresh Kamboju, LKML, kasan-dev, Leon Romanovsky, Alexander Potapenko, Linux ARM, Andrey Ryabinin, Will Deacon, Dmitry Vyukov On Fri, Jan 22, 2021 at 4:57 PM Vincenzo Frascino <vincenzo.frascino@arm.com> wrote: > > With the introduction of KASAN_HW_TAGS, kasan_report() accesses the > metadata only when addr_has_metadata() succeeds. > > Add a comment to make sure that the preconditions to the function are > explicitly clarified. > > Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> > Cc: Alexander Potapenko <glider@google.com> > Cc: Dmitry Vyukov <dvyukov@google.com> > Cc: Leon Romanovsky <leonro@mellanox.com> > Cc: Andrey Konovalov <andreyknvl@google.com> > Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> > --- > include/linux/kasan.h | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/include/linux/kasan.h b/include/linux/kasan.h > index fe1ae73ff8b5..0aea9e2a2a01 100644 > --- a/include/linux/kasan.h > +++ b/include/linux/kasan.h > @@ -333,6 +333,13 @@ static inline void *kasan_reset_tag(const void *addr) > return (void *)arch_kasan_reset_tag(addr); > } > > +/** > + * kasan_report - print a report about a bad memory access detected by KASAN > + * @addr: address of the bad access > + * @size: size of the bad access > + * @is_write: whether the bad access is a write or a read > + * @ip: instruction pointer for the accessibility check or the bad access itself > + */ > bool kasan_report(unsigned long addr, size_t size, > bool is_write, unsigned long ip); > > -- > 2.30.0 Reviewed-by: Andrey Konovalov <andreyknvl@google.com> _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH v4 3/3] kasan: Make addr_has_metadata() return true for valid addresses 2021-01-22 15:56 [PATCH v4 0/3] kasan: Fix metadata detection for KASAN_HW_TAGS Vincenzo Frascino 2021-01-22 15:56 ` [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() Vincenzo Frascino 2021-01-22 15:56 ` [PATCH v4 2/3] kasan: Add explicit preconditions to kasan_report() Vincenzo Frascino @ 2021-01-22 15:56 ` Vincenzo Frascino 2021-01-22 16:09 ` Andrey Konovalov 2 siblings, 1 reply; 15+ messages in thread From: Vincenzo Frascino @ 2021-01-22 15:56 UTC (permalink / raw) To: linux-arm-kernel, linux-kernel, kasan-dev Cc: Mark Rutland, Paul E . McKenney, Andrey Konovalov, Naresh Kamboju, Leon Romanovsky, Alexander Potapenko, Catalin Marinas, Andrey Ryabinin, Vincenzo Frascino, Will Deacon, Dmitry Vyukov Currently, addr_has_metadata() returns true for every address. An invalid address (e.g. NULL) passed to the function when, KASAN_HW_TAGS is enabled, leads to a kernel panic. Make addr_has_metadata() return true for valid addresses only. Note: KASAN_HW_TAGS support for vmalloc will be added with a future patch. Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Leon Romanovsky <leonro@mellanox.com> Cc: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> --- mm/kasan/kasan.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index cc4d9e1d49b1..8c706e7652f2 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -209,7 +209,7 @@ bool check_memory_region(unsigned long addr, size_t size, bool write, static inline bool addr_has_metadata(const void *addr) { - return true; + return (is_vmalloc_addr(addr) || virt_addr_valid(addr)); } #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ -- 2.30.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH v4 3/3] kasan: Make addr_has_metadata() return true for valid addresses 2021-01-22 15:56 ` [PATCH v4 3/3] kasan: Make addr_has_metadata() return true for valid addresses Vincenzo Frascino @ 2021-01-22 16:09 ` Andrey Konovalov 0 siblings, 0 replies; 15+ messages in thread From: Andrey Konovalov @ 2021-01-22 16:09 UTC (permalink / raw) To: Vincenzo Frascino Cc: Mark Rutland, Paul E . McKenney, Catalin Marinas, Naresh Kamboju, LKML, kasan-dev, Leon Romanovsky, Alexander Potapenko, Linux ARM, Andrey Ryabinin, Will Deacon, Dmitry Vyukov On Fri, Jan 22, 2021 at 4:57 PM Vincenzo Frascino <vincenzo.frascino@arm.com> wrote: > > Currently, addr_has_metadata() returns true for every address. > An invalid address (e.g. NULL) passed to the function when, > KASAN_HW_TAGS is enabled, leads to a kernel panic. > > Make addr_has_metadata() return true for valid addresses only. > > Note: KASAN_HW_TAGS support for vmalloc will be added with a future > patch. > > Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> > Cc: Alexander Potapenko <glider@google.com> > Cc: Dmitry Vyukov <dvyukov@google.com> > Cc: Leon Romanovsky <leonro@mellanox.com> > Cc: Andrey Konovalov <andreyknvl@google.com> > Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> > --- > mm/kasan/kasan.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h > index cc4d9e1d49b1..8c706e7652f2 100644 > --- a/mm/kasan/kasan.h > +++ b/mm/kasan/kasan.h > @@ -209,7 +209,7 @@ bool check_memory_region(unsigned long addr, size_t size, bool write, > > static inline bool addr_has_metadata(const void *addr) > { > - return true; > + return (is_vmalloc_addr(addr) || virt_addr_valid(addr)); > } > > #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ > -- > 2.30.0 > Reviewed-by: Andrey Konovalov <andreyknvl@google.com> Thanks! _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2021-01-26 12:11 UTC | newest] Thread overview: 15+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-01-22 15:56 [PATCH v4 0/3] kasan: Fix metadata detection for KASAN_HW_TAGS Vincenzo Frascino 2021-01-22 15:56 ` [PATCH v4 1/3] arm64: Improve kernel address detection of __is_lm_address() Vincenzo Frascino 2021-01-25 13:02 ` Mark Rutland 2021-01-25 14:36 ` Vincenzo Frascino 2021-01-25 14:59 ` Catalin Marinas 2021-01-25 16:09 ` Vincenzo Frascino 2021-01-25 17:56 ` Catalin Marinas 2021-01-26 11:58 ` Vincenzo Frascino 2021-01-26 12:07 ` Catalin Marinas 2021-01-26 12:13 ` Vincenzo Frascino 2021-01-25 17:38 ` Mark Rutland 2021-01-22 15:56 ` [PATCH v4 2/3] kasan: Add explicit preconditions to kasan_report() Vincenzo Frascino 2021-01-22 16:10 ` Andrey Konovalov 2021-01-22 15:56 ` [PATCH v4 3/3] kasan: Make addr_has_metadata() return true for valid addresses Vincenzo Frascino 2021-01-22 16:09 ` Andrey Konovalov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox