From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BE67C31E45 for ; Thu, 13 Jun 2019 12:27:19 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 11A5721721 for ; Thu, 13 Jun 2019 12:27:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pjJaieRc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 11A5721721 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=virtuozzo.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:Reply-To:Content-ID:Content-Description :Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=2pvtyaRN1LmvKvFvcaOGcvc5xe9VqIcFfCZIhOcKJjo=; b=pjJaieRc8T8llY 67YIIqFEBqZsS3mdGqs6euxhDEeOO8Dn1nLz0YkLA2UlqX6u3QSnDshNeHZyfGFkMBTq9/9idk5uI YxRqrMV8MMb/v1dXlXfPoR6cwEOEovkeA3HBa9psRNdY62F2BfBMPPLWnexMr/4yz1hCC0pL7JTOy S/whipMuXbkqO5syqEovAotCD3ytIrZL1yhaEP974/ZvHDOC11TKx4Ghe1Mn6DVz0NRIwFIqqaQog oo1TycTDrc72Tpdm9T+UlQduCjilZVPO9MQKF90OFo5GBIn+mq+vQoHbtTOj0GOwDcp9z2mZieaSr 7q5ngF1CBDMG8AnYeAAQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hbOp4-0001Rt-1E; Thu, 13 Jun 2019 12:27:18 +0000 Received: from relay.sw.ru ([185.231.240.75]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hbOox-0001QH-5x; Thu, 13 Jun 2019 12:27:13 +0000 Received: from [172.16.25.12] by relay.sw.ru with esmtp (Exim 4.92) (envelope-from ) id 1hbOol-000152-4t; Thu, 13 Jun 2019 15:26:59 +0300 Subject: Re: [PATCH v3] kasan: add memory corruption identification for software tag-based mode To: Walter Wu , Alexander Potapenko , Dmitry Vyukov , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Matthias Brugger , Martin Schwidefsky , Arnd Bergmann , Vasily Gorbik , Andrey Konovalov , "Jason A . Donenfeld" , Miles Chen References: <20190613081357.1360-1-walter-zh.wu@mediatek.com> From: Andrey Ryabinin Message-ID: Date: Thu, 13 Jun 2019 15:27:09 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: <20190613081357.1360-1-walter-zh.wu@mediatek.com> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190613_052711_224726_C3C91FA4 X-CRM114-Status: GOOD ( 10.91 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: wsd_upstream@mediatek.com, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 6/13/19 11:13 AM, Walter Wu wrote: > This patch adds memory corruption identification at bug report for > software tag-based mode, the report show whether it is "use-after-free" > or "out-of-bound" error instead of "invalid-access" error.This will make > it easier for programmers to see the memory corruption problem. > > Now we extend the quarantine to support both generic and tag-based kasan. > For tag-based kasan, the quarantine stores only freed object information > to check if an object is freed recently. When tag-based kasan reports an > error, we can check if the tagged addr is in the quarantine and make a > good guess if the object is more like "use-after-free" or "out-of-bound". > We already have all the information and don't need the quarantine to make such guess. Basically if shadow of the first byte of object has the same tag as tag in pointer than it's out-of-bounds, otherwise it's use-after-free. In pseudo-code it's something like this: u8 object_tag = *(u8 *)kasan_mem_to_shadow(nearest_object(cacche, page, access_addr)); if (access_addr_tag == object_tag && object_tag != KASAN_TAG_INVALID) // out-of-bounds else // use-after-free _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel