From: Wengang Wang <wen.gang.wang@oracle.com>
To: linux-mm@kvack.org, aryabinin@virtuozzo.com
Cc: wen.gang.wang@oracle.com, glider@google.com, dvyukov@google.com
Subject: [PATCH 0/5] mm/kasan: advanced check
Date: Fri, 17 Nov 2017 14:30:38 -0800 [thread overview]
Message-ID: <20171117223043.7277-1-wen.gang.wang@oracle.com> (raw)
Kasan advanced check, I'm going to add this feature.
Currently Kasan provide the detection of use-after-free and out-of-bounds
problems. It is not able to find the overwrite-on-allocated-memory issue.
We sometimes hit this kind of issue: We have a messed up structure
(usually dynamially allocated), some of the fields in the structure were
overwritten with unreasaonable values. And kernel may panic due to those
overeritten values. We know those fields were overwritten somehow, but we
have no easy way to find out which path did the overwritten. The advanced
check wants to help in this scenario.
The idea is to define the memory owner. When write accesses come from
non-owner, error should be reported. Normally the write accesses on a given
structure happen in only several or a dozen of functions if the structure
is not that complicated. We call those functions "allowed functions".
The work of defining the owner and binding memory to owner is expected to
be done by the memory consumer. In the above case, memory consume register
the owner as the functions which have write accesses to the structure then
bind all the structures to the owner. Then kasan will do the "owner check"
after the basic checks.
As implementation, kasan provides a API to it's user to register their
allowed functions. The API returns a token to users. At run time, users
bind the memory ranges they are interested in to the check they registered.
Kasan then checks the bound memory ranges with the allowed functions.
Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
0001-mm-kasan-make-space-in-shadow-bytes-for-advanced-che.patch
0002-mm-kasan-pass-access-mode-to-poison-check-functions.patch
0003-mm-kasan-do-advanced-check.patch
0004-mm-kasan-register-check-and-bind-it-to-memory.patch
0005-mm-kasan-add-advanced-check-test-case.patch
include/linux/kasan.h | 16 ++
lib/test_kasan.c | 73 ++++++++++++
mm/kasan/kasan.c | 292 +++++++++++++++++++++++++++++++++++++++++++-------
mm/kasan/kasan.h | 42 +++++++
mm/kasan/report.c | 44 ++++++-
5 files changed, 424 insertions(+), 43 deletions(-)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next reply other threads:[~2017-11-17 22:30 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-17 22:30 Wengang Wang [this message]
2017-11-17 22:30 ` [PATCH 1/5] mm/kasan: make space in shadow bytes for advanced check Wengang Wang
2017-11-17 22:30 ` [PATCH 2/5] mm/kasan: pass access mode to poison check functions Wengang Wang
2017-11-17 22:30 ` [PATCH 3/5] mm/kasan: do advanced check Wengang Wang
2017-11-17 22:30 ` [PATCH 4/5] mm/kasan: register check and bind it to memory Wengang Wang
2017-11-17 22:30 ` [PATCH 5/5] mm/kasan: add advanced check test case Wengang Wang
2017-11-17 22:32 ` [PATCH 0/5] mm/kasan: advanced check Wengang Wang
2017-11-17 22:56 ` Dmitry Vyukov
2017-11-20 1:50 ` Joonsoo Kim
2017-11-20 8:41 ` Dmitry Vyukov
2017-11-20 20:05 ` Wengang
2017-11-20 20:20 ` Dmitry Vyukov
2017-11-20 20:29 ` Wengang
2017-11-21 9:54 ` Dmitry Vyukov
2017-11-21 19:17 ` Wengang Wang
2017-11-22 8:48 ` Dmitry Vyukov
2017-11-22 21:09 ` Wengang Wang
2017-11-20 19:56 ` Wengang
2017-11-22 4:30 ` Joonsoo Kim
2017-11-22 8:51 ` Dmitry Vyukov
2017-11-23 6:07 ` Joonsoo Kim
2017-11-22 19:43 ` Wengang Wang
2017-11-23 6:23 ` Joonsoo Kim
2017-11-23 6:35 ` Joonsoo Kim
2017-11-22 12:04 ` Andrey Ryabinin
2017-11-23 5:57 ` Joonsoo Kim
2017-11-22 12:04 ` Andrey Ryabinin
2017-11-22 19:29 ` Wengang Wang
2017-11-26 19:37 ` Wengang Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171117223043.7277-1-wen.gang.wang@oracle.com \
--to=wen.gang.wang@oracle.com \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).