From: Borislav Petkov <bp@alien8.de>
To: Ingo Molnar <mingo@kernel.org>
Cc: Andrey Ryabinin <a.ryabinin@samsung.com>,
Alexander Popov <alpopov@ptsecurity.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Andrey Konovalov <adech.fo@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Alexander Kuleshov <kuleshovmail@gmail.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Kees Cook <keescook@chromium.org>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 1/1] x86_64: fix KASan shadow region page tables
Date: Fri, 19 Jun 2015 16:06:22 +0200 [thread overview]
Message-ID: <20150619140622.GF17826@pd.tnic> (raw)
In-Reply-To: <20150619140051.GA18930@gmail.com>
On Fri, Jun 19, 2015 at 04:00:51PM +0200, Ingo Molnar wrote:
> It should also printk a one line message at bootup, so that people can
> be sure they are running a KASan-enabled kernel.
Yeah, especially if it slows down teh kernel by orders of magnitude.
In any case, here's what it says in the guest:
[ 117.061393] kasan test: kmalloc_oob_right out-of-bounds to right
[ 117.067973] ==================================================================
[ 117.071656] BUG: KASan: out of bounds access in kmalloc_oob_right+0x65/0x75 [test_kasan] at addr ffff88006816915b
[ 117.071656] Write of size 1 by task insmod/3942
[ 117.071656] =============================================================================
[ 117.071656] BUG kmalloc-128 (Not tainted): kasan: bad access detected
[ 117.071656] -----------------------------------------------------------------------------
[ 117.071656]
[ 117.071656] Disabling lock debugging due to kernel taint
[ 117.071656] INFO: Allocated in kmalloc_oob_right+0x3d/0x75 [test_kasan] age=5 cpu=1 pid=3942
[ 117.071656] __slab_alloc.isra.60.constprop.62+0x4c4/0x5e0
[ 117.071656] kmem_cache_alloc_trace+0x167/0x330
[ 117.071656] kmalloc_oob_right+0x3d/0x75 [test_kasan]
[ 117.071656] kmalloc_tests_init+0x9/0x51 [test_kasan]
[ 117.071656] do_one_initcall+0xb1/0x220
[ 117.071656] do_init_module+0xf7/0x2f8
[ 117.071656] load_module+0x2fe7/0x3e00
[ 117.071656] SyS_init_module+0x10d/0x120
[ 117.071656] system_call_fastpath+0x16/0x73
[ 117.071656] INFO: Freed in rcu_process_callbacks+0x3d3/0xd90 age=1511 cpu=6 pid=0
[ 117.071656] __slab_free+0x433/0x610
[ 117.071656] kfree+0x279/0x380
[ 117.071656] rcu_process_callbacks+0x3d3/0xd90
[ 117.071656] __do_softirq+0x154/0x7b0
[ 117.071656] irq_exit+0xba/0xe0
[ 117.071656] smp_apic_timer_interrupt+0x6a/0x80
[ 117.071656] apic_timer_interrupt+0x6d/0x80
[ 117.071656] arch_cpu_idle+0xf/0x20
[ 117.071656] cpu_startup_entry+0x5f1/0x7a0
[ 117.071656] start_secondary+0x21d/0x230
[ 117.071656] INFO: Slab 0xffffea0001a05a00 objects=37 used=31 fp=0xffff880068169290 flags=0x4000000000004080
[ 117.071656] INFO: Object 0xffff8800681690e0 @offset=4320 fp=0xffff88006816a880
[ 117.071656]
[ 117.071656] Bytes b4 ffff8800681690d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 117.071656] Object ffff8800681690e0: 80 a8 16 68 00 88 ff ff ff ff ff ff 00 00 00 00 ...h............
[ 117.071656] Object ffff8800681690f0: ff ff ff ff ff ff ff ff c0 f2 01 83 ff ff ff ff ................
[ 117.071656] Object ffff880068169100: 60 91 87 82 ff ff ff ff 00 00 00 00 00 00 00 00 `...............
[ 117.071656] Object ffff880068169110: 05 0a c4 81 ff ff ff ff 06 00 00 00 1c 00 1b 00 ................
[ 117.071656] Object ffff880068169120: 74 d6 0d 81 ff ff ff ff 28 91 16 68 00 88 ff ff t.......(..h....
[ 117.071656] Object ffff880068169130: 28 91 16 68 00 88 ff ff 00 00 00 00 00 00 00 00 (..h............
[ 117.071656] Object ffff880068169140: 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 ........`.......
[ 117.071656] Object ffff880068169150: 00 00 00 00 40 00 38 00 07 00 40 00 18 00 17 00 ....@.8...@.....
[ 117.071656] CPU: 1 PID: 3942 Comm: insmod Tainted: G B 4.1.0-rc8+ #3
[ 117.071656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 117.071656] 0000000000000001 ffff880061c77a28 ffffffff819af359 00000000000001b0
[ 117.071656] ffff88006ac07800 ffff880061c77a58 ffffffff8121280d ffff88006ac07800
[ 117.071656] ffffea0001a05a00 ffff8800681690e0 ffffffffa0008765 ffff880061c77a88
[ 117.071656] Call Trace:
[ 117.071656] [<ffffffff819af359>] dump_stack+0x4f/0x7b
[ 117.071656] [<ffffffff8121280d>] print_trailer+0xfd/0x160
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffff81218501>] object_err+0x41/0x50
[ 117.071656] [<ffffffff8121a4b8>] kasan_report_error+0x1e8/0x410
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffff8121ab90>] kasan_report+0x40/0x50
[ 117.071656] [<ffffffffa0008111>] ? kmalloc_oob_right+0x65/0x75 [test_kasan]
[ 117.071656] [<ffffffff81219c54>] __asan_store1+0x54/0x80
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffffa0008111>] kmalloc_oob_right+0x65/0x75 [test_kasan]
[ 117.071656] [<ffffffffa000876e>] kmalloc_tests_init+0x9/0x51 [test_kasan]
[ 117.071656] [<ffffffff81000301>] do_one_initcall+0xb1/0x220
[ 117.071656] [<ffffffff81219d19>] ? kasan_kmalloc+0x49/0x50
[ 117.071656] [<ffffffff812170f6>] ? kmem_cache_alloc_trace+0x106/0x330
[ 117.071656] [<ffffffff819ae865>] ? do_init_module+0x3b/0x2f8
[ 117.071656] [<ffffffff819ae921>] do_init_module+0xf7/0x2f8
[ 117.071656] [<ffffffff8114aa37>] load_module+0x2fe7/0x3e00
[ 117.071656] [<ffffffff811454d0>] ? store_uevent+0x50/0x50
[ 117.071656] [<ffffffff8114b95d>] SyS_init_module+0x10d/0x120
[ 117.071656] [<ffffffff819ba31b>] system_call_fastpath+0x16/0x73
[ 117.071656] Memory state around the buggy address:
[ 117.071656] ffff880068169000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ffff880068169080: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[ 117.071656] >ffff880068169100: 00 00 00 00 00 00 00 00 00 00 00 03 fc fc fc fc
[ 117.071656] ^
[ 117.071656] ffff880068169180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ffff880068169200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ==================================================================
...
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2015-06-19 14:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-18 7:36 [PATCH v6 1/1] x86_64: fix KASan shadow region page tables Alexander Popov
2015-06-18 9:08 ` Borislav Petkov
2015-06-18 12:22 ` Andrey Ryabinin
2015-06-18 14:55 ` Borislav Petkov
2015-06-18 16:05 ` Andrey Ryabinin
2015-06-18 16:38 ` Borislav Petkov
2015-06-19 11:49 ` Andrey Ryabinin
2015-06-19 12:06 ` Borislav Petkov
2015-06-19 13:36 ` Andrey Ryabinin
2015-06-19 14:00 ` Ingo Molnar
2015-06-19 14:06 ` Borislav Petkov [this message]
2015-06-19 14:16 ` Andrey Ryabinin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150619140622.GF17826@pd.tnic \
--to=bp@alien8.de \
--cc=a.ryabinin@samsung.com \
--cc=adech.fo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alpopov@ptsecurity.com \
--cc=dvlasenk@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kuleshovmail@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox