From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753213AbcFOQR7 (ORCPT ); Wed, 15 Jun 2016 12:17:59 -0400 Received: from mail-db5eur01on0105.outbound.protection.outlook.com ([104.47.2.105]:56881 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751737AbcFOQRz (ORCPT ); Wed, 15 Jun 2016 12:17:55 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Subject: Re: [PATCH v5 1/2] mm, kasan: improve double-free detection To: Dmitry Vyukov References: <20160607180322.GA1782@cherokee.in.rdlabs.hpecorp.net> <5759A0A9.3080301@virtuozzo.com> <575AF2D9.7030701@virtuozzo.com> CC: Kuthonuzo Luruo , Alexander Potapenko , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , kasan-dev , LKML , Yury Norov From: Andrey Ryabinin Message-ID: <57617FE2.1050808@virtuozzo.com> Date: Wed, 15 Jun 2016 19:18:42 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.10] X-ClientProxiedBy: VI1PR06CA0004.eurprd06.prod.outlook.com (10.162.116.142) To VI1PR0801MB1311.eurprd08.prod.outlook.com (10.167.197.149) X-MS-Office365-Filtering-Correlation-Id: 805207f4-c686-497c-9c34-08d3953899bb X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1311;2:GwcJ80LUi1EKt0XsPZqCf8v+lWMjqswI+FtQh/7HjzKpZnRvfQhF+TJjLR+mThdRHHChl0WiPJyV6OhneesSZoCuNV9aIkxV1vaQHP+TSsLJRe82Jp9FWk9MjDE40Yf66zGQAX0zmPusF6MYTGfhSi3Vq2iNUGLZNpXEJh5GijqUez5MtysGsPzrH7z01tK9;3:esSRlOHkbxxfBfAii3za8oOjRcYj2jk4iQ5IYg2hYZZCwi8ReqJpk/GUfMfYK86dBtKoGNubiT4SNwVWwA6P7jSQoQ3P8KyiULpGutOW1p0yHkLSEqwltMFb9qrIyvRX X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0801MB1311; X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1311;25:L4D8A8iNa9SyrhkSSBtIw3mcjszBZJrVbRaz8dUKl1/JSm0HoN99EvOFJVdhEvDRsNXSkcDdv27QXAVTssGm/Gb2WzoolrV2E6iKL3Sq+tWUdFRRPvWjtpxFGAFucnKB6VePWPL6jsTKlsFyoy1XVuMwrwHRJr0mEJii9EZDInpC/RUjSe6EUhUeVsLOksLQmS/lcQoOo8PdHJbSrqeNnV6sArmHRhzRtMZKlfXizqJL+yXoylWePUBTrh/UpGBwh/x49gRiMXBc9EIG98/WdiNjOGTLKd5uEmMHz6cAPyUTSm71Vy4PJeeafZsPGc5KdG82Q0XotTGfdk/IchlAk4D54vH+bxKzIMuEezEyx6hGFzLi+2i39JBbsJqmwpqtRDUxyvCiuDAGeEmCpibQYiE7/pERB7zgMKBpTO+HTZ+ibRJzywVFTh1pxG/a428DRGUGBu4x0R/VcaSOXw5L5NKAIBoInsBg9kXrV8HOwsMNMNo502EwQx5ucny/pEt0NgEljly0T0Xofhur/2GxkNoiWGFRNK9sZjCXQUlGiIr7KHnEincj8AzG+qJsoo8og3MwFwvwY5yUU4aEaa/UkhQDJvWWnjpUIRwsgQDe78nKhr7a3Nj6ocpC0hM0f/qjUqqfbV4U2ztEP7ivWbGVzCofBnbfrCzGSoHrq4j26+9fI/m3JoByv0437yYfOmb5p2QK4RNGyII00vPwscipLHD3IVcq2YWv5E1X4drCpx4= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040130)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6041072)(6043046);SRVR:VI1PR0801MB1311;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0801MB1311; X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1311;4:fm44w7Oos03crL7+9TjbadjP+6i/ONilIOwJ9KQ1SMn274HX57JUhrBfW9knB8Dxe6PBuh3k58ffph9mUMkZ2qW668SydWkhnG7LbR1bagUgD91fk4NOezgrrPAOzJenuLfWSA4P61V/Ve0XVkqGIJWXf2M7bQWtotbiSpeIsr2HKUREn9EOmo057jNOjjbPUryQtmHAxP4O36UpLBdao+jhkT4hLBlSPoCOIQGtoRMPTtnZs84naMAMfMNoxR9O4PbyBPVRZos77SDtFqLgLwF8uhHv5z0XtkXbVOfPfxqBq0j1iUnO1XOiMG6N84SrhTDW09XF6NnxU5IaEjYaU9E0RNhobHoTe1x2PefjS2TGbHrI8gbX+YC8JDjFJO2CVGGDz7u2hRkmJOkv354r+w1UXSnD0ZkMf+pprFX2v6E= X-Forefront-PRVS: 09749A275C X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(7916002)(24454002)(189002)(199003)(377454003)(86362001)(575784001)(42186005)(106356001)(105586002)(65816999)(4326007)(54356999)(76176999)(47776003)(99136001)(87266999)(4001350100001)(189998001)(50466002)(23676002)(81166006)(66066001)(6116002)(3846002)(8676002)(81156014)(586003)(230700001)(50986999)(92566002)(2950100001)(64126003)(59896002)(77096005)(110136002)(5004730100002)(65956001)(65806001)(93886004)(5008740100001)(2906002)(33656002)(80316001)(19580405001)(19580395003)(97736004)(101416001)(68736007)(83506001)(36756003);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR0801MB1311;H:[10.30.19.223];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;CAT:NONE;LANG:en;CAT:NONE; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtWSTFQUjA4MDFNQjEzMTE7MjM6ckpoU1ljczBsYUk2YjJQTUd2SFFmcFZU?= =?utf-8?B?OVBidWkzek9FY0VWNUxsSHFzSHBhSE40Y0lQS3EyUzdjU01Ba29jeTNQQWpi?= =?utf-8?B?MWU2RVAvOUdFZVNNRklhZjdoaUEyMi9RNnVKVmdWTHdOclhmSWNyOFJYTFM5?= =?utf-8?B?SEZlVHM3T1VOcnVYYzIzdFRlWXBxTktVWGNmUHVEN1g1MzZxb2pNc0IvQkNi?= =?utf-8?B?Q2xxQlVLMVg0RmV0Nld2bHk3TkE5MmZBUmc0czhuamk4Y1JhSFhMTUJVRWhl?= =?utf-8?B?NzZYYkhDQmhjK2FtT1ZRam80TmJPWVVGMWpNWDdObzNZcFNuUmpsdzQ4Qis3?= =?utf-8?B?dnp4bHRKUVU2OWJGNUhjV3YzY2VGc1VUUnlCNTgzdHQxUDcyUEJudkw0RDZp?= =?utf-8?B?NDVhNUFiaVVTY2VBUmUrYWxpWXpVNGd3emt4NWc0aTRCc0tUbzFMMk1DZllK?= =?utf-8?B?aE9hVk9qNWJacmN5dUdkZThJQzBoRnZpTlRjV1hoUzhUN0JHU3dmNjg0Z2ho?= =?utf-8?B?NDh5WW5rejgzc1ZyQ0xBZ05peXVRb3llSFV2OU1HV2VkNG1jQm45bWQyZnR5?= =?utf-8?B?OXdnYms3RmZKUlBtdG1JVHRya2NPMWV5RXlwRkVYeitYT3ZnTWU4Vk4wMmx5?= =?utf-8?B?ZmNvNm1oTENEQ01jblJBdksrQ1hTS3AwUVY5N0FJYWJGbXBQL1A0MDBHTWoz?= =?utf-8?B?NTRVNVJ4R3JDdXhGNnFmWDV0bkhFVDJmdHNVN1c3Z29qb3B2bWdvOHI2SFRU?= =?utf-8?B?RndqYjhnMFpiZHFpRExPaE1CUFgzd3l2bDFwRC9SSm5yRDlFc3AySGlIVFNV?= =?utf-8?B?eUd0YWt1Uk1OVG9JY3JJV3N2ZGQ3Q3RrcUZoWU5IWGF5QkpMUS82UFBJMWNQ?= =?utf-8?B?bjJYa2xDUHhqRllXOGZVb0VBZG03N1hvR2lXUFpOT2xZQjNNaE5qU0dRaVZ0?= =?utf-8?B?MXpiMjQ1Y0pYVU95NXFGU2tXdGlnanNDV0xRbVpidTJKbm9vMWV6K1JQcklC?= =?utf-8?B?ZEkrVXZEMjRaN3JwM3JxeDYrRHlqZjlyTE1SWS91WlAxQmJ1a3VVQWdmY3dh?= =?utf-8?B?bTF3Ri9tOW56UURQaDlJRUM3QjY0S2tkcTNqQkU3RStsQ3dkRllVNVY0bjRs?= =?utf-8?B?UGJ2QVZSTVlvNUg1azh4c0F3SUprWDh5MkFJYktmbHpTdGhNTXpJRURUQmVv?= =?utf-8?B?WmZNTkZKWExPOWw2akNibE4wSzNKcDUveUJadkJKeWtORDBSWUFOWjNmcksx?= =?utf-8?B?dkVkUkdIL2FaQWk1TnJFaVovZUI0TExyNjE3VHNTcm4wNVNDS1FRUk9Cb1h2?= =?utf-8?B?cHdvQkhpNi9HTGxvTXpQQXM3S282TGxLTVI0azNUNjRsR2FmaW9UWVJSMkQy?= =?utf-8?B?YUozNmk5V2p3K1c3OVNLamZKT1ZmTVAwcGh4Z0hiWXkrTkhQR2RYU0VZcTNx?= =?utf-8?B?UHZlK2lnZmJ2aXA2L29idjF4eFNFckJhUUkvb2piTCtIdzdYUzNwWVppRHA3?= =?utf-8?B?QjhjUXlIbE5tWG8wdDlGMXJOaGlYaDNjc21qM1dqUGE0RjVKWFVPUndkSXBT?= =?utf-8?B?OFh2NUdqYzVoQmRnSFJCRkUzaGU1N3B1VEZkQlNwOUZhV2pwbnlDdTJUT0VN?= =?utf-8?B?MTBoR1hwK1JadXZ2eWluWG03SGFYTjk2SUFWNFRWeEVnSzBhd0I3dWVaYXZl?= =?utf-8?B?S2NLWnJRWGRxQ3VNYklDbmdOVFg4VTgzYjRZcXZuRjRUNDBJcnhaOWFaOG5m?= =?utf-8?B?OFNHODd4cTg5bFpwRlVYUkxOZEcxZlNBa1FURFFiM3RzT05FM00wenBXc0hi?= =?utf-8?B?UlpMeDdkZXQwVG5BdklYK2xFbGFyVytaWDljbUtJQTFscXpiZz09?= X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1311;6:CI5pdK4KARIGveuLSZ3K6TnYjXJAt2ERTAGAkF3CU9RbUi3SSiUOjnwlkT4Oav8IoRcO7Mh6yaK2Hv0aOi/HZtKrtptN4Qf1+yq/oX6L7ulL/FrNHKohxUKsR0iEJQPkF0OYzH2JzwpjhxUPfHfhxt+C6sNVlVFKx5mI8qKZO99hA/9mNS3zMfcmPK9sx2EGInrKY9U+6ZqeSWBnuu0IPadYSqWZLYJeoNzQdrEf89myDTYxnJh0fKTkLaaBr+n19YP5JqZwiwjJ2/E/AUoGAqnokMtY3xAkOL+JX+Y8jTs=;5:E3mKLaDCYT/xK22U8TxFWTBGCVq3xMS8NaCy9ahsMRBAEJaJEoON1BY+5FIKhB6Uji2FETCuJB6SW15/e3XBx7RGwqh+OfgtTHIZqwX43ulwqHFI7W+G95EN3PL5/tOkf2fubDt5LMwzvnx6GgO8Ig==;24:ojWnFXKlmiCMWrdk4wZCeYCXds55OB+Dd4IkBbmWeKs5/4dsxqVxENgy0IjjoSygLNlGeBtB4xpEYgNczh6QdN7WLloAaF58iVLUdkveRaM=;7:tUgDrqdO++Q9+8XoOMGnxOxk00ZvvVe1LmvSf4AxFQrg831Pdt657ISHjJano0uGwx2BJdJXf5tVbZIqLRWt/eDbEgNu+F53XcA6uewSChTbVIwqp1C1h1BjyQAbIApTWp7OXZ1LU4LgzrIClrbPX2oghceKmuA8Y5YwkioV9gcff5md0yEYgRu0z4gP3sNB1svcDOWNiW9vNLbuGYt7zA==;20:nKyKRXwFrH3TphHdHxmTB38HGkGP3EpfBiiJEFqwhHaO8/Y5SQIhVoP6X5WXX82KHCWMNSm3Mkaz7wlGMRfxddODT81k5ybmSX4J6sF1l9lukPeE/+wwT1SJOCPXP3cLegbf/uolUq5E6yNpVwk0QZOiLm2RKCCUzTqnuHfv+Gg= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2016 16:17:50.9008 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1311 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/10/2016 08:09 PM, Dmitry Vyukov wrote: > On Fri, Jun 10, 2016 at 7:03 PM, Andrey Ryabinin > wrote: >> >> >> On 06/09/2016 08:00 PM, Andrey Ryabinin wrote: >>> On 06/07/2016 09:03 PM, Kuthonuzo Luruo wrote: >>> >>> Next time, when/if you send patch series, send patches in one thread, i.e. patches should be replies to the cover letter. >>> Your patches are not linked together, which makes them harder to track. >>> >>> >>>> Currently, KASAN may fail to detect concurrent deallocations of the same >>>> object due to a race in kasan_slab_free(). This patch makes double-free >>>> detection more reliable by serializing access to KASAN object metadata. >>>> New functions kasan_meta_lock() and kasan_meta_unlock() are provided to >>>> lock/unlock per-object metadata. Double-free errors are now reported via >>>> kasan_report(). >>>> >>>> Per-object lock concept from suggestion/observations by Dmitry Vyukov. >>>> >>> >>> >>> So, I still don't like this, this too way hacky and complex. >>> I have some thoughts about how to make this lockless and robust enough. >>> I'll try to sort this out tomorrow. >>> >> >> >> So, I something like this should work. >> Tested very briefly. >> >> diff --git a/include/linux/kasan.h b/include/linux/kasan.h >> index ac4b3c4..8691142 100644 >> --- a/include/linux/kasan.h >> +++ b/include/linux/kasan.h >> @@ -75,6 +75,8 @@ struct kasan_cache { >> int kasan_module_alloc(void *addr, size_t size); >> void kasan_free_shadow(const struct vm_struct *vm); >> >> +void kasan_init_slab_obj(struct kmem_cache *cache, const void *object); >> + >> size_t ksize(const void *); >> static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); } >> >> @@ -102,6 +104,9 @@ static inline void kasan_unpoison_object_data(struct kmem_cache *cache, >> static inline void kasan_poison_object_data(struct kmem_cache *cache, >> void *object) {} >> >> +static inline void kasan_init_slab_obj(struct kmem_cache *cache, >> + const void *object) { } >> + >> static inline void kasan_kmalloc_large(void *ptr, size_t size, gfp_t flags) {} >> static inline void kasan_kfree_large(const void *ptr) {} >> static inline void kasan_poison_kfree(void *ptr) {} >> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c >> index 6845f92..ab0fded 100644 >> --- a/mm/kasan/kasan.c >> +++ b/mm/kasan/kasan.c >> @@ -388,11 +388,9 @@ void kasan_cache_create(struct kmem_cache *cache, size_t *size, >> *size += sizeof(struct kasan_alloc_meta); >> >> /* Add free meta. */ >> - if (cache->flags & SLAB_DESTROY_BY_RCU || cache->ctor || >> - cache->object_size < sizeof(struct kasan_free_meta)) { >> - cache->kasan_info.free_meta_offset = *size; >> - *size += sizeof(struct kasan_free_meta); >> - } >> + cache->kasan_info.free_meta_offset = *size; >> + *size += sizeof(struct kasan_free_meta); >> + > > > Why?! > Please don't worsen runtime characteristics of KASAN. We run real > systems with it. > Most objects are small. This can lead to significant memory consumption. > Yeah, this is a temp hack actually, because I didn't finish this part yet. Basically, I want to make free stack always available (i.e. always save it in redzone), because the is always better to have more information. Also this makes bug report code a bit easier. Of course, increasing memory usage is not what we want, so my plan is to make this: - remove alloc_size, because we already now object size. I mean cache->object_size. For kmalloc()'ed objects object_size is rounded up size, but exact size of allocation usually is not valuable information (Personally, I can't remember it being useful). - Unify allocation stack and free stack and keep them both in redzone. This is exactly 16-bytes, so this won't increase memory usage. So only quarantine pointer may be stored in freed object. Proposed changes will actually decrease memory usage, because 8-byte objects will occupy less space.