Re: [PATCH v2 1/2] kasan: catch invalid free before SLUB reinitializes the object

public inbox for llvm@lists.linux.dev
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: Jann Horn <jannh@google.com>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev
Subject: Re: [PATCH v2 1/2] kasan: catch invalid free before SLUB reinitializes the object
Date: Thu, 25 Jul 2024 08:18:09 +0800	[thread overview]
Message-ID: <202407250851.Ec0uq4Hw-lkp@intel.com> (raw)
In-Reply-To: <20240724-kasan-tsbrcu-v2-1-45f898064468@google.com>

Hi Jann,

kernel test robot noticed the following build errors:

[auto build test ERROR on 0c3836482481200ead7b416ca80c68a29cfdaabd]

url:    https://github.com/intel-lab-lkp/linux/commits/Jann-Horn/kasan-catch-invalid-free-before-SLUB-reinitializes-the-object/20240725-005307
base:   0c3836482481200ead7b416ca80c68a29cfdaabd
patch link:    https://lore.kernel.org/r/20240724-kasan-tsbrcu-v2-1-45f898064468%40google.com
patch subject: [PATCH v2 1/2] kasan: catch invalid free before SLUB reinitializes the object
config: x86_64-allnoconfig (https://download.01.org/0day-ci/archive/20240725/202407250851.Ec0uq4Hw-lkp@intel.com/config)
compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240725/202407250851.Ec0uq4Hw-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202407250851.Ec0uq4Hw-lkp@intel.com/

All errors (new ones prefixed by >>):

>> mm/slub.c:2177:6: error: call to undeclared function 'kasan_slab_pre_free'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
    2177 |         if (kasan_slab_pre_free(s, x))
         |             ^
   mm/slub.c:2177:6: note: did you mean 'kasan_slab_free'?
   include/linux/kasan.h:384:20: note: 'kasan_slab_free' declared here
     384 | static inline bool kasan_slab_free(struct kmem_cache *s, void *object, bool init)
         |                    ^
   1 error generated.


vim +/kasan_slab_pre_free +2177 mm/slub.c

  2146	
  2147	/*
  2148	 * Hooks for other subsystems that check memory allocations. In a typical
  2149	 * production configuration these hooks all should produce no code at all.
  2150	 *
  2151	 * Returns true if freeing of the object can proceed, false if its reuse
  2152	 * was delayed by KASAN quarantine, or it was returned to KFENCE.
  2153	 */
  2154	static __always_inline
  2155	bool slab_free_hook(struct kmem_cache *s, void *x, bool init)
  2156	{
  2157		kmemleak_free_recursive(x, s->flags);
  2158		kmsan_slab_free(s, x);
  2159	
  2160		debug_check_no_locks_freed(x, s->object_size);
  2161	
  2162		if (!(s->flags & SLAB_DEBUG_OBJECTS))
  2163			debug_check_no_obj_freed(x, s->object_size);
  2164	
  2165		/* Use KCSAN to help debug racy use-after-free. */
  2166		if (!(s->flags & SLAB_TYPESAFE_BY_RCU))
  2167			__kcsan_check_access(x, s->object_size,
  2168					     KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ASSERT);
  2169	
  2170		if (kfence_free(x))
  2171			return false;
  2172	
  2173		/*
  2174		 * Give KASAN a chance to notice an invalid free operation before we
  2175		 * modify the object.
  2176		 */
> 2177		if (kasan_slab_pre_free(s, x))
  2178			return false;
  2179	
  2180		/*
  2181		 * As memory initialization might be integrated into KASAN,
  2182		 * kasan_slab_free and initialization memset's must be
  2183		 * kept together to avoid discrepancies in behavior.
  2184		 *
  2185		 * The initialization memset's clear the object and the metadata,
  2186		 * but don't touch the SLAB redzone.
  2187		 *
  2188		 * The object's freepointer is also avoided if stored outside the
  2189		 * object.
  2190		 */
  2191		if (unlikely(init)) {
  2192			int rsize;
  2193			unsigned int inuse;
  2194	
  2195			inuse = get_info_end(s);
  2196			if (!kasan_has_integrated_init())
  2197				memset(kasan_reset_tag(x), 0, s->object_size);
  2198			rsize = (s->flags & SLAB_RED_ZONE) ? s->red_left_pad : 0;
  2199			memset((char *)kasan_reset_tag(x) + inuse, 0,
  2200			       s->size - inuse - rsize);
  2201		}
  2202		/* KASAN might put x into memory quarantine, delaying its reuse. */
  2203		return !kasan_slab_free(s, x, init);
  2204	}
  2205	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

          parent reply	other threads:[~2024-07-25  0:18 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <20240724-kasan-tsbrcu-v2-1-45f898064468@google.com>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202407250851.Ec0uq4Hw-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=jannh@google.com \
    --cc=llvm@lists.linux.dev \
    --cc=oe-kbuild-all@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox