From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97656C43334 for ; Mon, 13 Jun 2022 20:54:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351085AbiFMUyq (ORCPT ); Mon, 13 Jun 2022 16:54:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347572AbiFMUxP (ORCPT ); Mon, 13 Jun 2022 16:53:15 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36023DE98 for ; Mon, 13 Jun 2022 13:15:25 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=M2+xlJvtrt/Ak+lac7lfuJjlG7HoHnjjsXRwZzO2wkQ=; b=D7+1mF++R9rQSyexDmLe4W43C6kZeCzNSBrDNdQTA+MttNF7gXjdHPZhzzpixGpWrrZc6t QTCBf0IP0biwlIgnvWlisHawkeaiNLKJyhDsmcZfG5NfvfKzCCHagM+dR5BuUGdO4uv0TP LRUfpmJCeWw5nPyMl1dFBPg0mKF7iiw= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 01/32] kasan: check KASAN_NO_FREE_META in __kasan_metadata_size Date: Mon, 13 Jun 2022 22:13:52 +0200 Message-Id: <91406e5f2a1c0a1fddfc4e7f17df22fda852591c.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov __kasan_metadata_size() calculates the size of the redzone for objects in a slab cache. When accounting for presence of kasan_free_meta in the redzone, this function only compares free_meta_offset with 0. But free_meta_offset could also be equal to KASAN_NO_FREE_META, which indicates that kasan_free_meta is not present at all. Add a comparison with KASAN_NO_FREE_META into __kasan_metadata_size(). Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- This is a minor fix that only affects slub_debug runs, so it is probably not worth backporting. --- mm/kasan/common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index c40c0e7b3b5f..968d2365d8c1 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -223,8 +223,9 @@ size_t __kasan_metadata_size(struct kmem_cache *cache) return 0; return (cache->kasan_info.alloc_meta_offset ? sizeof(struct kasan_alloc_meta) : 0) + - (cache->kasan_info.free_meta_offset ? - sizeof(struct kasan_free_meta) : 0); + ((cache->kasan_info.free_meta_offset && + cache->kasan_info.free_meta_offset !=3D KASAN_NO_FREE_META) ? + sizeof(struct kasan_free_meta) : 0); } =20 struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0885FC43334 for ; Mon, 13 Jun 2022 20:59:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351667AbiFMU6d (ORCPT ); Mon, 13 Jun 2022 16:58:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347654AbiFMUxR (ORCPT ); Mon, 13 Jun 2022 16:53:17 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7EF60DFC0 for ; Mon, 13 Jun 2022 13:15:26 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151325; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=j0yWL0nsrOMOMqm9cWej2oW3wFadR2W9VWyegnjYrXA=; b=B7wM0RDK6hT1iWd1oUZiXw42RuPFZUK3/bZLcb0cf6S+yJLUMeFAXOOhzQih3C24QAGjKu ePUXricowL++fSJ9e4X99sgTfnTXB5Gb7y6BsYumoyibHSSIGQKAHwJJtceNv7t7xMo8tQ 2bSz7OqlMXc+P6DOs7u4kWu0lyWZllE= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 02/32] kasan: rename kasan_set_*_info to kasan_save_*_info Date: Mon, 13 Jun 2022 22:13:53 +0200 Message-Id: <50cdd8e8d696a8958b7b59c940561c6ed8042436.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Rename set_alloc_info() and kasan_set_free_info() to save_alloc_info() and kasan_save_free_info(). The new names make more sense. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- mm/kasan/common.c | 8 ++++---- mm/kasan/generic.c | 2 +- mm/kasan/kasan.h | 2 +- mm/kasan/tags.c | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 968d2365d8c1..753775b894b6 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -364,7 +364,7 @@ static inline bool ____kasan_slab_free(struct kmem_cach= e *cache, void *object, return false; =20 if (kasan_stack_collection_enabled()) - kasan_set_free_info(cache, object, tag); + kasan_save_free_info(cache, object, tag); =20 return kasan_quarantine_put(cache, object); } @@ -423,7 +423,7 @@ void __kasan_slab_free_mempool(void *ptr, unsigned long= ip) } } =20 -static void set_alloc_info(struct kmem_cache *cache, void *object, +static void save_alloc_info(struct kmem_cache *cache, void *object, gfp_t flags, bool is_kmalloc) { struct kasan_alloc_meta *alloc_meta; @@ -467,7 +467,7 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ if (kasan_stack_collection_enabled()) - set_alloc_info(cache, (void *)object, flags, false); + save_alloc_info(cache, (void *)object, flags, false); =20 return tagged_object; } @@ -513,7 +513,7 @@ static inline void *____kasan_kmalloc(struct kmem_cache= *cache, * This also rewrites the alloc info when called from kasan_krealloc(). */ if (kasan_stack_collection_enabled()) - set_alloc_info(cache, (void *)object, flags, true); + save_alloc_info(cache, (void *)object, flags, true); =20 /* Keep the tag that was set by kasan_slab_alloc(). */ return (void *)object; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 437fcc7e77cf..03a3770cfeae 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -358,7 +358,7 @@ void kasan_record_aux_stack_noalloc(void *addr) return __kasan_record_aux_stack(addr, false); } =20 -void kasan_set_free_info(struct kmem_cache *cache, +void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_free_meta *free_meta; diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 610d60d6e5b8..6df8d7b01073 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -284,7 +284,7 @@ struct slab *kasan_addr_to_slab(const void *addr); =20 depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); -void kasan_set_free_info(struct kmem_cache *cache, void *object, u8 tag); +void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag); =20 diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 8f48b9502a17..b453a353bc86 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,7 +17,7 @@ =20 #include "kasan.h" =20 -void kasan_set_free_info(struct kmem_cache *cache, +void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E57F0C433EF for ; Mon, 13 Jun 2022 20:54:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351211AbiFMUyx (ORCPT ); Mon, 13 Jun 2022 16:54:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350763AbiFMUxS (ORCPT ); Mon, 13 Jun 2022 16:53:18 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0363DDFDE for ; Mon, 13 Jun 2022 13:15:27 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151325; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5YxZt8AJdg20zeg5mlaLc0cE80lCSk74fkwRwLQH28g=; b=vNtdLTu/n3uZXNxwSADnWXXhRvSCEmqvLH3FjLwQYNnr7TcYt1H3qoRfDAzhIfr++YtDwz DKhTZe2bKI12WI17MUbeLtNkumWSZskhDTHfG69P2kj/KpodD0zAj2B3BsQUqDUogXpISQ 4ac6Q6f0pE/XLiSdQl54Sxg/q37QO3s= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 03/32] kasan: move is_kmalloc check out of save_alloc_info Date: Mon, 13 Jun 2022 22:13:54 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Move kasan_info.is_kmalloc check out of save_alloc_info(). This is a preparatory change that simplifies the following patches in this series. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- mm/kasan/common.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 753775b894b6..a6107e8375e0 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -423,15 +423,10 @@ void __kasan_slab_free_mempool(void *ptr, unsigned lo= ng ip) } } =20 -static void save_alloc_info(struct kmem_cache *cache, void *object, - gfp_t flags, bool is_kmalloc) +static void save_alloc_info(struct kmem_cache *cache, void *object, gfp_t = flags) { struct kasan_alloc_meta *alloc_meta; =20 - /* Don't save alloc info for kmalloc caches in kasan_slab_alloc(). */ - if (cache->kasan_info.is_kmalloc && !is_kmalloc) - return; - alloc_meta =3D kasan_get_alloc_meta(cache, object); if (alloc_meta) kasan_set_track(&alloc_meta->alloc_track, flags); @@ -466,8 +461,8 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, kasan_unpoison(tagged_object, cache->object_size, init); =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ - if (kasan_stack_collection_enabled()) - save_alloc_info(cache, (void *)object, flags, false); + if (kasan_stack_collection_enabled() && !cache->kasan_info.is_kmalloc) + save_alloc_info(cache, (void *)object, flags); =20 return tagged_object; } @@ -512,8 +507,8 @@ static inline void *____kasan_kmalloc(struct kmem_cache= *cache, * Save alloc info (if possible) for kmalloc() allocations. * This also rewrites the alloc info when called from kasan_krealloc(). */ - if (kasan_stack_collection_enabled()) - save_alloc_info(cache, (void *)object, flags, true); + if (kasan_stack_collection_enabled() && cache->kasan_info.is_kmalloc) + save_alloc_info(cache, (void *)object, flags); =20 /* Keep the tag that was set by kasan_slab_alloc(). */ return (void *)object; --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17EB1CCA47D for ; Mon, 13 Jun 2022 20:59:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351735AbiFMU6h (ORCPT ); Mon, 13 Jun 2022 16:58:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350735AbiFMUxS (ORCPT ); Mon, 13 Jun 2022 16:53:18 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6DEEE004 for ; Mon, 13 Jun 2022 13:15:27 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151326; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CulRI3DSt2ZPgq4QmoSCGGdERJCYU8brnjMdmOnBudE=; b=McdlmQaiUHC8FqafkCZKCaRBsXTlEsuuctlEWSaG3MlUhgx527mYI+igdmY8l5GTyxXbZI o2dJizocXRqmGuwQruuIEUw8C4gXJX1la7X9eiEo2sHl7ViYwk1NorePQQBCPW6zBWLckY g3gIB0ynH0X3N7BsU7vVammM2+Z2+SE= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 04/32] kasan: split save_alloc_info implementations Date: Mon, 13 Jun 2022 22:13:55 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Provide standalone implementations of save_alloc_info() for the Generic and tag-based modes. For now, the implementations are the same, but they will diverge later in the series. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- mm/kasan/common.c | 13 ++----------- mm/kasan/generic.c | 9 +++++++++ mm/kasan/kasan.h | 1 + mm/kasan/tags.c | 9 +++++++++ 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index a6107e8375e0..2848c7a2402a 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -423,15 +423,6 @@ void __kasan_slab_free_mempool(void *ptr, unsigned lon= g ip) } } =20 -static void save_alloc_info(struct kmem_cache *cache, void *object, gfp_t = flags) -{ - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - kasan_set_track(&alloc_meta->alloc_track, flags); -} - void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, void *object, gfp_t flags, bool init) { @@ -462,7 +453,7 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ if (kasan_stack_collection_enabled() && !cache->kasan_info.is_kmalloc) - save_alloc_info(cache, (void *)object, flags); + kasan_save_alloc_info(cache, (void *)object, flags); =20 return tagged_object; } @@ -508,7 +499,7 @@ static inline void *____kasan_kmalloc(struct kmem_cache= *cache, * This also rewrites the alloc info when called from kasan_krealloc(). */ if (kasan_stack_collection_enabled() && cache->kasan_info.is_kmalloc) - save_alloc_info(cache, (void *)object, flags); + kasan_save_alloc_info(cache, (void *)object, flags); =20 /* Keep the tag that was set by kasan_slab_alloc(). */ return (void *)object; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 03a3770cfeae..98c451a3b01f 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -358,6 +358,15 @@ void kasan_record_aux_stack_noalloc(void *addr) return __kasan_record_aux_stack(addr, false); } =20 +void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + kasan_set_track(&alloc_meta->alloc_track, flags); +} + void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 6df8d7b01073..610057e651d2 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -284,6 +284,7 @@ struct slab *kasan_addr_to_slab(const void *addr); =20 depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); +void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index b453a353bc86..1ba3c8399f72 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,6 +17,15 @@ =20 #include "kasan.h" =20 +void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + kasan_set_track(&alloc_meta->alloc_track, flags); +} + void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5ADF1C433EF for ; Mon, 13 Jun 2022 20:54:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351163AbiFMUyu (ORCPT ); Mon, 13 Jun 2022 16:54:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36096 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350736AbiFMUxS (ORCPT ); Mon, 13 Jun 2022 16:53:18 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A63EE012 for ; Mon, 13 Jun 2022 13:15:29 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151327; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AJyI1q6f80wQzyJSQxJLFHolqTP9cxvpgBekekTg5FA=; b=oRiXY173+rNYu9q5ejUgqLAcQxKtVVJJwv/RkKdPidlw+963fu7HySl5B3NwUyGb14+Vdm TfaMNGMDf5tUsTrPX5fXXhelmd+jti809gcNElHE51Esui7T68FxKcLzBmi6JDiCS4+Mwn vuiAG7lL1+J8tR2Y56hhGqg1dw5pd5s= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 05/32] kasan: drop CONFIG_KASAN_TAGS_IDENTIFY Date: Mon, 13 Jun 2022 22:13:56 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Drop CONFIG_KASAN_TAGS_IDENTIFY and related code to simplify making changes to the reporting code. The dropped functionality will be restored in the following patches in this series. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- lib/Kconfig.kasan | 8 -------- mm/kasan/kasan.h | 12 +----------- mm/kasan/report_tags.c | 28 ---------------------------- mm/kasan/tags.c | 21 ++------------------- 4 files changed, 3 insertions(+), 66 deletions(-) diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index f0973da583e0..ca09b1cf8ee9 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -167,14 +167,6 @@ config KASAN_STACK as well, as it adds inline-style instrumentation that is run unconditionally. =20 -config KASAN_TAGS_IDENTIFY - bool "Memory corruption type identification" - depends on KASAN_SW_TAGS || KASAN_HW_TAGS - help - Enables best-effort identification of the bug types (use-after-free - or out-of-bounds) at the cost of increased memory consumption. - Only applicable for the tag-based KASAN modes. - config KASAN_VMALLOC bool "Check accesses to vmalloc allocations" depends on HAVE_ARCH_KASAN_VMALLOC diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 610057e651d2..aa6b43936f8d 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -168,23 +168,13 @@ struct kasan_track { depot_stack_handle_t stack; }; =20 -#if defined(CONFIG_KASAN_TAGS_IDENTIFY) && defined(CONFIG_KASAN_SW_TAGS) -#define KASAN_NR_FREE_STACKS 5 -#else -#define KASAN_NR_FREE_STACKS 1 -#endif - struct kasan_alloc_meta { struct kasan_track alloc_track; /* Generic mode stores free track in kasan_free_meta. */ #ifdef CONFIG_KASAN_GENERIC depot_stack_handle_t aux_stack[2]; #else - struct kasan_track free_track[KASAN_NR_FREE_STACKS]; -#endif -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - u8 free_pointer_tag[KASAN_NR_FREE_STACKS]; - u8 free_track_idx; + struct kasan_track free_track; #endif }; =20 diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index e25d2166e813..35cf3cae4aa4 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -5,37 +5,9 @@ */ =20 #include "kasan.h" -#include "../slab.h" =20 const char *kasan_get_bug_type(struct kasan_report_info *info) { -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - struct kasan_alloc_meta *alloc_meta; - struct kmem_cache *cache; - struct slab *slab; - const void *addr; - void *object; - u8 tag; - int i; - - tag =3D get_tag(info->access_addr); - addr =3D kasan_reset_tag(info->access_addr); - slab =3D kasan_addr_to_slab(addr); - if (slab) { - cache =3D slab->slab_cache; - object =3D nearest_obj(cache, slab, (void *)addr); - alloc_meta =3D kasan_get_alloc_meta(cache, object); - - if (alloc_meta) { - for (i =3D 0; i < KASAN_NR_FREE_STACKS; i++) { - if (alloc_meta->free_pointer_tag[i] =3D=3D tag) - return "use-after-free"; - } - } - return "out-of-bounds"; - } -#endif - /* * If access_size is a negative number, then it has reason to be * defined as out-of-bounds bug type. diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 1ba3c8399f72..e0e5de8ce834 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -30,39 +30,22 @@ void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; - u8 idx =3D 0; =20 alloc_meta =3D kasan_get_alloc_meta(cache, object); if (!alloc_meta) return; =20 -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - idx =3D alloc_meta->free_track_idx; - alloc_meta->free_pointer_tag[idx] =3D tag; - alloc_meta->free_track_idx =3D (idx + 1) % KASAN_NR_FREE_STACKS; -#endif - - kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT); + kasan_set_track(&alloc_meta->free_track, GFP_NOWAIT); } =20 struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; - int i =3D 0; =20 alloc_meta =3D kasan_get_alloc_meta(cache, object); if (!alloc_meta) return NULL; =20 -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - for (i =3D 0; i < KASAN_NR_FREE_STACKS; i++) { - if (alloc_meta->free_pointer_tag[i] =3D=3D tag) - break; - } - if (i =3D=3D KASAN_NR_FREE_STACKS) - i =3D alloc_meta->free_track_idx; -#endif - - return &alloc_meta->free_track[i]; + return &alloc_meta->free_track; } --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFCF3C433EF for ; Mon, 13 Jun 2022 20:55:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241687AbiFMUzO (ORCPT ); Mon, 13 Jun 2022 16:55:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351347AbiFMUx3 (ORCPT ); Mon, 13 Jun 2022 16:53:29 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B8F712AE6 for ; Mon, 13 Jun 2022 13:16:29 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151388; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JiOjwm2R97mupyKaCc5esPRsyojrd6x1cjK2UXDXXcc=; b=pbdzxZprz/NhIwY0P7z/+ttWMraq6KMi7wV6xcx+ASVLPMMbAH+kX5rZH71kDY66kRmnT9 Mu9jFDvTd9hGkhzuBtkY6RMAW9h9wEcOMEOO5t1SNdkQ4YpbsVY6v18z+4klJ61YmFbIo9 995IoX4sfLO/o67NszTjINnAJr8EKPA= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 06/32] kasan: introduce kasan_print_aux_stacks Date: Mon, 13 Jun 2022 22:13:57 +0200 Message-Id: <11a7bfb5ed5de141b50db8c08e9c6ad37ef3febc.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_print_aux_stacks() helper that prints the auxiliary stack traces for the Generic mode. This change hides references to alloc_meta from the common reporting code. This is desired as only the Generic mode will be using per-object metadata after this series. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 6 ++++++ mm/kasan/report.c | 15 +-------------- mm/kasan/report_generic.c | 20 ++++++++++++++++++++ 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index aa6b43936f8d..bcea5ed15631 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -265,6 +265,12 @@ void kasan_print_address_stack_frame(const void *addr); static inline void kasan_print_address_stack_frame(const void *addr) { } #endif =20 +#ifdef CONFIG_KASAN_GENERIC +void kasan_print_aux_stacks(struct kmem_cache *cache, const void *object); +#else +static inline void kasan_print_aux_stacks(struct kmem_cache *cache, const = void *object) { } +#endif + bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip); void kasan_report_invalid_free(void *object, unsigned long ip); diff --git a/mm/kasan/report.c b/mm/kasan/report.c index b341a191651d..35dd8aeb115c 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -266,20 +266,7 @@ static void describe_object_stacks(struct kmem_cache *= cache, void *object, pr_err("\n"); } =20 -#ifdef CONFIG_KASAN_GENERIC - if (!alloc_meta) - return; - if (alloc_meta->aux_stack[0]) { - pr_err("Last potentially related work creation:\n"); - stack_depot_print(alloc_meta->aux_stack[0]); - pr_err("\n"); - } - if (alloc_meta->aux_stack[1]) { - pr_err("Second to last potentially related work creation:\n"); - stack_depot_print(alloc_meta->aux_stack[1]); - pr_err("\n"); - } -#endif + kasan_print_aux_stacks(cache, object); } =20 static void describe_object(struct kmem_cache *cache, void *object, diff --git a/mm/kasan/report_generic.c b/mm/kasan/report_generic.c index 6689fb9a919b..348dc207d462 100644 --- a/mm/kasan/report_generic.c +++ b/mm/kasan/report_generic.c @@ -132,6 +132,26 @@ void kasan_metadata_fetch_row(char *buffer, void *row) memcpy(buffer, kasan_mem_to_shadow(row), META_BYTES_PER_ROW); } =20 +void kasan_print_aux_stacks(struct kmem_cache *cache, const void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return; + + if (alloc_meta->aux_stack[0]) { + pr_err("Last potentially related work creation:\n"); + stack_depot_print(alloc_meta->aux_stack[0]); + pr_err("\n"); + } + if (alloc_meta->aux_stack[1]) { + pr_err("Second to last potentially related work creation:\n"); + stack_depot_print(alloc_meta->aux_stack[1]); + pr_err("\n"); + } +} + #ifdef CONFIG_KASAN_STACK static bool __must_check tokenize_frame_descr(const char **frame_descr, char *token, size_t max_tok_len, --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34D47C43334 for ; Mon, 13 Jun 2022 20:59:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351954AbiFMU6p (ORCPT ); Mon, 13 Jun 2022 16:58:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351349AbiFMUx3 (ORCPT ); Mon, 13 Jun 2022 16:53:29 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D4E312D3C for ; Mon, 13 Jun 2022 13:16:30 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151388; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aoRv/lacQEeXs4iZT+XDlLjdCIzo6qCQWnCOXZwFqpQ=; b=AI29BOaG9ggfX2T64w5uHQtFR2Zk5jH/FJvAysYuv3mV7ip6E74PPPtjXiO2THMfq+O7MM 3wf9zCPPT1Lyp1ad/ukFDULYGu0Uo91W2UA/qqfuyWNQxDgzwRgqwkGcoP1X3VUn9F/Snq +4Idx/bDkMG/uiXUEA4ZwK3QwDJ9who= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 07/32] kasan: introduce kasan_get_alloc_track Date: Mon, 13 Jun 2022 22:13:58 +0200 Message-Id: <184ac9df81406e73611e1f639c5d4d09f8d7693a.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_get_alloc_track() helper that fetches alloc_track for a slab object and use this helper in the common reporting code. For now, the implementations of this helper are the same for the Generic and tag-based modes, but they will diverge later in the series. This change hides references to alloc_meta from the common reporting code. This is desired as only the Generic mode will be using per-object metadata after this series. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- mm/kasan/generic.c | 14 +++++++++++++- mm/kasan/kasan.h | 4 +++- mm/kasan/report.c | 8 ++++---- mm/kasan/tags.c | 14 +++++++++++++- 4 files changed, 33 insertions(+), 7 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 98c451a3b01f..f212b9ae57b5 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -381,8 +381,20 @@ void kasan_save_free_info(struct kmem_cache *cache, *(u8 *)kasan_mem_to_shadow(object) =3D KASAN_SLAB_FREETRACK; } =20 +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return NULL; + + return &alloc_meta->alloc_track; +} + struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) + void *object, u8 tag) { if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) return NULL; diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index bcea5ed15631..4005da62a1e1 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -282,8 +282,10 @@ depot_stack_handle_t kasan_save_stack(gfp_t flags, boo= l can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag); + void *object, u8 tag); =20 #if defined(CONFIG_KASAN_GENERIC) && \ (defined(CONFIG_SLAB) || defined(CONFIG_SLUB)) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 35dd8aeb115c..f951fd39db74 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -251,12 +251,12 @@ static void describe_object_addr(struct kmem_cache *c= ache, void *object, static void describe_object_stacks(struct kmem_cache *cache, void *object, const void *addr, u8 tag) { - struct kasan_alloc_meta *alloc_meta; + struct kasan_track *alloc_track; struct kasan_track *free_track; =20 - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) { - print_track(&alloc_meta->alloc_track, "Allocated"); + alloc_track =3D kasan_get_alloc_track(cache, object); + if (alloc_track) { + print_track(alloc_track, "Allocated"); pr_err("\n"); } =20 diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index e0e5de8ce834..7b1fc8e7c99c 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -38,8 +38,20 @@ void kasan_save_free_info(struct kmem_cache *cache, kasan_set_track(&alloc_meta->free_track, GFP_NOWAIT); } =20 +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return NULL; + + return &alloc_meta->alloc_track; +} + struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) + void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; =20 --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80283C433EF for ; Mon, 13 Jun 2022 20:59:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351867AbiFMU6l (ORCPT ); Mon, 13 Jun 2022 16:58:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351350AbiFMUx3 (ORCPT ); Mon, 13 Jun 2022 16:53:29 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CBAA213CE9 for ; Mon, 13 Jun 2022 13:16:30 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151389; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AFE9jCstOlqWjsTW+x7JNp4EBVRaTizWNRauezofwDY=; b=i1iFXVY/xX12A8BbWkfb19YXcJrTjPzh7aIvkBr32UtiJHdrEOF7uA/Q1dKGciy/q5cEOl nNzmk7g6Hx9KH+I2vuJBgPUzZxLTkySN0GctGkWv7LnHu6unfozHZxS5eWxuaUOAsLBHaK WmMmgwEdQrOlcrl9YCnBcWWMd03eUBI= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 08/32] kasan: introduce kasan_init_object_meta Date: Mon, 13 Jun 2022 22:13:59 +0200 Message-Id: <8d1cf94238a325e441f684cbdbb2a1da0db78add.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_init_object_meta() helper that initializes metadata for a slab object and use it in the common code. For now, the implementations of this helper are the same for the Generic and tag-based modes, but they will diverge later in the series. This change hides references to alloc_meta from the common code. This is desired as only the Generic mode will be using per-object metadata after this series. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- mm/kasan/common.c | 10 +++------- mm/kasan/generic.c | 9 +++++++++ mm/kasan/kasan.h | 2 ++ mm/kasan/tags.c | 9 +++++++++ 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 2848c7a2402a..f0ee1c1b4b3c 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -312,13 +312,9 @@ static inline u8 assign_tag(struct kmem_cache *cache, void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache, const void *object) { - struct kasan_alloc_meta *alloc_meta; - - if (kasan_stack_collection_enabled()) { - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - __memset(alloc_meta, 0, sizeof(*alloc_meta)); - } + /* Initialize per-object metadata if it is present. */ + if (kasan_stack_collection_enabled()) + kasan_init_object_meta(cache, object); =20 /* Tag is ignored in set_tag() without CONFIG_KASAN_SW/HW_TAGS */ object =3D set_tag(object, assign_tag(cache, object, true)); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index f212b9ae57b5..5462ddbc21e6 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,15 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +void kasan_init_object_meta(struct kmem_cache *cache, const void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + __memset(alloc_meta, 0, sizeof(*alloc_meta)); +} + static void __kasan_record_aux_stack(void *addr, bool can_alloc) { struct slab *slab =3D kasan_addr_to_slab(addr); diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 4005da62a1e1..751c3b17749a 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -278,6 +278,8 @@ void kasan_report_invalid_free(void *object, unsigned l= ong ip); struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 +void kasan_init_object_meta(struct kmem_cache *cache, const void *object); + depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 7b1fc8e7c99c..2e200969a4b8 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,6 +17,15 @@ =20 #include "kasan.h" =20 +void kasan_init_object_meta(struct kmem_cache *cache, const void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + __memset(alloc_meta, 0, sizeof(*alloc_meta)); +} + void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { struct kasan_alloc_meta *alloc_meta; --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 276DACCA47F for ; Mon, 13 Jun 2022 20:59:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351800AbiFMU6j (ORCPT ); Mon, 13 Jun 2022 16:58:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351355AbiFMUxa (ORCPT ); Mon, 13 Jun 2022 16:53:30 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B19013CF9 for ; Mon, 13 Jun 2022 13:16:31 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151390; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WaDMv1eR0VBdMqxxxIgVz2Jc7x+Lk8L5CflH0yXuFbw=; b=CoZZG3fM8L7Sqtv3f/ALsOBGHe/B6lPSXZLM2+G6YSKnZSUG5bd2sFRQ2tMZEIU/JJ3Hn6 nDTHVEnGeNBdY14vRurowiKqtMOR/Umi+25tZS+ygSDZQ+s5nu0kcFvKT9MafLqk99OLyk lYXrDfhLWnrcPTPSRzytHcxjaB3B4lU= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 09/32] kasan: clear metadata functions for tag-based modes Date: Mon, 13 Jun 2022 22:14:00 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Remove implementations of the metadata-related functions for the tag-based modes. The following patches in the series will provide alternative implementations. As of this patch, the tag-based modes no longer collect alloc and free stack traces. This functionality will be restored later in the series. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- mm/kasan/tags.c | 33 ++------------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 2e200969a4b8..f11c89505c77 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -19,54 +19,25 @@ =20 void kasan_init_object_meta(struct kmem_cache *cache, const void *object) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - __memset(alloc_meta, 0, sizeof(*alloc_meta)); } =20 void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - kasan_set_track(&alloc_meta->alloc_track, flags); } =20 void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return; - - kasan_set_track(&alloc_meta->free_track, GFP_NOWAIT); } =20 struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, void *object) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; - - return &alloc_meta->alloc_track; + return NULL; } =20 struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; - - return &alloc_meta->free_track; + return NULL; } --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5901CC43334 for ; Mon, 13 Jun 2022 20:55:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351293AbiFMUzJ (ORCPT ); Mon, 13 Jun 2022 16:55:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351356AbiFMUxa (ORCPT ); Mon, 13 Jun 2022 16:53:30 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 219B338BD for ; Mon, 13 Jun 2022 13:16:32 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151390; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=d1nMQkX323PpKYmvfsU+42+pLQR/Ix0WXYjxZevQJDs=; b=tkqmGQlVmT9T10yy+r5O66k2aRn1tP1CX+k8oCDGFj5Snxv9t4TZYZ7Vi9HZvOZ3BbqGsM MGvdG/umQJR++l04hOTWkanxJx/3wT+/ttiN2hygbiL8++91Fpu+AaahgdJp87G2k6mOes Ye+OlgpaL8/h62wvLV2Z4Xew87cJWuY= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 10/32] kasan: move kasan_get_*_meta to generic.c Date: Mon, 13 Jun 2022 22:14:01 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Move the implementations of kasan_get_alloc/free_meta() to generic.c, as the common KASAN code does not use these functions anymore. Also drop kasan_reset_tag() from the implementation, as the Generic mode does not tag pointers. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 19 ------------------- mm/kasan/generic.c | 17 +++++++++++++++++ mm/kasan/kasan.h | 14 +++++++------- 3 files changed, 24 insertions(+), 26 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index f0ee1c1b4b3c..226eaa714da2 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -228,25 +228,6 @@ size_t __kasan_metadata_size(struct kmem_cache *cache) sizeof(struct kasan_free_meta) : 0); } =20 -struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, - const void *object) -{ - if (!cache->kasan_info.alloc_meta_offset) - return NULL; - return kasan_reset_tag(object) + cache->kasan_info.alloc_meta_offset; -} - -#ifdef CONFIG_KASAN_GENERIC -struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, - const void *object) -{ - BUILD_BUG_ON(sizeof(struct kasan_free_meta) > 32); - if (cache->kasan_info.free_meta_offset =3D=3D KASAN_NO_FREE_META) - return NULL; - return kasan_reset_tag(object) + cache->kasan_info.free_meta_offset; -} -#endif - void __kasan_poison_slab(struct slab *slab) { struct page *page =3D slab_page(slab); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 5462ddbc21e6..fa654cb96a0d 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,23 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, + const void *object) +{ + if (!cache->kasan_info.alloc_meta_offset) + return NULL; + return (void *)object + cache->kasan_info.alloc_meta_offset; +} + +struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, + const void *object) +{ + BUILD_BUG_ON(sizeof(struct kasan_free_meta) > 32); + if (cache->kasan_info.free_meta_offset =3D=3D KASAN_NO_FREE_META) + return NULL; + return (void *)object + cache->kasan_info.free_meta_offset; +} + void kasan_init_object_meta(struct kmem_cache *cache, const void *object) { struct kasan_alloc_meta *alloc_meta; diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 751c3b17749a..ff7a1597aa51 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -208,13 +208,6 @@ struct kunit_kasan_status { }; #endif =20 -struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, - const void *object); -#ifdef CONFIG_KASAN_GENERIC -struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, - const void *object); -#endif - #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) =20 static inline const void *kasan_shadow_to_mem(const void *shadow_addr) @@ -280,6 +273,13 @@ struct slab *kasan_addr_to_slab(const void *addr); =20 void kasan_init_object_meta(struct kmem_cache *cache, const void *object); =20 +#ifdef CONFIG_KASAN_GENERIC +struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, + const void *object); +struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, + const void *object); +#endif + depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D567C433EF for ; Mon, 13 Jun 2022 20:55:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351389AbiFMUzV (ORCPT ); Mon, 13 Jun 2022 16:55:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351370AbiFMUxa (ORCPT ); Mon, 13 Jun 2022 16:53:30 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4CCE8C6C for ; Mon, 13 Jun 2022 13:16:33 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151391; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AqRJE5kHmUhU9DFMHo/l5MzOgI3EbkZf7j3BisUrZdo=; b=mIrxUO6yNmISFxVhORrnTzrHOpEeL/kLpMCN1K+a49yMcpUcxAigtTULezvJf30sL+wAyw Rp+NlTsOVqQfavGkK1yhonDcpWAej72Zl00+ifLviSvZ4cQgAtAzp1qpKRljb0D6kNe9Xl dJWXbiRA4Ni/5pltLo+AqeQNQWK+Duk= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 11/32] kasan: introduce kasan_requires_meta Date: Mon, 13 Jun 2022 22:14:02 +0200 Message-Id: <4201bc563d9553bca0278124e5ee4f1fe9a84ba6.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_requires_meta() helper that indicates whether the enabled KASAN mode requires per-object metadata and use this helper in the common code. Also hide kasan_init_object_meta() under CONFIG_KASAN_GENERIC ifdef check, as Generic is the only mode that uses per-object metadata. To allow for a potential future change that makes Generic KASAN support the kasan.stacktrace command-line parameter, let kasan_requires_meta() return kasan_stack_collection_enabled() instead of simply returning true. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 13 +++++-------- mm/kasan/kasan.h | 33 +++++++++++++++++++++++++++++---- mm/kasan/tags.c | 4 ---- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 226eaa714da2..a3dee7cead89 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -88,13 +88,10 @@ asmlinkage void kasan_unpoison_task_stack_below(const v= oid *watermark) } #endif /* CONFIG_KASAN_STACK */ =20 -/* - * Only allow cache merging when stack collection is disabled and no metad= ata - * is present. - */ +/* Only allow cache merging when no per-object metadata is present. */ slab_flags_t __kasan_never_merge(void) { - if (kasan_stack_collection_enabled()) + if (kasan_requires_meta()) return SLAB_KASAN; return 0; } @@ -151,7 +148,7 @@ void __kasan_cache_create(struct kmem_cache *cache, uns= igned int *size, */ *flags |=3D SLAB_KASAN; =20 - if (!kasan_stack_collection_enabled()) + if (!kasan_requires_meta()) return; =20 ok_size =3D *size; @@ -219,7 +216,7 @@ void __kasan_cache_create_kmalloc(struct kmem_cache *ca= che) =20 size_t __kasan_metadata_size(struct kmem_cache *cache) { - if (!kasan_stack_collection_enabled()) + if (!kasan_requires_meta()) return 0; return (cache->kasan_info.alloc_meta_offset ? sizeof(struct kasan_alloc_meta) : 0) + @@ -294,7 +291,7 @@ void * __must_check __kasan_init_slab_obj(struct kmem_c= ache *cache, const void *object) { /* Initialize per-object metadata if it is present. */ - if (kasan_stack_collection_enabled()) + if (kasan_requires_meta()) kasan_init_object_meta(cache, object); =20 /* Tag is ignored in set_tag() without CONFIG_KASAN_SW/HW_TAGS */ diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index ff7a1597aa51..cf123d99f2fe 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -43,7 +43,7 @@ static inline bool kasan_sync_fault_possible(void) return kasan_mode =3D=3D KASAN_MODE_SYNC || kasan_mode =3D=3D KASAN_MODE_= ASYMM; } =20 -#else +#else /* CONFIG_KASAN_HW_TAGS */ =20 static inline bool kasan_stack_collection_enabled(void) { @@ -60,7 +60,31 @@ static inline bool kasan_sync_fault_possible(void) return true; } =20 -#endif +#endif /* CONFIG_KASAN_HW_TAGS */ + +#ifdef CONFIG_KASAN_GENERIC + +/* Generic KASAN uses per-object metadata to store stack traces. */ +static inline bool kasan_requires_meta(void) +{ + /* + * Technically, Generic KASAN always collects stack traces right now. + * However, let's use kasan_stack_collection_enabled() in case the + * kasan.stacktrace command-line argument is changed to affect + * Generic KASAN. + */ + return kasan_stack_collection_enabled(); +} + +#else /* CONFIG_KASAN_GENERIC */ + +/* Tag-based KASAN modes do not use per-object metadata. */ +static inline bool kasan_requires_meta(void) +{ + return false; +} + +#endif /* CONFIG_KASAN_GENERIC */ =20 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) #define KASAN_GRANULE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT) @@ -271,13 +295,14 @@ void kasan_report_invalid_free(void *object, unsigned= long ip); struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 -void kasan_init_object_meta(struct kmem_cache *cache, const void *object); - #ifdef CONFIG_KASAN_GENERIC +void kasan_init_object_meta(struct kmem_cache *cache, const void *object); struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, const void *object); struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, const void *object); +#else +static inline void kasan_init_object_meta(struct kmem_cache *cache, const = void *object) { } #endif =20 depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index f11c89505c77..4f24669085e9 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,10 +17,6 @@ =20 #include "kasan.h" =20 -void kasan_init_object_meta(struct kmem_cache *cache, const void *object) -{ -} - void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { } --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0A3FC43334 for ; Mon, 13 Jun 2022 20:55:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347293AbiFMUzj (ORCPT ); Mon, 13 Jun 2022 16:55:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351491AbiFMUxi (ORCPT ); Mon, 13 Jun 2022 16:53:38 -0400 Received: from out1.migadu.com (out1.migadu.com [91.121.223.63]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B11CE18350 for ; Mon, 13 Jun 2022 13:17:34 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151452; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=juoeL9iVysZjLYrCYEKOizkTpbFJJdb8UyU7Sz7zXtQ=; b=RPTEnN3Q+Vk+b3sRFX80S/7v5i2XXhKAb7u9lQ7UwKhpB0xwKo8Vr26yP54OM3zYd3Olbf hSqLBs1FP8L9MNdW523biACQ14ecqL+rTnJBNVUWPRe8BAqZWh9Je146iyCwBfYCmvkoha TtmVe6o8a0gp1z+s1bkEeyR24gle/Ns= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 12/32] kasan: introduce kasan_init_cache_meta Date: Mon, 13 Jun 2022 22:14:03 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_init_cache_meta() helper that initializes metadata-related cache parameters and use this helper in the common KASAN code. Put the implementation of this new helper into generic.c, as only the Generic mode uses per-object metadata. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 80 ++-------------------------------------------- mm/kasan/generic.c | 79 +++++++++++++++++++++++++++++++++++++++++++++ mm/kasan/kasan.h | 2 ++ 3 files changed, 83 insertions(+), 78 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index a3dee7cead89..8a83ca9ad738 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -117,28 +117,9 @@ void __kasan_poison_pages(struct page *page, unsigned = int order, bool init) KASAN_PAGE_FREE, init); } =20 -/* - * Adaptive redzone policy taken from the userspace AddressSanitizer runti= me. - * For larger allocations larger redzones are used. - */ -static inline unsigned int optimal_redzone(unsigned int object_size) -{ - return - object_size <=3D 64 - 16 ? 16 : - object_size <=3D 128 - 32 ? 32 : - object_size <=3D 512 - 64 ? 64 : - object_size <=3D 4096 - 128 ? 128 : - object_size <=3D (1 << 14) - 256 ? 256 : - object_size <=3D (1 << 15) - 512 ? 512 : - object_size <=3D (1 << 16) - 1024 ? 1024 : 2048; -} - void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size, slab_flags_t *flags) { - unsigned int ok_size; - unsigned int optimal_size; - /* * SLAB_KASAN is used to mark caches as ones that are sanitized by * KASAN. Currently this flag is used in two places: @@ -148,65 +129,8 @@ void __kasan_cache_create(struct kmem_cache *cache, un= signed int *size, */ *flags |=3D SLAB_KASAN; =20 - if (!kasan_requires_meta()) - return; - - ok_size =3D *size; - - /* Add alloc meta into redzone. */ - cache->kasan_info.alloc_meta_offset =3D *size; - *size +=3D sizeof(struct kasan_alloc_meta); - - /* - * If alloc meta doesn't fit, don't add it. - * This can only happen with SLAB, as it has KMALLOC_MAX_SIZE equal - * to KMALLOC_MAX_CACHE_SIZE and doesn't fall back to page_alloc for - * larger sizes. - */ - if (*size > KMALLOC_MAX_SIZE) { - cache->kasan_info.alloc_meta_offset =3D 0; - *size =3D ok_size; - /* Continue, since free meta might still fit. */ - } - - /* Only the generic mode uses free meta or flexible redzones. */ - if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) { - cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; - return; - } - - /* - * Add free meta into redzone when it's not possible to store - * it in the object. This is the case when: - * 1. Object is SLAB_TYPESAFE_BY_RCU, which means that it can - * be touched after it was freed, or - * 2. Object has a constructor, which means it's expected to - * retain its content until the next allocation, or - * 3. Object is too small. - * Otherwise cache->kasan_info.free_meta_offset =3D 0 is implied. - */ - if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor || - cache->object_size < sizeof(struct kasan_free_meta)) { - ok_size =3D *size; - - cache->kasan_info.free_meta_offset =3D *size; - *size +=3D sizeof(struct kasan_free_meta); - - /* If free meta doesn't fit, don't add it. */ - if (*size > KMALLOC_MAX_SIZE) { - cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; - *size =3D ok_size; - } - } - - /* Calculate size with optimal redzone. */ - optimal_size =3D cache->object_size + optimal_redzone(cache->object_size); - /* Limit it with KMALLOC_MAX_SIZE (relevant for SLAB only). */ - if (optimal_size > KMALLOC_MAX_SIZE) - optimal_size =3D KMALLOC_MAX_SIZE; - /* Use optimal size if the size with added metas is not large enough. */ - if (*size < optimal_size) - *size =3D optimal_size; + if (kasan_requires_meta()) + kasan_init_cache_meta(cache, size); } =20 void __kasan_cache_create_kmalloc(struct kmem_cache *cache) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index fa654cb96a0d..73aea784040a 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,85 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +/* + * Adaptive redzone policy taken from the userspace AddressSanitizer runti= me. + * For larger allocations larger redzones are used. + */ +static inline unsigned int optimal_redzone(unsigned int object_size) +{ + return + object_size <=3D 64 - 16 ? 16 : + object_size <=3D 128 - 32 ? 32 : + object_size <=3D 512 - 64 ? 64 : + object_size <=3D 4096 - 128 ? 128 : + object_size <=3D (1 << 14) - 256 ? 256 : + object_size <=3D (1 << 15) - 512 ? 512 : + object_size <=3D (1 << 16) - 1024 ? 1024 : 2048; +} + +void kasan_init_cache_meta(struct kmem_cache *cache, unsigned int *size) +{ + unsigned int ok_size; + unsigned int optimal_size; + + ok_size =3D *size; + + /* Add alloc meta into redzone. */ + cache->kasan_info.alloc_meta_offset =3D *size; + *size +=3D sizeof(struct kasan_alloc_meta); + + /* + * If alloc meta doesn't fit, don't add it. + * This can only happen with SLAB, as it has KMALLOC_MAX_SIZE equal + * to KMALLOC_MAX_CACHE_SIZE and doesn't fall back to page_alloc for + * larger sizes. + */ + if (*size > KMALLOC_MAX_SIZE) { + cache->kasan_info.alloc_meta_offset =3D 0; + *size =3D ok_size; + /* Continue, since free meta might still fit. */ + } + + /* Only the generic mode uses free meta or flexible redzones. */ + if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) { + cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; + return; + } + + /* + * Add free meta into redzone when it's not possible to store + * it in the object. This is the case when: + * 1. Object is SLAB_TYPESAFE_BY_RCU, which means that it can + * be touched after it was freed, or + * 2. Object has a constructor, which means it's expected to + * retain its content until the next allocation, or + * 3. Object is too small. + * Otherwise cache->kasan_info.free_meta_offset =3D 0 is implied. + */ + if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor || + cache->object_size < sizeof(struct kasan_free_meta)) { + ok_size =3D *size; + + cache->kasan_info.free_meta_offset =3D *size; + *size +=3D sizeof(struct kasan_free_meta); + + /* If free meta doesn't fit, don't add it. */ + if (*size > KMALLOC_MAX_SIZE) { + cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; + *size =3D ok_size; + } + } + + /* Calculate size with optimal redzone. */ + optimal_size =3D cache->object_size + optimal_redzone(cache->object_size); + /* Limit it with KMALLOC_MAX_SIZE (relevant for SLAB only). */ + if (optimal_size > KMALLOC_MAX_SIZE) + optimal_size =3D KMALLOC_MAX_SIZE; + /* Use optimal size if the size with added metas is not large enough. */ + if (*size < optimal_size) + *size =3D optimal_size; +} + struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, const void *object) { diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index cf123d99f2fe..ab2cd3ff10f3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -296,12 +296,14 @@ struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 #ifdef CONFIG_KASAN_GENERIC +void kasan_init_cache_meta(struct kmem_cache *cache, unsigned int *size); void kasan_init_object_meta(struct kmem_cache *cache, const void *object); struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, const void *object); struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, const void *object); #else +static inline void kasan_init_cache_meta(struct kmem_cache *cache, unsigne= d int *size) { } static inline void kasan_init_object_meta(struct kmem_cache *cache, const = void *object) { } #endif =20 --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9489EC43334 for ; Mon, 13 Jun 2022 20:55:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349196AbiFMUzu (ORCPT ); Mon, 13 Jun 2022 16:55:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351492AbiFMUxi (ORCPT ); Mon, 13 Jun 2022 16:53:38 -0400 Received: from out1.migadu.com (out1.migadu.com [91.121.223.63]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2114918357 for ; Mon, 13 Jun 2022 13:17:35 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gFl1aLadfWJPQ+Xg4RcAPABChePIqsdWPpe8i7e+EqU=; b=gY7JQXEBuSeNnEDCgLkcnyiE/DA+U2o3XKD0esu5cVnDXMCN4xpUf4g6sutMdMIbUtGf73 a1zplBChQUeo0ROg1thTsy+Fdn6m3+vLMYuukA+vIoYyvUtAmTNvUVdfHLByaaOWECK8os WtcT5mx80L6O+Oual9NGhwQYgarO5bw= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 13/32] kasan: drop CONFIG_KASAN_GENERIC check from kasan_init_cache_meta Date: Mon, 13 Jun 2022 22:14:04 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov As kasan_init_cache_meta() is only defined for the Generic mode, it does not require the CONFIG_KASAN_GENERIC check. Signed-off-by: Andrey Konovalov --- mm/kasan/generic.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 73aea784040a..5125fad76f70 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -367,12 +367,6 @@ void kasan_init_cache_meta(struct kmem_cache *cache, u= nsigned int *size) /* Continue, since free meta might still fit. */ } =20 - /* Only the generic mode uses free meta or flexible redzones. */ - if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) { - cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; - return; - } - /* * Add free meta into redzone when it's not possible to store * it in the object. This is the case when: --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 313FCCCA480 for ; Mon, 13 Jun 2022 20:55:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345842AbiFMUzp (ORCPT ); Mon, 13 Jun 2022 16:55:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351500AbiFMUxi (ORCPT ); Mon, 13 Jun 2022 16:53:38 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E07D1835E for ; Mon, 13 Jun 2022 13:17:36 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151454; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Pq3SVj2SILQniBWfHmFbw4zt5aRrCme3SaUMW3qAt2g=; b=me0bkbVmYmCzrLFlXtup0jhn6Pil4gvVnK0D2ckpBikr2kc/XBrruIv3MB8seUrHLIcyEX jCHxiIQvWilxxNnppnl2HriB39QLCrHPqwAa5ekVCtmCHndMmuPy38vmyqZ8DM+0atTEwj 7F6uJE25lzsWxTXIuVgpDpMm6tYv/qQ= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 14/32] kasan: only define kasan_metadata_size for Generic mode Date: Mon, 13 Jun 2022 22:14:05 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov KASAN provides a helper for calculating the size of per-object metadata stored in the redzone. As now only the Generic mode uses per-object metadata, only define kasan_metadata_size() for this mode. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 17 ++++++++--------- mm/kasan/common.c | 11 ----------- mm/kasan/generic.c | 11 +++++++++++ 3 files changed, 19 insertions(+), 20 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index b092277bf48d..027df7599573 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -150,14 +150,6 @@ static __always_inline void kasan_cache_create_kmalloc= (struct kmem_cache *cache) __kasan_cache_create_kmalloc(cache); } =20 -size_t __kasan_metadata_size(struct kmem_cache *cache); -static __always_inline size_t kasan_metadata_size(struct kmem_cache *cache) -{ - if (kasan_enabled()) - return __kasan_metadata_size(cache); - return 0; -} - void __kasan_poison_slab(struct slab *slab); static __always_inline void kasan_poison_slab(struct slab *slab) { @@ -282,7 +274,6 @@ static inline void kasan_cache_create(struct kmem_cache= *cache, unsigned int *size, slab_flags_t *flags) {} static inline void kasan_cache_create_kmalloc(struct kmem_cache *cache) {} -static inline size_t kasan_metadata_size(struct kmem_cache *cache) { retur= n 0; } static inline void kasan_poison_slab(struct slab *slab) {} static inline void kasan_unpoison_object_data(struct kmem_cache *cache, void *object) {} @@ -333,6 +324,8 @@ static inline void kasan_unpoison_task_stack(struct tas= k_struct *task) {} =20 #ifdef CONFIG_KASAN_GENERIC =20 +size_t kasan_metadata_size(struct kmem_cache *cache); + void kasan_cache_shrink(struct kmem_cache *cache); void kasan_cache_shutdown(struct kmem_cache *cache); void kasan_record_aux_stack(void *ptr); @@ -340,6 +333,12 @@ void kasan_record_aux_stack_noalloc(void *ptr); =20 #else /* CONFIG_KASAN_GENERIC */ =20 +/* Tag-based KASAN modes do not use per-object metadata. */ +static inline size_t kasan_metadata_size(struct kmem_cache *cache) +{ + return 0; +} + static inline void kasan_cache_shrink(struct kmem_cache *cache) {} static inline void kasan_cache_shutdown(struct kmem_cache *cache) {} static inline void kasan_record_aux_stack(void *ptr) {} diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 8a83ca9ad738..a0ddbf02aa6d 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -138,17 +138,6 @@ void __kasan_cache_create_kmalloc(struct kmem_cache *c= ache) cache->kasan_info.is_kmalloc =3D true; } =20 -size_t __kasan_metadata_size(struct kmem_cache *cache) -{ - if (!kasan_requires_meta()) - return 0; - return (cache->kasan_info.alloc_meta_offset ? - sizeof(struct kasan_alloc_meta) : 0) + - ((cache->kasan_info.free_meta_offset && - cache->kasan_info.free_meta_offset !=3D KASAN_NO_FREE_META) ? - sizeof(struct kasan_free_meta) : 0); -} - void __kasan_poison_slab(struct slab *slab) { struct page *page =3D slab_page(slab); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 5125fad76f70..806ab92032c3 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -427,6 +427,17 @@ void kasan_init_object_meta(struct kmem_cache *cache, = const void *object) __memset(alloc_meta, 0, sizeof(*alloc_meta)); } =20 +size_t kasan_metadata_size(struct kmem_cache *cache) +{ + if (!kasan_requires_meta()) + return 0; + return (cache->kasan_info.alloc_meta_offset ? + sizeof(struct kasan_alloc_meta) : 0) + + ((cache->kasan_info.free_meta_offset && + cache->kasan_info.free_meta_offset !=3D KASAN_NO_FREE_META) ? + sizeof(struct kasan_free_meta) : 0); +} + static void __kasan_record_aux_stack(void *addr, bool can_alloc) { struct slab *slab =3D kasan_addr_to_slab(addr); --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF951C433EF for ; Mon, 13 Jun 2022 20:55:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350166AbiFMUz6 (ORCPT ); Mon, 13 Jun 2022 16:55:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35324 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351515AbiFMUxj (ORCPT ); Mon, 13 Jun 2022 16:53:39 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC5FF18364 for ; Mon, 13 Jun 2022 13:17:36 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yMpcVjLCf9jqLKxVClgu+qWUo0HLupVHHXi+5F8746E=; b=W7OMMObIdEFuIPfCrKY3YX9PY6I0FySwEipFhkFtUKodGGsq+xWXiJqwS+x9wJegWfNo7z fTUlZFnCQCdtPAfZGVLrrwRHH24cRz4nx72QwSd3+2FCqFet3GsX1TDXf4Vc5xvkFMC7Gu AvI9fkJxdHOC4FfKPyLlHE95kK6ubGs= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 15/32] kasan: only define kasan_never_merge for Generic mode Date: Mon, 13 Jun 2022 22:14:06 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov KASAN prevents merging of slab caches whose objects have per-object metadata stored in redzones. As now only the Generic mode uses per-object metadata, define kasan_never_merge() only for this mode. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 18 ++++++------------ mm/kasan/common.c | 8 -------- mm/kasan/generic.c | 8 ++++++++ 3 files changed, 14 insertions(+), 20 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 027df7599573..9743d4b3a918 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -103,14 +103,6 @@ struct kasan_cache { bool is_kmalloc; }; =20 -slab_flags_t __kasan_never_merge(void); -static __always_inline slab_flags_t kasan_never_merge(void) -{ - if (kasan_enabled()) - return __kasan_never_merge(); - return 0; -} - void __kasan_unpoison_range(const void *addr, size_t size); static __always_inline void kasan_unpoison_range(const void *addr, size_t = size) { @@ -261,10 +253,6 @@ static __always_inline bool kasan_check_byte(const voi= d *addr) =20 #else /* CONFIG_KASAN */ =20 -static inline slab_flags_t kasan_never_merge(void) -{ - return 0; -} static inline void kasan_unpoison_range(const void *address, size_t size) = {} static inline void kasan_poison_pages(struct page *page, unsigned int orde= r, bool init) {} @@ -325,6 +313,7 @@ static inline void kasan_unpoison_task_stack(struct tas= k_struct *task) {} #ifdef CONFIG_KASAN_GENERIC =20 size_t kasan_metadata_size(struct kmem_cache *cache); +slab_flags_t kasan_never_merge(void); =20 void kasan_cache_shrink(struct kmem_cache *cache); void kasan_cache_shutdown(struct kmem_cache *cache); @@ -338,6 +327,11 @@ static inline size_t kasan_metadata_size(struct kmem_c= ache *cache) { return 0; } +/* And thus nothing prevents cache merging. */ +static inline slab_flags_t kasan_never_merge(void) +{ + return 0; +} =20 static inline void kasan_cache_shrink(struct kmem_cache *cache) {} static inline void kasan_cache_shutdown(struct kmem_cache *cache) {} diff --git a/mm/kasan/common.c b/mm/kasan/common.c index a0ddbf02aa6d..f8ef40fa31e3 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -88,14 +88,6 @@ asmlinkage void kasan_unpoison_task_stack_below(const vo= id *watermark) } #endif /* CONFIG_KASAN_STACK */ =20 -/* Only allow cache merging when no per-object metadata is present. */ -slab_flags_t __kasan_never_merge(void) -{ - if (kasan_requires_meta()) - return SLAB_KASAN; - return 0; -} - void __kasan_unpoison_pages(struct page *page, unsigned int order, bool in= it) { u8 tag; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 806ab92032c3..25333bf3c99f 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,14 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +/* Only allow cache merging when no per-object metadata is present. */ +slab_flags_t kasan_never_merge(void) +{ + if (!kasan_requires_meta()) + return 0; + return SLAB_KASAN; +} + /* * Adaptive redzone policy taken from the userspace AddressSanitizer runti= me. * For larger allocations larger redzones are used. --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AA40C433EF for ; Mon, 13 Jun 2022 20:55:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349553AbiFMUz4 (ORCPT ); Mon, 13 Jun 2022 16:55:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36566 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351517AbiFMUxj (ORCPT ); Mon, 13 Jun 2022 16:53:39 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D56DD18383 for ; Mon, 13 Jun 2022 13:17:37 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151456; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tSwVFyyCCOKYSS6nxmIV1PC3/qH9HgKDBeITqQWAPk0=; b=WPoF2wA8zrQJNUhNOi67mLPqkW+l6qCNPsDjnmD3jT2JzXaRnbEZfdN1PG9hjWxvcBGE/p YaM8gS1aZsx2KRB+eZgKeQGJbzkwaQyiC9eW09wivY8anWjgE47sCTEBIvu6laZIFCup3r 3KjAbbgkMrIctOvPB4lHtNWIK5aDe9k= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 16/32] kasan: only define metadata offsets for Generic mode Date: Mon, 13 Jun 2022 22:14:07 +0200 Message-Id: <56df12dd774101d121cfcfbbab69d71851d8671a.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Hide the definitions of alloc_meta_offset and free_meta_offset under an ifdef CONFIG_KASAN_GENERIC check, as these fields are now only used when the Generic mode is enabled. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 9743d4b3a918..a212c2e3f32d 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -98,8 +98,10 @@ static inline bool kasan_has_integrated_init(void) #ifdef CONFIG_KASAN =20 struct kasan_cache { +#ifdef CONFIG_KASAN_GENERIC int alloc_meta_offset; int free_meta_offset; +#endif bool is_kmalloc; }; =20 --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E7D3C43334 for ; Mon, 13 Jun 2022 20:56:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350606AbiFMU4C (ORCPT ); Mon, 13 Jun 2022 16:56:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40250 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351519AbiFMUxj (ORCPT ); Mon, 13 Jun 2022 16:53:39 -0400 Received: from out1.migadu.com (out1.migadu.com [91.121.223.63]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 694BD186E0 for ; Mon, 13 Jun 2022 13:17:40 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vo/QgRsJex180B/MZOFV4gS3W10znq++oNOGcslvwl0=; b=Dl9JaXiPgE3KB2W9PytyX2Ydb8CErjoRbyqdS1Z4vTV2EHG4vJto9UgmTzKVC+tzN4k6r4 KDwziMj6rUu7nd8whB1jFF7vvWI6sRETVADmv38Uoj7/ZNOexQsxpkRPRqeeSDyuwqGEvH BwEOie7GxwDdyuGfRMy3sQ8YZis7ANg= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 17/32] kasan: only define metadata structs for Generic mode Date: Mon, 13 Jun 2022 22:14:08 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Hide the definitions of kasan_alloc_meta and kasan_free_meta under an ifdef CONFIG_KASAN_GENERIC check, as these structures are now only used when the Generic mode is enabled. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index ab2cd3ff10f3..30ec9ebf52c3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -192,14 +192,12 @@ struct kasan_track { depot_stack_handle_t stack; }; =20 +#ifdef CONFIG_KASAN_GENERIC + struct kasan_alloc_meta { struct kasan_track alloc_track; - /* Generic mode stores free track in kasan_free_meta. */ -#ifdef CONFIG_KASAN_GENERIC + /* Free track is stored in kasan_free_meta. */ depot_stack_handle_t aux_stack[2]; -#else - struct kasan_track free_track; -#endif }; =20 struct qlist_node { @@ -218,12 +216,12 @@ struct qlist_node { * After that, slab allocator stores the freelist pointer in the object. */ struct kasan_free_meta { -#ifdef CONFIG_KASAN_GENERIC struct qlist_node quarantine_link; struct kasan_track free_track; -#endif }; =20 +#endif /* CONFIG_KASAN_GENERIC */ + #if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) /* Used in KUnit-compatible KASAN tests. */ struct kunit_kasan_status { --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C57EEC433EF for ; Mon, 13 Jun 2022 20:56:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350780AbiFMU4N (ORCPT ); Mon, 13 Jun 2022 16:56:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351901AbiFMUyC (ORCPT ); Mon, 13 Jun 2022 16:54:02 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE99225C63 for ; Mon, 13 Jun 2022 13:18:39 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=krlQc9a+2od73hH5OepUxMqNSDz17Dvev41TaF/lT74=; b=SiOziBQohKmxglt9gyt2z15vyuY6VDkJi05rIsIWQC5urqrUQvTsknwkvFgzNKy5/RM+NT n0qq14O14x0Ms4P0aPkh9AUu7+gR4yNKJKuDKaIWQhAIoayHw5hK6QdgNsXuZ6eQPNI3dC x0d88rqwK2C0H1l+vZH/91YiBhUHW0o= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 18/32] kasan: only define kasan_cache_create for Generic mode Date: Mon, 13 Jun 2022 22:14:09 +0200 Message-Id: <202a0b87b16b683e32a68cf3d71d369268904829.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Right now, kasan_cache_create() assigns SLAB_KASAN for all KASAN modes and then sets up metadata-related cache parameters for the Generic mode. SLAB_KASAN is used in two places: 1. In slab_ksize() to account for per-object metadata when calculating the size of the accessible memory within the object. 2. In slab_common.c via kasan_never_merge() to prevent merging of caches with per-object metadata. Both cases are only relevant when per-object metadata is present, which is only the case with the Generic mode. Thus, assign SLAB_KASAN and define kasan_cache_create() only for the Generic mode. Also update the SLAB_KASAN-related comment. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 18 ++++++------------ include/linux/slab.h | 2 +- mm/kasan/common.c | 16 ---------------- mm/kasan/generic.c | 17 ++++++++++++++++- 4 files changed, 23 insertions(+), 30 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index a212c2e3f32d..d811b3d7d2a1 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -128,15 +128,6 @@ static __always_inline void kasan_unpoison_pages(struc= t page *page, __kasan_unpoison_pages(page, order, init); } =20 -void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size, - slab_flags_t *flags); -static __always_inline void kasan_cache_create(struct kmem_cache *cache, - unsigned int *size, slab_flags_t *flags) -{ - if (kasan_enabled()) - __kasan_cache_create(cache, size, flags); -} - void __kasan_cache_create_kmalloc(struct kmem_cache *cache); static __always_inline void kasan_cache_create_kmalloc(struct kmem_cache *= cache) { @@ -260,9 +251,6 @@ static inline void kasan_poison_pages(struct page *page= , unsigned int order, bool init) {} static inline void kasan_unpoison_pages(struct page *page, unsigned int or= der, bool init) {} -static inline void kasan_cache_create(struct kmem_cache *cache, - unsigned int *size, - slab_flags_t *flags) {} static inline void kasan_cache_create_kmalloc(struct kmem_cache *cache) {} static inline void kasan_poison_slab(struct slab *slab) {} static inline void kasan_unpoison_object_data(struct kmem_cache *cache, @@ -316,6 +304,8 @@ static inline void kasan_unpoison_task_stack(struct tas= k_struct *task) {} =20 size_t kasan_metadata_size(struct kmem_cache *cache); slab_flags_t kasan_never_merge(void); +void kasan_cache_create(struct kmem_cache *cache, unsigned int *size, + slab_flags_t *flags); =20 void kasan_cache_shrink(struct kmem_cache *cache); void kasan_cache_shutdown(struct kmem_cache *cache); @@ -334,6 +324,10 @@ static inline slab_flags_t kasan_never_merge(void) { return 0; } +/* And no cache-related metadata initialization is required. */ +static inline void kasan_cache_create(struct kmem_cache *cache, + unsigned int *size, + slab_flags_t *flags) {} =20 static inline void kasan_cache_shrink(struct kmem_cache *cache) {} static inline void kasan_cache_shutdown(struct kmem_cache *cache) {} diff --git a/include/linux/slab.h b/include/linux/slab.h index 0fefdf528e0d..1c6b7362e82b 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -106,7 +106,7 @@ # define SLAB_ACCOUNT 0 #endif =20 -#ifdef CONFIG_KASAN +#ifdef CONFIG_KASAN_GENERIC #define SLAB_KASAN ((slab_flags_t __force)0x08000000U) #else #define SLAB_KASAN 0 diff --git a/mm/kasan/common.c b/mm/kasan/common.c index f8ef40fa31e3..f937b6c9e86a 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -109,22 +109,6 @@ void __kasan_poison_pages(struct page *page, unsigned = int order, bool init) KASAN_PAGE_FREE, init); } =20 -void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size, - slab_flags_t *flags) -{ - /* - * SLAB_KASAN is used to mark caches as ones that are sanitized by - * KASAN. Currently this flag is used in two places: - * 1. In slab_ksize() when calculating the size of the accessible - * memory within the object. - * 2. In slab_common.c to prevent merging of sanitized caches. - */ - *flags |=3D SLAB_KASAN; - - if (kasan_requires_meta()) - kasan_init_cache_meta(cache, size); -} - void __kasan_cache_create_kmalloc(struct kmem_cache *cache) { cache->kasan_info.is_kmalloc =3D true; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 25333bf3c99f..f6bef347de87 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -352,11 +352,26 @@ static inline unsigned int optimal_redzone(unsigned i= nt object_size) object_size <=3D (1 << 16) - 1024 ? 1024 : 2048; } =20 -void kasan_init_cache_meta(struct kmem_cache *cache, unsigned int *size) +void kasan_cache_create(struct kmem_cache *cache, unsigned int *size, + slab_flags_t *flags) { unsigned int ok_size; unsigned int optimal_size; =20 + if (!kasan_requires_meta()) + return; + + /* + * SLAB_KASAN is used to mark caches that are sanitized by KASAN + * and that thus have per-object metadata. + * Currently this flag is used in two places: + * 1. In slab_ksize() to account for per-object metadata when + * calculating the size of the accessible memory within the object. + * 2. In slab_common.c via kasan_never_merge() to prevent merging of + * caches with per-object metadata. + */ + *flags |=3D SLAB_KASAN; + ok_size =3D *size; =20 /* Add alloc meta into redzone. */ --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 591FAC43334 for ; Mon, 13 Jun 2022 20:56:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350654AbiFMU4G (ORCPT ); Mon, 13 Jun 2022 16:56:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351900AbiFMUyC (ORCPT ); Mon, 13 Jun 2022 16:54:02 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64D7225C6B for ; Mon, 13 Jun 2022 13:18:40 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jgPdc9N08SZf7w3C2n6o7Rgh7KKDeUV8LWJsDjGx3bA=; b=NmokpH+0cZI1My+Kia6o4N/O4CH1Ohkjye7zoCZBpU1Oofm2/IDEHcGCtizwC2kU/Qynz0 kCcd+7/0tQh3lhwo+1v6s5zZk7oX4ARtAEv77wfd1kD14waBO/6XQfX/fRbKwWkaT26638 Eap9dZbPU9cl4Q2BDYbidCoIAg6Cj8c= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 19/32] kasan: pass tagged pointers to kasan_save_alloc/free_info Date: Mon, 13 Jun 2022 22:14:10 +0200 Message-Id: <9363b16202fb04a3223de714e70b7a6b72c4367e.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Pass tagged pointers to kasan_save_alloc/free_info(). This is a preparatory patch to simplify other changes in the series. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 4 ++-- mm/kasan/generic.c | 3 +-- mm/kasan/kasan.h | 2 +- mm/kasan/tags.c | 3 +-- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index f937b6c9e86a..519fd0b3040b 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -227,7 +227,7 @@ static inline bool ____kasan_slab_free(struct kmem_cach= e *cache, void *object, return false; =20 if (kasan_stack_collection_enabled()) - kasan_save_free_info(cache, object, tag); + kasan_save_free_info(cache, tagged_object); =20 return kasan_quarantine_put(cache, object); } @@ -316,7 +316,7 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ if (kasan_stack_collection_enabled() && !cache->kasan_info.is_kmalloc) - kasan_save_alloc_info(cache, (void *)object, flags); + kasan_save_alloc_info(cache, tagged_object, flags); =20 return tagged_object; } diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index f6bef347de87..aff39af3c532 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -500,8 +500,7 @@ void kasan_save_alloc_info(struct kmem_cache *cache, vo= id *object, gfp_t flags) kasan_set_track(&alloc_meta->alloc_track, flags); } =20 -void kasan_save_free_info(struct kmem_cache *cache, - void *object, u8 tag) +void kasan_save_free_info(struct kmem_cache *cache, void *object) { struct kasan_free_meta *free_meta; =20 diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 30ec9ebf52c3..e8329935fbfb 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -308,7 +308,7 @@ static inline void kasan_init_object_meta(struct kmem_c= ache *cache, const void * depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); -void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); +void kasan_save_free_info(struct kmem_cache *cache, void *object); struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, void *object); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 4f24669085e9..fd11d10a4ffc 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -21,8 +21,7 @@ void kasan_save_alloc_info(struct kmem_cache *cache, void= *object, gfp_t flags) { } =20 -void kasan_save_free_info(struct kmem_cache *cache, - void *object, u8 tag) +void kasan_save_free_info(struct kmem_cache *cache, void *object) { } =20 --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95C70CCA47B for ; Mon, 13 Jun 2022 20:56:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1349819AbiFMU4n (ORCPT ); Mon, 13 Jun 2022 16:56:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36556 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351910AbiFMUyC (ORCPT ); Mon, 13 Jun 2022 16:54:02 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1983725C6D for ; Mon, 13 Jun 2022 13:18:41 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=T+1jiBrKGTOAkQ9I8eaP4PIHMCNWMSHqgu/PvHey6xE=; b=F5EnSyRzoYiX0f3p7v1JZyYXYCdly4dsV81EJcSjrE5AgBjsvqGzsSPNsrhg9xnJINY22B JTqZ7R3jNHwJvMGgFjl3QeawSgC3InukMau/z4kNEB+Yd8GVk9awFkEbF9PJy7T04jE2a2 yUW14maYFKV3Zq0LX4bXhSJ6v+M/U7E= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 20/32] kasan: move kasan_get_alloc/free_track definitions Date: Mon, 13 Jun 2022 22:14:11 +0200 Message-Id: <8c647863a2ea158fd2ddc0c79e5e937bb03d86f0.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Move the definitions of kasan_get_alloc/free_track() to report_*.c, as they belong with other the reporting code. Signed-off-by: Andrey Konovalov --- mm/kasan/generic.c | 21 --------------------- mm/kasan/report_generic.c | 21 +++++++++++++++++++++ mm/kasan/report_tags.c | 12 ++++++++++++ mm/kasan/tags.c | 12 ------------ 4 files changed, 33 insertions(+), 33 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index aff39af3c532..d8b5590f9484 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -512,24 +512,3 @@ void kasan_save_free_info(struct kmem_cache *cache, vo= id *object) /* The object was freed and has free track set. */ *(u8 *)kasan_mem_to_shadow(object) =3D KASAN_SLAB_FREETRACK; } - -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) -{ - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; - - return &alloc_meta->alloc_track; -} - -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) - return NULL; - /* Free meta must be present with KASAN_SLAB_FREETRACK. */ - return &kasan_get_free_meta(cache, object)->free_track; -} diff --git a/mm/kasan/report_generic.c b/mm/kasan/report_generic.c index 348dc207d462..74d21786ef09 100644 --- a/mm/kasan/report_generic.c +++ b/mm/kasan/report_generic.c @@ -127,6 +127,27 @@ const char *kasan_get_bug_type(struct kasan_report_inf= o *info) return get_wild_bug_type(info); } =20 +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return NULL; + + return &alloc_meta->alloc_track; +} + +struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, + void *object, u8 tag) +{ + if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) + return NULL; + /* Free meta must be present with KASAN_SLAB_FREETRACK. */ + return &kasan_get_free_meta(cache, object)->free_track; +} + void kasan_metadata_fetch_row(char *buffer, void *row) { memcpy(buffer, kasan_mem_to_shadow(row), META_BYTES_PER_ROW); diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 35cf3cae4aa4..79b6497d8a81 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -21,3 +21,15 @@ const char *kasan_get_bug_type(struct kasan_report_info = *info) =20 return "invalid-access"; } + +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + return NULL; +} + +struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, + void *object, u8 tag) +{ + return NULL; +} diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index fd11d10a4ffc..39a0481e5228 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -24,15 +24,3 @@ void kasan_save_alloc_info(struct kmem_cache *cache, voi= d *object, gfp_t flags) void kasan_save_free_info(struct kmem_cache *cache, void *object) { } - -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) -{ - return NULL; -} - -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - return NULL; -} --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97E8BC433EF for ; Mon, 13 Jun 2022 20:56:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350899AbiFMU4R (ORCPT ); Mon, 13 Jun 2022 16:56:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351923AbiFMUyC (ORCPT ); Mon, 13 Jun 2022 16:54:02 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C111325C75 for ; Mon, 13 Jun 2022 13:18:41 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7UlP4rgYEeC4zjzJGZ6kC7jJ637whgBTqafUFs9KdFM=; b=JefL7G+uMUqUoHfYWqpdgoz/IVfPj+68p9IguhAmpQXwywnI1zyQ5WjNpX1CBh3AHwLiXW vyxIhpMNSmc+fBPo6tTB92C9YhdzPz89lbk37knbBj6HEIFOl1Fj4YvvVK2Yf/WNk63+41 DukNNsx5HLFREaWIXGxDjKQqbidMoh8= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 21/32] kasan: simplify invalid-free reporting Date: Mon, 13 Jun 2022 22:14:12 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Right now, KASAN uses the kasan_report_type enum to describe report types. As this enum only has two options, replace it with a bool variable. Also, unify printing report header for invalid-free and other bug types in print_error_description(). Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 7 +------ mm/kasan/report.c | 16 +++++++--------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index e8329935fbfb..f696d50b09fb 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -146,16 +146,11 @@ static inline bool kasan_requires_meta(void) #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW * KASAN_GRANULE_SIZE) #define META_ROWS_AROUND_ADDR 2 =20 -enum kasan_report_type { - KASAN_REPORT_ACCESS, - KASAN_REPORT_INVALID_FREE, -}; - struct kasan_report_info { - enum kasan_report_type type; void *access_addr; void *first_bad_addr; size_t access_size; + bool is_free; bool is_write; unsigned long ip; }; diff --git a/mm/kasan/report.c b/mm/kasan/report.c index f951fd39db74..7269b6249488 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -175,14 +175,12 @@ static void end_report(unsigned long *flags, void *ad= dr) =20 static void print_error_description(struct kasan_report_info *info) { - if (info->type =3D=3D KASAN_REPORT_INVALID_FREE) { - pr_err("BUG: KASAN: double-free or invalid-free in %pS\n", - (void *)info->ip); - return; - } + const char *bug_type =3D info->is_free ? + "double-free or invalid-free" : kasan_get_bug_type(info); =20 - pr_err("BUG: KASAN: %s in %pS\n", - kasan_get_bug_type(info), (void *)info->ip); + pr_err("BUG: KASAN: %s in %pS\n", bug_type, (void *)info->ip); + if (info->is_free) + return; if (info->access_size) pr_err("%s of size %zu at addr %px by task %s/%d\n", info->is_write ? "Write" : "Read", info->access_size, @@ -435,11 +433,11 @@ void kasan_report_invalid_free(void *ptr, unsigned lo= ng ip) =20 start_report(&flags, true); =20 - info.type =3D KASAN_REPORT_INVALID_FREE; info.access_addr =3D ptr; info.first_bad_addr =3D kasan_reset_tag(ptr); info.access_size =3D 0; info.is_write =3D false; + info.is_free =3D true; info.ip =3D ip; =20 print_report(&info); @@ -468,11 +466,11 @@ bool kasan_report(unsigned long addr, size_t size, bo= ol is_write, =20 start_report(&irq_flags, true); =20 - info.type =3D KASAN_REPORT_ACCESS; info.access_addr =3D ptr; info.first_bad_addr =3D kasan_find_first_bad_addr(ptr, size); info.access_size =3D size; info.is_write =3D is_write; + info.is_free =3D false; info.ip =3D ip; =20 print_report(&info); --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DEFE6CCA47B for ; Mon, 13 Jun 2022 20:56:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241972AbiFMU4h (ORCPT ); Mon, 13 Jun 2022 16:56:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40096 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351913AbiFMUyC (ORCPT ); Mon, 13 Jun 2022 16:54:02 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AAFF25E82 for ; Mon, 13 Jun 2022 13:18:42 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uV62cC5DfHg/D8q7E9RvYjkrSokJV1eiZxRUfsD9VoU=; b=kvRi5OcEoiHBckUmql9zWUb9FKC6wNd2nIhN5sD38XfgUnd8dK14JY90UXlC8uENnECQaQ 3OOnI245K8ZI+Nxmz+gn+P6ox1GkZo2TIpM9SiR9iPnRCP6c/hSq7HcQsVTtoLryjSydIl Zft1R6rRme1veq8TWSAMk6UkoRJMi5M= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 22/32] kasan: cosmetic changes in report.c Date: Mon, 13 Jun 2022 22:14:13 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Do a few non-functional style fixes for the code in report.c. Signed-off-by: Andrey Konovalov --- mm/kasan/report.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 7269b6249488..879f949dc395 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -194,25 +194,22 @@ static void print_error_description(struct kasan_repo= rt_info *info) static void print_track(struct kasan_track *track, const char *prefix) { pr_err("%s by task %u:\n", prefix, track->pid); - if (track->stack) { + if (track->stack) stack_depot_print(track->stack); - } else { + else pr_err("(stack is not available)\n"); - } } =20 struct page *kasan_addr_to_page(const void *addr) { - if ((addr >=3D (void *)PAGE_OFFSET) && - (addr < high_memory)) + if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) return virt_to_head_page(addr); return NULL; } =20 struct slab *kasan_addr_to_slab(const void *addr) { - if ((addr >=3D (void *)PAGE_OFFSET) && - (addr < high_memory)) + if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) return virt_to_slab(addr); return NULL; } --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AEE5C43334 for ; Mon, 13 Jun 2022 20:56:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351140AbiFMU4X (ORCPT ); Mon, 13 Jun 2022 16:56:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351912AbiFMUyC (ORCPT ); Mon, 13 Jun 2022 16:54:02 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46CF215A2A for ; Mon, 13 Jun 2022 13:18:43 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Iixdi0aUzLucxsbCg6IG+LbS3JzcqWGK/WM+ZRzVqS4=; b=ojnNMVl0weA+1rfdDibEWQiEzf3u9AY6W77/wSQjT9KKfbHNrxLmCsJ0sZKkW8eSCG0dBh +5YrObbqYTyKuVuT1F9XZeFHAhh5e4ObssVEFR3QS+xZkhK0CdzjtTkbI85bkE2UWrMY6E WI2qCIZzoT7d6a6rI1j4nr/qLjTsYE4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 23/32] kasan: use kasan_addr_to_slab in print_address_description Date: Mon, 13 Jun 2022 22:14:14 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Use the kasan_addr_to_slab() helper in print_address_description() instead of separately invoking PageSlab() and page_slab(). Signed-off-by: Andrey Konovalov --- mm/kasan/report.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 879f949dc395..1dd6fc8a678f 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -291,12 +291,12 @@ static inline bool init_task_stack_addr(const void *a= ddr) static void print_address_description(void *addr, u8 tag) { struct page *page =3D kasan_addr_to_page(addr); + struct slab *slab =3D kasan_addr_to_slab(addr); =20 dump_stack_lvl(KERN_ERR); pr_err("\n"); =20 - if (page && PageSlab(page)) { - struct slab *slab =3D page_slab(page); + if (slab) { struct kmem_cache *cache =3D slab->slab_cache; void *object =3D nearest_obj(cache, slab, addr); =20 --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 777DEC43334 for ; Mon, 13 Jun 2022 20:57:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350468AbiFMU5G (ORCPT ); Mon, 13 Jun 2022 16:57:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352078AbiFMUyJ (ORCPT ); Mon, 13 Jun 2022 16:54:09 -0400 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BCCEB1A07A for ; Mon, 13 Jun 2022 13:19:44 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151583; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i8Ujjn8ODA+o6f5+82XskCVtNKiV5I0P+bzfQLYNt08=; b=tNdYTuepZITenpSdu58grTXSjaXt9OL81buen5Wm+++wlMotQfJq9n+UcKkTTT5gZ+gc4f uF7AU1aiTFH85x0uVzzaLfcIcYPfeoCLX+3KfygTgZO4Vq+i5p7QD74yy+0ekX5HwMhW75 QJqnizRPQmY2NxNZs3S4Cds/DJ8v8dA= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 24/32] kasan: move kasan_addr_to_slab to common.c Date: Mon, 13 Jun 2022 22:14:15 +0200 Message-Id: <5ea6f55fb645405bb52cb15b8d30544ba3f189b0.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Move the definition of kasan_addr_to_slab() to the common KASAN code, as this function is not only used by the reporting code. Signed-off-by: Andrey Konovalov Reported-by: kernel test robot --- mm/kasan/common.c | 7 +++++++ mm/kasan/report.c | 7 ------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 519fd0b3040b..5d5b4cfae503 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -30,6 +30,13 @@ #include "kasan.h" #include "../slab.h" =20 +struct slab *kasan_addr_to_slab(const void *addr) +{ + if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) + return virt_to_slab(addr); + return NULL; +} + depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc) { unsigned long entries[KASAN_STACK_DEPTH]; diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 1dd6fc8a678f..ed8234516bab 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -207,13 +207,6 @@ struct page *kasan_addr_to_page(const void *addr) return NULL; } =20 -struct slab *kasan_addr_to_slab(const void *addr) -{ - if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) - return virt_to_slab(addr); - return NULL; -} - static void describe_object_addr(struct kmem_cache *cache, void *object, const void *addr) { --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DDFEC43334 for ; Mon, 13 Jun 2022 20:56:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351391AbiFMU44 (ORCPT ); Mon, 13 Jun 2022 16:56:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36106 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352081AbiFMUyJ (ORCPT ); Mon, 13 Jun 2022 16:54:09 -0400 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2AD23275EA for ; Mon, 13 Jun 2022 13:19:45 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151583; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NlTYbbmb8K8Hz7QxoFNu4DEEzvlhQuGMJFGkSKrxTzk=; b=U/iYTMjjDHVUZCoLW/1BknQkILDEl85phr4wKanZLDwM4Jn+hUSCLwE24HlVfV0VaWnFGZ 5AwsB6PXGbJcILtgvt/a2jxzEYgsMtJLT/bXeJD/yxxPbvpTCCioX7PAW1dxA4jrSRwzdu UhNm0cH9ryd0tC9r9ti+IK4+K3cI+g0= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 25/32] kasan: make kasan_addr_to_page static Date: Mon, 13 Jun 2022 22:14:16 +0200 Message-Id: <810b29bfb50dad8cdc5a5a7075e0da1104de1665.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov As kasan_addr_to_page() is only used in report.c, rename it to addr_to_page() and make it static. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 1 - mm/kasan/report.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index f696d50b09fb..e3f100833154 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -285,7 +285,6 @@ bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip); void kasan_report_invalid_free(void *object, unsigned long ip); =20 -struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 #ifdef CONFIG_KASAN_GENERIC diff --git a/mm/kasan/report.c b/mm/kasan/report.c index ed8234516bab..f3ec6f86b199 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -200,7 +200,7 @@ static void print_track(struct kasan_track *track, cons= t char *prefix) pr_err("(stack is not available)\n"); } =20 -struct page *kasan_addr_to_page(const void *addr) +static inline struct page *addr_to_page(const void *addr) { if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) return virt_to_head_page(addr); @@ -283,7 +283,7 @@ static inline bool init_task_stack_addr(const void *add= r) =20 static void print_address_description(void *addr, u8 tag) { - struct page *page =3D kasan_addr_to_page(addr); + struct page *page =3D addr_to_page(addr); struct slab *slab =3D kasan_addr_to_slab(addr); =20 dump_stack_lvl(KERN_ERR); --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC77EC43334 for ; Mon, 13 Jun 2022 20:57:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350341AbiFMU5B (ORCPT ); Mon, 13 Jun 2022 16:57:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352082AbiFMUyJ (ORCPT ); Mon, 13 Jun 2022 16:54:09 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26A5A29812 for ; Mon, 13 Jun 2022 13:19:46 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xD+jOMbc8v/VbHqobo7HTP4Hy7ebCjo8HGnwIkjNmQg=; b=uV4k7v6j0gg2WNGE2AGUi+jftnP6i13EVs8rWhI+Mznu6bMnCcoEx7t6dQvsOLijyruwRb Bnb/ljj+Y/69/ZVheqbQ8nWo1Q2aQYKgjsxn4fv64f2dR7RxPtUroYLFBAZjgai+byrc3O hJnu05PzYAADy2CUt5i3GARZUN+wHes= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 26/32] kasan: simplify print_report Date: Mon, 13 Jun 2022 22:14:17 +0200 Message-Id: <6920a74ae141ec8f45f19c8ebf3622910d10a5ed.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov To simplify reading the implementation of print_report(), remove the tagged_addr variable and rename untagged_addr to addr. Signed-off-by: Andrey Konovalov --- mm/kasan/report.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index f3ec6f86b199..cc35c8c1a367 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -391,17 +391,16 @@ static void print_memory_metadata(const void *addr) =20 static void print_report(struct kasan_report_info *info) { - void *tagged_addr =3D info->access_addr; - void *untagged_addr =3D kasan_reset_tag(tagged_addr); - u8 tag =3D get_tag(tagged_addr); + void *addr =3D kasan_reset_tag(info->access_addr); + u8 tag =3D get_tag(info->access_addr); =20 print_error_description(info); - if (addr_has_metadata(untagged_addr)) + if (addr_has_metadata(addr)) kasan_print_tags(tag, info->first_bad_addr); pr_err("\n"); =20 - if (addr_has_metadata(untagged_addr)) { - print_address_description(untagged_addr, tag); + if (addr_has_metadata(addr)) { + print_address_description(addr, tag); print_memory_metadata(info->first_bad_addr); } else { dump_stack_lvl(KERN_ERR); --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 900AFC43334 for ; Mon, 13 Jun 2022 20:56:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351359AbiFMU4r (ORCPT ); Mon, 13 Jun 2022 16:56:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36418 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352083AbiFMUyK (ORCPT ); Mon, 13 Jun 2022 16:54:10 -0400 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BBEF29CA9 for ; Mon, 13 Jun 2022 13:19:46 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bgGIoP7jXmxJI/MRAshv+0ZSBU3qLuiELKkrVE3erv8=; b=Tx3ufgGib+OSKMRv+3CRINt/7OLqN5cTferSwJ6ogYbMF4V+m/d6x2YflQZxIH1DxTkbs+ djLDhQRR9ITw8i3XavtHbQZ4Xi93tpCSo+pVwH6pNEdeNdh3NKk7rEyn4uB+qK7BZVTgjf ongP+RFoY9TadvbK5JxiwaupvUxSI3c= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 27/32] kasan: introduce complete_report_info Date: Mon, 13 Jun 2022 22:14:18 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Introduce a complete_report_info() function that fills in the first_bad_addr field of kasan_report_info instead of doing it in kasan_report_*(). This function will be extended in the next patch. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 5 ++++- mm/kasan/report.c | 17 +++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index e3f100833154..0261d1530055 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -147,12 +147,15 @@ static inline bool kasan_requires_meta(void) #define META_ROWS_AROUND_ADDR 2 =20 struct kasan_report_info { + /* Filled in by kasan_report_*(). */ void *access_addr; - void *first_bad_addr; size_t access_size; bool is_free; bool is_write; unsigned long ip; + + /* Filled in by the common reporting code. */ + void *first_bad_addr; }; =20 /* Do not change the struct layout: compiler ABI. */ diff --git a/mm/kasan/report.c b/mm/kasan/report.c index cc35c8c1a367..214ba7cb654c 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -407,6 +407,17 @@ static void print_report(struct kasan_report_info *inf= o) } } =20 +static void complete_report_info(struct kasan_report_info *info) +{ + void *addr =3D kasan_reset_tag(info->access_addr); + + if (info->is_free) + info->first_bad_addr =3D addr; + else + info->first_bad_addr =3D kasan_find_first_bad_addr( + info->access_addr, info->access_size); +} + void kasan_report_invalid_free(void *ptr, unsigned long ip) { unsigned long flags; @@ -423,12 +434,13 @@ void kasan_report_invalid_free(void *ptr, unsigned lo= ng ip) start_report(&flags, true); =20 info.access_addr =3D ptr; - info.first_bad_addr =3D kasan_reset_tag(ptr); info.access_size =3D 0; info.is_write =3D false; info.is_free =3D true; info.ip =3D ip; =20 + complete_report_info(&info); + print_report(&info); =20 end_report(&flags, ptr); @@ -456,12 +468,13 @@ bool kasan_report(unsigned long addr, size_t size, bo= ol is_write, start_report(&irq_flags, true); =20 info.access_addr =3D ptr; - info.first_bad_addr =3D kasan_find_first_bad_addr(ptr, size); info.access_size =3D size; info.is_write =3D is_write; info.is_free =3D false; info.ip =3D ip; =20 + complete_report_info(&info); + print_report(&info); =20 end_report(&irq_flags, ptr); --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73B30C433EF for ; Mon, 13 Jun 2022 20:57:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241179AbiFMU5M (ORCPT ); Mon, 13 Jun 2022 16:57:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352088AbiFMUyK (ORCPT ); Mon, 13 Jun 2022 16:54:10 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39DBA2A243 for ; Mon, 13 Jun 2022 13:19:47 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4luxyHsp81FOFiUT/6yoqfYUWRQbE1ZGpW4pjt9Mu8s=; b=wrqv7ohOF96qGiSQuPggQGcjaCvog98ApGuHxDFierBEUu/M31pb0J67CQIkajDOQYJQER YuDnSp2V6YbPoBkcPXwEnEdjyMR+pJGczOFfBWwr4cvGnkAYWCX7vQpjjcSJ9wtyoKpbVh ZPeMiUpOhK1ShOgWWyVcqDCuLD/pVRs= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 28/32] kasan: fill in cache and object in complete_report_info Date: Mon, 13 Jun 2022 22:14:19 +0200 Message-Id: <1e3e75cbcf4f258701b325dbad8b2a43c2633b7b.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add cache and object fields to kasan_report_info and fill them in in complete_report_info() instead of fetching them in the middle of the report printing code. This allows the reporting code to get access to the object information before starting printing the report. One of the following patches uses this information to determine the bug type with the tag-based modes. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 2 ++ mm/kasan/report.c | 21 +++++++++++++-------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 0261d1530055..b9bd9f1656bf 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -156,6 +156,8 @@ struct kasan_report_info { =20 /* Filled in by the common reporting code. */ void *first_bad_addr; + struct kmem_cache *cache; + void *object; }; =20 /* Do not change the struct layout: compiler ABI. */ diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 214ba7cb654c..a6b36eb4c33b 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -281,19 +281,16 @@ static inline bool init_task_stack_addr(const void *a= ddr) sizeof(init_thread_union.stack)); } =20 -static void print_address_description(void *addr, u8 tag) +static void print_address_description(void *addr, u8 tag, + struct kasan_report_info *info) { struct page *page =3D addr_to_page(addr); - struct slab *slab =3D kasan_addr_to_slab(addr); =20 dump_stack_lvl(KERN_ERR); pr_err("\n"); =20 - if (slab) { - struct kmem_cache *cache =3D slab->slab_cache; - void *object =3D nearest_obj(cache, slab, addr); - - describe_object(cache, object, addr, tag); + if (info->cache && info->object) { + describe_object(info->cache, info->object, addr, tag); pr_err("\n"); } =20 @@ -400,7 +397,7 @@ static void print_report(struct kasan_report_info *info) pr_err("\n"); =20 if (addr_has_metadata(addr)) { - print_address_description(addr, tag); + print_address_description(addr, tag, info); print_memory_metadata(info->first_bad_addr); } else { dump_stack_lvl(KERN_ERR); @@ -410,12 +407,20 @@ static void print_report(struct kasan_report_info *in= fo) static void complete_report_info(struct kasan_report_info *info) { void *addr =3D kasan_reset_tag(info->access_addr); + struct slab *slab; =20 if (info->is_free) info->first_bad_addr =3D addr; else info->first_bad_addr =3D kasan_find_first_bad_addr( info->access_addr, info->access_size); + + slab =3D kasan_addr_to_slab(addr); + if (slab) { + info->cache =3D slab->slab_cache; + info->object =3D nearest_obj(info->cache, slab, addr); + } else + info->cache =3D info->object =3D NULL; } =20 void kasan_report_invalid_free(void *ptr, unsigned long ip) --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D937C433EF for ; Mon, 13 Jun 2022 20:56:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351369AbiFMU4x (ORCPT ); Mon, 13 Jun 2022 16:56:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36552 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352086AbiFMUyK (ORCPT ); Mon, 13 Jun 2022 16:54:10 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C89F421E14 for ; Mon, 13 Jun 2022 13:19:47 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151586; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=itBNzX7+Qi1Y3bHVuJEJdtRTIklJZqEOcvL8dc0SsNc=; b=CTO/MXcpYKOePq407VNan80LeLXILV+ErfumGcOaDZOfgkAedUJm/G11UYFbOkw+52G2RK /Gbp33dkm8G6vYCvHqJFwPeXkH2oP2KafObfzMr0HupFt7ugZmEtX34KdpblFzmxqJCqHT 4doyDmIylaAHsOMDsMVFB4wdgdwnSoI= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 29/32] kasan: rework function arguments in report.c Date: Mon, 13 Jun 2022 22:14:20 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Pass a pointer to kasan_report_info to describe_object() and describe_object_stacks(), instead of passing the structure's fields. The untagged pointer and the tag are still passed as separate arguments to some of the functions to avoid duplicating the untagging logic. This is preparatory change for the next patch. Signed-off-by: Andrey Konovalov --- mm/kasan/report.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index a6b36eb4c33b..a2789d4a05dd 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -207,8 +207,8 @@ static inline struct page *addr_to_page(const void *add= r) return NULL; } =20 -static void describe_object_addr(struct kmem_cache *cache, void *object, - const void *addr) +static void describe_object_addr(const void *addr, struct kmem_cache *cach= e, + void *object) { unsigned long access_addr =3D (unsigned long)addr; unsigned long object_addr =3D (unsigned long)object; @@ -236,33 +236,32 @@ static void describe_object_addr(struct kmem_cache *c= ache, void *object, (void *)(object_addr + cache->object_size)); } =20 -static void describe_object_stacks(struct kmem_cache *cache, void *object, - const void *addr, u8 tag) +static void describe_object_stacks(u8 tag, struct kasan_report_info *info) { struct kasan_track *alloc_track; struct kasan_track *free_track; =20 - alloc_track =3D kasan_get_alloc_track(cache, object); + alloc_track =3D kasan_get_alloc_track(info->cache, info->object); if (alloc_track) { print_track(alloc_track, "Allocated"); pr_err("\n"); } =20 - free_track =3D kasan_get_free_track(cache, object, tag); + free_track =3D kasan_get_free_track(info->cache, info->object, tag); if (free_track) { print_track(free_track, "Freed"); pr_err("\n"); } =20 - kasan_print_aux_stacks(cache, object); + kasan_print_aux_stacks(info->cache, info->object); } =20 -static void describe_object(struct kmem_cache *cache, void *object, - const void *addr, u8 tag) +static void describe_object(const void *addr, u8 tag, + struct kasan_report_info *info) { if (kasan_stack_collection_enabled()) - describe_object_stacks(cache, object, addr, tag); - describe_object_addr(cache, object, addr); + describe_object_stacks(tag, info); + describe_object_addr(addr, info->cache, info->object); } =20 static inline bool kernel_or_module_addr(const void *addr) @@ -290,7 +289,7 @@ static void print_address_description(void *addr, u8 ta= g, pr_err("\n"); =20 if (info->cache && info->object) { - describe_object(info->cache, info->object, addr, tag); + describe_object(addr, tag, info); pr_err("\n"); } =20 --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45CECCCA47B for ; Mon, 13 Jun 2022 20:59:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352068AbiFMU6u (ORCPT ); Mon, 13 Jun 2022 16:58:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35896 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352192AbiFMUyQ (ORCPT ); Mon, 13 Jun 2022 16:54:16 -0400 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3A4A1F627 for ; Mon, 13 Jun 2022 13:20:48 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151647; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=elbTPIbPzGd31s7aorwI9rYhjRmEHK3gjeAMkGGimu0=; b=h7JWBIF63VjScWnfztbhyKCViyyAtGnpMl/AMGRoKL4V9SJgz13cHxU/JRCpZdHFJ47ZvB XMA3MgXcQs5KNAYimET01vZqFTAxYFvXff6GlCirXyjNqpI08YFhYDEPZ2YLpRHH8BHaZN 7uRZOeI2itAm/C1/N6QVUZKfWJ0p+7Y= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 30/32] kasan: introduce kasan_complete_mode_report_info Date: Mon, 13 Jun 2022 22:14:21 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add bug_type and alloc/free_track fields to kasan_report_info and add a kasan_complete_mode_report_info() function that fills in these fields. This function is implemented differently for different KASAN mode. Change the reporting code to use the filled in fields instead of invoking kasan_get_bug_type() and kasan_get_alloc/free_track(). For the Generic mode, kasan_complete_mode_report_info() invokes these functions instead. For the tag-based modes, only the bug_type field is filled in; alloc/free_track are handled in the next patch. Using a single function that fills in these fields is required for the tag-based modes, as the values for all three fields are determined in a single procedure implemented in the following patch. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 33 +++++++++++++++++---------------- mm/kasan/report.c | 29 ++++++++++++++--------------- mm/kasan/report_generic.c | 32 +++++++++++++++++--------------- mm/kasan/report_tags.c | 13 +++---------- 4 files changed, 51 insertions(+), 56 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index b9bd9f1656bf..c51cea31ced0 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -146,6 +146,13 @@ static inline bool kasan_requires_meta(void) #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW * KASAN_GRANULE_SIZE) #define META_ROWS_AROUND_ADDR 2 =20 +#define KASAN_STACK_DEPTH 64 + +struct kasan_track { + u32 pid; + depot_stack_handle_t stack; +}; + struct kasan_report_info { /* Filled in by kasan_report_*(). */ void *access_addr; @@ -158,6 +165,11 @@ struct kasan_report_info { void *first_bad_addr; struct kmem_cache *cache; void *object; + + /* Filled in by the mode-specific reporting code. */ + const char *bug_type; + struct kasan_track alloc_track; + struct kasan_track free_track; }; =20 /* Do not change the struct layout: compiler ABI. */ @@ -183,14 +195,7 @@ struct kasan_global { #endif }; =20 -/* Structures for keeping alloc and free tracks. */ - -#define KASAN_STACK_DEPTH 64 - -struct kasan_track { - u32 pid; - depot_stack_handle_t stack; -}; +/* Structures for keeping alloc and free meta. */ =20 #ifdef CONFIG_KASAN_GENERIC =20 @@ -264,16 +269,16 @@ static inline bool addr_has_metadata(const void *addr) =20 #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ =20 +void *kasan_find_first_bad_addr(void *addr, size_t size); +void kasan_complete_mode_report_info(struct kasan_report_info *info); +void kasan_metadata_fetch_row(char *buffer, void *row); + #if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS) void kasan_print_tags(u8 addr_tag, const void *addr); #else static inline void kasan_print_tags(u8 addr_tag, const void *addr) { } #endif =20 -void *kasan_find_first_bad_addr(void *addr, size_t size); -const char *kasan_get_bug_type(struct kasan_report_info *info); -void kasan_metadata_fetch_row(char *buffer, void *row); - #if defined(CONFIG_KASAN_STACK) void kasan_print_address_stack_frame(const void *addr); #else @@ -308,10 +313,6 @@ depot_stack_handle_t kasan_save_stack(gfp_t flags, boo= l can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); void kasan_save_free_info(struct kmem_cache *cache, void *object); -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object); -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag); =20 #if defined(CONFIG_KASAN_GENERIC) && \ (defined(CONFIG_SLAB) || defined(CONFIG_SLUB)) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index a2789d4a05dd..206b7fe64e6b 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -176,7 +176,7 @@ static void end_report(unsigned long *flags, void *addr) static void print_error_description(struct kasan_report_info *info) { const char *bug_type =3D info->is_free ? - "double-free or invalid-free" : kasan_get_bug_type(info); + "double-free or invalid-free" : info->bug_type; =20 pr_err("BUG: KASAN: %s in %pS\n", bug_type, (void *)info->ip); if (info->is_free) @@ -236,31 +236,25 @@ static void describe_object_addr(const void *addr, st= ruct kmem_cache *cache, (void *)(object_addr + cache->object_size)); } =20 -static void describe_object_stacks(u8 tag, struct kasan_report_info *info) +static void describe_object_stacks(struct kasan_report_info *info) { - struct kasan_track *alloc_track; - struct kasan_track *free_track; - - alloc_track =3D kasan_get_alloc_track(info->cache, info->object); - if (alloc_track) { - print_track(alloc_track, "Allocated"); + if (info->alloc_track.stack) { + print_track(&info->alloc_track, "Allocated"); pr_err("\n"); } =20 - free_track =3D kasan_get_free_track(info->cache, info->object, tag); - if (free_track) { - print_track(free_track, "Freed"); + if (info->free_track.stack) { + print_track(&info->free_track, "Freed"); pr_err("\n"); } =20 kasan_print_aux_stacks(info->cache, info->object); } =20 -static void describe_object(const void *addr, u8 tag, - struct kasan_report_info *info) +static void describe_object(const void *addr, struct kasan_report_info *in= fo) { if (kasan_stack_collection_enabled()) - describe_object_stacks(tag, info); + describe_object_stacks(info); describe_object_addr(addr, info->cache, info->object); } =20 @@ -289,7 +283,7 @@ static void print_address_description(void *addr, u8 ta= g, pr_err("\n"); =20 if (info->cache && info->object) { - describe_object(addr, tag, info); + describe_object(addr, info); pr_err("\n"); } =20 @@ -420,6 +414,9 @@ static void complete_report_info(struct kasan_report_in= fo *info) info->object =3D nearest_obj(info->cache, slab, addr); } else info->cache =3D info->object =3D NULL; + + /* Fill in mode-specific report info fields. */ + kasan_complete_mode_report_info(info); } =20 void kasan_report_invalid_free(void *ptr, unsigned long ip) @@ -437,6 +434,7 @@ void kasan_report_invalid_free(void *ptr, unsigned long= ip) =20 start_report(&flags, true); =20 + memset(&info, 0, sizeof(info)); info.access_addr =3D ptr; info.access_size =3D 0; info.is_write =3D false; @@ -471,6 +469,7 @@ bool kasan_report(unsigned long addr, size_t size, bool= is_write, =20 start_report(&irq_flags, true); =20 + memset(&info, 0, sizeof(info)); info.access_addr =3D ptr; info.access_size =3D size; info.is_write =3D is_write; diff --git a/mm/kasan/report_generic.c b/mm/kasan/report_generic.c index 74d21786ef09..087c1d8c8145 100644 --- a/mm/kasan/report_generic.c +++ b/mm/kasan/report_generic.c @@ -109,7 +109,7 @@ static const char *get_wild_bug_type(struct kasan_repor= t_info *info) return bug_type; } =20 -const char *kasan_get_bug_type(struct kasan_report_info *info) +static const char *get_bug_type(struct kasan_report_info *info) { /* * If access_size is a negative number, then it has reason to be @@ -127,25 +127,27 @@ const char *kasan_get_bug_type(struct kasan_report_in= fo *info) return get_wild_bug_type(info); } =20 -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) +void kasan_complete_mode_report_info(struct kasan_report_info *info) { struct kasan_alloc_meta *alloc_meta; + struct kasan_free_meta *free_meta; =20 - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; + info->bug_type =3D get_bug_type(info); =20 - return &alloc_meta->alloc_track; -} + if (!info->cache || !info->object) + return; =20 -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) - return NULL; - /* Free meta must be present with KASAN_SLAB_FREETRACK. */ - return &kasan_get_free_meta(cache, object)->free_track; + alloc_meta =3D kasan_get_alloc_meta(info->cache, info->object); + if (alloc_meta) + memcpy(&info->alloc_track, &alloc_meta->alloc_track, + sizeof(info->alloc_track)); + + if (*(u8 *)kasan_mem_to_shadow(info->object) =3D=3D KASAN_SLAB_FREETRACK)= { + /* Free meta must be present with KASAN_SLAB_FREETRACK. */ + free_meta =3D kasan_get_free_meta(info->cache, info->object); + memcpy(&info->free_track, &free_meta->free_track, + sizeof(info->free_track)); + } } =20 void kasan_metadata_fetch_row(char *buffer, void *row) diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 79b6497d8a81..5cbac2cdb177 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -6,7 +6,7 @@ =20 #include "kasan.h" =20 -const char *kasan_get_bug_type(struct kasan_report_info *info) +static const char *get_bug_type(struct kasan_report_info *info) { /* * If access_size is a negative number, then it has reason to be @@ -22,14 +22,7 @@ const char *kasan_get_bug_type(struct kasan_report_info = *info) return "invalid-access"; } =20 -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) +void kasan_complete_mode_report_info(struct kasan_report_info *info) { - return NULL; -} - -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - return NULL; + info->bug_type =3D get_bug_type(info); } --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 798B4C43334 for ; Mon, 13 Jun 2022 20:57:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1351427AbiFMU5P (ORCPT ); Mon, 13 Jun 2022 16:57:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352190AbiFMUyQ (ORCPT ); Mon, 13 Jun 2022 16:54:16 -0400 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 832C224977 for ; Mon, 13 Jun 2022 13:20:49 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151648; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OqOHaer4kC3Iywced9lKgHi/whHdzXvvFFVWcKJPrko=; b=f5d/7XtUXAv8RzxuTswTXDO4W9PSq9kdFaPjQuxA4iTVQtefrfkzPW4aGdvzX++CKF10na 9AUHYQzZLF8H3k/I2Tuha5dUthdwznGRX8KR64xwBQq8nFKELem71xvwCOLuFf1+udE9fO uzEbRQXAmCq9BsMMyyvh9Cno2phyuLU= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 31/32] kasan: implement stack ring for tag-based modes Date: Mon, 13 Jun 2022 22:14:22 +0200 Message-Id: <3cd76121903de13713581687ffa45e668ef1475a.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Implement storing stack depot handles for alloc/free stack traces for slab objects for the tag-based KASAN modes in a ring buffer. This ring buffer is referred to as the stack ring. On each alloc/free of a slab object, the tagged address of the object and the current stack trace are recorded in the stack ring. On each bug report, if the accessed address belongs to a slab object, the stack ring is scanned for matching entries. The newest entries are used to print the alloc/free stack traces in the report: one entry for alloc and one for free. The ring buffer is lock-free. Signed-off-by: Andrey Konovalov --- The number of entries in the stack ring is fixed in this version of the patch. We could either implement it as a config option or a command-line argument. I tilt towards the latter option and will implement it in v2 unless there are objections. --- mm/kasan/kasan.h | 20 ++++++++++++++ mm/kasan/report_tags.c | 61 ++++++++++++++++++++++++++++++++++++++++++ mm/kasan/tags.c | 30 +++++++++++++++++++++ 3 files changed, 111 insertions(+) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index c51cea31ced0..da9a3c56ef4b 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -2,6 +2,7 @@ #ifndef __MM_KASAN_KASAN_H #define __MM_KASAN_KASAN_H =20 +#include #include #include #include @@ -227,6 +228,25 @@ struct kasan_free_meta { =20 #endif /* CONFIG_KASAN_GENERIC */ =20 +#if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS) + +struct kasan_stack_ring_entry { + atomic64_t ptr; /* void * */ + atomic64_t size; /* size_t */ + atomic_t pid; /* u32 */ + atomic_t stack; /* depot_stack_handle_t */ + atomic_t is_free; /* bool */ +}; + +#define KASAN_STACK_RING_ENTRIES (32 << 10) + +struct kasan_stack_ring { + atomic64_t pos; + struct kasan_stack_ring_entry entries[KASAN_STACK_RING_ENTRIES]; +}; + +#endif /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ + #if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) /* Used in KUnit-compatible KASAN tests. */ struct kunit_kasan_status { diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 5cbac2cdb177..21911d1883d3 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -4,8 +4,12 @@ * Copyright (c) 2020 Google, Inc. */ =20 +#include + #include "kasan.h" =20 +extern struct kasan_stack_ring stack_ring; + static const char *get_bug_type(struct kasan_report_info *info) { /* @@ -24,5 +28,62 @@ static const char *get_bug_type(struct kasan_report_info= *info) =20 void kasan_complete_mode_report_info(struct kasan_report_info *info) { + u64 pos; + struct kasan_stack_ring_entry *entry; + void *object; + u32 pid; + depot_stack_handle_t stack; + bool is_free; + bool alloc_found =3D false, free_found =3D false; + info->bug_type =3D get_bug_type(info); + + if (!info->cache || !info->object) + return; + + pos =3D atomic64_read(&stack_ring.pos); + + for (u64 i =3D pos - 1; i !=3D pos - 1 - KASAN_STACK_RING_ENTRIES; i--) { + if (alloc_found && free_found) + break; + + entry =3D &stack_ring.entries[i % KASAN_STACK_RING_ENTRIES]; + + /* Paired with atomic64_set_release() in save_stack_info(). */ + object =3D (void *)atomic64_read_acquire(&entry->ptr); + + if (kasan_reset_tag(object) !=3D info->object || + get_tag(object) !=3D get_tag(info->access_addr)) + continue; + + pid =3D atomic_read(&entry->pid); + stack =3D atomic_read(&entry->stack); + is_free =3D atomic_read(&entry->is_free); + + /* Try detecting if the entry was changed while being read. */ + smp_mb(); + if (object !=3D (void *)atomic64_read(&entry->ptr)) + continue; + + if (is_free) { + /* + * Second free of the same object. + * Give up on trying to find the alloc entry. + */ + if (free_found) + break; + + info->free_track.pid =3D pid; + info->free_track.stack =3D stack; + free_found =3D true; + } else { + /* Second alloc of the same object. Give up. */ + if (alloc_found) + break; + + info->alloc_track.pid =3D pid; + info->alloc_track.stack =3D stack; + alloc_found =3D true; + } + } } diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 39a0481e5228..286011307695 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -6,6 +6,7 @@ * Copyright (c) 2020 Google, Inc. */ =20 +#include #include #include #include @@ -16,11 +17,40 @@ #include =20 #include "kasan.h" +#include "../slab.h" + +struct kasan_stack_ring stack_ring; + +void save_stack_info(struct kmem_cache *cache, void *object, + gfp_t flags, bool is_free) +{ + u64 pos; + struct kasan_stack_ring_entry *entry; + depot_stack_handle_t stack; + + stack =3D kasan_save_stack(flags, true); + + pos =3D atomic64_fetch_add(1, &stack_ring.pos); + entry =3D &stack_ring.entries[pos % KASAN_STACK_RING_ENTRIES]; + + atomic64_set(&entry->size, cache->object_size); + atomic_set(&entry->pid, current->pid); + atomic_set(&entry->stack, stack); + atomic_set(&entry->is_free, is_free); + + /* + * Paired with atomic64_read_acquire() in + * kasan_complete_mode_report_info(). + */ + atomic64_set_release(&entry->ptr, (s64)object); +} =20 void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { + save_stack_info(cache, object, flags, false); } =20 void kasan_save_free_info(struct kmem_cache *cache, void *object) { + save_stack_info(cache, object, GFP_NOWAIT, true); } --=20 2.25.1 From nobody Mon Apr 27 12:12:54 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B002C433EF for ; Mon, 13 Jun 2022 20:59:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352093AbiFMU6z (ORCPT ); Mon, 13 Jun 2022 16:58:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352191AbiFMUyQ (ORCPT ); Mon, 13 Jun 2022 16:54:16 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F5DE22BCD for ; Mon, 13 Jun 2022 13:20:50 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1655151648; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GpOGtaNQnKD78CBtw46te33KktguHzhzP5BMdoXtyCA=; b=Hws0kYchyYiIC/oyq7RBnW0zfkZrmMqOeGChdK9on6KahEz6fkeC5f1RRXnVjNJFsNNSDn 8/NXzEfKEDNr1bA1GKoydEx4OBVdy6AOBxSbf1NtLaCa+xsXaEM4qDBNZ3ENSVeH3ugimI NSB02I298DwQrdmyc6VOdATnCsCpQbQ= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH 32/32] kasan: better identify bug types for tag-based modes Date: Mon, 13 Jun 2022 22:14:23 +0200 Message-Id: <89492159bd43c01f7b13a72b050ff15f35e04973.1655150842.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Identify the bug type for the tag-based modes based on the stack trace entries found in the stack ring. If a free entry is found first (meaning that it was added last), mark the bug as use-after-free. If an alloc entry is found first, mark the bug as slab-out-of-bounds. Otherwise, assign the common bug type. This change returns the functionalify of the previously dropped CONFIG_KASAN_TAGS_IDENTIFY. Signed-off-by: Andrey Konovalov --- mm/kasan/report_tags.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 21911d1883d3..dc1f8fc0327f 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -10,7 +10,7 @@ =20 extern struct kasan_stack_ring stack_ring; =20 -static const char *get_bug_type(struct kasan_report_info *info) +static const char *get_common_bug_type(struct kasan_report_info *info) { /* * If access_size is a negative number, then it has reason to be @@ -36,10 +36,10 @@ void kasan_complete_mode_report_info(struct kasan_repor= t_info *info) bool is_free; bool alloc_found =3D false, free_found =3D false; =20 - info->bug_type =3D get_bug_type(info); - - if (!info->cache || !info->object) + if (!info->cache || !info->object) { + info->bug_type =3D get_common_bug_type(info); return; + } =20 pos =3D atomic64_read(&stack_ring.pos); =20 @@ -76,6 +76,13 @@ void kasan_complete_mode_report_info(struct kasan_report= _info *info) info->free_track.pid =3D pid; info->free_track.stack =3D stack; free_found =3D true; + + /* + * If a free entry is found first, the bug is likely + * a use-after-free. + */ + if (!info->bug_type) + info->bug_type =3D "use-after-free"; } else { /* Second alloc of the same object. Give up. */ if (alloc_found) @@ -84,6 +91,17 @@ void kasan_complete_mode_report_info(struct kasan_report= _info *info) info->alloc_track.pid =3D pid; info->alloc_track.stack =3D stack; alloc_found =3D true; + + /* + * If an alloc entry is found first, the bug is likely + * an out-of-bounds. + */ + if (!info->bug_type) + info->bug_type =3D "slab-out-of-bounds"; } } + + /* Assign the common bug type if no entries were found. */ + if (!info->bug_type) + info->bug_type =3D get_common_bug_type(info); } --=20 2.25.1