From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63BECC43334 for ; Tue, 19 Jul 2022 00:10:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236430AbiGSAKm (ORCPT ); Mon, 18 Jul 2022 20:10:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236453AbiGSAKj (ORCPT ); Mon, 18 Jul 2022 20:10:39 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 320EF646C for ; Mon, 18 Jul 2022 17:10:37 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189419; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sonD4+6h/lo8DkbhcKGrk86DBB0a/jVHQ/3znGtvMfA=; b=u99oHTV4VK/O3TDCdr5cCAEgrJ0jSsoO5ddoGvb111Gk6pLjAVWDvqrVzYNb7Wb/JyF6z6 HAZwpFa7j7U8ObOXHgsxkEZpgJ8X6wiOd0lmPxRowWlTEfUSAiRqIEO+4NVcziy0BwUP3O Sw7eRvUMkT3fiiNsPZFOuWOY/PN858I= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 01/33] kasan: check KASAN_NO_FREE_META in __kasan_metadata_size Date: Tue, 19 Jul 2022 02:09:41 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov __kasan_metadata_size() calculates the size of the redzone for objects in a slab cache. When accounting for presence of kasan_free_meta in the redzone, this function only compares free_meta_offset with 0. But free_meta_offset could also be equal to KASAN_NO_FREE_META, which indicates that kasan_free_meta is not present at all. Add a comparison with KASAN_NO_FREE_META into __kasan_metadata_size(). Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- This is a minor fix that only affects slub_debug runs, so it is probably not worth backporting. --- mm/kasan/common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 707c3a527fcb..b7351b860abf 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -223,8 +223,9 @@ size_t __kasan_metadata_size(struct kmem_cache *cache) return 0; return (cache->kasan_info.alloc_meta_offset ? sizeof(struct kasan_alloc_meta) : 0) + - (cache->kasan_info.free_meta_offset ? - sizeof(struct kasan_free_meta) : 0); + ((cache->kasan_info.free_meta_offset && + cache->kasan_info.free_meta_offset !=3D KASAN_NO_FREE_META) ? + sizeof(struct kasan_free_meta) : 0); } =20 struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D17ACCA479 for ; Tue, 19 Jul 2022 00:10:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236420AbiGSAK3 (ORCPT ); Mon, 18 Jul 2022 20:10:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235508AbiGSAKX (ORCPT ); Mon, 18 Jul 2022 20:10:23 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED33F2A404 for ; Mon, 18 Jul 2022 17:10:21 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189420; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8oJ9fJQdymQKyxJOUtOhtMcD9KzdUX/sibmD9n9qf0w=; b=LpPHqJwPdlcxqD01yQHkLskn8y6CFCmYCJ5PgvmIsGygV3R7/EUYmlxGBBkg1+lVVwoLHc LRdff0caowef1Wm6+Idxe6uJ4mBX3N5+hEQZZUNIpHp+IPzUQhsCVlEf6+dzU0PNuaDXs9 IiS7cYE4mUnSsk7Rk49iHxVkf8g78hs= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 02/33] kasan: rename kasan_set_*_info to kasan_save_*_info Date: Tue, 19 Jul 2022 02:09:42 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Rename set_alloc_info() and kasan_set_free_info() to save_alloc_info() and kasan_save_free_info(). The new names make more sense. Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 8 ++++---- mm/kasan/generic.c | 2 +- mm/kasan/kasan.h | 2 +- mm/kasan/tags.c | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index b7351b860abf..4b2bbb6063cb 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -364,7 +364,7 @@ static inline bool ____kasan_slab_free(struct kmem_cach= e *cache, void *object, return false; =20 if (kasan_stack_collection_enabled()) - kasan_set_free_info(cache, object, tag); + kasan_save_free_info(cache, object, tag); =20 return kasan_quarantine_put(cache, object); } @@ -423,7 +423,7 @@ void __kasan_slab_free_mempool(void *ptr, unsigned long= ip) } } =20 -static void set_alloc_info(struct kmem_cache *cache, void *object, +static void save_alloc_info(struct kmem_cache *cache, void *object, gfp_t flags, bool is_kmalloc) { struct kasan_alloc_meta *alloc_meta; @@ -467,7 +467,7 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ if (kasan_stack_collection_enabled()) - set_alloc_info(cache, (void *)object, flags, false); + save_alloc_info(cache, (void *)object, flags, false); =20 return tagged_object; } @@ -513,7 +513,7 @@ static inline void *____kasan_kmalloc(struct kmem_cache= *cache, * This also rewrites the alloc info when called from kasan_krealloc(). */ if (kasan_stack_collection_enabled()) - set_alloc_info(cache, (void *)object, flags, true); + save_alloc_info(cache, (void *)object, flags, true); =20 /* Keep the tag that was set by kasan_slab_alloc(). */ return (void *)object; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 437fcc7e77cf..03a3770cfeae 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -358,7 +358,7 @@ void kasan_record_aux_stack_noalloc(void *addr) return __kasan_record_aux_stack(addr, false); } =20 -void kasan_set_free_info(struct kmem_cache *cache, +void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_free_meta *free_meta; diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 01c03e45acd4..bf16a74dc027 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -285,7 +285,7 @@ struct slab *kasan_addr_to_slab(const void *addr); =20 depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); -void kasan_set_free_info(struct kmem_cache *cache, void *object, u8 tag); +void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag); =20 diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 8f48b9502a17..b453a353bc86 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,7 +17,7 @@ =20 #include "kasan.h" =20 -void kasan_set_free_info(struct kmem_cache *cache, +void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 470A3CCA482 for ; Tue, 19 Jul 2022 00:10:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235692AbiGSAK0 (ORCPT ); Mon, 18 Jul 2022 20:10:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233699AbiGSAKX (ORCPT ); Mon, 18 Jul 2022 20:10:23 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 64CED2A411 for ; Mon, 18 Jul 2022 17:10:22 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GtkG5Wr6mLxaj0KDnAXzT5VwvOshmWOEVZwvcH5Zewg=; b=mN9bAq9GONsrVCTbjG80C24gOTIMa+xuIqPBtuKnd9t1EmZu9qiGd5NezacM1d9GvjRLK8 Gwe7MocFUFwRFZIXlCMnNgD+irIrHoko8uTkz6ClE3gAJYdZQGZizTArRoI4ljcXTyzo/6 slVf9IOinbUllaQpiZY1CbQC+FZddzs= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 03/33] kasan: move is_kmalloc check out of save_alloc_info Date: Tue, 19 Jul 2022 02:09:43 +0200 Message-Id: <52c77b163f90a7d24a0a38f713b3849439387431.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Move kasan_info.is_kmalloc check out of save_alloc_info(). This is a preparatory change that simplifies the following patches in this series. Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 4b2bbb6063cb..a6fd597f73f5 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -423,15 +423,10 @@ void __kasan_slab_free_mempool(void *ptr, unsigned lo= ng ip) } } =20 -static void save_alloc_info(struct kmem_cache *cache, void *object, - gfp_t flags, bool is_kmalloc) +static void save_alloc_info(struct kmem_cache *cache, void *object, gfp_t = flags) { struct kasan_alloc_meta *alloc_meta; =20 - /* Don't save alloc info for kmalloc caches in kasan_slab_alloc(). */ - if (cache->kasan_info.is_kmalloc && !is_kmalloc) - return; - alloc_meta =3D kasan_get_alloc_meta(cache, object); if (alloc_meta) kasan_set_track(&alloc_meta->alloc_track, flags); @@ -466,8 +461,8 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, kasan_unpoison(tagged_object, cache->object_size, init); =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ - if (kasan_stack_collection_enabled()) - save_alloc_info(cache, (void *)object, flags, false); + if (kasan_stack_collection_enabled() && !cache->kasan_info.is_kmalloc) + save_alloc_info(cache, (void *)object, flags); =20 return tagged_object; } @@ -512,8 +507,8 @@ static inline void *____kasan_kmalloc(struct kmem_cache= *cache, * Save alloc info (if possible) for kmalloc() allocations. * This also rewrites the alloc info when called from kasan_krealloc(). */ - if (kasan_stack_collection_enabled()) - save_alloc_info(cache, (void *)object, flags, true); + if (kasan_stack_collection_enabled() && cache->kasan_info.is_kmalloc) + save_alloc_info(cache, (void *)object, flags); =20 /* Keep the tag that was set by kasan_slab_alloc(). */ return (void *)object; --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A7BFC43334 for ; Tue, 19 Jul 2022 00:11:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236526AbiGSALA (ORCPT ); Mon, 18 Jul 2022 20:11:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236501AbiGSAKy (ORCPT ); Mon, 18 Jul 2022 20:10:54 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0F9A032D9A for ; Mon, 18 Jul 2022 17:10:53 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BHknbGRO3VLc1Ld9zukA6zQR173/1lpbGzpiOKO/Yio=; b=vN5sLA/6UAhoUw9xxX7J66yyS5N7YCSn1cn4qW03CkBA43e2jbEV33dsoGMi/tpIqp12VT CrNd25fxAZGUM/8ArGQ8rnVG7AXZIr4Ik53jw01QI7SfTxf45DbrjT2Dc57TFRJHVzWJNj FFz1haT75GX+deYbyUD7iJQwbanFD2o= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 04/33] kasan: split save_alloc_info implementations Date: Tue, 19 Jul 2022 02:09:44 +0200 Message-Id: <891eb09a249af9bc79939b5be0a5076d65a34220.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Provide standalone implementations of save_alloc_info() for the Generic and tag-based modes. For now, the implementations are the same, but they will diverge later in the series. Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 13 ++----------- mm/kasan/generic.c | 9 +++++++++ mm/kasan/kasan.h | 1 + mm/kasan/tags.c | 9 +++++++++ 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index a6fd597f73f5..6156c6f0e303 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -423,15 +423,6 @@ void __kasan_slab_free_mempool(void *ptr, unsigned lon= g ip) } } =20 -static void save_alloc_info(struct kmem_cache *cache, void *object, gfp_t = flags) -{ - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - kasan_set_track(&alloc_meta->alloc_track, flags); -} - void * __must_check __kasan_slab_alloc(struct kmem_cache *cache, void *object, gfp_t flags, bool init) { @@ -462,7 +453,7 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ if (kasan_stack_collection_enabled() && !cache->kasan_info.is_kmalloc) - save_alloc_info(cache, (void *)object, flags); + kasan_save_alloc_info(cache, (void *)object, flags); =20 return tagged_object; } @@ -508,7 +499,7 @@ static inline void *____kasan_kmalloc(struct kmem_cache= *cache, * This also rewrites the alloc info when called from kasan_krealloc(). */ if (kasan_stack_collection_enabled() && cache->kasan_info.is_kmalloc) - save_alloc_info(cache, (void *)object, flags); + kasan_save_alloc_info(cache, (void *)object, flags); =20 /* Keep the tag that was set by kasan_slab_alloc(). */ return (void *)object; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 03a3770cfeae..98c451a3b01f 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -358,6 +358,15 @@ void kasan_record_aux_stack_noalloc(void *addr) return __kasan_record_aux_stack(addr, false); } =20 +void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + kasan_set_track(&alloc_meta->alloc_track, flags); +} + void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index bf16a74dc027..d401fb770f67 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -285,6 +285,7 @@ struct slab *kasan_addr_to_slab(const void *addr); =20 depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); +void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index b453a353bc86..1ba3c8399f72 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,6 +17,15 @@ =20 #include "kasan.h" =20 +void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + kasan_set_track(&alloc_meta->alloc_track, flags); +} + void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4407C43334 for ; Tue, 19 Jul 2022 00:10:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232115AbiGSAKp (ORCPT ); Mon, 18 Jul 2022 20:10:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236409AbiGSAKl (ORCPT ); Mon, 18 Jul 2022 20:10:41 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3452933A0F for ; Mon, 18 Jul 2022 17:10:40 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=btqlB1PcyI2oEVK30B4u2+ZtYIXUDjtBMu4es4RldM8=; b=KuLkwH5O97TkwNIxXmZRlxubKo54KQYQ+OH4zYzpeEXT8ZlxqttE695G0WrNnM0uwi/aWx NKqkGDgDK/RBJdQyaZEvhYebj3j9+luq0HT9aBdT+130Jekpi2aGMyAb4VbS/PBnr8GxeP 3txv/adXAqhRZXunlxgvawqXAWb0PzI= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 05/33] kasan: drop CONFIG_KASAN_TAGS_IDENTIFY Date: Tue, 19 Jul 2022 02:09:45 +0200 Message-Id: <19d1c6e68d66fc261bec30b9a2cf4f533df6e5c9.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Drop CONFIG_KASAN_TAGS_IDENTIFY and related code to simplify making changes to the reporting code. The dropped functionality will be restored in the following patches in this series. Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- lib/Kconfig.kasan | 8 -------- mm/kasan/kasan.h | 12 +----------- mm/kasan/report_tags.c | 28 ---------------------------- mm/kasan/tags.c | 21 ++------------------- 4 files changed, 3 insertions(+), 66 deletions(-) diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index f0973da583e0..ca09b1cf8ee9 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -167,14 +167,6 @@ config KASAN_STACK as well, as it adds inline-style instrumentation that is run unconditionally. =20 -config KASAN_TAGS_IDENTIFY - bool "Memory corruption type identification" - depends on KASAN_SW_TAGS || KASAN_HW_TAGS - help - Enables best-effort identification of the bug types (use-after-free - or out-of-bounds) at the cost of increased memory consumption. - Only applicable for the tag-based KASAN modes. - config KASAN_VMALLOC bool "Check accesses to vmalloc allocations" depends on HAVE_ARCH_KASAN_VMALLOC diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index d401fb770f67..15c718782c1f 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -169,23 +169,13 @@ struct kasan_track { depot_stack_handle_t stack; }; =20 -#if defined(CONFIG_KASAN_TAGS_IDENTIFY) && defined(CONFIG_KASAN_SW_TAGS) -#define KASAN_NR_FREE_STACKS 5 -#else -#define KASAN_NR_FREE_STACKS 1 -#endif - struct kasan_alloc_meta { struct kasan_track alloc_track; /* Generic mode stores free track in kasan_free_meta. */ #ifdef CONFIG_KASAN_GENERIC depot_stack_handle_t aux_stack[2]; #else - struct kasan_track free_track[KASAN_NR_FREE_STACKS]; -#endif -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - u8 free_pointer_tag[KASAN_NR_FREE_STACKS]; - u8 free_track_idx; + struct kasan_track free_track; #endif }; =20 diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index e25d2166e813..35cf3cae4aa4 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -5,37 +5,9 @@ */ =20 #include "kasan.h" -#include "../slab.h" =20 const char *kasan_get_bug_type(struct kasan_report_info *info) { -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - struct kasan_alloc_meta *alloc_meta; - struct kmem_cache *cache; - struct slab *slab; - const void *addr; - void *object; - u8 tag; - int i; - - tag =3D get_tag(info->access_addr); - addr =3D kasan_reset_tag(info->access_addr); - slab =3D kasan_addr_to_slab(addr); - if (slab) { - cache =3D slab->slab_cache; - object =3D nearest_obj(cache, slab, (void *)addr); - alloc_meta =3D kasan_get_alloc_meta(cache, object); - - if (alloc_meta) { - for (i =3D 0; i < KASAN_NR_FREE_STACKS; i++) { - if (alloc_meta->free_pointer_tag[i] =3D=3D tag) - return "use-after-free"; - } - } - return "out-of-bounds"; - } -#endif - /* * If access_size is a negative number, then it has reason to be * defined as out-of-bounds bug type. diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 1ba3c8399f72..e0e5de8ce834 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -30,39 +30,22 @@ void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; - u8 idx =3D 0; =20 alloc_meta =3D kasan_get_alloc_meta(cache, object); if (!alloc_meta) return; =20 -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - idx =3D alloc_meta->free_track_idx; - alloc_meta->free_pointer_tag[idx] =3D tag; - alloc_meta->free_track_idx =3D (idx + 1) % KASAN_NR_FREE_STACKS; -#endif - - kasan_set_track(&alloc_meta->free_track[idx], GFP_NOWAIT); + kasan_set_track(&alloc_meta->free_track, GFP_NOWAIT); } =20 struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; - int i =3D 0; =20 alloc_meta =3D kasan_get_alloc_meta(cache, object); if (!alloc_meta) return NULL; =20 -#ifdef CONFIG_KASAN_TAGS_IDENTIFY - for (i =3D 0; i < KASAN_NR_FREE_STACKS; i++) { - if (alloc_meta->free_pointer_tag[i] =3D=3D tag) - break; - } - if (i =3D=3D KASAN_NR_FREE_STACKS) - i =3D alloc_meta->free_track_idx; -#endif - - return &alloc_meta->free_track[i]; + return &alloc_meta->free_track; } --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45496CCA479 for ; Tue, 19 Jul 2022 00:11:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236491AbiGSAL1 (ORCPT ); Mon, 18 Jul 2022 20:11:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233921AbiGSALZ (ORCPT ); Mon, 18 Jul 2022 20:11:25 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BEFB632BAD for ; Mon, 18 Jul 2022 17:11:24 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1ehF4bGijVTADFCfUkTF0e1lkPULvRdunOUAUodeJIk=; b=CLMXnkWOj2n5IWpBCIiR4ZeX1dUIdiIAbfnEz5VnVO3FX9lheLf/Vgelqcm6jjScybZBSU GVDs5blXdQhmebtiukHp3fWAZ04NV7He/Ecisd/1XH/pk0hRDh3VVCqmOI1bt96SSmm3Yw niZdVOfFTB+As4u2tDx56QRDcESSs7E= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 06/33] kasan: introduce kasan_print_aux_stacks Date: Tue, 19 Jul 2022 02:09:46 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_print_aux_stacks() helper that prints the auxiliary stack traces for the Generic mode. This change hides references to alloc_meta from the common reporting code. This is desired as only the Generic mode will be using per-object metadata after this series. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 6 ++++++ mm/kasan/report.c | 15 +-------------- mm/kasan/report_generic.c | 20 ++++++++++++++++++++ 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 15c718782c1f..30ff341b6d35 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -266,6 +266,12 @@ void kasan_print_address_stack_frame(const void *addr); static inline void kasan_print_address_stack_frame(const void *addr) { } #endif =20 +#ifdef CONFIG_KASAN_GENERIC +void kasan_print_aux_stacks(struct kmem_cache *cache, const void *object); +#else +static inline void kasan_print_aux_stacks(struct kmem_cache *cache, const = void *object) { } +#endif + bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip); void kasan_report_invalid_free(void *object, unsigned long ip, enum kasan_= report_type type); diff --git a/mm/kasan/report.c b/mm/kasan/report.c index fe3f606b3a98..cd9f5c7fc6db 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -270,20 +270,7 @@ static void describe_object_stacks(struct kmem_cache *= cache, void *object, pr_err("\n"); } =20 -#ifdef CONFIG_KASAN_GENERIC - if (!alloc_meta) - return; - if (alloc_meta->aux_stack[0]) { - pr_err("Last potentially related work creation:\n"); - stack_depot_print(alloc_meta->aux_stack[0]); - pr_err("\n"); - } - if (alloc_meta->aux_stack[1]) { - pr_err("Second to last potentially related work creation:\n"); - stack_depot_print(alloc_meta->aux_stack[1]); - pr_err("\n"); - } -#endif + kasan_print_aux_stacks(cache, object); } =20 static void describe_object(struct kmem_cache *cache, void *object, diff --git a/mm/kasan/report_generic.c b/mm/kasan/report_generic.c index 6689fb9a919b..348dc207d462 100644 --- a/mm/kasan/report_generic.c +++ b/mm/kasan/report_generic.c @@ -132,6 +132,26 @@ void kasan_metadata_fetch_row(char *buffer, void *row) memcpy(buffer, kasan_mem_to_shadow(row), META_BYTES_PER_ROW); } =20 +void kasan_print_aux_stacks(struct kmem_cache *cache, const void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return; + + if (alloc_meta->aux_stack[0]) { + pr_err("Last potentially related work creation:\n"); + stack_depot_print(alloc_meta->aux_stack[0]); + pr_err("\n"); + } + if (alloc_meta->aux_stack[1]) { + pr_err("Second to last potentially related work creation:\n"); + stack_depot_print(alloc_meta->aux_stack[1]); + pr_err("\n"); + } +} + #ifdef CONFIG_KASAN_STACK static bool __must_check tokenize_frame_descr(const char **frame_descr, char *token, size_t max_tok_len, --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3920FCCA482 for ; Tue, 19 Jul 2022 00:11:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236518AbiGSAL3 (ORCPT ); Mon, 18 Jul 2022 20:11:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236462AbiGSAL0 (ORCPT ); Mon, 18 Jul 2022 20:11:26 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84F4C3343F for ; Mon, 18 Jul 2022 17:11:25 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1P0OL5eJBC/VWyzrUzzXy/PpMlaQ+HYTExB/Z4qpTio=; b=Aknc4hn4d1zQUQRA+IeXy2DCC5J1WUUaoX75QcuDTxlEYuyCFr+MpW/QajjKK1/p9Y648z EiDmBq29UeNX+Z6C18hpfLa0MLBwudWpqRe8+5au21C++uTLNhCYCKjilMaygXbRBF9FUU krF8Yfcm4n7BtIKST+7MEoZRpJWCi18= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 07/33] kasan: introduce kasan_get_alloc_track Date: Tue, 19 Jul 2022 02:09:47 +0200 Message-Id: <739e26fae1f62b2775d01eb42068b32b7406126e.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_get_alloc_track() helper that fetches alloc_track for a slab object and use this helper in the common reporting code. For now, the implementations of this helper are the same for the Generic and tag-based modes, but they will diverge later in the series. This change hides references to alloc_meta from the common reporting code. This is desired as only the Generic mode will be using per-object metadata after this series. Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- mm/kasan/generic.c | 14 +++++++++++++- mm/kasan/kasan.h | 4 +++- mm/kasan/report.c | 8 ++++---- mm/kasan/tags.c | 14 +++++++++++++- 4 files changed, 33 insertions(+), 7 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 98c451a3b01f..f212b9ae57b5 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -381,8 +381,20 @@ void kasan_save_free_info(struct kmem_cache *cache, *(u8 *)kasan_mem_to_shadow(object) =3D KASAN_SLAB_FREETRACK; } =20 +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return NULL; + + return &alloc_meta->alloc_track; +} + struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) + void *object, u8 tag) { if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) return NULL; diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 30ff341b6d35..b65a51349c51 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -283,8 +283,10 @@ depot_stack_handle_t kasan_save_stack(gfp_t flags, boo= l can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag); + void *object, u8 tag); =20 #if defined(CONFIG_KASAN_GENERIC) && \ (defined(CONFIG_SLAB) || defined(CONFIG_SLUB)) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index cd9f5c7fc6db..5d225d7d9c4c 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -255,12 +255,12 @@ static void describe_object_addr(struct kmem_cache *c= ache, void *object, static void describe_object_stacks(struct kmem_cache *cache, void *object, const void *addr, u8 tag) { - struct kasan_alloc_meta *alloc_meta; + struct kasan_track *alloc_track; struct kasan_track *free_track; =20 - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) { - print_track(&alloc_meta->alloc_track, "Allocated"); + alloc_track =3D kasan_get_alloc_track(cache, object); + if (alloc_track) { + print_track(alloc_track, "Allocated"); pr_err("\n"); } =20 diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index e0e5de8ce834..7b1fc8e7c99c 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -38,8 +38,20 @@ void kasan_save_free_info(struct kmem_cache *cache, kasan_set_track(&alloc_meta->free_track, GFP_NOWAIT); } =20 +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return NULL; + + return &alloc_meta->alloc_track; +} + struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) + void *object, u8 tag) { struct kasan_alloc_meta *alloc_meta; =20 --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2063BC43334 for ; Tue, 19 Jul 2022 00:11:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236534AbiGSALd (ORCPT ); Mon, 18 Jul 2022 20:11:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45576 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234684AbiGSAL0 (ORCPT ); Mon, 18 Jul 2022 20:11:26 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A77133A0D for ; Mon, 18 Jul 2022 17:11:26 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7hpsrcZa6raPAkQKqOapEqD/IGxCajqUwWoTNw3lCzg=; b=fT298j9mNHuv8pXIoRWuKuXeDvbHW4Mc0o5xt3MGoD8b8HH3glQRFTxeTOYqWKmYuPSfvl 2os8twE4IiFaRtXB86nCQFGmyPG5ASyPmigd1nVovJeECkH5LLXN8QvGxhTYlFj0Qt2SHe p4+pWSybRuHoujQ3W8aWjx2MfqKX65Q= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 08/33] kasan: introduce kasan_init_object_meta Date: Tue, 19 Jul 2022 02:09:48 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_init_object_meta() helper that initializes metadata for a slab object and use it in the common code. For now, the implementations of this helper are the same for the Generic and tag-based modes, but they will diverge later in the series. This change hides references to alloc_meta from the common code. This is desired as only the Generic mode will be using per-object metadata after this series. Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 10 +++------- mm/kasan/generic.c | 9 +++++++++ mm/kasan/kasan.h | 2 ++ mm/kasan/tags.c | 9 +++++++++ 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 6156c6f0e303..f57469b6b346 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -312,13 +312,9 @@ static inline u8 assign_tag(struct kmem_cache *cache, void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache, const void *object) { - struct kasan_alloc_meta *alloc_meta; - - if (kasan_stack_collection_enabled()) { - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - __memset(alloc_meta, 0, sizeof(*alloc_meta)); - } + /* Initialize per-object metadata if it is present. */ + if (kasan_stack_collection_enabled()) + kasan_init_object_meta(cache, object); =20 /* Tag is ignored in set_tag() without CONFIG_KASAN_SW/HW_TAGS */ object =3D set_tag(object, assign_tag(cache, object, true)); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index f212b9ae57b5..5462ddbc21e6 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,15 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +void kasan_init_object_meta(struct kmem_cache *cache, const void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + __memset(alloc_meta, 0, sizeof(*alloc_meta)); +} + static void __kasan_record_aux_stack(void *addr, bool can_alloc) { struct slab *slab =3D kasan_addr_to_slab(addr); diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index b65a51349c51..2c8c3cce7bc6 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -279,6 +279,8 @@ void kasan_report_invalid_free(void *object, unsigned l= ong ip, enum kasan_report struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 +void kasan_init_object_meta(struct kmem_cache *cache, const void *object); + depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 7b1fc8e7c99c..2e200969a4b8 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,6 +17,15 @@ =20 #include "kasan.h" =20 +void kasan_init_object_meta(struct kmem_cache *cache, const void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (alloc_meta) + __memset(alloc_meta, 0, sizeof(*alloc_meta)); +} + void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { struct kasan_alloc_meta *alloc_meta; --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D35CDC433EF for ; Tue, 19 Jul 2022 00:11:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236522AbiGSALf (ORCPT ); Mon, 18 Jul 2022 20:11:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236493AbiGSAL2 (ORCPT ); Mon, 18 Jul 2022 20:11:28 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E53D432D9A for ; Mon, 18 Jul 2022 17:11:26 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189485; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OY6e59NvKBhkMf/4HyAqWSEo1eLRPIhpqy/QZPuprxE=; b=Id+3GRXV44NqIJN8OV30PNO6hBSFC7FjhRljat8a4c2MIn4hBQ+ZdPHeP2zl0EJvIxKw1k lsfD1V4t93QPV5IrkX0vtNgg9U2ibFr9h2P4Iml4nIrZmypY2FcOy4wMy3qi4JB108+K+v tI95ZUdRvjud8kav8T9t25p8KaBLpoQ= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 09/33] kasan: clear metadata functions for tag-based modes Date: Tue, 19 Jul 2022 02:09:49 +0200 Message-Id: <1c89671b9041628b86be7907a5edd340ab13222f.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Remove implementations of the metadata-related functions for the tag-based modes. The following patches in the series will provide alternative implementations. As of this patch, the tag-based modes no longer collect alloc and free stack traces. This functionality will be restored later in the series. Reviewed-by: Marco Elver Signed-off-by: Andrey Konovalov --- mm/kasan/tags.c | 33 ++------------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 2e200969a4b8..f11c89505c77 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -19,54 +19,25 @@ =20 void kasan_init_object_meta(struct kmem_cache *cache, const void *object) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - __memset(alloc_meta, 0, sizeof(*alloc_meta)); } =20 void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (alloc_meta) - kasan_set_track(&alloc_meta->alloc_track, flags); } =20 void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return; - - kasan_set_track(&alloc_meta->free_track, GFP_NOWAIT); } =20 struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, void *object) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; - - return &alloc_meta->alloc_track; + return NULL; } =20 struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, void *object, u8 tag) { - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; - - return &alloc_meta->free_track; + return NULL; } --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C410C433EF for ; Tue, 19 Jul 2022 00:12:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236102AbiGSAMT (ORCPT ); Mon, 18 Jul 2022 20:12:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236558AbiGSAMA (ORCPT ); Mon, 18 Jul 2022 20:12:00 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B1391357DC for ; Mon, 18 Jul 2022 17:11:57 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Sn8ckiCeLdpAj/t/GZ1RgeSnIgxHqO3THsvUoIUG2I0=; b=ULYDHgqFArWEemxsNJ9RCOBrV+7jmC0hBFhR1myhidVvxevK6MUG97gIP0ovbpC3CBaNpL fAwppcaPAF5bm5chQhNuL0JJSLzEKN2YM1c2MGGx0h9hPxZtUESNSLG0UhpzfgdvPk1SOy ei1v7fCAlrUe12yOb48Q8tZZ9LscWcQ= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 10/33] kasan: move kasan_get_*_meta to generic.c Date: Tue, 19 Jul 2022 02:09:50 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Move the implementations of kasan_get_alloc/free_meta() to generic.c, as the common KASAN code does not use these functions anymore. Also drop kasan_reset_tag() from the implementation, as the Generic mode does not tag pointers. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 19 ------------------- mm/kasan/generic.c | 17 +++++++++++++++++ mm/kasan/kasan.h | 14 +++++++------- 3 files changed, 24 insertions(+), 26 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index f57469b6b346..d46bb2b351ff 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -228,25 +228,6 @@ size_t __kasan_metadata_size(struct kmem_cache *cache) sizeof(struct kasan_free_meta) : 0); } =20 -struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, - const void *object) -{ - if (!cache->kasan_info.alloc_meta_offset) - return NULL; - return kasan_reset_tag(object) + cache->kasan_info.alloc_meta_offset; -} - -#ifdef CONFIG_KASAN_GENERIC -struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, - const void *object) -{ - BUILD_BUG_ON(sizeof(struct kasan_free_meta) > 32); - if (cache->kasan_info.free_meta_offset =3D=3D KASAN_NO_FREE_META) - return NULL; - return kasan_reset_tag(object) + cache->kasan_info.free_meta_offset; -} -#endif - void __kasan_poison_slab(struct slab *slab) { struct page *page =3D slab_page(slab); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 5462ddbc21e6..fa654cb96a0d 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,23 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, + const void *object) +{ + if (!cache->kasan_info.alloc_meta_offset) + return NULL; + return (void *)object + cache->kasan_info.alloc_meta_offset; +} + +struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, + const void *object) +{ + BUILD_BUG_ON(sizeof(struct kasan_free_meta) > 32); + if (cache->kasan_info.free_meta_offset =3D=3D KASAN_NO_FREE_META) + return NULL; + return (void *)object + cache->kasan_info.free_meta_offset; +} + void kasan_init_object_meta(struct kmem_cache *cache, const void *object) { struct kasan_alloc_meta *alloc_meta; diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 2c8c3cce7bc6..fdd577f3eb9d 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -209,13 +209,6 @@ struct kunit_kasan_status { }; #endif =20 -struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, - const void *object); -#ifdef CONFIG_KASAN_GENERIC -struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, - const void *object); -#endif - #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) =20 static inline const void *kasan_shadow_to_mem(const void *shadow_addr) @@ -281,6 +274,13 @@ struct slab *kasan_addr_to_slab(const void *addr); =20 void kasan_init_object_meta(struct kmem_cache *cache, const void *object); =20 +#ifdef CONFIG_KASAN_GENERIC +struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, + const void *object); +struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, + const void *object); +#endif + depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A865C43334 for ; Tue, 19 Jul 2022 00:11:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236540AbiGSALh (ORCPT ); Mon, 18 Jul 2022 20:11:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45644 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236517AbiGSAL3 (ORCPT ); Mon, 18 Jul 2022 20:11:29 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4436732D93 for ; Mon, 18 Jul 2022 17:11:28 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rlDhQ93GQxymrct+XncFBhhuVBx6ex2JMh1zy3E0kDY=; b=Dgr8rg8WoNZbfG4qteMwCiuXSs7DjvjVLmtmSAN9DkiwslqKe1B9fXH6DAP6qn1kZLFG02 oaWNyPv+1uNDXVnqvO5BjoO9rRjlA9YLc+pmbRgiM2CbG5OE4fEqaZJXdXaCqtZP82UKv2 dLTO1JEP5QDrDeSLu5qXidUqDfEM9SM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 11/33] kasan: introduce kasan_requires_meta Date: Tue, 19 Jul 2022 02:09:51 +0200 Message-Id: <54b97ba71189b557b4b70e9cdcc821ca4349abfb.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_requires_meta() helper that indicates whether the enabled KASAN mode requires per-object metadata and use this helper in the common code. Also hide kasan_init_object_meta() under CONFIG_KASAN_GENERIC ifdef check, as Generic is the only mode that uses per-object metadata. To allow for a potential future change that makes Generic KASAN support the kasan.stacktrace command-line parameter, let kasan_requires_meta() return kasan_stack_collection_enabled() instead of simply returning true. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 13 +++++-------- mm/kasan/kasan.h | 33 +++++++++++++++++++++++++++++---- mm/kasan/tags.c | 4 ---- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index d46bb2b351ff..d2ec4e6af675 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -88,13 +88,10 @@ asmlinkage void kasan_unpoison_task_stack_below(const v= oid *watermark) } #endif /* CONFIG_KASAN_STACK */ =20 -/* - * Only allow cache merging when stack collection is disabled and no metad= ata - * is present. - */ +/* Only allow cache merging when no per-object metadata is present. */ slab_flags_t __kasan_never_merge(void) { - if (kasan_stack_collection_enabled()) + if (kasan_requires_meta()) return SLAB_KASAN; return 0; } @@ -151,7 +148,7 @@ void __kasan_cache_create(struct kmem_cache *cache, uns= igned int *size, */ *flags |=3D SLAB_KASAN; =20 - if (!kasan_stack_collection_enabled()) + if (!kasan_requires_meta()) return; =20 ok_size =3D *size; @@ -219,7 +216,7 @@ void __kasan_cache_create_kmalloc(struct kmem_cache *ca= che) =20 size_t __kasan_metadata_size(struct kmem_cache *cache) { - if (!kasan_stack_collection_enabled()) + if (!kasan_requires_meta()) return 0; return (cache->kasan_info.alloc_meta_offset ? sizeof(struct kasan_alloc_meta) : 0) + @@ -294,7 +291,7 @@ void * __must_check __kasan_init_slab_obj(struct kmem_c= ache *cache, const void *object) { /* Initialize per-object metadata if it is present. */ - if (kasan_stack_collection_enabled()) + if (kasan_requires_meta()) kasan_init_object_meta(cache, object); =20 /* Tag is ignored in set_tag() without CONFIG_KASAN_SW/HW_TAGS */ diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index fdd577f3eb9d..1736abd661b6 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -43,7 +43,7 @@ static inline bool kasan_sync_fault_possible(void) return kasan_mode =3D=3D KASAN_MODE_SYNC || kasan_mode =3D=3D KASAN_MODE_= ASYMM; } =20 -#else +#else /* CONFIG_KASAN_HW_TAGS */ =20 static inline bool kasan_stack_collection_enabled(void) { @@ -60,7 +60,31 @@ static inline bool kasan_sync_fault_possible(void) return true; } =20 -#endif +#endif /* CONFIG_KASAN_HW_TAGS */ + +#ifdef CONFIG_KASAN_GENERIC + +/* Generic KASAN uses per-object metadata to store stack traces. */ +static inline bool kasan_requires_meta(void) +{ + /* + * Technically, Generic KASAN always collects stack traces right now. + * However, let's use kasan_stack_collection_enabled() in case the + * kasan.stacktrace command-line argument is changed to affect + * Generic KASAN. + */ + return kasan_stack_collection_enabled(); +} + +#else /* CONFIG_KASAN_GENERIC */ + +/* Tag-based KASAN modes do not use per-object metadata. */ +static inline bool kasan_requires_meta(void) +{ + return false; +} + +#endif /* CONFIG_KASAN_GENERIC */ =20 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) #define KASAN_GRANULE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT) @@ -272,13 +296,14 @@ void kasan_report_invalid_free(void *object, unsigned= long ip, enum kasan_report struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 -void kasan_init_object_meta(struct kmem_cache *cache, const void *object); - #ifdef CONFIG_KASAN_GENERIC +void kasan_init_object_meta(struct kmem_cache *cache, const void *object); struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, const void *object); struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, const void *object); +#else +static inline void kasan_init_object_meta(struct kmem_cache *cache, const = void *object) { } #endif =20 depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index f11c89505c77..4f24669085e9 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -17,10 +17,6 @@ =20 #include "kasan.h" =20 -void kasan_init_object_meta(struct kmem_cache *cache, const void *object) -{ -} - void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { } --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 650B7C433EF for ; Tue, 19 Jul 2022 00:12:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236573AbiGSAMh (ORCPT ); Mon, 18 Jul 2022 20:12:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236418AbiGSAMd (ORCPT ); Mon, 18 Jul 2022 20:12:33 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91B6233E2B for ; Mon, 18 Jul 2022 17:12:31 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6/KgfSVlFPREjjOqLt7SNNIjNmfJdkE37gqLUEf+qEc=; b=F2BbZXMfS6q6D+zNq0YvMukDx2LXsxSGGcg6AXMfc1ctj+SX7ZL1TrqCCB7xGTsNCZvQ88 psV46yEKSQoWec9JvAE47qu2Hrz208ONkuUyKHq7sQKFUhUMVymMdb3UK0R6HggFlxHbdQ 006CgxhEao7lbjPYG76S/JiyfTonv0M= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 12/33] kasan: introduce kasan_init_cache_meta Date: Tue, 19 Jul 2022 02:09:52 +0200 Message-Id: <7ae0695bcf60921a040f6bc295876444f5c3cef1.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add a kasan_init_cache_meta() helper that initializes metadata-related cache parameters and use this helper in the common KASAN code. Put the implementation of this new helper into generic.c, as only the Generic mode uses per-object metadata. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 80 ++-------------------------------------------- mm/kasan/generic.c | 79 +++++++++++++++++++++++++++++++++++++++++++++ mm/kasan/kasan.h | 2 ++ 3 files changed, 83 insertions(+), 78 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index d2ec4e6af675..83a04834746f 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -117,28 +117,9 @@ void __kasan_poison_pages(struct page *page, unsigned = int order, bool init) KASAN_PAGE_FREE, init); } =20 -/* - * Adaptive redzone policy taken from the userspace AddressSanitizer runti= me. - * For larger allocations larger redzones are used. - */ -static inline unsigned int optimal_redzone(unsigned int object_size) -{ - return - object_size <=3D 64 - 16 ? 16 : - object_size <=3D 128 - 32 ? 32 : - object_size <=3D 512 - 64 ? 64 : - object_size <=3D 4096 - 128 ? 128 : - object_size <=3D (1 << 14) - 256 ? 256 : - object_size <=3D (1 << 15) - 512 ? 512 : - object_size <=3D (1 << 16) - 1024 ? 1024 : 2048; -} - void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size, slab_flags_t *flags) { - unsigned int ok_size; - unsigned int optimal_size; - /* * SLAB_KASAN is used to mark caches as ones that are sanitized by * KASAN. Currently this flag is used in two places: @@ -148,65 +129,8 @@ void __kasan_cache_create(struct kmem_cache *cache, un= signed int *size, */ *flags |=3D SLAB_KASAN; =20 - if (!kasan_requires_meta()) - return; - - ok_size =3D *size; - - /* Add alloc meta into redzone. */ - cache->kasan_info.alloc_meta_offset =3D *size; - *size +=3D sizeof(struct kasan_alloc_meta); - - /* - * If alloc meta doesn't fit, don't add it. - * This can only happen with SLAB, as it has KMALLOC_MAX_SIZE equal - * to KMALLOC_MAX_CACHE_SIZE and doesn't fall back to page_alloc for - * larger sizes. - */ - if (*size > KMALLOC_MAX_SIZE) { - cache->kasan_info.alloc_meta_offset =3D 0; - *size =3D ok_size; - /* Continue, since free meta might still fit. */ - } - - /* Only the generic mode uses free meta or flexible redzones. */ - if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) { - cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; - return; - } - - /* - * Add free meta into redzone when it's not possible to store - * it in the object. This is the case when: - * 1. Object is SLAB_TYPESAFE_BY_RCU, which means that it can - * be touched after it was freed, or - * 2. Object has a constructor, which means it's expected to - * retain its content until the next allocation, or - * 3. Object is too small. - * Otherwise cache->kasan_info.free_meta_offset =3D 0 is implied. - */ - if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor || - cache->object_size < sizeof(struct kasan_free_meta)) { - ok_size =3D *size; - - cache->kasan_info.free_meta_offset =3D *size; - *size +=3D sizeof(struct kasan_free_meta); - - /* If free meta doesn't fit, don't add it. */ - if (*size > KMALLOC_MAX_SIZE) { - cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; - *size =3D ok_size; - } - } - - /* Calculate size with optimal redzone. */ - optimal_size =3D cache->object_size + optimal_redzone(cache->object_size); - /* Limit it with KMALLOC_MAX_SIZE (relevant for SLAB only). */ - if (optimal_size > KMALLOC_MAX_SIZE) - optimal_size =3D KMALLOC_MAX_SIZE; - /* Use optimal size if the size with added metas is not large enough. */ - if (*size < optimal_size) - *size =3D optimal_size; + if (kasan_requires_meta()) + kasan_init_cache_meta(cache, size); } =20 void __kasan_cache_create_kmalloc(struct kmem_cache *cache) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index fa654cb96a0d..73aea784040a 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,85 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +/* + * Adaptive redzone policy taken from the userspace AddressSanitizer runti= me. + * For larger allocations larger redzones are used. + */ +static inline unsigned int optimal_redzone(unsigned int object_size) +{ + return + object_size <=3D 64 - 16 ? 16 : + object_size <=3D 128 - 32 ? 32 : + object_size <=3D 512 - 64 ? 64 : + object_size <=3D 4096 - 128 ? 128 : + object_size <=3D (1 << 14) - 256 ? 256 : + object_size <=3D (1 << 15) - 512 ? 512 : + object_size <=3D (1 << 16) - 1024 ? 1024 : 2048; +} + +void kasan_init_cache_meta(struct kmem_cache *cache, unsigned int *size) +{ + unsigned int ok_size; + unsigned int optimal_size; + + ok_size =3D *size; + + /* Add alloc meta into redzone. */ + cache->kasan_info.alloc_meta_offset =3D *size; + *size +=3D sizeof(struct kasan_alloc_meta); + + /* + * If alloc meta doesn't fit, don't add it. + * This can only happen with SLAB, as it has KMALLOC_MAX_SIZE equal + * to KMALLOC_MAX_CACHE_SIZE and doesn't fall back to page_alloc for + * larger sizes. + */ + if (*size > KMALLOC_MAX_SIZE) { + cache->kasan_info.alloc_meta_offset =3D 0; + *size =3D ok_size; + /* Continue, since free meta might still fit. */ + } + + /* Only the generic mode uses free meta or flexible redzones. */ + if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) { + cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; + return; + } + + /* + * Add free meta into redzone when it's not possible to store + * it in the object. This is the case when: + * 1. Object is SLAB_TYPESAFE_BY_RCU, which means that it can + * be touched after it was freed, or + * 2. Object has a constructor, which means it's expected to + * retain its content until the next allocation, or + * 3. Object is too small. + * Otherwise cache->kasan_info.free_meta_offset =3D 0 is implied. + */ + if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor || + cache->object_size < sizeof(struct kasan_free_meta)) { + ok_size =3D *size; + + cache->kasan_info.free_meta_offset =3D *size; + *size +=3D sizeof(struct kasan_free_meta); + + /* If free meta doesn't fit, don't add it. */ + if (*size > KMALLOC_MAX_SIZE) { + cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; + *size =3D ok_size; + } + } + + /* Calculate size with optimal redzone. */ + optimal_size =3D cache->object_size + optimal_redzone(cache->object_size); + /* Limit it with KMALLOC_MAX_SIZE (relevant for SLAB only). */ + if (optimal_size > KMALLOC_MAX_SIZE) + optimal_size =3D KMALLOC_MAX_SIZE; + /* Use optimal size if the size with added metas is not large enough. */ + if (*size < optimal_size) + *size =3D optimal_size; +} + struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, const void *object) { diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 1736abd661b6..6da35370ba37 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -297,12 +297,14 @@ struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 #ifdef CONFIG_KASAN_GENERIC +void kasan_init_cache_meta(struct kmem_cache *cache, unsigned int *size); void kasan_init_object_meta(struct kmem_cache *cache, const void *object); struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache, const void *object); struct kasan_free_meta *kasan_get_free_meta(struct kmem_cache *cache, const void *object); #else +static inline void kasan_init_cache_meta(struct kmem_cache *cache, unsigne= d int *size) { } static inline void kasan_init_object_meta(struct kmem_cache *cache, const = void *object) { } #endif =20 --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60E65C43334 for ; Tue, 19 Jul 2022 00:12:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236517AbiGSAMf (ORCPT ); Mon, 18 Jul 2022 20:12:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47522 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236544AbiGSAMd (ORCPT ); Mon, 18 Jul 2022 20:12:33 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9197933E21 for ; Mon, 18 Jul 2022 17:12:30 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189549; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gFl1aLadfWJPQ+Xg4RcAPABChePIqsdWPpe8i7e+EqU=; b=GGtCf53TQnL1kZxA120KVapzN39vL6tDViucW+URm5HgflNNpIrtRxPN3Kp7BrL2t6IzvH AH3YyL6UhrAFteVWBoKtRDHhEFRQyToCA01A7olK5sGQpmWSVlsA8VUs1BBFRDt4gohHX3 bB+YHVL6hw+Ap6XDONJrHErSVswR61s= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 13/33] kasan: drop CONFIG_KASAN_GENERIC check from kasan_init_cache_meta Date: Tue, 19 Jul 2022 02:09:53 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov As kasan_init_cache_meta() is only defined for the Generic mode, it does not require the CONFIG_KASAN_GENERIC check. Signed-off-by: Andrey Konovalov --- mm/kasan/generic.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 73aea784040a..5125fad76f70 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -367,12 +367,6 @@ void kasan_init_cache_meta(struct kmem_cache *cache, u= nsigned int *size) /* Continue, since free meta might still fit. */ } =20 - /* Only the generic mode uses free meta or flexible redzones. */ - if (!IS_ENABLED(CONFIG_KASAN_GENERIC)) { - cache->kasan_info.free_meta_offset =3D KASAN_NO_FREE_META; - return; - } - /* * Add free meta into redzone when it's not possible to store * it in the object. This is the case when: --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E8C4C433EF for ; Tue, 19 Jul 2022 00:12:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236571AbiGSAMk (ORCPT ); Mon, 18 Jul 2022 20:12:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233836AbiGSAMd (ORCPT ); Mon, 18 Jul 2022 20:12:33 -0400 Received: from out1.migadu.com (out1.migadu.com [91.121.223.63]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4021933E0F for ; Mon, 18 Jul 2022 17:12:32 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189550; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=51fcsYmho6J8ZJUQBvChW6NiCMPna0Hu4OlobGKbOIM=; b=e6TbVslUQLHxnuSId8HGJBgzuAh8L1EY7qb1WwA9Q7UITKN2R2dWOzY0BwSwfEfRrTHdNX 2ivp5jYaw+79EwcG7UH/8J7NjTV3hmyn8XXPuQOI1tmLrsVeaYIop43/rgdgKUKfp5C2DP z6k/fmNLuwgk+t3upYcpNhuWl5ZMkGc= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 14/33] kasan: only define kasan_metadata_size for Generic mode Date: Tue, 19 Jul 2022 02:09:54 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov KASAN provides a helper for calculating the size of per-object metadata stored in the redzone. As now only the Generic mode uses per-object metadata, only define kasan_metadata_size() for this mode. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 17 ++++++++--------- mm/kasan/common.c | 11 ----------- mm/kasan/generic.c | 11 +++++++++++ 3 files changed, 19 insertions(+), 20 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index b092277bf48d..027df7599573 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -150,14 +150,6 @@ static __always_inline void kasan_cache_create_kmalloc= (struct kmem_cache *cache) __kasan_cache_create_kmalloc(cache); } =20 -size_t __kasan_metadata_size(struct kmem_cache *cache); -static __always_inline size_t kasan_metadata_size(struct kmem_cache *cache) -{ - if (kasan_enabled()) - return __kasan_metadata_size(cache); - return 0; -} - void __kasan_poison_slab(struct slab *slab); static __always_inline void kasan_poison_slab(struct slab *slab) { @@ -282,7 +274,6 @@ static inline void kasan_cache_create(struct kmem_cache= *cache, unsigned int *size, slab_flags_t *flags) {} static inline void kasan_cache_create_kmalloc(struct kmem_cache *cache) {} -static inline size_t kasan_metadata_size(struct kmem_cache *cache) { retur= n 0; } static inline void kasan_poison_slab(struct slab *slab) {} static inline void kasan_unpoison_object_data(struct kmem_cache *cache, void *object) {} @@ -333,6 +324,8 @@ static inline void kasan_unpoison_task_stack(struct tas= k_struct *task) {} =20 #ifdef CONFIG_KASAN_GENERIC =20 +size_t kasan_metadata_size(struct kmem_cache *cache); + void kasan_cache_shrink(struct kmem_cache *cache); void kasan_cache_shutdown(struct kmem_cache *cache); void kasan_record_aux_stack(void *ptr); @@ -340,6 +333,12 @@ void kasan_record_aux_stack_noalloc(void *ptr); =20 #else /* CONFIG_KASAN_GENERIC */ =20 +/* Tag-based KASAN modes do not use per-object metadata. */ +static inline size_t kasan_metadata_size(struct kmem_cache *cache) +{ + return 0; +} + static inline void kasan_cache_shrink(struct kmem_cache *cache) {} static inline void kasan_cache_shutdown(struct kmem_cache *cache) {} static inline void kasan_record_aux_stack(void *ptr) {} diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 83a04834746f..0cef41f8a60d 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -138,17 +138,6 @@ void __kasan_cache_create_kmalloc(struct kmem_cache *c= ache) cache->kasan_info.is_kmalloc =3D true; } =20 -size_t __kasan_metadata_size(struct kmem_cache *cache) -{ - if (!kasan_requires_meta()) - return 0; - return (cache->kasan_info.alloc_meta_offset ? - sizeof(struct kasan_alloc_meta) : 0) + - ((cache->kasan_info.free_meta_offset && - cache->kasan_info.free_meta_offset !=3D KASAN_NO_FREE_META) ? - sizeof(struct kasan_free_meta) : 0); -} - void __kasan_poison_slab(struct slab *slab) { struct page *page =3D slab_page(slab); diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 5125fad76f70..806ab92032c3 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -427,6 +427,17 @@ void kasan_init_object_meta(struct kmem_cache *cache, = const void *object) __memset(alloc_meta, 0, sizeof(*alloc_meta)); } =20 +size_t kasan_metadata_size(struct kmem_cache *cache) +{ + if (!kasan_requires_meta()) + return 0; + return (cache->kasan_info.alloc_meta_offset ? + sizeof(struct kasan_alloc_meta) : 0) + + ((cache->kasan_info.free_meta_offset && + cache->kasan_info.free_meta_offset !=3D KASAN_NO_FREE_META) ? + sizeof(struct kasan_free_meta) : 0); +} + static void __kasan_record_aux_stack(void *addr, bool can_alloc) { struct slab *slab =3D kasan_addr_to_slab(addr); --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9A22C43334 for ; Tue, 19 Jul 2022 00:12:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236589AbiGSAMo (ORCPT ); Mon, 18 Jul 2022 20:12:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236548AbiGSAMf (ORCPT ); Mon, 18 Jul 2022 20:12:35 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33ACD33E32 for ; Mon, 18 Jul 2022 17:12:33 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vEHfoxHnRz348LrTxEZAdD8nCG/gIjPOVMNgHO+/ASA=; b=w/ZmYnkg2D+eQeaYDz4TkjXOhEcZ4Iue1AC0GsHjOrwqFk5ELSu0Cny315A0qJlpHLOtjX 7H+GcKwlZyLK6whLtxZcyDtfyBkbVPpO+Bk+v2Ks+/FqpUxNaF+2q6uNkIvpsPSCXaF8IT A9YJr/FgFX7SU+Lvbk9Nal3n0IVgIgQ= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 15/33] kasan: only define kasan_never_merge for Generic mode Date: Tue, 19 Jul 2022 02:09:55 +0200 Message-Id: <8ae180159c3789ca75bc69857958c31d25ea96ee.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov KASAN prevents merging of slab caches whose objects have per-object metadata stored in redzones. As now only the Generic mode uses per-object metadata, define kasan_never_merge() only for this mode. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 18 ++++++------------ mm/kasan/common.c | 8 -------- mm/kasan/generic.c | 8 ++++++++ 3 files changed, 14 insertions(+), 20 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 027df7599573..9743d4b3a918 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -103,14 +103,6 @@ struct kasan_cache { bool is_kmalloc; }; =20 -slab_flags_t __kasan_never_merge(void); -static __always_inline slab_flags_t kasan_never_merge(void) -{ - if (kasan_enabled()) - return __kasan_never_merge(); - return 0; -} - void __kasan_unpoison_range(const void *addr, size_t size); static __always_inline void kasan_unpoison_range(const void *addr, size_t = size) { @@ -261,10 +253,6 @@ static __always_inline bool kasan_check_byte(const voi= d *addr) =20 #else /* CONFIG_KASAN */ =20 -static inline slab_flags_t kasan_never_merge(void) -{ - return 0; -} static inline void kasan_unpoison_range(const void *address, size_t size) = {} static inline void kasan_poison_pages(struct page *page, unsigned int orde= r, bool init) {} @@ -325,6 +313,7 @@ static inline void kasan_unpoison_task_stack(struct tas= k_struct *task) {} #ifdef CONFIG_KASAN_GENERIC =20 size_t kasan_metadata_size(struct kmem_cache *cache); +slab_flags_t kasan_never_merge(void); =20 void kasan_cache_shrink(struct kmem_cache *cache); void kasan_cache_shutdown(struct kmem_cache *cache); @@ -338,6 +327,11 @@ static inline size_t kasan_metadata_size(struct kmem_c= ache *cache) { return 0; } +/* And thus nothing prevents cache merging. */ +static inline slab_flags_t kasan_never_merge(void) +{ + return 0; +} =20 static inline void kasan_cache_shrink(struct kmem_cache *cache) {} static inline void kasan_cache_shutdown(struct kmem_cache *cache) {} diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 0cef41f8a60d..e4ff0e4e7a9d 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -88,14 +88,6 @@ asmlinkage void kasan_unpoison_task_stack_below(const vo= id *watermark) } #endif /* CONFIG_KASAN_STACK */ =20 -/* Only allow cache merging when no per-object metadata is present. */ -slab_flags_t __kasan_never_merge(void) -{ - if (kasan_requires_meta()) - return SLAB_KASAN; - return 0; -} - void __kasan_unpoison_pages(struct page *page, unsigned int order, bool in= it) { u8 tag; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 806ab92032c3..25333bf3c99f 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -328,6 +328,14 @@ DEFINE_ASAN_SET_SHADOW(f3); DEFINE_ASAN_SET_SHADOW(f5); DEFINE_ASAN_SET_SHADOW(f8); =20 +/* Only allow cache merging when no per-object metadata is present. */ +slab_flags_t kasan_never_merge(void) +{ + if (!kasan_requires_meta()) + return 0; + return SLAB_KASAN; +} + /* * Adaptive redzone policy taken from the userspace AddressSanitizer runti= me. * For larger allocations larger redzones are used. --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8166DC43334 for ; Tue, 19 Jul 2022 00:13:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236601AbiGSANO (ORCPT ); Mon, 18 Jul 2022 20:13:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236647AbiGSANG (ORCPT ); Mon, 18 Jul 2022 20:13:06 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B38537FB4 for ; Mon, 18 Jul 2022 17:13:04 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189552; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tSwVFyyCCOKYSS6nxmIV1PC3/qH9HgKDBeITqQWAPk0=; b=iaswNaVcKlE6Ibx4Q/VaDqXuU//N8Bb1UH2IAMNJ/JWMbQ+g7p+b8yxsXFuzuVs1OLrb1/ WO2FkIPf2mND0jqNAq+nV6C4i52UasUQh94R1v6bxjJJhOXKBCsjr/oJoEXPYDHvqy/R/0 jWVu+YLfZGTImLr6K4Xcsg4M9iinHi0= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 16/33] kasan: only define metadata offsets for Generic mode Date: Tue, 19 Jul 2022 02:09:56 +0200 Message-Id: <902cc38713c94e729b3eca170cd53ce9dfb5fb47.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Hide the definitions of alloc_meta_offset and free_meta_offset under an ifdef CONFIG_KASAN_GENERIC check, as these fields are now only used when the Generic mode is enabled. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 9743d4b3a918..a212c2e3f32d 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -98,8 +98,10 @@ static inline bool kasan_has_integrated_init(void) #ifdef CONFIG_KASAN =20 struct kasan_cache { +#ifdef CONFIG_KASAN_GENERIC int alloc_meta_offset; int free_meta_offset; +#endif bool is_kmalloc; }; =20 --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31561C433EF for ; Tue, 19 Jul 2022 00:12:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236595AbiGSAMq (ORCPT ); Mon, 18 Jul 2022 20:12:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236544AbiGSAMf (ORCPT ); Mon, 18 Jul 2022 20:12:35 -0400 Received: from out1.migadu.com (out1.migadu.com [IPv6:2001:41d0:2:863f::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D914F33E16 for ; Mon, 18 Jul 2022 17:12:34 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189553; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4Ug+nRhk4S0scNxkqaQhWMyfD8pnsHKB57f6laJzIdM=; b=LQyieyg1ICB2hXD7nyoI+Yg4EYt5bi3rUmzt2PuEluJOu99p4MYMwPczZhfwWen5F70+l+ VLshZJN+OWEMvyYiENeKha1OPzIPTx7mC4urQUrlxY2aDPgoV5BlqiQOItNkoI9TaL7NkO R90LaEavqGGJ00VEHl5fWxChGEvumwo= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 17/33] kasan: only define metadata structs for Generic mode Date: Tue, 19 Jul 2022 02:09:57 +0200 Message-Id: <93569dbf8c3615ae49e62e7be1607b6fea406ae9.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Hide the definitions of kasan_alloc_meta and kasan_free_meta under an ifdef CONFIG_KASAN_GENERIC check, as these structures are now only used when the Generic mode is enabled. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 6da35370ba37..cae60e4d8842 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -193,14 +193,12 @@ struct kasan_track { depot_stack_handle_t stack; }; =20 +#ifdef CONFIG_KASAN_GENERIC + struct kasan_alloc_meta { struct kasan_track alloc_track; - /* Generic mode stores free track in kasan_free_meta. */ -#ifdef CONFIG_KASAN_GENERIC + /* Free track is stored in kasan_free_meta. */ depot_stack_handle_t aux_stack[2]; -#else - struct kasan_track free_track; -#endif }; =20 struct qlist_node { @@ -219,12 +217,12 @@ struct qlist_node { * After that, slab allocator stores the freelist pointer in the object. */ struct kasan_free_meta { -#ifdef CONFIG_KASAN_GENERIC struct qlist_node quarantine_link; struct kasan_track free_track; -#endif }; =20 +#endif /* CONFIG_KASAN_GENERIC */ + #if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) /* Used in KUnit-compatible KASAN tests. */ struct kunit_kasan_status { --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8DC51C43334 for ; Tue, 19 Jul 2022 00:13:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236604AbiGSANi (ORCPT ); Mon, 18 Jul 2022 20:13:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233680AbiGSANg (ORCPT ); Mon, 18 Jul 2022 20:13:36 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D036C37193 for ; Mon, 18 Jul 2022 17:13:35 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189614; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fcQYVitXIA53g4L8evccpvyk9umTBZJhPZwjoWFoPS0=; b=TyBXMwhOW38+fupRkD/rGZ/c+rM/uwuE1Vpt8qkh6wimlAcFMhpBmQ1KUC7xUkVRYI2gfI /iqy21xETjlfRZ4QOC+1SJ6F7CURiurSJMgORLo5SpOefs6V5ITxJ1u4afTb90lp9tlIbX 1Evwhrowox/PI/LQb5Bgt/m83naYBoc= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 18/33] kasan: only define kasan_cache_create for Generic mode Date: Tue, 19 Jul 2022 02:09:58 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Right now, kasan_cache_create() assigns SLAB_KASAN for all KASAN modes and then sets up metadata-related cache parameters for the Generic mode. SLAB_KASAN is used in two places: 1. In slab_ksize() to account for per-object metadata when calculating the size of the accessible memory within the object. 2. In slab_common.c via kasan_never_merge() to prevent merging of caches with per-object metadata. Both cases are only relevant when per-object metadata is present, which is only the case with the Generic mode. Thus, assign SLAB_KASAN and define kasan_cache_create() only for the Generic mode. Also update the SLAB_KASAN-related comment. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 18 ++++++------------ include/linux/slab.h | 2 +- mm/kasan/common.c | 16 ---------------- mm/kasan/generic.c | 17 ++++++++++++++++- 4 files changed, 23 insertions(+), 30 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index a212c2e3f32d..d811b3d7d2a1 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -128,15 +128,6 @@ static __always_inline void kasan_unpoison_pages(struc= t page *page, __kasan_unpoison_pages(page, order, init); } =20 -void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size, - slab_flags_t *flags); -static __always_inline void kasan_cache_create(struct kmem_cache *cache, - unsigned int *size, slab_flags_t *flags) -{ - if (kasan_enabled()) - __kasan_cache_create(cache, size, flags); -} - void __kasan_cache_create_kmalloc(struct kmem_cache *cache); static __always_inline void kasan_cache_create_kmalloc(struct kmem_cache *= cache) { @@ -260,9 +251,6 @@ static inline void kasan_poison_pages(struct page *page= , unsigned int order, bool init) {} static inline void kasan_unpoison_pages(struct page *page, unsigned int or= der, bool init) {} -static inline void kasan_cache_create(struct kmem_cache *cache, - unsigned int *size, - slab_flags_t *flags) {} static inline void kasan_cache_create_kmalloc(struct kmem_cache *cache) {} static inline void kasan_poison_slab(struct slab *slab) {} static inline void kasan_unpoison_object_data(struct kmem_cache *cache, @@ -316,6 +304,8 @@ static inline void kasan_unpoison_task_stack(struct tas= k_struct *task) {} =20 size_t kasan_metadata_size(struct kmem_cache *cache); slab_flags_t kasan_never_merge(void); +void kasan_cache_create(struct kmem_cache *cache, unsigned int *size, + slab_flags_t *flags); =20 void kasan_cache_shrink(struct kmem_cache *cache); void kasan_cache_shutdown(struct kmem_cache *cache); @@ -334,6 +324,10 @@ static inline slab_flags_t kasan_never_merge(void) { return 0; } +/* And no cache-related metadata initialization is required. */ +static inline void kasan_cache_create(struct kmem_cache *cache, + unsigned int *size, + slab_flags_t *flags) {} =20 static inline void kasan_cache_shrink(struct kmem_cache *cache) {} static inline void kasan_cache_shutdown(struct kmem_cache *cache) {} diff --git a/include/linux/slab.h b/include/linux/slab.h index 0fefdf528e0d..1c6b7362e82b 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -106,7 +106,7 @@ # define SLAB_ACCOUNT 0 #endif =20 -#ifdef CONFIG_KASAN +#ifdef CONFIG_KASAN_GENERIC #define SLAB_KASAN ((slab_flags_t __force)0x08000000U) #else #define SLAB_KASAN 0 diff --git a/mm/kasan/common.c b/mm/kasan/common.c index e4ff0e4e7a9d..89aa97af876e 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -109,22 +109,6 @@ void __kasan_poison_pages(struct page *page, unsigned = int order, bool init) KASAN_PAGE_FREE, init); } =20 -void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size, - slab_flags_t *flags) -{ - /* - * SLAB_KASAN is used to mark caches as ones that are sanitized by - * KASAN. Currently this flag is used in two places: - * 1. In slab_ksize() when calculating the size of the accessible - * memory within the object. - * 2. In slab_common.c to prevent merging of sanitized caches. - */ - *flags |=3D SLAB_KASAN; - - if (kasan_requires_meta()) - kasan_init_cache_meta(cache, size); -} - void __kasan_cache_create_kmalloc(struct kmem_cache *cache) { cache->kasan_info.is_kmalloc =3D true; diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 25333bf3c99f..f6bef347de87 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -352,11 +352,26 @@ static inline unsigned int optimal_redzone(unsigned i= nt object_size) object_size <=3D (1 << 16) - 1024 ? 1024 : 2048; } =20 -void kasan_init_cache_meta(struct kmem_cache *cache, unsigned int *size) +void kasan_cache_create(struct kmem_cache *cache, unsigned int *size, + slab_flags_t *flags) { unsigned int ok_size; unsigned int optimal_size; =20 + if (!kasan_requires_meta()) + return; + + /* + * SLAB_KASAN is used to mark caches that are sanitized by KASAN + * and that thus have per-object metadata. + * Currently this flag is used in two places: + * 1. In slab_ksize() to account for per-object metadata when + * calculating the size of the accessible memory within the object. + * 2. In slab_common.c via kasan_never_merge() to prevent merging of + * caches with per-object metadata. + */ + *flags |=3D SLAB_KASAN; + ok_size =3D *size; =20 /* Add alloc meta into redzone. */ --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 830DDCCA479 for ; Tue, 19 Jul 2022 00:13:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236624AbiGSANm (ORCPT ); Mon, 18 Jul 2022 20:13:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49628 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236598AbiGSANh (ORCPT ); Mon, 18 Jul 2022 20:13:37 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B2F933E3E for ; Mon, 18 Jul 2022 17:13:36 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6+gehTqFh9JAtZFAnb2OrzE2PLFsl5pe0e/6PyzNuaE=; b=l78plOGGvEzmW1nLutXBidFKXT5EgQxtyQeanLl9qQqV8nwCAWQUsTzPMERsq/SmVrUKgL uQJi7IeyRDBgevAT3fqQ1aJ3wwKQNrS7DZTnFxXmRQQZEsMNQ1zpawzdntePJiIlJyulxo /iYHiZhprvmiUnF03O7hu7gtEm8YUt4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 19/33] kasan: pass tagged pointers to kasan_save_alloc/free_info Date: Tue, 19 Jul 2022 02:09:59 +0200 Message-Id: <46aa2a55f0bcf04a2617222936d15119581f6dd7.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Pass tagged pointers to kasan_save_alloc/free_info(). This is a preparatory patch to simplify other changes in the series. Signed-off-by: Andrey Konovalov --- Changes v1->v2: - Drop unused variable tag from ____kasan_slab_free(). --- mm/kasan/common.c | 6 ++---- mm/kasan/generic.c | 3 +-- mm/kasan/kasan.h | 2 +- mm/kasan/tags.c | 3 +-- 4 files changed, 5 insertions(+), 9 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 89aa97af876e..3dc57a199893 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -192,13 +192,11 @@ void * __must_check __kasan_init_slab_obj(struct kmem= _cache *cache, static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *obj= ect, unsigned long ip, bool quarantine, bool init) { - u8 tag; void *tagged_object; =20 if (!kasan_arch_is_ready()) return false; =20 - tag =3D get_tag(object); tagged_object =3D object; object =3D kasan_reset_tag(object); =20 @@ -227,7 +225,7 @@ static inline bool ____kasan_slab_free(struct kmem_cach= e *cache, void *object, return false; =20 if (kasan_stack_collection_enabled()) - kasan_save_free_info(cache, object, tag); + kasan_save_free_info(cache, tagged_object); =20 return kasan_quarantine_put(cache, object); } @@ -316,7 +314,7 @@ void * __must_check __kasan_slab_alloc(struct kmem_cach= e *cache, =20 /* Save alloc info (if possible) for non-kmalloc() allocations. */ if (kasan_stack_collection_enabled() && !cache->kasan_info.is_kmalloc) - kasan_save_alloc_info(cache, (void *)object, flags); + kasan_save_alloc_info(cache, tagged_object, flags); =20 return tagged_object; } diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index f6bef347de87..aff39af3c532 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -500,8 +500,7 @@ void kasan_save_alloc_info(struct kmem_cache *cache, vo= id *object, gfp_t flags) kasan_set_track(&alloc_meta->alloc_track, flags); } =20 -void kasan_save_free_info(struct kmem_cache *cache, - void *object, u8 tag) +void kasan_save_free_info(struct kmem_cache *cache, void *object) { struct kasan_free_meta *free_meta; =20 diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index cae60e4d8842..cca49ab029f1 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -309,7 +309,7 @@ static inline void kasan_init_object_meta(struct kmem_c= ache *cache, const void * depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); -void kasan_save_free_info(struct kmem_cache *cache, void *object, u8 tag); +void kasan_save_free_info(struct kmem_cache *cache, void *object); struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, void *object); struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 4f24669085e9..fd11d10a4ffc 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -21,8 +21,7 @@ void kasan_save_alloc_info(struct kmem_cache *cache, void= *object, gfp_t flags) { } =20 -void kasan_save_free_info(struct kmem_cache *cache, - void *object, u8 tag) +void kasan_save_free_info(struct kmem_cache *cache, void *object) { } =20 --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4058AC43334 for ; Tue, 19 Jul 2022 00:14:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236663AbiGSAOE (ORCPT ); Mon, 18 Jul 2022 20:14:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236664AbiGSAN6 (ORCPT ); Mon, 18 Jul 2022 20:13:58 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4857FE1 for ; Mon, 18 Jul 2022 17:13:52 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=T+1jiBrKGTOAkQ9I8eaP4PIHMCNWMSHqgu/PvHey6xE=; b=m9VfQXYNVsWHBMRzPoaKEgSUaK82I6VPE9DX63iOTpSaFYPolrsURj7rGE85o77XGhDg78 mKUA2TofopDF5N8hbk0x2L4zB7+tOX7BXyJipExmhSzSkyXBrflC+XGgFuLXz6+TVhN7lN nC8y2/gUA3YttYAF/+BEkApZCeGIJk0= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 20/33] kasan: move kasan_get_alloc/free_track definitions Date: Tue, 19 Jul 2022 02:10:00 +0200 Message-Id: <4d5d13369338e964d15ee7e378b543c1c00dc2e2.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Move the definitions of kasan_get_alloc/free_track() to report_*.c, as they belong with other the reporting code. Signed-off-by: Andrey Konovalov --- mm/kasan/generic.c | 21 --------------------- mm/kasan/report_generic.c | 21 +++++++++++++++++++++ mm/kasan/report_tags.c | 12 ++++++++++++ mm/kasan/tags.c | 12 ------------ 4 files changed, 33 insertions(+), 33 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index aff39af3c532..d8b5590f9484 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -512,24 +512,3 @@ void kasan_save_free_info(struct kmem_cache *cache, vo= id *object) /* The object was freed and has free track set. */ *(u8 *)kasan_mem_to_shadow(object) =3D KASAN_SLAB_FREETRACK; } - -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) -{ - struct kasan_alloc_meta *alloc_meta; - - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; - - return &alloc_meta->alloc_track; -} - -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) - return NULL; - /* Free meta must be present with KASAN_SLAB_FREETRACK. */ - return &kasan_get_free_meta(cache, object)->free_track; -} diff --git a/mm/kasan/report_generic.c b/mm/kasan/report_generic.c index 348dc207d462..74d21786ef09 100644 --- a/mm/kasan/report_generic.c +++ b/mm/kasan/report_generic.c @@ -127,6 +127,27 @@ const char *kasan_get_bug_type(struct kasan_report_inf= o *info) return get_wild_bug_type(info); } =20 +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + struct kasan_alloc_meta *alloc_meta; + + alloc_meta =3D kasan_get_alloc_meta(cache, object); + if (!alloc_meta) + return NULL; + + return &alloc_meta->alloc_track; +} + +struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, + void *object, u8 tag) +{ + if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) + return NULL; + /* Free meta must be present with KASAN_SLAB_FREETRACK. */ + return &kasan_get_free_meta(cache, object)->free_track; +} + void kasan_metadata_fetch_row(char *buffer, void *row) { memcpy(buffer, kasan_mem_to_shadow(row), META_BYTES_PER_ROW); diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 35cf3cae4aa4..79b6497d8a81 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -21,3 +21,15 @@ const char *kasan_get_bug_type(struct kasan_report_info = *info) =20 return "invalid-access"; } + +struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, + void *object) +{ + return NULL; +} + +struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, + void *object, u8 tag) +{ + return NULL; +} diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index fd11d10a4ffc..39a0481e5228 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -24,15 +24,3 @@ void kasan_save_alloc_info(struct kmem_cache *cache, voi= d *object, gfp_t flags) void kasan_save_free_info(struct kmem_cache *cache, void *object) { } - -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) -{ - return NULL; -} - -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - return NULL; -} --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 590ADC43334 for ; Tue, 19 Jul 2022 00:13:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236266AbiGSANp (ORCPT ); Mon, 18 Jul 2022 20:13:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236615AbiGSANj (ORCPT ); Mon, 18 Jul 2022 20:13:39 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3928F33E03 for ; Mon, 18 Jul 2022 17:13:37 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189616; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ewIngwsCZaE/TDWKEzevD/ov9nRjvr0Ni51fNvRF6vM=; b=Ez4NK3MJ+4tuDDIgHgxsu4MiYUaqGfY5VOiQUKIwGvQBUsYJ7GKoPfKXc55qtCSds5QjTg zAvcXssV/9wWlJajGb7voWZ66ktaEQqD9D8S7tuhDWKIDHvuAmrTGk1WZ8B5A2lVn8f5Am 9EtvJhAOrXSt/GHEyuJMYKNsxpPcuR4= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 21/33] kasan: cosmetic changes in report.c Date: Tue, 19 Jul 2022 02:10:01 +0200 Message-Id: <7b5f4b94b922c1753190886d0b6984bc1c16828f.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Do a few non-functional style fixes for the code in report.c. Signed-off-by: Andrey Konovalov --- mm/kasan/report.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 5d225d7d9c4c..83f420a28c0b 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -200,25 +200,22 @@ static void print_error_description(struct kasan_repo= rt_info *info) static void print_track(struct kasan_track *track, const char *prefix) { pr_err("%s by task %u:\n", prefix, track->pid); - if (track->stack) { + if (track->stack) stack_depot_print(track->stack); - } else { + else pr_err("(stack is not available)\n"); - } } =20 struct page *kasan_addr_to_page(const void *addr) { - if ((addr >=3D (void *)PAGE_OFFSET) && - (addr < high_memory)) + if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) return virt_to_head_page(addr); return NULL; } =20 struct slab *kasan_addr_to_slab(const void *addr) { - if ((addr >=3D (void *)PAGE_OFFSET) && - (addr < high_memory)) + if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) return virt_to_slab(addr); return NULL; } --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C0B4C433EF for ; Tue, 19 Jul 2022 00:13:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236623AbiGSANr (ORCPT ); Mon, 18 Jul 2022 20:13:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236616AbiGSANj (ORCPT ); Mon, 18 Jul 2022 20:13:39 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6752E357C9 for ; Mon, 18 Jul 2022 17:13:38 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189617; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1v1m9FmRS/rLhFe38ENkOT8DlGvSMLAmXg64oTGrtEU=; b=Hz61K3OELw7/RLdZWw95Dm+7jXjxVz3VcDfsTd0onVN5I3KbvEYRmVvTGnIYt4kbCXB3zI nDUflcZ3CJaUXskpg3dfvcQvb/H8iJBInxDhMlxeYmVqvSUrxSlQ2CfaEgUnyKBC8Un3hy 3hjBfBly+wSRWoWkkOUNrcX1DP1irJM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 22/33] kasan: use virt_addr_valid in kasan_addr_to_page/slab Date: Tue, 19 Jul 2022 02:10:02 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Instead of open-coding the validity checks for addr in kasan_addr_to_page/slab(), use the virt_addr_valid() helper. Signed-off-by: Andrey Konovalov --- Changes v1->v2: - This is a new patch. --- mm/kasan/report.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 83f420a28c0b..570f9419b90c 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -208,14 +208,14 @@ static void print_track(struct kasan_track *track, co= nst char *prefix) =20 struct page *kasan_addr_to_page(const void *addr) { - if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) + if (virt_addr_valid(addr)) return virt_to_head_page(addr); return NULL; } =20 struct slab *kasan_addr_to_slab(const void *addr) { - if ((addr >=3D (void *)PAGE_OFFSET) && (addr < high_memory)) + if (virt_addr_valid(addr)) return virt_to_slab(addr); return NULL; } --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58946C43334 for ; Tue, 19 Jul 2022 00:14:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236681AbiGSAOB (ORCPT ); Mon, 18 Jul 2022 20:14:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236650AbiGSANt (ORCPT ); Mon, 18 Jul 2022 20:13:49 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C8EAA110 for ; Mon, 18 Jul 2022 17:13:46 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189617; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=O4rrLBlHP9NeNLXeiOhUcDB35KsXuF54OmWKXqnLQEA=; b=LVpP162eLUxzWlXtaxlkTzHQo3R5Fis/5GLAtxi/j6wpKDGiKXVYJoi7lSpsJ8H2ipShH9 U67DZCr01gJUMpX9uvkhL3FAd85KZadfQH+1BRwA8i0tq68mD/rOmLQleoXo9DYfuRbNhW /JFX9VzJnoP/OSo0f9jEPUzSBkqyKBQ= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 23/33] kasan: use kasan_addr_to_slab in print_address_description Date: Tue, 19 Jul 2022 02:10:03 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Use the kasan_addr_to_slab() helper in print_address_description() instead of separately invoking PageSlab() and page_slab(). Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 7 +++++++ mm/kasan/report.c | 11 ++--------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 3dc57a199893..cfb85b65fa44 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -30,6 +30,13 @@ #include "kasan.h" #include "../slab.h" =20 +struct slab *kasan_addr_to_slab(const void *addr) +{ + if (virt_addr_valid(addr)) + return virt_to_slab(addr); + return NULL; +} + depot_stack_handle_t kasan_save_stack(gfp_t flags, bool can_alloc) { unsigned long entries[KASAN_STACK_DEPTH]; diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 570f9419b90c..cd31b3b89ca1 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -213,13 +213,6 @@ struct page *kasan_addr_to_page(const void *addr) return NULL; } =20 -struct slab *kasan_addr_to_slab(const void *addr) -{ - if (virt_addr_valid(addr)) - return virt_to_slab(addr); - return NULL; -} - static void describe_object_addr(struct kmem_cache *cache, void *object, const void *addr) { @@ -297,12 +290,12 @@ static inline bool init_task_stack_addr(const void *a= ddr) static void print_address_description(void *addr, u8 tag) { struct page *page =3D kasan_addr_to_page(addr); + struct slab *slab =3D kasan_addr_to_slab(addr); =20 dump_stack_lvl(KERN_ERR); pr_err("\n"); =20 - if (page && PageSlab(page)) { - struct slab *slab =3D page_slab(page); + if (slab) { struct kmem_cache *cache =3D slab->slab_cache; void *object =3D nearest_obj(cache, slab, addr); =20 --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A92C3C433EF for ; Tue, 19 Jul 2022 00:14:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236642AbiGSAOn (ORCPT ); Mon, 18 Jul 2022 20:14:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229742AbiGSAOl (ORCPT ); Mon, 18 Jul 2022 20:14:41 -0400 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1E8CDB for ; Mon, 18 Jul 2022 17:14:40 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ypNhLiBtVU9jJolzs9O2aAagUc+2IhpYDk0p45hBQrA=; b=G/1EgNqikg3pnI4aNhL0ARKFC0+h3b15HwNaEnt9tbA66ZZ0v+OWh4mBrCsBZ1xcOCHYlR 0lANCQr8pOu66DP6jCi3M2lSV1Sm4PJlmbD41OTMKK3PsH3QKruVkVbsqSkNAfoMgDcQCf Xj8CCKk8sRh4WRMU56bknG6cZM41aBU= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 24/33] kasan: make kasan_addr_to_page static Date: Tue, 19 Jul 2022 02:10:04 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov As kasan_addr_to_page() is only used in report.c, rename it to addr_to_page() and make it static. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 1 - mm/kasan/report.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index cca49ab029f1..4fddfdb08abf 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -291,7 +291,6 @@ bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip); void kasan_report_invalid_free(void *object, unsigned long ip, enum kasan_= report_type type); =20 -struct page *kasan_addr_to_page(const void *addr); struct slab *kasan_addr_to_slab(const void *addr); =20 #ifdef CONFIG_KASAN_GENERIC diff --git a/mm/kasan/report.c b/mm/kasan/report.c index cd31b3b89ca1..ac526c10ebff 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -206,7 +206,7 @@ static void print_track(struct kasan_track *track, cons= t char *prefix) pr_err("(stack is not available)\n"); } =20 -struct page *kasan_addr_to_page(const void *addr) +static inline struct page *addr_to_page(const void *addr) { if (virt_addr_valid(addr)) return virt_to_head_page(addr); @@ -289,7 +289,7 @@ static inline bool init_task_stack_addr(const void *add= r) =20 static void print_address_description(void *addr, u8 tag) { - struct page *page =3D kasan_addr_to_page(addr); + struct page *page =3D addr_to_page(addr); struct slab *slab =3D kasan_addr_to_slab(addr); =20 dump_stack_lvl(KERN_ERR); --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A320CCA479 for ; Tue, 19 Jul 2022 00:14:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236661AbiGSAOq (ORCPT ); Mon, 18 Jul 2022 20:14:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236610AbiGSAOm (ORCPT ); Mon, 18 Jul 2022 20:14:42 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9AB71110 for ; Mon, 18 Jul 2022 17:14:41 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jretA47WKAcb0y56HfWCPZEL31wNbTFgLZKnmROQ4mM=; b=rU0FTMcqoNDbvSFCEfvW/hbLzd+m61UXURxZAxv5KwReNfRgMljavhFkQvEaeTbR5GaOf2 gBDhMOXjtGRYvmIi7i00aQMKDaRiBY+ZMn0IYYMFg1L755kFWJ3RLV/lTjezNlQZFEHzoJ bJ/lC2DE2miWoDPTZF40dXh10ulZiVM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 25/33] kasan: simplify print_report Date: Tue, 19 Jul 2022 02:10:05 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov To simplify reading the implementation of print_report(), remove the tagged_addr variable and rename untagged_addr to addr. Signed-off-by: Andrey Konovalov --- mm/kasan/report.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index ac526c10ebff..dc38ada86f85 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -397,17 +397,16 @@ static void print_memory_metadata(const void *addr) =20 static void print_report(struct kasan_report_info *info) { - void *tagged_addr =3D info->access_addr; - void *untagged_addr =3D kasan_reset_tag(tagged_addr); - u8 tag =3D get_tag(tagged_addr); + void *addr =3D kasan_reset_tag(info->access_addr); + u8 tag =3D get_tag(info->access_addr); =20 print_error_description(info); - if (addr_has_metadata(untagged_addr)) + if (addr_has_metadata(addr)) kasan_print_tags(tag, info->first_bad_addr); pr_err("\n"); =20 - if (addr_has_metadata(untagged_addr)) { - print_address_description(untagged_addr, tag); + if (addr_has_metadata(addr)) { + print_address_description(addr, tag); print_memory_metadata(info->first_bad_addr); } else { dump_stack_lvl(KERN_ERR); --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD3A8C433EF for ; Tue, 19 Jul 2022 00:14:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236685AbiGSAOt (ORCPT ); Mon, 18 Jul 2022 20:14:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236616AbiGSAOm (ORCPT ); Mon, 18 Jul 2022 20:14:42 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B9A720F for ; Mon, 18 Jul 2022 17:14:42 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zHx81bpzjWOxKC5pKO2LKT22RGKsdl7WhMonqA7gxhs=; b=YAVfPvuxRs6wvf02tGViw9mrXesCywMRt5a/mMyG6EVzzUWP4dYPec6nG8dgtAh//2bzev S2S3SltYgn5EhlOd0ebcTaES7j8evddGMUOCbG7QF0GuHWTj+RRGc1GjKqjDODT3eZniLe TYdLSjvJcHhUUoVU8vuvu/uP+AxPxhw= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 26/33] kasan: introduce complete_report_info Date: Tue, 19 Jul 2022 02:10:06 +0200 Message-Id: <5ed013df1b173806eb7aecccd2254aa46d3abe56.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Introduce a complete_report_info() function that fills in the first_bad_addr field of kasan_report_info instead of doing it in kasan_report_*(). This function will be extended in the next patch. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 5 ++++- mm/kasan/report.c | 17 +++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 4fddfdb08abf..7e07115873d3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -153,12 +153,15 @@ enum kasan_report_type { }; =20 struct kasan_report_info { + /* Filled in by kasan_report_*(). */ enum kasan_report_type type; void *access_addr; - void *first_bad_addr; size_t access_size; bool is_write; unsigned long ip; + + /* Filled in by the common reporting code. */ + void *first_bad_addr; }; =20 /* Do not change the struct layout: compiler ABI. */ diff --git a/mm/kasan/report.c b/mm/kasan/report.c index dc38ada86f85..0c2e7a58095d 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -413,6 +413,17 @@ static void print_report(struct kasan_report_info *inf= o) } } =20 +static void complete_report_info(struct kasan_report_info *info) +{ + void *addr =3D kasan_reset_tag(info->access_addr); + + if (info->type =3D=3D KASAN_REPORT_ACCESS) + info->first_bad_addr =3D kasan_find_first_bad_addr( + info->access_addr, info->access_size); + else + info->first_bad_addr =3D addr; +} + void kasan_report_invalid_free(void *ptr, unsigned long ip, enum kasan_rep= ort_type type) { unsigned long flags; @@ -430,11 +441,12 @@ void kasan_report_invalid_free(void *ptr, unsigned lo= ng ip, enum kasan_report_ty =20 info.type =3D type; info.access_addr =3D ptr; - info.first_bad_addr =3D kasan_reset_tag(ptr); info.access_size =3D 0; info.is_write =3D false; info.ip =3D ip; =20 + complete_report_info(&info); + print_report(&info); =20 end_report(&flags, ptr); @@ -463,11 +475,12 @@ bool kasan_report(unsigned long addr, size_t size, bo= ol is_write, =20 info.type =3D KASAN_REPORT_ACCESS; info.access_addr =3D ptr; - info.first_bad_addr =3D kasan_find_first_bad_addr(ptr, size); info.access_size =3D size; info.is_write =3D is_write; info.ip =3D ip; =20 + complete_report_info(&info); + print_report(&info); =20 end_report(&irq_flags, ptr); --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10654C433EF for ; Tue, 19 Jul 2022 00:14:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236672AbiGSAOv (ORCPT ); Mon, 18 Jul 2022 20:14:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236646AbiGSAOn (ORCPT ); Mon, 18 Jul 2022 20:14:43 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD066DB for ; Mon, 18 Jul 2022 17:14:42 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189681; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wlDL8UWCNOAUa7xc7DhMAdKP5Ju8o15uIhriUX+aQyY=; b=PsMkFHXXLnWmMypFxsAkjP2DbAIMEVOHLVabnFSqAv1Preh/rNfnD5s3lrIJak0d7GWaJG x5G1uDH8a40K9xm+Bo69DoB8k0gAMRqBZKz6bdc/XOgZSorqHjsnYAwXJiPR3Gtw546E+F u+IA/wu8UJA67Rl+tisNaBqDtZGnbxc= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 27/33] kasan: fill in cache and object in complete_report_info Date: Tue, 19 Jul 2022 02:10:07 +0200 Message-Id: <83156bb0ec6d790b0e7ea0002b3490a70bc5c481.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add cache and object fields to kasan_report_info and fill them in in complete_report_info() instead of fetching them in the middle of the report printing code. This allows the reporting code to get access to the object information before starting printing the report. One of the following patches uses this information to determine the bug type with the tag-based modes. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 2 ++ mm/kasan/report.c | 21 +++++++++++++-------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 7e07115873d3..b8fa1e50f3d4 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -162,6 +162,8 @@ struct kasan_report_info { =20 /* Filled in by the common reporting code. */ void *first_bad_addr; + struct kmem_cache *cache; + void *object; }; =20 /* Do not change the struct layout: compiler ABI. */ diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 0c2e7a58095d..763de8e68887 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -287,19 +287,16 @@ static inline bool init_task_stack_addr(const void *a= ddr) sizeof(init_thread_union.stack)); } =20 -static void print_address_description(void *addr, u8 tag) +static void print_address_description(void *addr, u8 tag, + struct kasan_report_info *info) { struct page *page =3D addr_to_page(addr); - struct slab *slab =3D kasan_addr_to_slab(addr); =20 dump_stack_lvl(KERN_ERR); pr_err("\n"); =20 - if (slab) { - struct kmem_cache *cache =3D slab->slab_cache; - void *object =3D nearest_obj(cache, slab, addr); - - describe_object(cache, object, addr, tag); + if (info->cache && info->object) { + describe_object(info->cache, info->object, addr, tag); pr_err("\n"); } =20 @@ -406,7 +403,7 @@ static void print_report(struct kasan_report_info *info) pr_err("\n"); =20 if (addr_has_metadata(addr)) { - print_address_description(addr, tag); + print_address_description(addr, tag, info); print_memory_metadata(info->first_bad_addr); } else { dump_stack_lvl(KERN_ERR); @@ -416,12 +413,20 @@ static void print_report(struct kasan_report_info *in= fo) static void complete_report_info(struct kasan_report_info *info) { void *addr =3D kasan_reset_tag(info->access_addr); + struct slab *slab; =20 if (info->type =3D=3D KASAN_REPORT_ACCESS) info->first_bad_addr =3D kasan_find_first_bad_addr( info->access_addr, info->access_size); else info->first_bad_addr =3D addr; + + slab =3D kasan_addr_to_slab(addr); + if (slab) { + info->cache =3D slab->slab_cache; + info->object =3D nearest_obj(info->cache, slab, addr); + } else + info->cache =3D info->object =3D NULL; } =20 void kasan_report_invalid_free(void *ptr, unsigned long ip, enum kasan_rep= ort_type type) --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E43F9C433EF for ; Tue, 19 Jul 2022 00:14:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236709AbiGSAO4 (ORCPT ); Mon, 18 Jul 2022 20:14:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51832 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236651AbiGSAOo (ORCPT ); Mon, 18 Jul 2022 20:14:44 -0400 Received: from out2.migadu.com (out2.migadu.com [188.165.223.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E784110 for ; Mon, 18 Jul 2022 17:14:43 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189682; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=07r2mZKCyHd2fu+4Bk2w4QXaKiSUtwJ2KOZg+LGbxK4=; b=aTN/zjk7uS6S0RwRQItzAjQzXpZSvjVXH5zWtkHeZcgHLUShe+C/xHuVjuEP1eZBDfhUoh 60mTHwOSUrhc0cNWGcF9KD1KXvnSz4dfrms59St1aY0L8kF0ZJ1a3b6ltpdXBxlchoPcsj d28/iEFaetAq/mjLrfuJf6sLFZz0WJA= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 28/33] kasan: rework function arguments in report.c Date: Tue, 19 Jul 2022 02:10:08 +0200 Message-Id: <0333e02a35742ef14103440a7091b34ce437ddf3.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Pass a pointer to kasan_report_info to describe_object() and describe_object_stacks(), instead of passing the structure's fields. The untagged pointer and the tag are still passed as separate arguments to some of the functions to avoid duplicating the untagging logic. This is preparatory change for the next patch. Signed-off-by: Andrey Konovalov --- mm/kasan/report.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 763de8e68887..ec018f849992 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -213,8 +213,8 @@ static inline struct page *addr_to_page(const void *add= r) return NULL; } =20 -static void describe_object_addr(struct kmem_cache *cache, void *object, - const void *addr) +static void describe_object_addr(const void *addr, struct kmem_cache *cach= e, + void *object) { unsigned long access_addr =3D (unsigned long)addr; unsigned long object_addr =3D (unsigned long)object; @@ -242,33 +242,32 @@ static void describe_object_addr(struct kmem_cache *c= ache, void *object, (void *)(object_addr + cache->object_size)); } =20 -static void describe_object_stacks(struct kmem_cache *cache, void *object, - const void *addr, u8 tag) +static void describe_object_stacks(u8 tag, struct kasan_report_info *info) { struct kasan_track *alloc_track; struct kasan_track *free_track; =20 - alloc_track =3D kasan_get_alloc_track(cache, object); + alloc_track =3D kasan_get_alloc_track(info->cache, info->object); if (alloc_track) { print_track(alloc_track, "Allocated"); pr_err("\n"); } =20 - free_track =3D kasan_get_free_track(cache, object, tag); + free_track =3D kasan_get_free_track(info->cache, info->object, tag); if (free_track) { print_track(free_track, "Freed"); pr_err("\n"); } =20 - kasan_print_aux_stacks(cache, object); + kasan_print_aux_stacks(info->cache, info->object); } =20 -static void describe_object(struct kmem_cache *cache, void *object, - const void *addr, u8 tag) +static void describe_object(const void *addr, u8 tag, + struct kasan_report_info *info) { if (kasan_stack_collection_enabled()) - describe_object_stacks(cache, object, addr, tag); - describe_object_addr(cache, object, addr); + describe_object_stacks(tag, info); + describe_object_addr(addr, info->cache, info->object); } =20 static inline bool kernel_or_module_addr(const void *addr) @@ -296,7 +295,7 @@ static void print_address_description(void *addr, u8 ta= g, pr_err("\n"); =20 if (info->cache && info->object) { - describe_object(info->cache, info->object, addr, tag); + describe_object(addr, tag, info); pr_err("\n"); } =20 --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9757C433EF for ; Tue, 19 Jul 2022 00:15:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236699AbiGSAO7 (ORCPT ); Mon, 18 Jul 2022 20:14:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236654AbiGSAOp (ORCPT ); Mon, 18 Jul 2022 20:14:45 -0400 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14804D90 for ; Mon, 18 Jul 2022 17:14:44 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189682; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vzRea5hvMdoTmboaBEtojUXPva3xnD8ejz88W9zk+eA=; b=EezPcQcjOnb8LShVXYeOCXniOrP6LfsuhlhgoCsvOh4F7mB/F+9cW50NaKxTe+Guw6aGF9 0FfB2rXhmwFFVz+XyqhxjB59f+vjANYHx8yulahoRXA4Z3vwmxQNacV2SKFIe8yJ5lfMVV /5VXf4enUNWFdFtZNohTykU7ZBO+DXQ= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 29/33] kasan: introduce kasan_complete_mode_report_info Date: Tue, 19 Jul 2022 02:10:09 +0200 Message-Id: <5f6e8cdf1a25410d2da1ae74ec45d8a17a611c46.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add bug_type and alloc/free_track fields to kasan_report_info and add a kasan_complete_mode_report_info() function that fills in these fields. This function is implemented differently for different KASAN mode. Change the reporting code to use the filled in fields instead of invoking kasan_get_bug_type() and kasan_get_alloc/free_track(). For the Generic mode, kasan_complete_mode_report_info() invokes these functions instead. For the tag-based modes, only the bug_type field is filled in; alloc/free_track are handled in the next patch. Using a single function that fills in these fields is required for the tag-based modes, as the values for all three fields are determined in a single procedure implemented in the following patch. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 33 +++++++++++++++++---------------- mm/kasan/report.c | 30 ++++++++++++++---------------- mm/kasan/report_generic.c | 32 +++++++++++++++++--------------- mm/kasan/report_tags.c | 13 +++---------- 4 files changed, 51 insertions(+), 57 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index b8fa1e50f3d4..7df107dc400a 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -146,6 +146,13 @@ static inline bool kasan_requires_meta(void) #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW * KASAN_GRANULE_SIZE) #define META_ROWS_AROUND_ADDR 2 =20 +#define KASAN_STACK_DEPTH 64 + +struct kasan_track { + u32 pid; + depot_stack_handle_t stack; +}; + enum kasan_report_type { KASAN_REPORT_ACCESS, KASAN_REPORT_INVALID_FREE, @@ -164,6 +171,11 @@ struct kasan_report_info { void *first_bad_addr; struct kmem_cache *cache; void *object; + + /* Filled in by the mode-specific reporting code. */ + const char *bug_type; + struct kasan_track alloc_track; + struct kasan_track free_track; }; =20 /* Do not change the struct layout: compiler ABI. */ @@ -189,14 +201,7 @@ struct kasan_global { #endif }; =20 -/* Structures for keeping alloc and free tracks. */ - -#define KASAN_STACK_DEPTH 64 - -struct kasan_track { - u32 pid; - depot_stack_handle_t stack; -}; +/* Structures for keeping alloc and free meta. */ =20 #ifdef CONFIG_KASAN_GENERIC =20 @@ -270,16 +275,16 @@ static inline bool addr_has_metadata(const void *addr) =20 #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ =20 +void *kasan_find_first_bad_addr(void *addr, size_t size); +void kasan_complete_mode_report_info(struct kasan_report_info *info); +void kasan_metadata_fetch_row(char *buffer, void *row); + #if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS) void kasan_print_tags(u8 addr_tag, const void *addr); #else static inline void kasan_print_tags(u8 addr_tag, const void *addr) { } #endif =20 -void *kasan_find_first_bad_addr(void *addr, size_t size); -const char *kasan_get_bug_type(struct kasan_report_info *info); -void kasan_metadata_fetch_row(char *buffer, void *row); - #if defined(CONFIG_KASAN_STACK) void kasan_print_address_stack_frame(const void *addr); #else @@ -314,10 +319,6 @@ depot_stack_handle_t kasan_save_stack(gfp_t flags, boo= l can_alloc); void kasan_set_track(struct kasan_track *track, gfp_t flags); void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags); void kasan_save_free_info(struct kmem_cache *cache, void *object); -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object); -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag); =20 #if defined(CONFIG_KASAN_GENERIC) && \ (defined(CONFIG_SLAB) || defined(CONFIG_SLUB)) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index ec018f849992..39e8e5a80b82 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -185,8 +185,7 @@ static void print_error_description(struct kasan_report= _info *info) return; } =20 - pr_err("BUG: KASAN: %s in %pS\n", - kasan_get_bug_type(info), (void *)info->ip); + pr_err("BUG: KASAN: %s in %pS\n", info->bug_type, (void *)info->ip); if (info->access_size) pr_err("%s of size %zu at addr %px by task %s/%d\n", info->is_write ? "Write" : "Read", info->access_size, @@ -242,31 +241,25 @@ static void describe_object_addr(const void *addr, st= ruct kmem_cache *cache, (void *)(object_addr + cache->object_size)); } =20 -static void describe_object_stacks(u8 tag, struct kasan_report_info *info) +static void describe_object_stacks(struct kasan_report_info *info) { - struct kasan_track *alloc_track; - struct kasan_track *free_track; - - alloc_track =3D kasan_get_alloc_track(info->cache, info->object); - if (alloc_track) { - print_track(alloc_track, "Allocated"); + if (info->alloc_track.stack) { + print_track(&info->alloc_track, "Allocated"); pr_err("\n"); } =20 - free_track =3D kasan_get_free_track(info->cache, info->object, tag); - if (free_track) { - print_track(free_track, "Freed"); + if (info->free_track.stack) { + print_track(&info->free_track, "Freed"); pr_err("\n"); } =20 kasan_print_aux_stacks(info->cache, info->object); } =20 -static void describe_object(const void *addr, u8 tag, - struct kasan_report_info *info) +static void describe_object(const void *addr, struct kasan_report_info *in= fo) { if (kasan_stack_collection_enabled()) - describe_object_stacks(tag, info); + describe_object_stacks(info); describe_object_addr(addr, info->cache, info->object); } =20 @@ -295,7 +288,7 @@ static void print_address_description(void *addr, u8 ta= g, pr_err("\n"); =20 if (info->cache && info->object) { - describe_object(addr, tag, info); + describe_object(addr, info); pr_err("\n"); } =20 @@ -426,6 +419,9 @@ static void complete_report_info(struct kasan_report_in= fo *info) info->object =3D nearest_obj(info->cache, slab, addr); } else info->cache =3D info->object =3D NULL; + + /* Fill in mode-specific report info fields. */ + kasan_complete_mode_report_info(info); } =20 void kasan_report_invalid_free(void *ptr, unsigned long ip, enum kasan_rep= ort_type type) @@ -443,6 +439,7 @@ void kasan_report_invalid_free(void *ptr, unsigned long= ip, enum kasan_report_ty =20 start_report(&flags, true); =20 + memset(&info, 0, sizeof(info)); info.type =3D type; info.access_addr =3D ptr; info.access_size =3D 0; @@ -477,6 +474,7 @@ bool kasan_report(unsigned long addr, size_t size, bool= is_write, =20 start_report(&irq_flags, true); =20 + memset(&info, 0, sizeof(info)); info.type =3D KASAN_REPORT_ACCESS; info.access_addr =3D ptr; info.access_size =3D size; diff --git a/mm/kasan/report_generic.c b/mm/kasan/report_generic.c index 74d21786ef09..087c1d8c8145 100644 --- a/mm/kasan/report_generic.c +++ b/mm/kasan/report_generic.c @@ -109,7 +109,7 @@ static const char *get_wild_bug_type(struct kasan_repor= t_info *info) return bug_type; } =20 -const char *kasan_get_bug_type(struct kasan_report_info *info) +static const char *get_bug_type(struct kasan_report_info *info) { /* * If access_size is a negative number, then it has reason to be @@ -127,25 +127,27 @@ const char *kasan_get_bug_type(struct kasan_report_in= fo *info) return get_wild_bug_type(info); } =20 -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) +void kasan_complete_mode_report_info(struct kasan_report_info *info) { struct kasan_alloc_meta *alloc_meta; + struct kasan_free_meta *free_meta; =20 - alloc_meta =3D kasan_get_alloc_meta(cache, object); - if (!alloc_meta) - return NULL; + info->bug_type =3D get_bug_type(info); =20 - return &alloc_meta->alloc_track; -} + if (!info->cache || !info->object) + return; =20 -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - if (*(u8 *)kasan_mem_to_shadow(object) !=3D KASAN_SLAB_FREETRACK) - return NULL; - /* Free meta must be present with KASAN_SLAB_FREETRACK. */ - return &kasan_get_free_meta(cache, object)->free_track; + alloc_meta =3D kasan_get_alloc_meta(info->cache, info->object); + if (alloc_meta) + memcpy(&info->alloc_track, &alloc_meta->alloc_track, + sizeof(info->alloc_track)); + + if (*(u8 *)kasan_mem_to_shadow(info->object) =3D=3D KASAN_SLAB_FREETRACK)= { + /* Free meta must be present with KASAN_SLAB_FREETRACK. */ + free_meta =3D kasan_get_free_meta(info->cache, info->object); + memcpy(&info->free_track, &free_meta->free_track, + sizeof(info->free_track)); + } } =20 void kasan_metadata_fetch_row(char *buffer, void *row) diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 79b6497d8a81..5cbac2cdb177 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -6,7 +6,7 @@ =20 #include "kasan.h" =20 -const char *kasan_get_bug_type(struct kasan_report_info *info) +static const char *get_bug_type(struct kasan_report_info *info) { /* * If access_size is a negative number, then it has reason to be @@ -22,14 +22,7 @@ const char *kasan_get_bug_type(struct kasan_report_info = *info) return "invalid-access"; } =20 -struct kasan_track *kasan_get_alloc_track(struct kmem_cache *cache, - void *object) +void kasan_complete_mode_report_info(struct kasan_report_info *info) { - return NULL; -} - -struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, - void *object, u8 tag) -{ - return NULL; + info->bug_type =3D get_bug_type(info); } --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32BFCC433EF for ; Tue, 19 Jul 2022 00:15:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236688AbiGSAPu (ORCPT ); Mon, 18 Jul 2022 20:15:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236719AbiGSAPr (ORCPT ); Mon, 18 Jul 2022 20:15:47 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37470357FC for ; Mon, 18 Jul 2022 17:15:45 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189743; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WzZKkdAFPRpFrhztX0frHyUgTspT1AIBFjL43I0Kz2k=; b=iQMr4m8kN9B8J8NXDGuCjhWN8dwRkBDIoFyjAj3tDGkb+9onGD9k1k4oZzd66ioA8BCupJ nfKwN/e7p2UKCZOJtAU/XzVNnnjIQbOzWN9kE3pjNkwtmDPSHwt6Lq2kxKkyFB0jYzH6G/ 5h9VdwQMzJf2CMBH+3NY+AZxNRIEopU= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 30/33] kasan: implement stack ring for tag-based modes Date: Tue, 19 Jul 2022 02:10:10 +0200 Message-Id: <0e910197bfbcf505122f6dae2ee9b90ff8ee31f7.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Implement storing stack depot handles for alloc/free stack traces for slab objects for the tag-based KASAN modes in a ring buffer. This ring buffer is referred to as the stack ring. On each alloc/free of a slab object, the tagged address of the object and the current stack trace are recorded in the stack ring. On each bug report, if the accessed address belongs to a slab object, the stack ring is scanned for matching entries. The newest entries are used to print the alloc/free stack traces in the report: one entry for alloc and one for free. The number of entries in the stack ring is fixed in this patch, but one of the following patches adds a command-line argument to control it. Signed-off-by: Andrey Konovalov --- Changes v1->v2: - Only use the atomic type for pos, use READ/WRITE_ONCE() for the rest. - Rename KASAN_STACK_RING_ENTRIES to KASAN_STACK_RING_SIZE. - Rename object local variable in kasan_complete_mode_report_info() to ptr to match the name in kasan_stack_ring_entry. - Detect stack ring entry slots that are being written to. - Use read-write lock to disallow reading half-written stack ring entries. - Add a comment about the stack ring being best-effort. --- mm/kasan/kasan.h | 21 ++++++++++++ mm/kasan/report_tags.c | 76 ++++++++++++++++++++++++++++++++++++++++++ mm/kasan/tags.c | 50 +++++++++++++++++++++++++++ 3 files changed, 147 insertions(+) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 7df107dc400a..cfff81139d67 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -2,6 +2,7 @@ #ifndef __MM_KASAN_KASAN_H #define __MM_KASAN_KASAN_H =20 +#include #include #include #include @@ -233,6 +234,26 @@ struct kasan_free_meta { =20 #endif /* CONFIG_KASAN_GENERIC */ =20 +#if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS) + +struct kasan_stack_ring_entry { + void *ptr; + size_t size; + u32 pid; + depot_stack_handle_t stack; + bool is_free; +}; + +#define KASAN_STACK_RING_SIZE (32 << 10) + +struct kasan_stack_ring { + rwlock_t lock; + atomic64_t pos; + struct kasan_stack_ring_entry entries[KASAN_STACK_RING_SIZE]; +}; + +#endif /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ + #if IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) /* Used in KUnit-compatible KASAN tests. */ struct kunit_kasan_status { diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 5cbac2cdb177..a996489e6dac 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -4,8 +4,12 @@ * Copyright (c) 2020 Google, Inc. */ =20 +#include + #include "kasan.h" =20 +extern struct kasan_stack_ring stack_ring; + static const char *get_bug_type(struct kasan_report_info *info) { /* @@ -24,5 +28,77 @@ static const char *get_bug_type(struct kasan_report_info= *info) =20 void kasan_complete_mode_report_info(struct kasan_report_info *info) { + unsigned long flags; + u64 pos; + struct kasan_stack_ring_entry *entry; + void *ptr; + u32 pid; + depot_stack_handle_t stack; + bool is_free; + bool alloc_found =3D false, free_found =3D false; + info->bug_type =3D get_bug_type(info); + + if (!info->cache || !info->object) + return; + } + + write_lock_irqsave(&stack_ring.lock, flags); + + pos =3D atomic64_read(&stack_ring.pos); + + /* + * The loop below tries to find stack ring entries relevant to the + * buggy object. This is a best-effort process. + * + * First, another object with the same tag can be allocated in place of + * the buggy object. Also, since the number of entries is limited, the + * entries relevant to the buggy object can be overwritten. + */ + + for (u64 i =3D pos - 1; i !=3D pos - 1 - KASAN_STACK_RING_SIZE; i--) { + if (alloc_found && free_found) + break; + + entry =3D &stack_ring.entries[i % KASAN_STACK_RING_SIZE]; + + /* Paired with smp_store_release() in save_stack_info(). */ + ptr =3D (void *)smp_load_acquire(&entry->ptr); + + if (kasan_reset_tag(ptr) !=3D info->object || + get_tag(ptr) !=3D get_tag(info->access_addr)) + continue; + + pid =3D READ_ONCE(entry->pid); + stack =3D READ_ONCE(entry->stack); + is_free =3D READ_ONCE(entry->is_free); + + /* Try detecting if the entry was changed while being read. */ + smp_mb(); + if (ptr !=3D (void *)READ_ONCE(entry->ptr)) + continue; + + if (is_free) { + /* + * Second free of the same object. + * Give up on trying to find the alloc entry. + */ + if (free_found) + break; + + info->free_track.pid =3D pid; + info->free_track.stack =3D stack; + free_found =3D true; + } else { + /* Second alloc of the same object. Give up. */ + if (alloc_found) + break; + + info->alloc_track.pid =3D pid; + info->alloc_track.stack =3D stack; + alloc_found =3D true; + } + } + + write_unlock_irqrestore(&stack_ring.lock, flags); } diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 39a0481e5228..07828021c1f5 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -6,6 +6,7 @@ * Copyright (c) 2020 Google, Inc. */ =20 +#include #include #include #include @@ -16,11 +17,60 @@ #include =20 #include "kasan.h" +#include "../slab.h" + +/* Non-zero, as initial pointer values are 0. */ +#define STACK_RING_BUSY_PTR ((void *)1) + +struct kasan_stack_ring stack_ring; + +static void save_stack_info(struct kmem_cache *cache, void *object, + gfp_t gfp_flags, bool is_free) +{ + unsigned long flags; + depot_stack_handle_t stack; + u64 pos; + struct kasan_stack_ring_entry *entry; + void *old_ptr; + + stack =3D kasan_save_stack(gfp_flags, true); + + /* + * Prevent save_stack_info() from modifying stack ring + * when kasan_complete_mode_report_info() is walking it. + */ + read_lock_irqsave(&stack_ring.lock, flags); + +next: + pos =3D atomic64_fetch_add(1, &stack_ring.pos); + entry =3D &stack_ring.entries[pos % KASAN_STACK_RING_SIZE]; + + /* Detect stack ring entry slots that are being written to. */ + old_ptr =3D READ_ONCE(entry->ptr); + if (old_ptr =3D=3D STACK_RING_BUSY_PTR) + goto next; /* Busy slot. */ + if (!try_cmpxchg(&entry->ptr, &old_ptr, STACK_RING_BUSY_PTR)) + goto next; /* Busy slot. */ + + WRITE_ONCE(entry->size, cache->object_size); + WRITE_ONCE(entry->pid, current->pid); + WRITE_ONCE(entry->stack, stack); + WRITE_ONCE(entry->is_free, is_free); + + /* + * Paired with smp_load_acquire() in kasan_complete_mode_report_info(). + */ + smp_store_release(&entry->ptr, (s64)object); + + read_unlock_irqrestore(&stack_ring.lock, flags); +} =20 void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t f= lags) { + save_stack_info(cache, object, flags, false); } =20 void kasan_save_free_info(struct kmem_cache *cache, void *object) { + save_stack_info(cache, object, GFP_NOWAIT, true); } --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28018C433EF for ; Tue, 19 Jul 2022 00:15:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236724AbiGSAPx (ORCPT ); Mon, 18 Jul 2022 20:15:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53716 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236720AbiGSAPr (ORCPT ); Mon, 18 Jul 2022 20:15:47 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 057A8DF6 for ; Mon, 18 Jul 2022 17:15:46 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189744; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nn1wRmXGNlycId97pMK2GGK/DQj9IfbkBYQ3B2Fk9HA=; b=AgpB1/AhUXouCU+9FWLxvR4qtROoWxjrIHFdJKXGRu5em1LE96vrsCj2F2+4JgIo1ZW/sg XSkCQ9Sc9PllQYVWN70e9jiZkYNC6V010cVyrwjLbYZa3GySFFCPbvKl1VBTMze09zUfse 7dOPakya88V93QnjdezPKJQdUYZwwkY= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 31/33] kasan: support kasan.stacktrace for SW_TAGS Date: Tue, 19 Jul 2022 02:10:11 +0200 Message-Id: <8db2d46b0e2c54aa7eaade18e39f68c0d9d09945.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Add support for the kasan.stacktrace command-line argument for Software Tag-Based KASAN. The following patch adds a command-line argument for selecting the stack ring size, and, as the stack ring is supported by both the Software and the Hardware Tag-Based KASAN modes, it is natural that both of them have support for kasan.stacktrace too. Signed-off-by: Andrey Konovalov --- Changes v1->v2: - This is a new patch. --- Documentation/dev-tools/kasan.rst | 15 ++++++----- mm/kasan/hw_tags.c | 39 +--------------------------- mm/kasan/kasan.h | 36 +++++++++++++++++--------- mm/kasan/sw_tags.c | 5 +++- mm/kasan/tags.c | 43 +++++++++++++++++++++++++++++++ 5 files changed, 81 insertions(+), 57 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/ka= san.rst index 1772fd457fed..7bd38c181018 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -111,9 +111,15 @@ parameter can be used to control panic and reporting b= ehaviour: report or also panic the kernel (default: ``report``). The panic happens= even if ``kasan_multi_shot`` is enabled. =20 -Hardware Tag-Based KASAN mode (see the section about various modes below) = is -intended for use in production as a security mitigation. Therefore, it sup= ports -additional boot parameters that allow disabling KASAN or controlling featu= res: +Software and Hardware Tag-Based KASAN modes (see the section about various +modes below) support disabling stack trace collection: + +- ``kasan.stacktrace=3Doff`` or ``=3Don`` disables or enables alloc and fr= ee stack + traces collection (default: ``on``). + +Hardware Tag-Based KASAN mode is intended for use in production as a secur= ity +mitigation. Therefore, it supports additional boot parameters that allow +disabling KASAN altogether or controlling its features: =20 - ``kasan=3Doff`` or ``=3Don`` controls whether KASAN is enabled (default:= ``on``). =20 @@ -132,9 +138,6 @@ additional boot parameters that allow disabling KASAN o= r controlling features: - ``kasan.vmalloc=3Doff`` or ``=3Don`` disables or enables tagging of vmal= loc allocations (default: ``on``). =20 -- ``kasan.stacktrace=3Doff`` or ``=3Don`` disables or enables alloc and fr= ee stack - traces collection (default: ``on``). - Error reports ~~~~~~~~~~~~~ =20 diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 9ad8eff71b28..b22c4f461cb0 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -38,16 +38,9 @@ enum kasan_arg_vmalloc { KASAN_ARG_VMALLOC_ON, }; =20 -enum kasan_arg_stacktrace { - KASAN_ARG_STACKTRACE_DEFAULT, - KASAN_ARG_STACKTRACE_OFF, - KASAN_ARG_STACKTRACE_ON, -}; - static enum kasan_arg kasan_arg __ro_after_init; static enum kasan_arg_mode kasan_arg_mode __ro_after_init; static enum kasan_arg_vmalloc kasan_arg_vmalloc __initdata; -static enum kasan_arg_stacktrace kasan_arg_stacktrace __initdata; =20 /* * Whether KASAN is enabled at all. @@ -66,9 +59,6 @@ EXPORT_SYMBOL_GPL(kasan_mode); /* Whether to enable vmalloc tagging. */ DEFINE_STATIC_KEY_TRUE(kasan_flag_vmalloc); =20 -/* Whether to collect alloc/free stack traces. */ -DEFINE_STATIC_KEY_TRUE(kasan_flag_stacktrace); - /* kasan=3Doff/on */ static int __init early_kasan_flag(char *arg) { @@ -122,23 +112,6 @@ static int __init early_kasan_flag_vmalloc(char *arg) } early_param("kasan.vmalloc", early_kasan_flag_vmalloc); =20 -/* kasan.stacktrace=3Doff/on */ -static int __init early_kasan_flag_stacktrace(char *arg) -{ - if (!arg) - return -EINVAL; - - if (!strcmp(arg, "off")) - kasan_arg_stacktrace =3D KASAN_ARG_STACKTRACE_OFF; - else if (!strcmp(arg, "on")) - kasan_arg_stacktrace =3D KASAN_ARG_STACKTRACE_ON; - else - return -EINVAL; - - return 0; -} -early_param("kasan.stacktrace", early_kasan_flag_stacktrace); - static inline const char *kasan_mode_info(void) { if (kasan_mode =3D=3D KASAN_MODE_ASYNC) @@ -213,17 +186,7 @@ void __init kasan_init_hw_tags(void) break; } =20 - switch (kasan_arg_stacktrace) { - case KASAN_ARG_STACKTRACE_DEFAULT: - /* Default is specified by kasan_flag_stacktrace definition. */ - break; - case KASAN_ARG_STACKTRACE_OFF: - static_branch_disable(&kasan_flag_stacktrace); - break; - case KASAN_ARG_STACKTRACE_ON: - static_branch_enable(&kasan_flag_stacktrace); - break; - } + kasan_init_tags(); =20 /* KASAN is now initialized, enable it. */ static_branch_enable(&kasan_flag_enabled); diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index cfff81139d67..447baf1a7a2e 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -8,13 +8,31 @@ #include #include =20 -#ifdef CONFIG_KASAN_HW_TAGS +#if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS) =20 #include + +DECLARE_STATIC_KEY_TRUE(kasan_flag_stacktrace); + +static inline bool kasan_stack_collection_enabled(void) +{ + return static_branch_unlikely(&kasan_flag_stacktrace); +} + +#else /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ + +static inline bool kasan_stack_collection_enabled(void) +{ + return true; +} + +#endif /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ + +#ifdef CONFIG_KASAN_HW_TAGS + #include "../slab.h" =20 DECLARE_STATIC_KEY_TRUE(kasan_flag_vmalloc); -DECLARE_STATIC_KEY_TRUE(kasan_flag_stacktrace); =20 enum kasan_mode { KASAN_MODE_SYNC, @@ -29,11 +47,6 @@ static inline bool kasan_vmalloc_enabled(void) return static_branch_likely(&kasan_flag_vmalloc); } =20 -static inline bool kasan_stack_collection_enabled(void) -{ - return static_branch_unlikely(&kasan_flag_stacktrace); -} - static inline bool kasan_async_fault_possible(void) { return kasan_mode =3D=3D KASAN_MODE_ASYNC || kasan_mode =3D=3D KASAN_MODE= _ASYMM; @@ -46,11 +59,6 @@ static inline bool kasan_sync_fault_possible(void) =20 #else /* CONFIG_KASAN_HW_TAGS */ =20 -static inline bool kasan_stack_collection_enabled(void) -{ - return true; -} - static inline bool kasan_async_fault_possible(void) { return false; @@ -410,6 +418,10 @@ static inline void kasan_enable_tagging(void) { } =20 #endif /* CONFIG_KASAN_HW_TAGS */ =20 +#if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS) +void __init kasan_init_tags(void); +#endif /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ + #if defined(CONFIG_KASAN_HW_TAGS) && IS_ENABLED(CONFIG_KASAN_KUNIT_TEST) =20 void kasan_force_async_fault(void); diff --git a/mm/kasan/sw_tags.c b/mm/kasan/sw_tags.c index 77f13f391b57..a3afaf2ad1b1 100644 --- a/mm/kasan/sw_tags.c +++ b/mm/kasan/sw_tags.c @@ -42,7 +42,10 @@ void __init kasan_init_sw_tags(void) for_each_possible_cpu(cpu) per_cpu(prng_state, cpu) =3D (u32)get_cycles(); =20 - pr_info("KernelAddressSanitizer initialized (sw-tags)\n"); + kasan_init_tags(); + + pr_info("KernelAddressSanitizer initialized (sw-tags, stacktrace=3D%s)\n", + kasan_stack_collection_enabled() ? "on" : "off"); } =20 /* diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 07828021c1f5..0eb6cf6717db 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -19,11 +19,54 @@ #include "kasan.h" #include "../slab.h" =20 +enum kasan_arg_stacktrace { + KASAN_ARG_STACKTRACE_DEFAULT, + KASAN_ARG_STACKTRACE_OFF, + KASAN_ARG_STACKTRACE_ON, +}; + +static enum kasan_arg_stacktrace kasan_arg_stacktrace __initdata; + +/* Whether to collect alloc/free stack traces. */ +DEFINE_STATIC_KEY_TRUE(kasan_flag_stacktrace); + /* Non-zero, as initial pointer values are 0. */ #define STACK_RING_BUSY_PTR ((void *)1) =20 struct kasan_stack_ring stack_ring; =20 +/* kasan.stacktrace=3Doff/on */ +static int __init early_kasan_flag_stacktrace(char *arg) +{ + if (!arg) + return -EINVAL; + + if (!strcmp(arg, "off")) + kasan_arg_stacktrace =3D KASAN_ARG_STACKTRACE_OFF; + else if (!strcmp(arg, "on")) + kasan_arg_stacktrace =3D KASAN_ARG_STACKTRACE_ON; + else + return -EINVAL; + + return 0; +} +early_param("kasan.stacktrace", early_kasan_flag_stacktrace); + +void __init kasan_init_tags(void) +{ + switch (kasan_arg_stacktrace) { + case KASAN_ARG_STACKTRACE_DEFAULT: + /* Default is specified by kasan_flag_stacktrace definition. */ + break; + case KASAN_ARG_STACKTRACE_OFF: + static_branch_disable(&kasan_flag_stacktrace); + break; + case KASAN_ARG_STACKTRACE_ON: + static_branch_enable(&kasan_flag_stacktrace); + break; + } +} + static void save_stack_info(struct kmem_cache *cache, void *object, gfp_t gfp_flags, bool is_free) { --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89FADC433EF for ; Tue, 19 Jul 2022 00:15:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236735AbiGSAPz (ORCPT ); Mon, 18 Jul 2022 20:15:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236721AbiGSAPr (ORCPT ); Mon, 18 Jul 2022 20:15:47 -0400 Received: from out0.migadu.com (out0.migadu.com [IPv6:2001:41d0:2:267::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79C6E37FB8 for ; Mon, 18 Jul 2022 17:15:46 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dEFlK3m+j6HFWp7YvmqmB+B3IIIjJFQIUVXb6/Nzt7c=; b=CZ9H9Xz4JbHfmsg8eEGwUg6SGpvSNwc80fna4TaZB32kOnyhSydBTAU55KWA/7nsU0Yt7T Ex2zNjdKIv8Qga4GTTmuTplYiC2D1x20y/fwH3BzvMER/NsIYiWnCzyuEFWp8B7Ibc52cO UrYoPoUHwTa46NNY73M1L8U7VWoSdJo= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 32/33] kasan: dynamically allocate stack ring entries Date: Tue, 19 Jul 2022 02:10:12 +0200 Message-Id: <4db564768f1cb900b9687849a062156b470eb902.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Instead of using a large static array, allocate the stack ring dynamically via memblock_alloc(). The size of the stack ring is controlled by a new kasan.stack_ring_size command-line parameter. When kasan.stack_ring_size is not provided, the default value of 32 << 10 is used. When the stack trace collection is disabled via kasan.stacktrace=3Doff, the stack ring is not allocated. Signed-off-by: Andrey Konovalov --- Changes v1->v2: - This is a new patch. --- mm/kasan/kasan.h | 5 +++-- mm/kasan/report_tags.c | 4 ++-- mm/kasan/tags.c | 22 +++++++++++++++++++++- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 447baf1a7a2e..4afe4db751da 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -252,12 +252,13 @@ struct kasan_stack_ring_entry { bool is_free; }; =20 -#define KASAN_STACK_RING_SIZE (32 << 10) +#define KASAN_STACK_RING_SIZE_DEFAULT (32 << 10) =20 struct kasan_stack_ring { rwlock_t lock; + size_t size; atomic64_t pos; - struct kasan_stack_ring_entry entries[KASAN_STACK_RING_SIZE]; + struct kasan_stack_ring_entry *entries; }; =20 #endif /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index a996489e6dac..7e267e69ce19 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -56,11 +56,11 @@ void kasan_complete_mode_report_info(struct kasan_repor= t_info *info) * entries relevant to the buggy object can be overwritten. */ =20 - for (u64 i =3D pos - 1; i !=3D pos - 1 - KASAN_STACK_RING_SIZE; i--) { + for (u64 i =3D pos - 1; i !=3D pos - 1 - stack_ring.size; i--) { if (alloc_found && free_found) break; =20 - entry =3D &stack_ring.entries[i % KASAN_STACK_RING_SIZE]; + entry =3D &stack_ring.entries[i % stack_ring.size]; =20 /* Paired with smp_store_release() in save_stack_info(). */ ptr =3D (void *)smp_load_acquire(&entry->ptr); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 0eb6cf6717db..fd8c5f919156 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -52,6 +53,16 @@ static int __init early_kasan_flag_stacktrace(char *arg) } early_param("kasan.stacktrace", early_kasan_flag_stacktrace); =20 +/* kasan.stack_ring_size=3D32768 */ +static int __init early_kasan_flag_stack_ring_size(char *arg) +{ + if (!arg) + return -EINVAL; + + return kstrtoul(arg, 0, &stack_ring.size); +} +early_param("kasan.stack_ring_size", early_kasan_flag_stack_ring_size); + void __init kasan_init_tags(void) { switch (kasan_arg_stacktrace) { @@ -65,6 +76,15 @@ void __init kasan_init_tags(void) static_branch_enable(&kasan_flag_stacktrace); break; } + + if (kasan_stack_collection_enabled()) { + if (!stack_ring.size) + stack_ring.size =3D KASAN_STACK_RING_SIZE_DEFAULT; + stack_ring.entries =3D memblock_alloc( + sizeof(stack_ring.entries[0]) * + stack_ring.size, + SMP_CACHE_BYTES); + } } =20 static void save_stack_info(struct kmem_cache *cache, void *object, @@ -86,7 +106,7 @@ static void save_stack_info(struct kmem_cache *cache, vo= id *object, =20 next: pos =3D atomic64_fetch_add(1, &stack_ring.pos); - entry =3D &stack_ring.entries[pos % KASAN_STACK_RING_SIZE]; + entry =3D &stack_ring.entries[pos % stack_ring.size]; =20 /* Detect stack ring entry slots that are being written to. */ old_ptr =3D READ_ONCE(entry->ptr); --=20 2.25.1 From nobody Sat Apr 18 04:19:45 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6357C433EF for ; Tue, 19 Jul 2022 00:15:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236742AbiGSAP5 (ORCPT ); Mon, 18 Jul 2022 20:15:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236528AbiGSAPr (ORCPT ); Mon, 18 Jul 2022 20:15:47 -0400 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32293248C2 for ; Mon, 18 Jul 2022 17:15:47 -0700 (PDT) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1658189745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QKjK8ZCYDbi7wJ5mRNldR0JmUEuXPl5aWvMQPqK0SzM=; b=NNYTqznYpLLilH6ADHz0XOEI/TSKbuz5CFblIRw1Zi+58+ebbNbin+GL4BY3SVKAONjWwn NGYKTUzzHGr3BJjYaa2hulM9wY5VbQ0zWFYkEsyvidYkxNfAInAxsW6zOEwZaNwV6Iti0J HDjcJ69PTDs68eHarA3zEtEFWuyV6PM= From: andrey.konovalov@linux.dev To: Marco Elver , Alexander Potapenko Cc: Andrey Konovalov , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Peter Collingbourne , Evgenii Stepanov , Florian Mayer , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm v2 33/33] kasan: better identify bug types for tag-based modes Date: Tue, 19 Jul 2022 02:10:13 +0200 Message-Id: <355b5734d7f70a70c87ded21b3c4267e1c401b10.1658189199.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Identify the bug type for the tag-based modes based on the stack trace entries found in the stack ring. If a free entry is found first (meaning that it was added last), mark the bug as use-after-free. If an alloc entry is found first, mark the bug as slab-out-of-bounds. Otherwise, assign the common bug type. This change returns the functionalify of the previously dropped CONFIG_KASAN_TAGS_IDENTIFY. Signed-off-by: Andrey Konovalov --- mm/kasan/report_tags.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/mm/kasan/report_tags.c b/mm/kasan/report_tags.c index 7e267e69ce19..cedcdc5890bc 100644 --- a/mm/kasan/report_tags.c +++ b/mm/kasan/report_tags.c @@ -10,7 +10,7 @@ =20 extern struct kasan_stack_ring stack_ring; =20 -static const char *get_bug_type(struct kasan_report_info *info) +static const char *get_common_bug_type(struct kasan_report_info *info) { /* * If access_size is a negative number, then it has reason to be @@ -37,9 +37,8 @@ void kasan_complete_mode_report_info(struct kasan_report_= info *info) bool is_free; bool alloc_found =3D false, free_found =3D false; =20 - info->bug_type =3D get_bug_type(info); - - if (!info->cache || !info->object) + if (!info->cache || !info->object) { + info->bug_type =3D get_common_bug_type(info); return; } =20 @@ -89,6 +88,13 @@ void kasan_complete_mode_report_info(struct kasan_report= _info *info) info->free_track.pid =3D pid; info->free_track.stack =3D stack; free_found =3D true; + + /* + * If a free entry is found first, the bug is likely + * a use-after-free. + */ + if (!info->bug_type) + info->bug_type =3D "use-after-free"; } else { /* Second alloc of the same object. Give up. */ if (alloc_found) @@ -97,8 +103,19 @@ void kasan_complete_mode_report_info(struct kasan_repor= t_info *info) info->alloc_track.pid =3D pid; info->alloc_track.stack =3D stack; alloc_found =3D true; + + /* + * If an alloc entry is found first, the bug is likely + * an out-of-bounds. + */ + if (!info->bug_type) + info->bug_type =3D "slab-out-of-bounds"; } } =20 write_unlock_irqrestore(&stack_ring.lock, flags); + + /* Assign the common bug type if no entries were found. */ + if (!info->bug_type) + info->bug_type =3D get_common_bug_type(info); } --=20 2.25.1