From: andrey.konovalov@linux.dev
To: Marco Elver <elver@google.com>,
Alexander Potapenko <glider@google.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Peter Collingbourne <pcc@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
kasan-dev@googlegroups.com,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
Evgenii Stepanov <eugenis@google.com>,
linux-kernel@vger.kernel.org,
Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH 22/31] kasan, vmalloc: add vmalloc support to SW_TAGS
Date: Tue, 30 Nov 2021 23:07:07 +0100 [thread overview]
Message-ID: <0c479434ed079f9e28fe9552adb709645c9d785c.1638308023.git.andreyknvl@google.com> (raw)
In-Reply-To: <cover.1638308023.git.andreyknvl@google.com>
From: Andrey Konovalov <andreyknvl@google.com>
This patch adds vmalloc tagging support to SW_TAGS KASAN.
The changes include:
- __kasan_unpoison_vmalloc() now assigns a random pointer tag, poisons
the virtual mapping accordingly, and embeds the tag into the returned
pointer.
- __get_vm_area_node() (used by vmalloc() and vmap()) and
pcpu_get_vm_areas() save the tagged pointer into vm_struct->addr
(note: not into vmap_area->addr). This requires putting
kasan_unpoison_vmalloc() after setup_vmalloc_vm[_locked]();
otherwise the latter will overwrite the tagged pointer.
The tagged pointer then is naturally propagateed to vmalloc()
and vmap().
- vm_map_ram() returns the tagged pointer directly.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
include/linux/kasan.h | 17 +++++++++++------
mm/kasan/shadow.c | 6 ++++--
mm/vmalloc.c | 14 ++++++++------
3 files changed, 23 insertions(+), 14 deletions(-)
diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index ad4798e77f60..6a2619759e93 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -423,12 +423,14 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end,
unsigned long free_region_start,
unsigned long free_region_end);
-void __kasan_unpoison_vmalloc(const void *start, unsigned long size);
-static __always_inline void kasan_unpoison_vmalloc(const void *start,
- unsigned long size)
+void * __must_check __kasan_unpoison_vmalloc(const void *start,
+ unsigned long size);
+static __always_inline void * __must_check kasan_unpoison_vmalloc(
+ const void *start, unsigned long size)
{
if (kasan_enabled())
- __kasan_unpoison_vmalloc(start, size);
+ return __kasan_unpoison_vmalloc(start, size);
+ return (void *)start;
}
void __kasan_poison_vmalloc(const void *start, unsigned long size);
@@ -453,8 +455,11 @@ static inline void kasan_release_vmalloc(unsigned long start,
unsigned long free_region_start,
unsigned long free_region_end) { }
-static inline void kasan_unpoison_vmalloc(const void *start, unsigned long size)
-{ }
+static inline void *kasan_unpoison_vmalloc(const void *start,
+ unsigned long size, bool unique)
+{
+ return (void *)start;
+}
static inline void kasan_poison_vmalloc(const void *start, unsigned long size)
{ }
diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c
index fa0c8a750d09..4ca280a96fbc 100644
--- a/mm/kasan/shadow.c
+++ b/mm/kasan/shadow.c
@@ -475,12 +475,14 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end,
}
}
-void __kasan_unpoison_vmalloc(const void *start, unsigned long size)
+void *__kasan_unpoison_vmalloc(const void *start, unsigned long size)
{
if (!is_vmalloc_or_module_addr(start))
- return;
+ return (void *)start;
+ start = set_tag(start, kasan_random_tag());
kasan_unpoison(start, size, false);
+ return (void *)start;
}
/*
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index a059b3100c0a..7be18b292679 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2208,7 +2208,7 @@ void *vm_map_ram(struct page **pages, unsigned int count, int node)
mem = (void *)addr;
}
- kasan_unpoison_vmalloc(mem, size);
+ mem = kasan_unpoison_vmalloc(mem, size);
if (vmap_pages_range(addr, addr + size, PAGE_KERNEL,
pages, PAGE_SHIFT) < 0) {
@@ -2441,10 +2441,10 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
return NULL;
}
- kasan_unpoison_vmalloc((void *)va->va_start, requested_size);
-
setup_vmalloc_vm(area, va, flags, caller);
+ area->addr = kasan_unpoison_vmalloc(area->addr, requested_size);
+
return area;
}
@@ -3752,9 +3752,6 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
for (area = 0; area < nr_vms; area++) {
if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area]))
goto err_free_shadow;
-
- kasan_unpoison_vmalloc((void *)vas[area]->va_start,
- sizes[area]);
}
/* insert all vm's */
@@ -3767,6 +3764,11 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
}
spin_unlock(&vmap_area_lock);
+ /* mark allocated areas as accessible */
+ for (area = 0; area < nr_vms; area++)
+ vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr,
+ vms[area]->size);
+
kfree(vas);
return vms;
--
2.25.1
next prev parent reply other threads:[~2021-11-30 22:11 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-30 21:39 [PATCH 00/31] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS andrey.konovalov
2021-11-30 21:39 ` [PATCH 01/31] kasan, page_alloc: deduplicate should_skip_kasan_poison andrey.konovalov
2021-11-30 21:39 ` [PATCH 02/31] kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages andrey.konovalov
2021-12-02 15:24 ` Alexander Potapenko
2021-11-30 21:39 ` [PATCH 03/31] kasan, page_alloc: merge kasan_free_pages into free_pages_prepare andrey.konovalov
2021-12-02 15:32 ` Alexander Potapenko
2021-11-30 21:39 ` [PATCH 04/31] kasan, page_alloc: simplify kasan_poison_pages call site andrey.konovalov
2021-12-01 14:09 ` Marco Elver
2021-12-06 21:07 ` Andrey Konovalov
2021-11-30 21:39 ` [PATCH 05/31] kasan, page_alloc: init memory of skipped pages on free andrey.konovalov
2021-11-30 21:41 ` [PATCH 06/31] mm: clarify __GFP_ZEROTAGS comment andrey.konovalov
2021-11-30 21:41 ` [PATCH 07/31] kasan: only apply __GFP_ZEROTAGS when memory is zeroed andrey.konovalov
2021-12-02 15:40 ` Alexander Potapenko
2021-11-30 21:41 ` [PATCH 08/31] kasan, page_alloc: refactor init checks in post_alloc_hook andrey.konovalov
2021-12-02 16:13 ` Alexander Potapenko
2021-12-06 21:09 ` Andrey Konovalov
2021-12-16 10:59 ` Alexander Potapenko
2021-11-30 21:42 ` [PATCH 09/31] kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook andrey.konovalov
2021-11-30 21:52 ` [PATCH 10/31] kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook andrey.konovalov
2021-11-30 22:05 ` [PATCH 11/31] kasan, page_alloc: move SetPageSkipKASanPoison " andrey.konovalov
2021-11-30 22:05 ` [PATCH 12/31] kasan, page_alloc: move kernel_init_free_pages " andrey.konovalov
2021-11-30 22:05 ` [PATCH 13/31] kasan, page_alloc: simplify kasan_unpoison_pages call site andrey.konovalov
2021-11-30 22:06 ` [PATCH 14/31] kasan: clean up metadata byte definitions andrey.konovalov
2021-11-30 22:06 ` [PATCH 15/31] kasan: define KASAN_VMALLOC_INVALID for SW_TAGS andrey.konovalov
2021-11-30 22:06 ` [PATCH 16/31] kasan, x86, arm64, s390: rename functions for modules shadow andrey.konovalov
2021-11-30 22:06 ` [PATCH 17/31] kasan, vmalloc: drop outdated VM_KASAN comment andrey.konovalov
2021-11-30 22:07 ` [PATCH 18/31] kasan: reorder vmalloc hooks andrey.konovalov
2021-11-30 22:07 ` [PATCH 19/31] kasan: add wrappers for " andrey.konovalov
2021-11-30 22:07 ` [PATCH 20/31] kasan, vmalloc: reset tags in vmalloc functions andrey.konovalov
2021-12-02 14:17 ` Marco Elver
2021-12-06 21:08 ` Andrey Konovalov
2021-11-30 22:07 ` [PATCH 21/31] kasan, fork: don't tag stacks allocated with vmalloc andrey.konovalov
2021-12-02 14:27 ` Marco Elver
2021-12-06 21:08 ` Andrey Konovalov
2021-11-30 22:07 ` andrey.konovalov [this message]
2021-11-30 22:07 ` [PATCH 23/31] kasan, arm64: allow KASAN_VMALLOC with SW_TAGS andrey.konovalov
2021-12-03 12:37 ` Marco Elver
2021-12-06 21:10 ` Andrey Konovalov
2021-11-30 22:07 ` [PATCH 24/31] kasan, vmalloc, arm64: mark vmalloc mappings as pgprot_tagged andrey.konovalov
2021-12-03 12:42 ` Marco Elver
2021-12-06 21:12 ` Andrey Konovalov
2021-11-30 22:08 ` [PATCH 25/31] kasan, vmalloc: don't unpoison VM_ALLOC pages before mapping andrey.konovalov
2021-11-30 22:08 ` [PATCH 26/31] kasan, page_alloc: allow skipping unpoisoning for HW_TAGS andrey.konovalov
2021-11-30 22:08 ` [PATCH 27/31] kasan, vmalloc: add vmalloc support to HW_TAGS andrey.konovalov
2021-12-03 12:41 ` Marco Elver
2021-12-06 21:12 ` Andrey Konovalov
2021-11-30 22:08 ` [PATCH 28/31] kasan: add kasan.vmalloc command line flag andrey.konovalov
2021-12-03 12:09 ` Marco Elver
2021-12-06 21:09 ` Andrey Konovalov
2021-11-30 22:08 ` [PATCH 29/31] kasan, arm64: allow KASAN_VMALLOC with HW_TAGS andrey.konovalov
2021-12-01 11:35 ` Marco Elver
2021-12-06 21:10 ` Andrey Konovalov
2021-12-03 12:40 ` Marco Elver
2021-12-06 21:10 ` Andrey Konovalov
2021-11-30 22:08 ` [PATCH 30/31] kasan: documentation updates andrey.konovalov
2021-11-30 22:08 ` [PATCH 31/31] kasan: improve vmalloc tests andrey.konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0c479434ed079f9e28fe9552adb709645c9d785c.1638308023.git.andreyknvl@google.com \
--to=andrey.konovalov@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pcc@google.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox