From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84DE0CD68E5 for ; Tue, 10 Oct 2023 02:12:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7DCCD8003A; Mon, 9 Oct 2023 22:12:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 78DD980027; Mon, 9 Oct 2023 22:12:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6A21E8003A; Mon, 9 Oct 2023 22:12:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 5E24280027 for ; Mon, 9 Oct 2023 22:12:29 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 2AC64C0532 for ; Tue, 10 Oct 2023 02:12:29 +0000 (UTC) X-FDA: 81327927618.09.CD42888 Received: from mailgw02.mediatek.com (mailgw02.mediatek.com [216.200.240.185]) by imf13.hostedemail.com (Postfix) with ESMTP id 2BFD720013 for ; Tue, 10 Oct 2023 02:12:25 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=mediatek.com header.s=dk header.b=ZTqiasz2; dmarc=pass (policy=quarantine) header.from=mediatek.com; spf=pass (imf13.hostedemail.com: domain of haibo.li@mediatek.com designates 216.200.240.185 as permitted sender) smtp.mailfrom=haibo.li@mediatek.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696903947; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wu/Ez0DKYV6FvYGCa4Fc/RxN6Eo8oqS6inmrf5HcxU4=; b=sBoWS/3ELStqNle2Y8GdWIs/WMxpKklQCtLE0SOzwuVRoK5PlNVylTp0SHBdv09xDB0JM/ ik+26oSe7qP9iS10wa5HqEVPr4iW53YKiNnlhBkjTh/r+oAJfENYKa5D5sj+aIUgifUvRL Rts0NMmMJnGmszgHIdnpBBz3KiKa1Gs= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=mediatek.com header.s=dk header.b=ZTqiasz2; dmarc=pass (policy=quarantine) header.from=mediatek.com; spf=pass (imf13.hostedemail.com: domain of haibo.li@mediatek.com designates 216.200.240.185 as permitted sender) smtp.mailfrom=haibo.li@mediatek.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696903947; a=rsa-sha256; cv=none; b=rUVe94q1WiJdOXNlRRnruhpYMI9I/uSUuj9uNybrhbydJdOHa3/+0LAPp24IhVJdGV3GmQ 57XKNGWzXgwA5JugNZopGrSRV+qRcX/+RKV+sabwZJwKqyjyIGTcy43wdMO5AG4IXsnTgH 3Eo8fKvcC5/hq1Qvuxigtc48ZNNVL0A= X-UUID: 71bbb52c671211ee86758d4a7c00f3a0-20231009 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:CC:To:From; bh=wu/Ez0DKYV6FvYGCa4Fc/RxN6Eo8oqS6inmrf5HcxU4=; b=ZTqiasz2cbny1AKtvctTnQ943n7Vjymnpn81mBS2ZTBeDiValMXmAbuQfZx3XLC14z2Zf2k8oaTpYX+bd6JZPWz0GwsCGmbORopCF9v5m1RCHcQw0HE2DuOc76DUN4AnVHlUcS2KToAwP14HzndulxemHLINYoEGqZP1H+7beFc=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.32,REQID:3deb680f-8e48-4a32-a700-11253396f5f8,IP:0,U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION: release,TS:0 X-CID-META: VersionHash:5f78ec9,CLOUDID:b0f5bfbf-14cc-44ca-b657-2d2783296e72,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:817|102,TC:nil,Content:0|-5,EDM:-3,I P:nil,URL:11|1,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES :1,SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0 X-CID-BVR: 1,FCT|NGT X-CID-BAS: 1,FCT|NGT,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR,TF_CID_SPAM_ULN X-UUID: 71bbb52c671211ee86758d4a7c00f3a0-20231009 Received: from mtkmbs11n1.mediatek.inc [(172.21.101.185)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 336724300; Mon, 09 Oct 2023 19:12:21 -0700 Received: from mtkmbs11n1.mediatek.inc (172.21.101.185) by mtkmbs11n1.mediatek.inc (172.21.101.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Tue, 10 Oct 2023 09:52:17 +0800 Received: from mszsdtlt102.gcn.mediatek.inc (10.16.4.142) by mtkmbs11n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Tue, 10 Oct 2023 09:52:17 +0800 From: Haibo Li To: CC: , , , , , , , , , , , , , , Subject: Re: [PATCH v2] kasan:print the original fault addr when access invalid shadow Date: Tue, 10 Oct 2023 09:52:16 +0800 Message-ID: <20231010015216.67121-1-haibo.li@mediatek.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20231009170031.a294c11575d5d4941b8596a9@linux-foundation.org> References: <20231009170031.a294c11575d5d4941b8596a9@linux-foundation.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-MTK: N X-Rspamd-Queue-Id: 2BFD720013 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: ym98tbcjyzoyxgz3ep1ijrr4ffcm8zyg X-HE-Tag: 1696903945-904491 X-HE-Meta: U2FsdGVkX1/fAg1MaP2I12Q4KG9ZR4NwrSfFIX5DgJNj2ykAQyv2pFLvvVnQ4v9TcOTy4381JUbqcVfG6BovQOGvEmbnE3Gcf8J6RYR5MI1nwt1mwp7oM9B6dznvwwni4D/S2H8BdfeXwrSbJDCFkpXMWbrCWO2rjNZvyaQLuT78Kk4n1nEjqDW9iW7kzmv+R7ewlkzMavR55uqlPs3pn42QYPlQqqyTGP26CPuGzu0PJTE4vMRJiGKQ6CQp992SRGo2syAkpPkxTk+PtrAGPCuTK2HOZBsSv3y+ITs8rq/bFchaC5CdjFcsa2xRP7HP4yB5/M1SACbjImVokXfEKVry4RC22hM0OSi6ntv/nf8AsFiLHHxrG4INKpE+BIONNUe64tkqDsQDZmRa4D9h7wPLU39wfbH4BltnJne6yQzkjJZZuDI8NiDYvPR0m4lgrA1AehdD3Knw0hEP5gej4qWpGsiE1uIemuObIViD3jDpDrqQ6f4qNrUpg7BNoSbaivV5jQSl4bUXRHYOy0dgesK8Q3sYVJwGVnT8M+xnC7YNU89rS45+Tsuvz3r4DFC/MfDRdmmYCrJcOtYnI/SqdYiPGG0mWJuRdzKx8Ze7DwTD6iq/RPn0CatBSuv2YQ7Z1B2eXPJzBRFuu6osSjb1o6aM4y1gI3Mep/xq9EmoWvTGWSFDp0BZDOd2ZobzfLZxvxdnS27E8g6F3kjbDo3OGTD7e00E1s/6/J3ZYeoC/cIFjnc7J2pDczJ20GhLtD6zr8k/YSPtjvKfzTsTgFSonWor3SOyITB/WwN7cRoC3mah6RjKoCoUpn6AXiH8yMr6pprU2JFtVkBvyMPHWwibOIFGE3sYuIeQxKOTpCxnCy2PIwYRP01BoDbXnwgHGA5ok1QAM7tSAetP3hOX8KRqTfxHav+XONUltFt7/gzcmmIzKNOQmwKbx4hbeYW62dsGHbPJuohDJseEGL0RY4F iiTvycPA +gPQ31f7vHPr2MSAZhQV9kXwYRYX03IWOWmrXm0FAWjwqRlaCSG+tQ/jDxxsI5P6Sbu7SV2SE9VywDx5kvC37BgtRaRWYIFasurQ4V7d3/HXaSu1bmwuPHQz2Xgxw+PGnohgkCedah18j+lNUL6SS6yH+CD5dFWlOaKZ5tYJ2D5yWNlRfWpWpYSnVx5p3hl8UMPl6UtJ5jNoo1Jgv4OKQZk/mKZWmIjR+lo/fEPWaD74cshvdKyW6MEVlcPxaBvrkz71tX567WtgmpC/d5KU+XXvL2rjaGFu/ZKfK X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > On Mon, 9 Oct 2023 15:37:48 +0800 Haibo Li wrote:= =0D > =0D > > when the checked address is illegal,the corresponding shadow address=0D > > from kasan_mem_to_shadow may have no mapping in mmu table.=0D > > Access such shadow address causes kernel oops.=0D > > Here is a sample about oops on arm64(VA 39bit) =0D > > with KASAN_SW_TAGS and KASAN_OUTLINE on:=0D > > =0D > > [ffffffb80aaaaaaa] pgd=3D000000005d3ce003, p4d=3D000000005d3ce003,=0D > > pud=3D000000005d3ce003, pmd=3D0000000000000000=0D > > Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP=0D > > Modules linked in:=0D > > CPU: 3 PID: 100 Comm: sh Not tainted 6.6.0-rc1-dirty #43=0D > > Hardware name: linux,dummy-virt (DT)=0D > > pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=3D--)=0D > > pc : __hwasan_load8_noabort+0x5c/0x90=0D > > lr : do_ib_ob+0xf4/0x110=0D > > ffffffb80aaaaaaa is the shadow address for efffff80aaaaaaaa.=0D > > The problem is reading invalid shadow in kasan_check_range.=0D > > =0D > > The generic kasan also has similar oops.=0D > > =0D > > It only reports the shadow address which causes oops but not=0D > > the original address.=0D > > =0D > > Commit 2f004eea0fc8("x86/kasan: Print original address on #GP")=0D > > introduce to kasan_non_canonical_hook but limit it to KASAN_INLINE.=0D > > =0D > > This patch extends it to KASAN_OUTLINE mode.=0D > =0D > Is 2f004eea0fc8 a suitable Fixes: target for this? If not, what is?=0D > =0D Yes, 2f004eea0fc8 is a suitable fix.=0D All we need is a better crash report for this case.=0D After commit 2f004eea0fc8 and commit =0D 07b742a4d912 ("arm64: mm: log potential KASAN shadow alias"),=0D it is easy to understand the original address when=0D out-of-bounds KASAN shadow accesses occur.=0D Currently, this feature is only available for the KASAN_INLINE case.=0D As Jann said, it is also suitable for the KASAN_OUTLINE case.=0D =0D > Also, I'm assuming that we want to backport this fix into earlier=0D > kernel versions?=0D My opinion:=0D As it is to improve crash report,there is no requirement to backport.=0D