From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Y13L=BU=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 26024C433DF
	for <linux-mm@archiver.kernel.org>; Mon, 10 Aug 2020 11:19:41 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id DB1A1206E9
	for <linux-mm@archiver.kernel.org>; Mon, 10 Aug 2020 11:19:40 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lca.pw header.i=@lca.pw header.b="AC8ZVjcV"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DB1A1206E9
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lca.pw
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 65BC86B0003; Mon, 10 Aug 2020 07:19:40 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 60C578D0001; Mon, 10 Aug 2020 07:19:40 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4FA076B0006; Mon, 10 Aug 2020 07:19:40 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0080.hostedemail.com [216.40.44.80])
	by kanga.kvack.org (Postfix) with ESMTP id 3A8386B0003
	for <linux-mm@kvack.org>; Mon, 10 Aug 2020 07:19:40 -0400 (EDT)
Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id D80E0180AD802
	for <linux-mm@kvack.org>; Mon, 10 Aug 2020 11:19:39 +0000 (UTC)
X-FDA: 77134413678.10.queen43_4e0579226fd9
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin10.hostedemail.com (Postfix) with ESMTP id A019516A0C3
	for <linux-mm@kvack.org>; Mon, 10 Aug 2020 11:19:39 +0000 (UTC)
X-HE-Tag: queen43_4e0579226fd9
X-Filterd-Recvd-Size: 6551
Received: from mail-qk1-f195.google.com (mail-qk1-f195.google.com [209.85.222.195])
	by imf22.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 10 Aug 2020 11:19:38 +0000 (UTC)
Received: by mail-qk1-f195.google.com with SMTP id l64so7901694qkb.8
        for <linux-mm@kvack.org>; Mon, 10 Aug 2020 04:19:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=lca.pw; s=google;
        h=content-transfer-encoding:from:mime-version:subject:date:message-id
         :references:cc:in-reply-to:to;
        bh=jBoqTcJjXqs5aO9SnK52GQyuo0v59XIXZ4pSXxs8r7w=;
        b=AC8ZVjcVv/L1gU8pXCKrOqaZ6vVq6XYgBjH2Hnm+JxbKrX1w5Fuuq8tGRaPTmcrs/f
         mJIHbtSmH/nnaQMZS4xirhZfVsoXp5JvBB21U5dnsFG9ZvZTPC38v77lG6WG92amYQGK
         yYE4WLzofc8nU/u3+NcZZLV+J7FAU2IjheLHFddS9jMSJqzabuU1T7hSyVoiT1+2ljAu
         54004XHqK+k/qXzk487itILNgkbds1WB/yUrp5q6w9OpnK/rUe1AJYkaY0PDQ3EZBybm
         /2lxTwtsKaKphX0xEVrMryVTz//L94l9ZRi2id7gCcyoPX8zF5wwyB62zfkgJ+toO/w4
         PkDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:content-transfer-encoding:from:mime-version
         :subject:date:message-id:references:cc:in-reply-to:to;
        bh=jBoqTcJjXqs5aO9SnK52GQyuo0v59XIXZ4pSXxs8r7w=;
        b=cPR9Q/AunU50MOCIvaID1lpbb/39wZJLoIJzscvXG963Nlgs4Av2ArZCaS5HaGt8vd
         bOKCcBg6wY48trREUapA7uz89NzEg7qoXT+iXcWHVg3bmJQuNS4oGx0eARfg8WYjc9bH
         Sg1jRr946h/5wIy5ztAdSOra5iXEIlsS9/5gRDRMgKr9l44/nBPnv9a/qlMKf8ycYNdx
         g3dhykvw5V5MO2kPp0e0u3aIgwjU9j3ZCJp2P/KzcEwu9yIBhlZCAtoJiZ+LLKq+oU+D
         ytVcDpdAXZpujItyRDbGbcFS1ufuCMpeABeKnv/e+bBPUtiIDIDZT0G1inJSNEQExlZK
         3QWA==
X-Gm-Message-State: AOAM531hM7DK/t4iV1J4PqdpYKc0k8Fn0tMuTpQmdJuKfyBI1bt6+rHr
	Z6VmjRHA4h11qOVcthQsK03hQA==
X-Google-Smtp-Source: ABdhPJxbYWJL54iYtvN7kseO1/qs8NUOF49R1djsu38CnnLAFIRAGsxnqDfsY9uF6MEN5J7f/NaM2w==
X-Received: by 2002:a05:620a:142:: with SMTP id e2mr25276476qkn.418.1597058378182;
        Mon, 10 Aug 2020 04:19:38 -0700 (PDT)
Received: from [192.168.1.183] (pool-71-184-117-43.bstnma.fios.verizon.net. [71.184.117.43])
        by smtp.gmail.com with ESMTPSA id 78sm13980983qke.81.2020.08.10.04.19.35
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 10 Aug 2020 04:19:36 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Qian Cai <cai@lca.pw>
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH 0/5] kasan: add workqueue and timer stack for generic KASAN
Date: Mon, 10 Aug 2020 07:19:35 -0400
Message-Id: <B873B364-FF03-4819-8F9C-79F3C4EF47CE@lca.pw>
References: <20200810072115.429-1-walter-zh.wu@mediatek.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>,
 Alexander Potapenko <glider@google.com>,
 Dmitry Vyukov <dvyukov@google.com>,
 Matthias Brugger <matthias.bgg@gmail.com>,
 John Stultz <john.stultz@linaro.org>, Stephen Boyd <sboyd@kernel.org>,
 Andrew Morton <akpm@linux-foundation.org>, Tejun Heo <tj@kernel.org>,
 Lai Jiangshan <jiangshanlai@gmail.com>, kasan-dev@googlegroups.com,
 linux-mm@kvack.org, linux-kernel@vger.kernel.org,
 linux-arm-kernel@lists.infradead.org,
 wsd_upstream <wsd_upstream@mediatek.com>,
 linux-mediatek@lists.infradead.org
In-Reply-To: <20200810072115.429-1-walter-zh.wu@mediatek.com>
To: Walter Wu <walter-zh.wu@mediatek.com>
X-Mailer: iPhone Mail (17F80)
X-Rspamd-Queue-Id: A019516A0C3
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam01
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>



> On Aug 10, 2020, at 3:21 AM, Walter Wu <walter-zh.wu@mediatek.com> wrote:
>=20
> =EF=BB=BFSyzbot reports many UAF issues for workqueue or timer, see [1] an=
d [2].
> In some of these access/allocation happened in process_one_work(),
> we see the free stack is useless in KASAN report, it doesn't help
> programmers to solve UAF on workqueue. The same may stand for times.
>=20
> This patchset improves KASAN reports by making them to have workqueue
> queueing stack and timer queueing stack information. It is useful for
> programmers to solve use-after-free or double-free memory issue.
>=20
> Generic KASAN will record the last two workqueue and timer stacks,
> print them in KASAN report. It is only suitable for generic KASAN.
>=20
> In order to print the last two workqueue and timer stacks, so that
> we add new members in struct kasan_alloc_meta.
> - two workqueue queueing work stacks, total size is 8 bytes.
> - two timer queueing stacks, total size is 8 bytes.
>=20
> Orignial struct kasan_alloc_meta size is 16 bytes. After add new
> members, then the struct kasan_alloc_meta total size is 32 bytes,
> It is a good number of alignment. Let it get better memory consumption.

Getting debugging tools complicated surely is the best way to kill it. I wou=
ld argue that it only make sense to complicate it if it is useful most of th=
e time which I never feel or hear that is the case. This reminds me your rec=
ent call_rcu() stacks that most of time just makes parsing the report cumber=
some. Thus, I urge this exercise to over-engineer on special cases need to s=
top entirely.

>=20
> [1]https://groups.google.com/g/syzkaller-bugs/search?q=3D%22use-after-free=
%22+process_one_work
> [2]https://groups.google.com/g/syzkaller-bugs/search?q=3D%22use-after-free=
%22%20expire_timers
> [3]https://bugzilla.kernel.org/show_bug.cgi?id=3D198437
>=20
> Walter Wu (5):
> timer: kasan: record and print timer stack
> workqueue: kasan: record and print workqueue stack
> lib/test_kasan.c: add timer test case
> lib/test_kasan.c: add workqueue test case
> kasan: update documentation for generic kasan
>=20
> Documentation/dev-tools/kasan.rst |  4 ++--
> include/linux/kasan.h             |  4 ++++
> kernel/time/timer.c               |  2 ++
> kernel/workqueue.c                |  3 +++
> lib/test_kasan.c                  | 54 +++++++++++++++++++++++++++++++++++=
+++++++++++++++++++
> mm/kasan/generic.c                | 42 +++++++++++++++++++++++++++++++++++=
+++++++
> mm/kasan/kasan.h                  |  6 +++++-
> mm/kasan/report.c                 | 22 ++++++++++++++++++++++
> 8 files changed, 134 insertions(+), 3 deletions(-)
>=20
> --=20
> You received this message because you are subscribed to the Google Groups "=
kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an e=
mail to kasan-dev+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid=
/kasan-dev/20200810072115.429-1-walter-zh.wu%40mediatek.com.