From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5170C636CB for ; Sat, 28 Jan 2023 22:37:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1F04F6B0072; Sat, 28 Jan 2023 17:37:51 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1A0596B0073; Sat, 28 Jan 2023 17:37:51 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 068F06B0074; Sat, 28 Jan 2023 17:37:51 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id ECB2A6B0072 for ; Sat, 28 Jan 2023 17:37:50 -0500 (EST) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 9C4C0802D2 for ; Sat, 28 Jan 2023 22:37:50 +0000 (UTC) X-FDA: 80405671500.30.91D1DF9 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by imf01.hostedemail.com (Postfix) with ESMTP id F19744000D for ; Sat, 28 Jan 2023 22:37:47 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=gDrOrkXX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf01.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674945468; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=g2fjqw/303bMNNUpoe3r4ayfN5p/kfqZGtLtAxKocJg=; b=q6aYOiHcYwLGEmc3ykNAkbt5q3d/p3mOnY5WmdROcqCO5lgyd8lnGcxd+DZu3ZCxBYsBqp MfKmObCbqa4MlQTktrZncev/vKx8l5oFna3VsygFk3w7i6hJf/vObJpLXXWOssor7nDO6K XMg4GQvhHL1wDkXyR7qAa6+cS5WrNhk= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=gDrOrkXX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf01.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.214.169 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674945468; a=rsa-sha256; cv=none; b=H9k3fOFfbNIQX6hbFTeIdKQKVpKa0tQJhvZ6Fqz6GBzH3fXe2H0eD5sPgESGZ5NCyvLl7/ AuE59AHXGEYL2Rrthf5dPwz44hOtoJORt+mylCoGNJm8zlFtJBlRUYiE5c5gqQuypSWnvx Rm79WbP2zsqfbtoFHrm1Mkv8u7/0/rI= Received: by mail-pl1-f169.google.com with SMTP id p24so8219694plw.11 for ; Sat, 28 Jan 2023 14:37:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=g2fjqw/303bMNNUpoe3r4ayfN5p/kfqZGtLtAxKocJg=; b=gDrOrkXXN2+eZmzKxPlMyAE8toJamlTbn80o+fcvUjZ7VO1vm0sKjq19c1S+BkdkdX YpgziqRqC4MRufwEoEaUI7YMs10JaBQcKikCH/u1puk5BHeHFPu10Q9r1hnnAnlJTqtw W3nxPcuB2Xnj9vjSVt4nQhGUaFh35+1D9d9zZCr/T0Dmv7FzNbgXstcX959NB7q5lUoV fpTDRjZprkBWXam5MdsaRqGICXHN6LzYJKvetKNY2N2uyxVFpNiqmj936HyDVXV2MG66 3vFIaWphhASTtmRFbVglFSfeaewYMCVxWAvbhzDUER8akBfzVaKyAThACtMtBldxr4S4 gVCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=g2fjqw/303bMNNUpoe3r4ayfN5p/kfqZGtLtAxKocJg=; b=psVZfYnsQP8DZlomeF+TQJzl/2adHNVzymgm6HlSglhiytTYYJ3BWl3Y9vDd3/ILiO np7d/Z6a7xZ7T1dUmk8fqlCepAVlZ8npF+DxwEHj4WnsS63k6rCFRoP4k3YFE+2pINkd qwof4S+NN4JPuQfGMjZ8rbVLZ0bOu7hOBTABjvGBuKusiYw4Tk8zjtwm9sbjciSXfDWd RN3QBICHsvdfXOj2ODxsV5u+8U27IZe7BykAtypHtwSWt+7xnl1Q4HEJMUZITkzUD7KM y+de7HcGSZ/FK+oR0IKu7ppKsZsBdE5M6ch63U7Up/0mgsIAlxCQ+WT5Ml7HntbpXPg0 Utgg== X-Gm-Message-State: AFqh2koKeL9D/pUyfdUeFCuan7HoQIPPHWAJ3N/cTbleM0mMsUuYHMkY bJQ6XrfhMKOC0E9qTIOCTyl2QXXUkLpchWlKPNU= X-Google-Smtp-Source: AMrXdXtbqhrkWuN3kvH3D0ysENqY7fYj+QQkOyLGPF9AvkSWJ0b3ZzL39F+bOKy1vdH+iKUE/aeoGMcYaqisLQQ+STw= X-Received: by 2002:a17:902:aa4b:b0:194:b3c6:18ee with SMTP id c11-20020a170902aa4b00b00194b3c618eemr4707438plr.29.1674945466747; Sat, 28 Jan 2023 14:37:46 -0800 (PST) MIME-Version: 1.0 References: <20230128150025.14491-1-Kuan-Ying.Lee@mediatek.com> In-Reply-To: <20230128150025.14491-1-Kuan-Ying.Lee@mediatek.com> From: Andrey Konovalov Date: Sat, 28 Jan 2023 23:37:35 +0100 Message-ID: Subject: Re: [PATCH v3] kasan: infer allocation size by scanning metadata To: Kuan-Ying Lee Cc: Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Matthias Brugger , chinwen.chang@mediatek.com, qun-wei.lin@mediatek.com, Andrey Konovalov , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: F19744000D X-Stat-Signature: 4qip4iiru1h9izqge8yfp99wskrhi8r3 X-HE-Tag: 1674945467-717999 X-HE-Meta: U2FsdGVkX18lPu/1YGnuIYXGJG3YGaNn2ZUnXhSoN2OBtXO+ok/mY/S3lli8cuw41YYWsl2zCkA1xKqglRwEiEOSxMtMWTyMnKTZwdJ5YoLJYy+qDXWGmk2/yvrFYHwhlKeMgZJ3Ni6KXk47S5iVDgaXPJRtDmavyltOMrnpulPNr23AYHFy+31V36th1QHA22ngZORUEVkuTBed5AahfqINIyy3S/VItaDAze3/dk4dVzwvqYsA2G9qIe/o1C0FxQPiGUCcs8Cj2QfGi3GS3BAjF/0YuHkD7u6RuYFNA2jBXAyBpa6YslFI0wpGcMJ3gFtBKqrjZRLY8nxg+u1LHKpPMU01guWwdB4N62hPFQnVmxqoWDNW9GcXzLasVD+ppcTtfBCChqb3axQkaWymyvCxtsy/a0XDLX1MKFacn5Z3y6OHLG7W2Y3JPUwOpJOmoX7GyBeIlGG4Qngf2+6zWtBkHVCZEOihd++9pOO9f7BK+kKNzSwR00gNYYD1nJqt9A5aM0TrHSHWcoF8xn7K4q40El50abNeoDkF45Tg2USwiEL35yesHDAiGGjinbTW3LzpGFsTEFC9v04+cg6M8cWK8dqkoT8Unf8QBl/OeRYPpCzu951wH4Rbfsom5jx2PNSAwgK/mi1fuzVcNoxxMEqC95HQStOLgMGMOEBLVx2w5H3rpvajyeYAtYXDeFrB5X7pFE4pOEvpzblVtm8hyMumD9fgm9FQ2ByTJ3H68DPZUOYKpDBFCiH3gbwW3z8j0EXauvWIQy09SaN9N6D2O83wMjtnty5IAH0ytfW4LZ37rzwUxjCp8jj5JhABRpyccHa2twZAWA1SFrQ5oUa5lMNzD2py9gz9H0LrAocpczZwaIj3FsR5tYnvIdTnrwU9UHiOMrQKPy6hHD6xM7WBq5zCJ3tuuo5ohd5/oFNzymGV+C7eoiFS/6crBE3DeOCVEiVWFtumwqykLhNucZW eDsfPNxZ FJOVG3XLc9daBoy70WL4PBdQypHXVN/C8SJ23PzpuTpSajAWR7weSBA+ZX8m3xg9tQRVpCm+z9JOdLPMv7u08PclqIduLdcPPLKSsMiNuFH1Vbya5pddTUz/J2vATXzGx7nL3pSXFYavDESiMg7ikGgokLIDGd5Epfoe6/fByWm39eJgNhwuktya3HPcZi6sB9NYLpoaiHqDIvWJ0TSDCIz3orC6Q57qKXKf9/vHxLwpZoYaXI7tb4dZaJKUkx5NgvDASNJzApTlSz4f30ISHd66jCJSIrKMbySE9t4SmyXiWrYitCsx6tHEPxsGBlieM1SHha09xjYV1dBvzEQ1z/5CPOpE8sli13OuVJo4f9A/uXeUPjtqCnib32wDyNbmyA5rASRMIns1DsXUySFPRILvOYsLs3NJU6TnoAIo5D7tkP++iKZkzmljJy6hwx53n7qsgPOfMJeiKZE9qlaD74Ij21qFhUTrmwKGjHhl8kq0MfuzBfs1AwlDHHbfXdApXWxV5aQKNUD3rK1UKp7FdALGPq/GyWX++wFjgdcvt9yxELYgY3NVKDO4qQjiFcHUPP3jC X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: /On Sat, Jan 28, 2023 at 4:00 PM Kuan-Ying Lee wrote: > > From: Andrey Konovalov Ah, I think you need to reset the commit author before sending, so that the patch gets recorded as authored by you. > Make KASAN scan metadata to infer the requested allocation size instead of > printing cache->object_size. > > This patch fixes confusing slab-out-of-bounds reports as reported in: > > https://bugzilla.kernel.org/show_bug.cgi?id=216457 > > As an example of the confusing behavior, the report below hints that the > allocation size was 192, while the kernel actually called kmalloc(184): > > ================================================================== > BUG: KASAN: slab-out-of-bounds in _find_next_bit+0x143/0x160 lib/find_bit.c:109 > Read of size 8 at addr ffff8880175766b8 by task kworker/1:1/26 > ... > The buggy address belongs to the object at ffff888017576600 > which belongs to the cache kmalloc-192 of size 192 > The buggy address is located 184 bytes inside of > 192-byte region [ffff888017576600, ffff8880175766c0) > ... > Memory state around the buggy address: > ffff888017576580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc > ffff888017576600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > >ffff888017576680: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc > ^ > ffff888017576700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ffff888017576780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ================================================================== > > With this patch, the report shows: > > ================================================================== > ... > The buggy address belongs to the object at ffff888017576600 > which belongs to the cache kmalloc-192 of size 192 > The buggy address is located 0 bytes to the right of > allocated 184-byte region [ffff888017576600, ffff8880175766b8) > ... > ================================================================== > > Also report slab use-after-free bugs as "slab-use-after-free" and print > "freed" instead of "allocated" in the report when describing the accessed > memory region. > > Also improve the metadata-related comment in kasan_find_first_bad_addr > and use addr_has_metadata across KASAN code instead of open-coding > KASAN_SHADOW_START checks. > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=216457 > Co-developed-by: Andrey Konovalov > Signed-off-by: Kuan-Ying Lee Or change the Co-developed-by/Signed-off-by tags. I don't mind either approach. Thanks!