From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBC29CD8CB5 for ; Tue, 10 Oct 2023 19:11:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0C4676B0105; Tue, 10 Oct 2023 15:11:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 071146B0107; Tue, 10 Oct 2023 15:11:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E06756B0108; Tue, 10 Oct 2023 15:11:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id CCCB96B0105 for ; Tue, 10 Oct 2023 15:11:31 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 85A301A02E3 for ; Tue, 10 Oct 2023 19:11:31 +0000 (UTC) X-FDA: 81330495582.07.C33DF30 Received: from mail-oo1-f51.google.com (mail-oo1-f51.google.com [209.85.161.51]) by imf07.hostedemail.com (Postfix) with ESMTP id C9D2B40030 for ; Tue, 10 Oct 2023 19:11:28 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=GZkLIgnn; spf=pass (imf07.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.161.51 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696965088; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=r9C33FK/mhypuEKRvbN96wMq7Q2blPztB7nZo12h8b8=; b=YtV7zGiC0zbMnBeuEGOCo3En0DVsV/q25j/Wc28wRToiJJQos1TEuEVRFaZntW4OyT/WEU PdBy0lSQoj+t12k6XxRyYUnhKMqPnKo9rnTO7m1dtmZfSX7Jw+XvzwjgUWT+hNZuH0PcBw UG59C3ntgQYQqFDBMgOcWJtgfnFgiNQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696965088; a=rsa-sha256; cv=none; b=wG1ywTovuiNNurU3hSzWaqpkgzw4SZO3nY3ydpTws6XPajUblaRVR5poxyY4KHCreVTXmE 77DiDA5s1n+g1lX5cfnvNpW8Ysxlkfu46Q7upPCENDbQg4MDnBL4BB/U/ebUBEU0vs1VLp nDaLNI9fD/v5s9VKlJt76lA4zZyF7as= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=GZkLIgnn; spf=pass (imf07.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.161.51 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-oo1-f51.google.com with SMTP id 006d021491bc7-57b635e3fd9so2966403eaf.3 for ; Tue, 10 Oct 2023 12:11:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696965088; x=1697569888; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=r9C33FK/mhypuEKRvbN96wMq7Q2blPztB7nZo12h8b8=; b=GZkLIgnnH2WGXFAey7EuANbUsnlq0zzzi87zlDTfK8HIX5G+eKLRefLzddYRHxLD/O zGpFQjphdPrrrvIpODInhiDLzuZu0P+KjZGitgrRDWhRuWgMs/Ww+1vNZkKuNzDlJiO5 Lw4IzYGBskzOJROFCUwAlfBJKAqzGYX8Jy7xK9nFpU3UCGXwJdUG3+Xd+N+vjqTuKoYW s596Sz/jlN+IST/MYG3li6tgujKcsKoSqCSEp55vPKejf61RJD8A4yP+QDEhEwhs9/h4 +tZkThf4uKOMYZ4+vVKywfKsnefQ4oqcgCRYSkYghMXvrblXc9RycgAOEqJYCZcdZuXi PO9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696965088; x=1697569888; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=r9C33FK/mhypuEKRvbN96wMq7Q2blPztB7nZo12h8b8=; b=XUGcO2u44ZkjKMp1T1kYncZetcTgqutMr6HRrHfr3kw1zgQVmxwtf+N9WXMi4LsUEN 5i+dI+F4Y+o2bkoBcy4DAsXJJN214Tl8HlvwR5RGsN02rgnjIX8qLWbkuhCab22VHOKd rY+ubgkk2m04n+0qud+U4jn0U+0+Q+6/FnyrYJ4bobcwpwlHRXApVZ1Av+QV55AutZwY OOkmY6PsX14DkjYTsicErkxCFMurl7g+QFQ+aU9mtPpojTDc9k7/WX36dzyCOXf98MmW Yh+j3TYLQaYkfPm4itvanemRGJ0pPQ5m67w7prXqV/GmP4oUiYpROpNtElnr3AyIlYHv M6pA== X-Gm-Message-State: AOJu0Yx0J6QVad9S/M16nDnxsyRQw9JkW868NfHFyz1wOLKZYWXoLvDB 9Z2AEbTzdq94GoM+8yoWBNOg2wstu5WKyQzL6X8= X-Google-Smtp-Source: AGHT+IH6dRoUciMjgYLJk6PPxfjAtk7XfoSMwaSpFdWn4qtmxLsLRTU4XkvMLjfMaPaKXk1Dov3ncHoPahlMrRoARhY= X-Received: by 2002:a05:6358:7246:b0:14f:9904:a17f with SMTP id i6-20020a056358724600b0014f9904a17fmr12015198rwa.15.1696965087737; Tue, 10 Oct 2023 12:11:27 -0700 (PDT) MIME-Version: 1.0 References: <20231009073748.159228-1-haibo.li@mediatek.com> In-Reply-To: <20231009073748.159228-1-haibo.li@mediatek.com> From: Andrey Konovalov Date: Tue, 10 Oct 2023 21:11:15 +0200 Message-ID: Subject: Re: [PATCH v2] kasan:print the original fault addr when access invalid shadow To: Haibo Li Cc: linux-kernel@vger.kernel.org, Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Matthias Brugger , AngeloGioacchino Del Regno , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, xiaoming.yu@mediatek.com, Jann Horn Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: ji99dqb3j49qpmwekboq3u5a1zmk6f88 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: C9D2B40030 X-Rspam-User: X-HE-Tag: 1696965088-402332 X-HE-Meta: U2FsdGVkX19YFgq2NwPnxhTQHLBN2GSTXm6zJX/3p9yVs8g/JMWnLT8B7enLMAZV2w25f6sdJdiXGu/0VRj1yVaOLbv5FXiPLRS3l8GM3dBgcqoFP7cmi6xr2dF1WA//oVQkV+eLBVyFZ1NzhdZaZ1gTr+pNjJizRfIzCWHAYl0vmNXJ6Y8S3Yg/wp0Wuqcq/nXxY4c+5m1koLE5yOVg+qyOHn0uGnm/EH+PV/RKVQKJRMNKVPkNk06RNsUVijBTmHS8REtF7MnG0Epn4MzDdzEBKn8mWlSmoNJxdp4eZolElevecG43N3qhoEif6snraz4Zo0gVsbwl7SgyyMXP3B/CaNBLCEP9Rwfds1e7CrvnN8GriR8uR+LnUHd6cQx7Z7R8aft1DAZ9zAWv98cqGpydni4NskZds37kbm8mv1Q+PxNMHoOPU8kuaoGgDgLhb4w2tcZAjchZc8ujsdpoE5JzUm19ZRD1pl5xyUoboJX857uQMn29aYTKdCZoJsurrlsYhrbThqAIzC7/51nwnwYaARAG86/cYvYKrhY5zlmUtDN1Vju9YRjA0PRO9xiALqkRpz1TZFiFmAwHHSXHk6IHG26F/532tzClyB/+bcCUVhbZ32RRL1NlUEAea0Pkh1nce/7VcZUWxnkUFuL7Wz29RRteE1PhmA9AiVL8Jh8SXqWRVAIYfo2ZAT/WYgMCrv+9bNAbp9t1UrpnUWpbtSUwPHCZbw+KwH2ktySfTl7OCXtEv8ieB5dReEG0KpC0k7fcv1D0XAVXbDrtVK5CQI/qP6PWz38A5s9hHQgcbF293sNllPdA5pLJ+RIE+R/eIqVp1xtrpH6oeWikEpUDSYoTR1AOcyOTLPQRkwH+VMVMa+WU42FmdEEVAau7Q0lJRpR04UIN3ojVGlRZH+pr5vUfH0Q7I4D8v7qSvRvHffnajnz2MLnZv5+tZcSpIRgDhw9iYtmwUDgYnRmpv2d CciX1PlP bazgdpDnCQZUuaF6vrT3SFGuAH5l7MiJ/z9CJpA8RHtgckW254vqvjgYMgyJUI0uwa6YF0PAbiUDpPW/51XXVWYnX5uPLExlrCdZs/Vt0JtavrY1VOcj1enWxOWlrSdeJpebbdVbzaT6uffg1C3CQYxrPc2bLtISrWy8sE/DJaj00OqVNO2nnW6BTkfLUMN4K+ywt9p19rslIbakrrwCfB14wDqikZ8Db7YTpNj7uTgn2LZ/XcyiZY4d9APSQWRmoDmU1c70iPaROXbWFENpChUzLdDu6BUydS1oN049RGVsn5MS6XMsXNicyXllGWRspnDGOQ0LCIrTpd3ysaoLeBfH4sqBdZfzSMFj9IToyz+1OiQ5OauEmvgUBOyzPuNz9f5yx5zORngXFAddqMHmeQRS59GnFUs1bmsxGbZkrG1Qb0o7OM8Fjg5Ay65iu0piFEVy8N8565LXj/uT7ewXzTNoSIjeCi4Jw7HWvV9pJNvpB+Mam3z4S/N8fZXQ+rpYghbLE X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Oct 9, 2023 at 9:37=E2=80=AFAM Haibo Li wro= te: > > when the checked address is illegal,the corresponding shadow address > from kasan_mem_to_shadow may have no mapping in mmu table. > Access such shadow address causes kernel oops. > Here is a sample about oops on arm64(VA 39bit) > with KASAN_SW_TAGS and KASAN_OUTLINE on: > > [ffffffb80aaaaaaa] pgd=3D000000005d3ce003, p4d=3D000000005d3ce003, > pud=3D000000005d3ce003, pmd=3D0000000000000000 > Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP > Modules linked in: > CPU: 3 PID: 100 Comm: sh Not tainted 6.6.0-rc1-dirty #43 > Hardware name: linux,dummy-virt (DT) > pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) > pc : __hwasan_load8_noabort+0x5c/0x90 > lr : do_ib_ob+0xf4/0x110 > ffffffb80aaaaaaa is the shadow address for efffff80aaaaaaaa. > The problem is reading invalid shadow in kasan_check_range. > > The generic kasan also has similar oops. > > It only reports the shadow address which causes oops but not > the original address. > > Commit 2f004eea0fc8("x86/kasan: Print original address on #GP") > introduce to kasan_non_canonical_hook but limit it to KASAN_INLINE. > > This patch extends it to KASAN_OUTLINE mode. > > Signed-off-by: Haibo Li > --- > v2: > - In view of the possible perf impact by checking shadow address,change > to use kasan_non_canonical_hook as it works after oops. > --- > include/linux/kasan.h | 6 +++--- > mm/kasan/report.c | 4 +--- > 2 files changed, 4 insertions(+), 6 deletions(-) > > diff --git a/include/linux/kasan.h b/include/linux/kasan.h > index 3df5499f7936..a707ee8b19ce 100644 > --- a/include/linux/kasan.h > +++ b/include/linux/kasan.h > @@ -466,10 +466,10 @@ static inline void kasan_free_module_shadow(const s= truct vm_struct *vm) {} > > #endif /* (CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS) && !CONFIG_KASA= N_VMALLOC */ > > -#ifdef CONFIG_KASAN_INLINE > +#ifdef CONFIG_KASAN > void kasan_non_canonical_hook(unsigned long addr); > -#else /* CONFIG_KASAN_INLINE */ > +#else /* CONFIG_KASAN */ > static inline void kasan_non_canonical_hook(unsigned long addr) { } > -#endif /* CONFIG_KASAN_INLINE */ > +#endif /* CONFIG_KASAN */ > > #endif /* LINUX_KASAN_H */ > diff --git a/mm/kasan/report.c b/mm/kasan/report.c > index ca4b6ff080a6..3974e4549c3e 100644 > --- a/mm/kasan/report.c > +++ b/mm/kasan/report.c > @@ -621,9 +621,8 @@ void kasan_report_async(void) > } > #endif /* CONFIG_KASAN_HW_TAGS */ > > -#ifdef CONFIG_KASAN_INLINE > /* > - * With CONFIG_KASAN_INLINE, accesses to bogus pointers (outside the hig= h > + * With CONFIG_KASAN, accesses to bogus pointers (outside the high > * canonical half of the address space) cause out-of-bounds shadow memor= y reads > * before the actual access. For addresses in the low canonical half of = the > * address space, as well as most non-canonical addresses, that out-of-b= ounds > @@ -659,4 +658,3 @@ void kasan_non_canonical_hook(unsigned long addr) > pr_alert("KASAN: %s in range [0x%016lx-0x%016lx]\n", bug_type, > orig_addr, orig_addr + KASAN_GRANULE_SIZE - 1); > } > -#endif > -- > 2.18.0 > Reviewed-by: Andrey Konovalov Thank you! On a related note, I have debugged the reason why kasan_non_canonical_hook sometimes doesn't get engaged properly for the SW_TAGS mode. I'll post a fix next week.