From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-f70.google.com (mail-it0-f70.google.com [209.85.214.70]) by kanga.kvack.org (Postfix) with ESMTP id 34F188E0001 for ; Wed, 19 Sep 2018 07:54:26 -0400 (EDT) Received: by mail-it0-f70.google.com with SMTP id k204-v6so15221711ite.1 for ; Wed, 19 Sep 2018 04:54:26 -0700 (PDT) Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id r1-v6sor12010658ioc.205.2018.09.19.04.54.24 for (Google Transport Security); Wed, 19 Sep 2018 04:54:25 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <4267d0903e0fdf9c261b91cf8a2bf0f71047a43c.1535462971.git.andreyknvl@google.com> From: Andrey Konovalov Date: Wed, 19 Sep 2018 13:54:23 +0200 Message-ID: Subject: Re: [PATCH v6 14/18] khwasan: add hooks implementation Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-mm@kvack.org List-ID: To: Dmitry Vyukov Cc: Andrey Ryabinin , Alexander Potapenko , Catalin Marinas , Will Deacon , Christoph Lameter , Andrew Morton , Mark Rutland , Nick Desaulniers , Marc Zyngier , Dave Martin , Ard Biesheuvel , "Eric W . Biederman" , Ingo Molnar , Paul Lawrence , Geert Uytterhoeven , Arnd Bergmann , "Kirill A . Shutemov" , Greg Kroah-Hartman , Kate Stewart , Mike Rapoport , kasan-dev , "open list:DOCUMENTATION" , LKML , Linux ARM , linux-sparse@vger.kernel.org, Linux-MM , "open list:KERNEL BUILD + fi..." , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Jann Horn , Mark Brand , Chintan Pandya , Vishwath Mohan On Wed, Sep 12, 2018 at 8:30 PM, Dmitry Vyukov wrote: > On Wed, Aug 29, 2018 at 1:35 PM, Andrey Konovalov wrote: >> void kasan_unpoison_shadow(const void *address, size_t size) >> { >> - kasan_poison_shadow(address, size, 0); >> + u8 tag = get_tag(address); >> + >> + /* Perform shadow offset calculation based on untagged address */ > > The comment is not super-useful. It would be more useful to say why we > need to do this. > Most callers explicitly untag pointer passed to this function, for > some it's unclear if the pointer contains tag or not. > For example, __hwasan_tag_memory -- what does it accept? Tagged or untagged? There are some callers that pass tagged pointers to this functions, e.g. ksize or kasan_unpoison_object_data. I'll expand the comment. > > >> + address = reset_tag(address); >> + >> + kasan_poison_shadow(address, size, tag); >> >> if (size & KASAN_SHADOW_MASK) { >> u8 *shadow = (u8 *)kasan_mem_to_shadow(address + size); >> - *shadow = size & KASAN_SHADOW_MASK; >> + >> + if (IS_ENABLED(CONFIG_KASAN_HW)) >> + *shadow = tag; >> + else >> + *shadow = size & KASAN_SHADOW_MASK; >> } >> } > > > It seems that this function is just different for kasan and khwasan. > Currently for kasan we have: > > kasan_poison_shadow(address, size, tag); > if (size & KASAN_SHADOW_MASK) { > u8 *shadow = (u8 *)kasan_mem_to_shadow(address + size); > *shadow = size & KASAN_SHADOW_MASK; > } > > But what we want to say for khwasan is: > > kasan_poison_shadow(address, round_up(size, KASAN_SHADOW_SCALE_SIZE), > get_tag(address)); > > Not sure if we want to keep a common implementation or just have > separate implementations... As per offline discussion leaving as is. >> void kasan_free_pages(struct page *page, unsigned int order) >> @@ -235,6 +248,7 @@ void kasan_cache_create(struct kmem_cache *cache, unsigned int *size, >> slab_flags_t *flags) >> { >> unsigned int orig_size = *size; >> + unsigned int redzone_size = 0; > > This variable seems to be always initialized below. We don't general > initialize local variables in this case. Will fix in v7. >> void check_memory_region(unsigned long addr, size_t size, bool write, >> unsigned long ret_ip) >> { >> + u8 tag; >> + u8 *shadow_first, *shadow_last, *shadow; >> + void *untagged_addr; >> + >> + tag = get_tag((const void *)addr); >> + >> + /* Ignore accesses for pointers tagged with 0xff (native kernel > > /* on a separate line Will fix in v7. > >> + * pointer tag) to suppress false positives caused by kmap. >> + * >> + * Some kernel code was written to account for archs that don't keep >> + * high memory mapped all the time, but rather map and unmap particular >> + * pages when needed. Instead of storing a pointer to the kernel memory, >> + * this code saves the address of the page structure and offset within >> + * that page for later use. Those pages are then mapped and unmapped >> + * with kmap/kunmap when necessary and virt_to_page is used to get the >> + * virtual address of the page. For arm64 (that keeps the high memory >> + * mapped all the time), kmap is turned into a page_address call. >> + >> + * The issue is that with use of the page_address + virt_to_page >> + * sequence the top byte value of the original pointer gets lost (gets >> + * set to KHWASAN_TAG_KERNEL (0xFF). > > Missed closing bracket. Will fix in v7.