From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=pR5i=FH=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-18.2 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,
	USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 652E7C63777
	for <linux-mm@archiver.kernel.org>; Thu,  3 Dec 2020 07:01:50 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id B128A208FE
	for <linux-mm@archiver.kernel.org>; Thu,  3 Dec 2020 07:01:49 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B128A208FE
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id E5B396B005C; Thu,  3 Dec 2020 02:01:48 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E0B166B005D; Thu,  3 Dec 2020 02:01:48 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id CAAD76B0068; Thu,  3 Dec 2020 02:01:48 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0138.hostedemail.com [216.40.44.138])
	by kanga.kvack.org (Postfix) with ESMTP id B2E3B6B005C
	for <linux-mm@kvack.org>; Thu,  3 Dec 2020 02:01:48 -0500 (EST)
Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 7A0468249980
	for <linux-mm@kvack.org>; Thu,  3 Dec 2020 07:01:48 +0000 (UTC)
X-FDA: 77551075896.03.ant74_3e02d2f273b9
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin03.hostedemail.com (Postfix) with ESMTP id 4EDA728A4EA
	for <linux-mm@kvack.org>; Thu,  3 Dec 2020 07:01:48 +0000 (UTC)
X-HE-Tag: ant74_3e02d2f273b9
X-Filterd-Recvd-Size: 5216
Received: from mail-qv1-f65.google.com (mail-qv1-f65.google.com [209.85.219.65])
	by imf44.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu,  3 Dec 2020 07:01:47 +0000 (UTC)
Received: by mail-qv1-f65.google.com with SMTP id k3so495671qvz.4
        for <linux-mm@kvack.org>; Wed, 02 Dec 2020 23:01:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=pWQ9GYyKSHe1JGWbs3Y1m+BNCxpwEs1X4TY/MrUFeCQ=;
        b=AEJpqtMIVwb3X42BIB1/HJea4LLwUtS4HnA8BXFrGROZJqrBKSVEr1cu5IISBqSkrl
         P98xhyU/PWqUV10Y5FY1mzeyyJdt6dobJE2ldbkGkLNV+QXqPM0jBM9w92+NcNT515uJ
         teDyKYcrYvdP3I/iODLw/3Uu+lQrvOmKH0tMfac7aGhcyZzlWzPfWWhayrRW+XZMxdUO
         06kjm5KwxhHT3smLiB7izlolZjYqnhnGxX1tX0KOrnggY5TOSAj/fb6aXkuBkNS1fLok
         UETNSmvzdRygD1N+AwMvCPLwrz1/VvP/8YHeOCdUaeErlYgDkDl1IJxN3Arh6yPWj6F2
         XRRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=pWQ9GYyKSHe1JGWbs3Y1m+BNCxpwEs1X4TY/MrUFeCQ=;
        b=ZJgvTQvpZ+BXBhi5oBKpitwlOOGT0lQOe6jDDedUSQ82L08tNTB8JBx2U6fTduAnr6
         6dm515uDY5wSRrrJ5BzowA3qHJh1AceoQclvL42s66eBd/MIDK1ttywF4WEbCgGdKiVf
         heBujU0FGAe1fhTbcxB/4q58dEl9nFsaCQzbbb1mjF7JwcDeaHflgB7JmmXCxXSFtzVD
         J+WLzrCyOUTc5VNeHn7CqB/FtIAR8vYOiyTR61nWwOxzVvKDz3+VBwfNBxI3pJQN0f8y
         oxmW+hWpZrzi5zXeuX8nPCwSFGITmwlv3txEgmWLwnF77BBVntWDu6h+o+bkBJyszS6P
         TNtA==
X-Gm-Message-State: AOAM531D37+PIn2xfPtV5/0a5RPOlDK5Dt2zwtHHybCnBKoczHT3LSgW
	qFHmDHWElC0nXqnqzgY/Tb5kEo+qAxa/Zy/yOpaPrg==
X-Google-Smtp-Source: ABdhPJz2rjhZqdGJa/6Mjj6mEetaVwe2kA0PLG5+48mAyehB6IZhfKIsje0X6UAhmPuKT58JOTMrZ+YDq5tQhz8LcqI=
X-Received: by 2002:ad4:5bad:: with SMTP id 13mr1695026qvq.23.1606978906682;
 Wed, 02 Dec 2020 23:01:46 -0800 (PST)
MIME-Version: 1.0
References: <20201203022148.29754-1-walter-zh.wu@mediatek.com>
In-Reply-To: <20201203022148.29754-1-walter-zh.wu@mediatek.com>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Thu, 3 Dec 2020 08:01:35 +0100
Message-ID: <CACT4Y+aQ19fUhDZMeLQeVzdECQhje6CpnH4SVmMQtS_cTPq0zg@mail.gmail.com>
Subject: Re: [PATCH v5 0/4] kasan: add workqueue stack for generic KASAN
To: Walter Wu <walter-zh.wu@mediatek.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, Tejun Heo <tj@kernel.org>, 
	Lai Jiangshan <jiangshanlai@gmail.com>, Marco Elver <elver@google.com>, 
	Andrey Ryabinin <aryabinin@virtuozzo.com>, Alexander Potapenko <glider@google.com>, 
	Andrey Konovalov <andreyknvl@google.com>, Matthias Brugger <matthias.bgg@gmail.com>, 
	kasan-dev <kasan-dev@googlegroups.com>, Linux-MM <linux-mm@kvack.org>, 
	LKML <linux-kernel@vger.kernel.org>, 
	Linux ARM <linux-arm-kernel@lists.infradead.org>, 
	wsd_upstream <wsd_upstream@mediatek.com>, linux-mediatek@lists.infradead.org
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Dec 3, 2020 at 3:21 AM Walter Wu <walter-zh.wu@mediatek.com> wrote:
>
> Syzbot reports many UAF issues for workqueue, see [1].
> In some of these access/allocation happened in process_one_work(),
> we see the free stack is useless in KASAN report, it doesn't help
> programmers to solve UAF for workqueue issue.
>
> This patchset improves KASAN reports by making them to have workqueue
> queueing stack. It is useful for programmers to solve use-after-free
> or double-free memory issue.
>
> Generic KASAN also records the last two workqueue stacks and prints
> them in KASAN report. It is only suitable for generic KASAN.
>
> [1]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22+process_one_work
> [2]https://bugzilla.kernel.org/show_bug.cgi?id=198437
>
> Walter Wu (4):
> workqueue: kasan: record workqueue stack
> kasan: print workqueue stack
> lib/test_kasan.c: add workqueue test case
> kasan: update documentation for generic kasan
>
> ---
> Changes since v4:
> - Not found timer use case, so that remove timer patch
> - remove a mention of call_rcu() from the kasan_record_aux_stack()
>   Thanks for Dmitry and Alexander suggestion.
>
> Changes since v3:
> - testcases have merge conflict, so that need to
>   be rebased onto the KASAN-KUNIT.
>
> Changes since v2:
> - modify kasan document to be readable,
>   Thanks for Marco suggestion.
>
> Changes since v1:
> - Thanks for Marco and Thomas suggestion.
> - Remove unnecessary code and fix commit log
> - reuse kasan_record_aux_stack() and aux_stack
>   to record timer and workqueue stack.
> - change the aux stack title for common name.
>
> ---
> Documentation/dev-tools/kasan.rst |  5 +++--
> kernel/workqueue.c                |  3 +++
> lib/test_kasan_module.c           | 29 +++++++++++++++++++++++++++++
> mm/kasan/generic.c                |  4 +---
> mm/kasan/report.c                 |  4 ++--
> 5 files changed, 38 insertions(+), 7 deletions(-)


Hi Walter,

Thanks for the update.
The series still looks good to me. I see patches already have my
Reviewed-by, so I will not resend them.