From: Alexander Potapenko <glider@google.com>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux Memory Management List <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Dmitry Vyukov <dvyukov@google.com>
Subject: Re: [PATCH 2/4] mm/kasan: print name of mem[set,cpy,move]() caller in report
Date: Fri, 13 May 2016 14:15:26 +0200 [thread overview]
Message-ID: <CAG_fn=UBY_z1i+f6hUmMtf2R1CeWawNA9iwDVQ7rFNensiDgow@mail.gmail.com> (raw)
In-Reply-To: <1462538722-1574-2-git-send-email-aryabinin@virtuozzo.com>
On Fri, May 6, 2016 at 2:45 PM, Andrey Ryabinin <aryabinin@virtuozzo.com> wrote:
> When bogus memory access happens in mem[set,cpy,move]() it's usually
> caller's fault. So don't blame mem[set,cpy,move]() in bug report, blame
> the caller instead.
>
> Before:
> BUG: KASAN: out-of-bounds access in memset+0x23/0x40 at <address>
> After:
> BUG: KASAN: out-of-bounds access in <memset_caller> at <address>
>
> Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
> Cc: Alexander Potapenko <glider@google.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> ---
> mm/kasan/kasan.c | 64 ++++++++++++++++++++++++++++++--------------------------
> 1 file changed, 34 insertions(+), 30 deletions(-)
>
> diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
> index ef2e87b..6e4072c 100644
> --- a/mm/kasan/kasan.c
> +++ b/mm/kasan/kasan.c
> @@ -273,32 +273,36 @@ static __always_inline bool memory_is_poisoned(unsigned long addr, size_t size)
> return memory_is_poisoned_n(addr, size);
> }
>
> -
> -static __always_inline void check_memory_region(unsigned long addr,
> - size_t size, bool write)
> +static __always_inline void check_memory_region_inline(unsigned long addr,
> + size_t size, bool write,
> + unsigned long ret_ip)
> {
> if (unlikely(size == 0))
> return;
>
> if (unlikely((void *)addr <
> kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
> - kasan_report(addr, size, write, _RET_IP_);
> + kasan_report(addr, size, write, ret_ip);
> return;
> }
>
> if (likely(!memory_is_poisoned(addr, size)))
> return;
>
> - kasan_report(addr, size, write, _RET_IP_);
> + kasan_report(addr, size, write, ret_ip);
> }
>
> -void __asan_loadN(unsigned long addr, size_t size);
> -void __asan_storeN(unsigned long addr, size_t size);
> +static void check_memory_region(unsigned long addr,
> + size_t size, bool write,
> + unsigned long ret_ip)
> +{
> + check_memory_region_inline(addr, size, write, ret_ip);
> +}
>
> #undef memset
> void *memset(void *addr, int c, size_t len)
> {
> - __asan_storeN((unsigned long)addr, len);
> + check_memory_region((unsigned long)addr, len, true, _RET_IP_);
>
> return __memset(addr, c, len);
> }
> @@ -306,8 +310,8 @@ void *memset(void *addr, int c, size_t len)
> #undef memmove
> void *memmove(void *dest, const void *src, size_t len)
> {
> - __asan_loadN((unsigned long)src, len);
> - __asan_storeN((unsigned long)dest, len);
> + check_memory_region((unsigned long)src, len, false, _RET_IP_);
> + check_memory_region((unsigned long)dest, len, true, _RET_IP_);
>
> return __memmove(dest, src, len);
> }
> @@ -315,8 +319,8 @@ void *memmove(void *dest, const void *src, size_t len)
> #undef memcpy
> void *memcpy(void *dest, const void *src, size_t len)
> {
> - __asan_loadN((unsigned long)src, len);
> - __asan_storeN((unsigned long)dest, len);
> + check_memory_region((unsigned long)src, len, false, _RET_IP_);
> + check_memory_region((unsigned long)dest, len, true, _RET_IP_);
>
> return __memcpy(dest, src, len);
> }
> @@ -698,22 +702,22 @@ void __asan_unregister_globals(struct kasan_global *globals, size_t size)
> }
> EXPORT_SYMBOL(__asan_unregister_globals);
>
> -#define DEFINE_ASAN_LOAD_STORE(size) \
> - void __asan_load##size(unsigned long addr) \
> - { \
> - check_memory_region(addr, size, false); \
> - } \
> - EXPORT_SYMBOL(__asan_load##size); \
> - __alias(__asan_load##size) \
> - void __asan_load##size##_noabort(unsigned long); \
> - EXPORT_SYMBOL(__asan_load##size##_noabort); \
> - void __asan_store##size(unsigned long addr) \
> - { \
> - check_memory_region(addr, size, true); \
> - } \
> - EXPORT_SYMBOL(__asan_store##size); \
> - __alias(__asan_store##size) \
> - void __asan_store##size##_noabort(unsigned long); \
> +#define DEFINE_ASAN_LOAD_STORE(size) \
> + void __asan_load##size(unsigned long addr) \
> + { \
> + check_memory_region_inline(addr, size, false, _RET_IP_);\
> + } \
> + EXPORT_SYMBOL(__asan_load##size); \
> + __alias(__asan_load##size) \
> + void __asan_load##size##_noabort(unsigned long); \
> + EXPORT_SYMBOL(__asan_load##size##_noabort); \
> + void __asan_store##size(unsigned long addr) \
> + { \
> + check_memory_region_inline(addr, size, true, _RET_IP_); \
> + } \
> + EXPORT_SYMBOL(__asan_store##size); \
> + __alias(__asan_store##size) \
> + void __asan_store##size##_noabort(unsigned long); \
> EXPORT_SYMBOL(__asan_store##size##_noabort)
>
> DEFINE_ASAN_LOAD_STORE(1);
> @@ -724,7 +728,7 @@ DEFINE_ASAN_LOAD_STORE(16);
>
> void __asan_loadN(unsigned long addr, size_t size)
> {
> - check_memory_region(addr, size, false);
> + check_memory_region(addr, size, false, _RET_IP_);
> }
> EXPORT_SYMBOL(__asan_loadN);
>
> @@ -734,7 +738,7 @@ EXPORT_SYMBOL(__asan_loadN_noabort);
>
> void __asan_storeN(unsigned long addr, size_t size)
> {
> - check_memory_region(addr, size, true);
> + check_memory_region(addr, size, true, _RET_IP_);
> }
> EXPORT_SYMBOL(__asan_storeN);
>
> --Reviewed-by:
> 2.7.3
>
Acked-by: Alexander Potapenko <glider@google.com>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-05-13 12:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-06 12:45 [PATCH 1/4] kasan/tests: add tests for user memory access functions Andrey Ryabinin
2016-05-06 12:45 ` [PATCH 2/4] mm/kasan: print name of mem[set,cpy,move]() caller in report Andrey Ryabinin
2016-05-13 12:15 ` Alexander Potapenko [this message]
2016-05-06 12:45 ` [PATCH 3/4] mm/kasan: add API to check memory regions Andrey Ryabinin
2016-05-13 12:18 ` Alexander Potapenko
2016-05-06 12:45 ` [PATCH 4/4] x86/kasan: Instrument user memory access API Andrey Ryabinin
2016-05-09 5:08 ` Dmitry Vyukov
2016-05-09 6:29 ` Ingo Molnar
2016-05-10 8:33 ` [PATCH] x86-kasan-instrument-user-memory-access-api-fix Andrey Ryabinin
2016-05-06 22:48 ` [PATCH 1/4] kasan/tests: add tests for user memory access functions Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAG_fn=UBY_z1i+f6hUmMtf2R1CeWawNA9iwDVQ7rFNensiDgow@mail.gmail.com' \
--to=glider@google.com \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=dvyukov@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox