Re: [PATCH] kasan: fix quarantine conflicting with init_on_free

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Marco Elver <elver@google.com>
To: Andrey Konovalov <andreyknvl@gmail.com>
Cc: andrey.konovalov@linux.dev,
	Alexander Potapenko <glider@google.com>,
	 Andrew Morton <akpm@linux-foundation.org>,
	Dmitry Vyukov <dvyukov@google.com>,
	 Andrey Ryabinin <ryabinin.a.a@gmail.com>,
	kasan-dev <kasan-dev@googlegroups.com>,
	 Linux Memory Management List <linux-mm@kvack.org>,
	LKML <linux-kernel@vger.kernel.org>,
	 Andrey Konovalov <andreyknvl@google.com>
Subject: Re: [PATCH] kasan: fix quarantine conflicting with init_on_free
Date: Mon, 20 Dec 2021 18:19:37 +0100	[thread overview]
Message-ID: <CANpmjNOgBVoUiqK809CsUzo_eb_04+Vh3w1GWxS+VLAh7JBk9w@mail.gmail.com> (raw)
In-Reply-To: <CA+fCnZcMWA_VT83dXqD-bFJGG073KWPnULAPYK1=BhQkGsHzUQ@mail.gmail.com>

On Mon, 20 Dec 2021 at 18:16, Andrey Konovalov <andreyknvl@gmail.com> wrote:
>
> On Mon, Dec 20, 2021 at 6:07 PM Marco Elver <elver@google.com> wrote:
> >
> > On Mon, 20 Dec 2021 at 17:37, <andrey.konovalov@linux.dev> wrote:
> > >
> > > From: Andrey Konovalov <andreyknvl@google.com>
> > >
> > > KASAN's quarantine might save its metadata inside freed objects. As
> > > this happens after the memory is zeroed by the slab allocator when
> > > init_on_free is enabled, the memory coming out of quarantine is not
> > > properly zeroed.
> > >
> > > This causes lib/test_meminit.c tests to fail with Generic KASAN.
> > >
> > > Zero the metadata when the object is removed from quarantine.
> > >
> > > Fixes: 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options")
> > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
> > > ---
> > >  mm/kasan/quarantine.c | 11 +++++++++++
> > >  1 file changed, 11 insertions(+)
> > >
> > > diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
> > > index 587da8995f2d..2e50869fd8e2 100644
> > > --- a/mm/kasan/quarantine.c
> > > +++ b/mm/kasan/quarantine.c
> > > @@ -132,11 +132,22 @@ static void *qlink_to_object(struct qlist_node *qlink, struct kmem_cache *cache)
> > >  static void qlink_free(struct qlist_node *qlink, struct kmem_cache *cache)
> > >  {
> > >         void *object = qlink_to_object(qlink, cache);
> > > +       struct kasan_free_meta *meta = kasan_get_free_meta(cache, object);
> > >         unsigned long flags;
> > >
> > >         if (IS_ENABLED(CONFIG_SLAB))
> > >                 local_irq_save(flags);
> > >
> > > +       /*
> > > +        * If init_on_free is enabled and KASAN's free metadata is stored in
> > > +        * the object, zero the metadata. Otherwise, the object's memory will
> > > +        * not be properly zeroed, as KASAN saves the metadata after the slab
> > > +        * allocator zeroes the object.
> > > +        */
> > > +       if (slab_want_init_on_free(cache) &&
> > > +           cache->kasan_info.free_meta_offset == 0)
> > > +               memset(meta, 0, sizeof(*meta));
> >
> > memzero_explicit()
> >
> > although in this case it probably doesn't matter much, because AFAIK
> > memzero_explicit() only exists to prevent the compiler from eliding
> > the zeroing. Up to you.
>
> I've thought about using memzero_explicit(), but the rest of
> init_on_alloc/free code uses memset(0) so I decided to use it as well.
> If we decide to switch to memzero_explicit(), it makes sense to do it
> everywhere.

memzero_explicit() is newer than those existing memset(0) -- new code
should probably start using it.

So I'd opt for just using it here. Who knows what other optimizations
future compilers may come up with.

     prev parent reply	other threads:[~2021-12-20 17:19 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-20 16:37 andrey.konovalov
2021-12-20 17:07 ` Marco Elver
2021-12-20 17:15   ` Andrey Konovalov
2021-12-20 17:19     ` Marco Elver [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CANpmjNOgBVoUiqK809CsUzo_eb_04+Vh3w1GWxS+VLAh7JBk9w@mail.gmail.com \
    --to=elver@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=andrey.konovalov@linux.dev \
    --cc=andreyknvl@gmail.com \
    --cc=andreyknvl@google.com \
    --cc=dvyukov@google.com \
    --cc=glider@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=ryabinin.a.a@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox