From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C1A3C433E1 for ; Tue, 25 Aug 2020 08:26:44 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0DF8A2067C for ; Tue, 25 Aug 2020 08:26:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mE7Ydj/t" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0DF8A2067C Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 837C66B0093; Tue, 25 Aug 2020 04:26:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 80CBB6B0095; Tue, 25 Aug 2020 04:26:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6FFCA8E0011; Tue, 25 Aug 2020 04:26:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0136.hostedemail.com [216.40.44.136]) by kanga.kvack.org (Postfix) with ESMTP id 543C16B0093 for ; Tue, 25 Aug 2020 04:26:43 -0400 (EDT) Received: from smtpin07.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 0A7DC3629 for ; Tue, 25 Aug 2020 08:26:43 +0000 (UTC) X-FDA: 77188409886.07.beds91_2013e122705a Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin07.hostedemail.com (Postfix) with ESMTP id D19521803F9AC for ; Tue, 25 Aug 2020 08:26:42 +0000 (UTC) X-HE-Tag: beds91_2013e122705a X-Filterd-Recvd-Size: 5533 Received: from mail-oi1-f193.google.com (mail-oi1-f193.google.com [209.85.167.193]) by imf49.hostedemail.com (Postfix) with ESMTP for ; Tue, 25 Aug 2020 08:26:42 +0000 (UTC) Received: by mail-oi1-f193.google.com with SMTP id n128so10906435oif.0 for ; Tue, 25 Aug 2020 01:26:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FC5Hg6COXCLaWmmWNTz40PS96oTnHUqlyjZL5YEDjmI=; b=mE7Ydj/tIvyII6lomwmN1NR0MhMKAfEoekSi7y1J/k3ZNS2dnD6AhDjL5WPSSwIQhm 2Q0JrJSi23rD3J5faSQlxhqF+ng5SP2GoY1jmrM9ck4FQNHYVtYw5Xf9DtY3k+SyszJ0 uuXE7w7FrYLEXnDuOEPQx1wFVWbq40auNwZI2K+5sQsOdeUllOFcORseNaiXyghzY8Fz zTncDRbkjQoLPYoEXGJhL8nVkDUwA2XLDskzTyh7KR1ULBHzjN+sdbf3m8I9nksHQLrj PL+6W5Xb9f2gylfIg2mMFkN2yhST1Xw0vv/Cenk0s0RPc9aixJEPovw86FBtXCDVSMDv o98A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FC5Hg6COXCLaWmmWNTz40PS96oTnHUqlyjZL5YEDjmI=; b=Y0z979WiEwbsGXsBxhDpG4/EPyX/OarxAorPV6Iburw+Oeh+ggkBtDOoQmFFMx6gaB oBsPyIg+jQaG6nfTx/m0CwxEFEet9Xw/120nPnqPxjVV7K/BUyRNK1o+CPbTcKbOS9Kf 8OY+w8DoBzx7blL72dL7yM8W42UCR/NVDwBDSB2TQFyXuSsXbZqHk16yMMUa83DB33vb 7SuRjKX1IXKZhe9IChq9egCYKFj8mIUY5iZ1TKmiZWP+6enE42uTDRQjww4a4JC/DTy4 oEGQ2gXdxrMOAVzsVWaBm4WvMJmsKGvcLNNweUWfvKfOlIou/OxuXJGr507df4bVr1oE 7XjQ== X-Gm-Message-State: AOAM532vGLhNW5CCs/1VPCpm8ZFiAvvYTQrehG1HxNYhTLwdab7O+jyB hGowFZAjYcLxk6wH5QmEPYmilmm7UvMvRvGMHMqjJA== X-Google-Smtp-Source: ABdhPJxD71P1F4ZzbI6iFZEZrr1MZD1sm9wMnlc4GSnJlk+0Zk7Erabn/fwXngbccV76Y6VS7e44EThTikvb+R3DQfs= X-Received: by 2002:aca:aa8c:: with SMTP id t134mr407296oie.121.1598344001584; Tue, 25 Aug 2020 01:26:41 -0700 (PDT) MIME-Version: 1.0 References: <20200825015654.27781-1-walter-zh.wu@mediatek.com> In-Reply-To: <20200825015654.27781-1-walter-zh.wu@mediatek.com> From: Marco Elver Date: Tue, 25 Aug 2020 10:26:30 +0200 Message-ID: Subject: Re: [PATCH v3 0/6] kasan: add workqueue and timer stack for generic KASAN To: Walter Wu Cc: Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Matthias Brugger , John Stultz , Stephen Boyd , Andrew Morton , Tejun Heo , Lai Jiangshan , kasan-dev , Linux Memory Management List , LKML , Linux ARM , wsd_upstream , linux-mediatek@lists.infradead.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: D19521803F9AC X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam03 X-Bogosity: Ham, tests=bogofilter, spamicity=0.001356, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, 25 Aug 2020 at 03:57, Walter Wu wrote: > > Syzbot reports many UAF issues for workqueue or timer, see [1] and [2]. > In some of these access/allocation happened in process_one_work(), > we see the free stack is useless in KASAN report, it doesn't help > programmers to solve UAF on workqueue. The same may stand for times. > > This patchset improves KASAN reports by making them to have workqueue > queueing stack and timer stack information. It is useful for programmers > to solve use-after-free or double-free memory issue. > > Generic KASAN also records the last two workqueue and timer stacks and > prints them in KASAN report. It is only suitable for generic KASAN. > > [1]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22+process_one_work > [2]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22%20expire_timers > [3]https://bugzilla.kernel.org/show_bug.cgi?id=198437 > > Walter Wu (6): > timer: kasan: record timer stack > workqueue: kasan: record workqueue stack > kasan: print timer and workqueue stack > lib/test_kasan.c: add timer test case > lib/test_kasan.c: add workqueue test case > kasan: update documentation for generic kasan Acked-by: Marco Elver > --- > > Changes since v2: > - modify kasan document to be more readable. > Thanks for Marco suggestion. > > Changes since v1: > - Thanks for Marco and Thomas suggestion. > - Remove unnecessary code and fix commit log > - reuse kasan_record_aux_stack() and aux_stack > to record timer and workqueue stack. > - change the aux stack title for common name. > > --- > > Documentation/dev-tools/kasan.rst | 4 ++-- > kernel/time/timer.c | 3 +++ > kernel/workqueue.c | 3 +++ > lib/test_kasan.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > mm/kasan/report.c | 4 ++-- > 5 files changed, 64 insertions(+), 4 deletions(-) > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200825015654.27781-1-walter-zh.wu%40mediatek.com.