From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 484C4C433F5 for ; Thu, 2 Dec 2021 14:17:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7E2446B0072; Thu, 2 Dec 2021 09:17:23 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 792FD6B0073; Thu, 2 Dec 2021 09:17:23 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 659876B0074; Thu, 2 Dec 2021 09:17:23 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0160.hostedemail.com [216.40.44.160]) by kanga.kvack.org (Postfix) with ESMTP id 565E56B0072 for ; Thu, 2 Dec 2021 09:17:23 -0500 (EST) Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 10592183DEA8E for ; Thu, 2 Dec 2021 14:17:13 +0000 (UTC) X-FDA: 78873056346.14.82F2A7F Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by imf25.hostedemail.com (Postfix) with ESMTP id 56C49B000186 for ; Thu, 2 Dec 2021 14:17:15 +0000 (UTC) Received: by mail-wr1-f45.google.com with SMTP id d24so60089047wra.0 for ; Thu, 02 Dec 2021 06:17:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=6crFa5jut9iv6wEdQoYG1FoOh3TuBW6gGjCQbNAlfgU=; b=MJa0kwqOVTqnYChJGjc6rifzpReJuwNu8nD6ojERjBmxo/YrFL9XXv74a2+4heXeBz CSygro8TsR1Gq6vcRdRbV+ggnWGmt+Lzp1ERB17vWfqtZcersNSAf5qT2ctxs75PmegZ EyR1V9wvKczj8ggVaBl606PjXexi2PdhBqXJo2NXC8xz1C/gq2RfW2Fqq6/fy2ag/lQG ctLgCuMXRwdlPL2OGOfCjcu5lOONGn/ffXfmvlF0q1z/BSM1bwgn2CCoiGjP3OfrkbOL ShxCjJw1lM6abN/SDKVniP2auRaFzYfJvpE9ikhOC2xfI1WaK4iIGTcBDT9LgrnBFkGM DQnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=6crFa5jut9iv6wEdQoYG1FoOh3TuBW6gGjCQbNAlfgU=; b=NG6tLz2CMuYrEm0R3KoK8I7n39iv5yHnlUfb1QCtZPizFvMDfCH0d06XxPPhsCWP9r GKTXqDsFLaoRoh9PWLI1kmYfGEs8Lt5YSYkBgOBdhMH06PWasnkWW321x0Yc+aq/tM/G ylceEU1E2Ixd0RhFrczhbpUoL2B/U9Hw4SDVoTpK+/LhPdv78b1WUGYkWgpniu+dkNUA 1qyZuQstrkEnY8Al1fLGQhu+fdLVaUQDUQUGmDtgkYW35WuhM3SiG08xN1gblFAEZKZp cwc8L3Jr5owQq+7ZoPNJOIWHO+JZszJuMmf/F7fksYMJ/vAeCMHKxwF3PsStpzvLLsm4 mV+A== X-Gm-Message-State: AOAM531oYfZ4vWL2d8g4pom4K6FomWPhRj0C6wKreTMFz8IU5JtKM+I+ TEAN36wh/E8fLrWVybR6MJY8FQ== X-Google-Smtp-Source: ABdhPJwvVCvONEewSciXXKmScLOE7f2Dn/qi3iLNwUVUS0URPH1luvtU9mxdZbrYfqk67jKClStstg== X-Received: by 2002:adf:f489:: with SMTP id l9mr15258640wro.268.1638454630376; Thu, 02 Dec 2021 06:17:10 -0800 (PST) Received: from elver.google.com ([2a00:79e0:15:13:ddd6:f3c9:b2f0:82f3]) by smtp.gmail.com with ESMTPSA id t11sm2717493wrz.97.2021.12.02.06.17.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Dec 2021 06:17:09 -0800 (PST) Date: Thu, 2 Dec 2021 15:17:04 +0100 From: Marco Elver To: andrey.konovalov@linux.dev Cc: Alexander Potapenko , Vincenzo Frascino , Catalin Marinas , Peter Collingbourne , Andrey Konovalov , Dmitry Vyukov , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, Will Deacon , linux-arm-kernel@lists.infradead.org, Evgenii Stepanov , linux-kernel@vger.kernel.org, Andrey Konovalov Subject: Re: [PATCH 20/31] kasan, vmalloc: reset tags in vmalloc functions Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/2.0.5 (2021-01-21) X-Stat-Signature: qxsnf35ona47srxxq5zomh33fb5f4gi6 Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=MJa0kwqO; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf25.hostedemail.com: domain of elver@google.com designates 209.85.221.45 as permitted sender) smtp.mailfrom=elver@google.com X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 56C49B000186 X-HE-Tag: 1638454635-635631 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Nov 30, 2021 at 11:07PM +0100, andrey.konovalov@linux.dev wrote: > From: Andrey Konovalov > > In preparation for adding vmalloc support to SW/HW_TAGS KASAN, > reset pointer tags in functions that use pointer values in > range checks. > > vread() is a special case here. Resetting the pointer tag in its > prologue could technically lead to missing bad accesses to virtual > mappings in its implementation. However, vread() doesn't access the > virtual mappings cirectly. Instead, it recovers the physical address s/cirectly/directly/ But this paragraph is a little confusing, because first you point out that vread() might miss bad accesses, but then say that it does checked accesses. I think to avoid confusing the reader, maybe just say that vread() is checked, but hypothetically, should its implementation change to directly access addr, invalid accesses might be missed. Did I get this right? Or am I still confused? > via page_address(vmalloc_to_page()) and acceses that. And as > page_address() recovers the pointer tag, the accesses are checked. > > Signed-off-by: Andrey Konovalov > --- > mm/vmalloc.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index c5235e3e5857..a059b3100c0a 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -72,7 +72,7 @@ static const bool vmap_allow_huge = false; > > bool is_vmalloc_addr(const void *x) > { > - unsigned long addr = (unsigned long)x; > + unsigned long addr = (unsigned long)kasan_reset_tag(x); > > return addr >= VMALLOC_START && addr < VMALLOC_END; > } > @@ -630,7 +630,7 @@ int is_vmalloc_or_module_addr(const void *x) > * just put it in the vmalloc space. > */ > #if defined(CONFIG_MODULES) && defined(MODULES_VADDR) > - unsigned long addr = (unsigned long)x; > + unsigned long addr = (unsigned long)kasan_reset_tag(x); > if (addr >= MODULES_VADDR && addr < MODULES_END) > return 1; > #endif > @@ -804,6 +804,8 @@ static struct vmap_area *find_vmap_area_exceed_addr(unsigned long addr) > struct vmap_area *va = NULL; > struct rb_node *n = vmap_area_root.rb_node; > > + addr = (unsigned long)kasan_reset_tag((void *)addr); > + > while (n) { > struct vmap_area *tmp; > > @@ -825,6 +827,8 @@ static struct vmap_area *__find_vmap_area(unsigned long addr) > { > struct rb_node *n = vmap_area_root.rb_node; > > + addr = (unsigned long)kasan_reset_tag((void *)addr); > + > while (n) { > struct vmap_area *va; > > @@ -2143,7 +2147,7 @@ EXPORT_SYMBOL_GPL(vm_unmap_aliases); > void vm_unmap_ram(const void *mem, unsigned int count) > { > unsigned long size = (unsigned long)count << PAGE_SHIFT; > - unsigned long addr = (unsigned long)mem; > + unsigned long addr = (unsigned long)kasan_reset_tag(mem); > struct vmap_area *va; > > might_sleep(); > @@ -3361,6 +3365,8 @@ long vread(char *buf, char *addr, unsigned long count) > unsigned long buflen = count; > unsigned long n; > > + addr = kasan_reset_tag(addr); > + > /* Don't allow overflow */ > if ((unsigned long) addr + count < count) > count = -(unsigned long) addr; > -- > 2.25.1 >