2020-05-06 06:04:16

by Walter Wu

[permalink] [raw]
Subject: [PATCH 0/3] kasan: memorize and print call_rcu stack

This patchset improves KASAN reports by making them to have
call_rcu() call stack information. It is helpful for programmers
to solve use-after-free or double-free memory issue.

The KASAN report was as follows(cleaned up slightly):

BUG: KASAN: use-after-free in kasan_rcu_reclaim+0x58/0x60

Freed by task 0:
save_stack+0x24/0x50
__kasan_slab_free+0x110/0x178
kasan_slab_free+0x10/0x18
kfree+0x98/0x270
kasan_rcu_reclaim+0x1c/0x60
rcu_core+0x8b4/0x10f8
rcu_core_si+0xc/0x18
efi_header_end+0x238/0xa6c

First call_rcu() call stack:
save_stack+0x24/0x50
kasan_record_callrcu+0xc8/0xd8
call_rcu+0x190/0x580
kasan_rcu_uaf+0x1d8/0x278

Last call_rcu() call stack:
(stack is not available)


Add new CONFIG option to record first and last call_rcu() call stack
and KASAN report prints two call_rcu() call stack.

This option doesn't increase the cost of memory consumption. It is
only suitable for generic KASAN.

[1]https://bugzilla.kernel.org/show_bug.cgi?id=198437

Walter Wu (3):
rcu/kasan: record and print call_rcu() call stack
kasan: record and print the free track
kasan: add KASAN_RCU_STACK_RECORD documentation

Documentation/dev-tools/kasan.rst | 21 +++++++++++++++++++++
include/linux/kasan.h | 7 +++++++
kernel/rcu/tree.c | 5 +++++
lib/Kconfig.kasan | 11 +++++++++++
mm/kasan/common.c | 31 +++++++++++++++++++++++++++++++
mm/kasan/kasan.h | 12 ++++++++++++
mm/kasan/report.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++-------
7 files changed, 133 insertions(+), 7 deletions(-)