Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932333AbaGOHnm (ORCPT ); Tue, 15 Jul 2014 03:43:42 -0400 Received: from mailout3.w1.samsung.com ([210.118.77.13]:14484 "EHLO mailout3.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757825AbaGOHnk (ORCPT ); Tue, 15 Jul 2014 03:43:40 -0400 X-AuditID: cbfec7f4-b7fac6d000006cfe-a6-53c4db9fff10 Message-id: <53C4DA54.3010502@samsung.com> Date: Tue, 15 Jul 2014 11:37:56 +0400 From: Andrey Ryabinin User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-version: 1.0 To: Joonsoo Kim Cc: linux-kernel@vger.kernel.org, Dmitry Vyukov , Konstantin Serebryany , Alexey Preobrazhensky , Andrey Konovalov , Yuri Gribov , Konstantin Khlebnikov , Sasha Levin , Michal Marek , Russell King , Thomas Gleixner , Ingo Molnar , Christoph Lameter , Pekka Enberg , David Rientjes , Andrew Morton , linux-kbuild@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, linux-mm@kvack.org Subject: Re: [RFC/PATCH RESEND -next 14/21] mm: slub: kasan: disable kasan when touching unaccessible memory References: <1404905415-9046-1-git-send-email-a.ryabinin@samsung.com> <1404905415-9046-15-git-send-email-a.ryabinin@samsung.com> <20140715060405.GI11317@js1304-P5Q-DELUXE> In-reply-to: <20140715060405.GI11317@js1304-P5Q-DELUXE> Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPIsWRmVeSWpSXmKPExsVy+t/xy7rzbx8JNpi/0cDi996ZrBZz1q9h s7j+7Q2jxYSHbewWK7ub2Sy2P3vLZLGy8wGrxabH11gt/uzawWRxedccNot7a/6zWty+zGtx 6cACJouWfReYLNo+/2O12LfyPJC1ZCOTxeIjt5kt3j2bzGyxedNUZosfGx6zOoh6tDT3sHns nHWX3WPBplKPTas62Tw2fZrE7tH19gqTx7tz59g9Tsz4zeLx5Mp0Jo/NS+o9Pj69xeLxft9V No8zC46we3zeJBfAF8Vlk5Kak1mWWqRvl8CV8fpDXkG7RsWeaZeZGxg/yXcxcnJICJhIbG75 xARhi0lcuLeerYuRi0NIYCmjxLmjK9ghnGYmiaZNL8CqeAW0JO4u28EIYrMIqEq8vfMVzGYT 0JP4N2s7G4gtKhAhcaDvGStEvaDEj8n3WEBsEQENidWrNjODDGUWOM8qcf/VL7ChwgJ5EjvO d7NCbFvPKPHp6VWwBKeAuUTL0YdgU5kFdCT2t06DsuUlNq95yzyBUWAWkiWzkJTNQlK2gJF5 FaNoamlyQXFSeq6hXnFibnFpXrpecn7uJkZIJH/Zwbj4mNUhRgEORiUe3gqxw8FCrIllxZW5 hxglOJiVRHg9Fh8JFuJNSaysSi3Kjy8qzUktPsTIxMEp1cCodme7SFNwSGXF9Ve31Npbp8eH zT8tvoTPzdrr9s0AxVWzO9kc3BJyqtt6cs/rL55q4CK10W6zYoz1nEdbbrc+8Im7fkzu5WtB Ndu5LEc0dHdtE1K3VQua/3FvuT67pJXogz0iXab+t8Xv3iqWKfGOfWPyXepJrGnWesFvke6v vI/ssFVaOlGJpTgj0VCLuag4EQDtshjCwgIAAA== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/15/14 10:04, Joonsoo Kim wrote: > On Wed, Jul 09, 2014 at 03:30:08PM +0400, Andrey Ryabinin wrote: >> Some code in slub could validly touch memory marked by kasan as unaccessible. >> Even though slub.c doesn't instrumented, functions called in it are instrumented, >> so to avoid false positive reports such places are protected by >> kasan_disable_local()/kasan_enable_local() calls. >> >> Signed-off-by: Andrey Ryabinin >> --- >> mm/slub.c | 21 +++++++++++++++++++-- >> 1 file changed, 19 insertions(+), 2 deletions(-) >> >> diff --git a/mm/slub.c b/mm/slub.c >> index 6ddedf9..c8dbea7 100644 >> --- a/mm/slub.c >> +++ b/mm/slub.c >> @@ -560,8 +560,10 @@ static void print_tracking(struct kmem_cache *s, void *object) >> if (!(s->flags & SLAB_STORE_USER)) >> return; >> >> + kasan_disable_local(); >> print_track("Allocated", get_track(s, object, TRACK_ALLOC)); >> print_track("Freed", get_track(s, object, TRACK_FREE)); >> + kasan_enable_local(); > > I don't think that this is needed since print_track() doesn't call > external function with object pointer. print_track() call pr_err(), but, > before calling, it retrieve t->addrs[i] so memory access only occurs > in slub.c. > Agree. >> } >> >> static void print_page_info(struct page *page) >> @@ -604,6 +606,8 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) >> unsigned int off; /* Offset of last byte */ >> u8 *addr = page_address(page); >> >> + kasan_disable_local(); >> + >> print_tracking(s, p); >> >> print_page_info(page); >> @@ -632,6 +636,8 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) >> /* Beginning of the filler is the free pointer */ >> print_section("Padding ", p + off, s->size - off); >> >> + kasan_enable_local(); >> + >> dump_stack(); >> } > > And, I recommend that you put this hook on right place. > At a glance, the problematic function is print_section() which have > external function call, print_hex_dump(), with object pointer. > If you disable kasan in print_section, all the below thing won't be > needed, I guess. > Nope, at least memchr_inv() call in slab_pad_check will be a problem. I think putting disable/enable only where we strictly need them might be a problem for future maintenance of slub. If someone is going to add a new function call somewhere, he must ensure that it this call won't be a problem for kasan. > Thanks. > >> >> @@ -1012,6 +1018,8 @@ static noinline int alloc_debug_processing(struct kmem_cache *s, >> struct page *page, >> void *object, unsigned long addr) >> { >> + >> + kasan_disable_local(); >> if (!check_slab(s, page)) >> goto bad; >> >> @@ -1028,6 +1036,7 @@ static noinline int alloc_debug_processing(struct kmem_cache *s, >> set_track(s, object, TRACK_ALLOC, addr); >> trace(s, page, object, 1); >> init_object(s, object, SLUB_RED_ACTIVE); >> + kasan_enable_local(); >> return 1; >> >> bad: >> @@ -1041,6 +1050,7 @@ bad: >> page->inuse = page->objects; >> page->freelist = NULL; >> } >> + kasan_enable_local(); >> return 0; >> } >> >> @@ -1052,6 +1062,7 @@ static noinline struct kmem_cache_node *free_debug_processing( >> >> spin_lock_irqsave(&n->list_lock, *flags); >> slab_lock(page); >> + kasan_disable_local(); >> >> if (!check_slab(s, page)) >> goto fail; >> @@ -1088,6 +1099,7 @@ static noinline struct kmem_cache_node *free_debug_processing( >> trace(s, page, object, 0); >> init_object(s, object, SLUB_RED_INACTIVE); >> out: >> + kasan_enable_local(); >> slab_unlock(page); >> /* >> * Keep node_lock to preserve integrity >> @@ -1096,6 +1108,7 @@ out: >> return n; >> >> fail: >> + kasan_enable_local(); >> slab_unlock(page); >> spin_unlock_irqrestore(&n->list_lock, *flags); >> slab_fix(s, "Object at 0x%p not freed", object); >> @@ -1371,8 +1384,11 @@ static void setup_object(struct kmem_cache *s, struct page *page, >> void *object) >> { >> setup_object_debug(s, page, object); >> - if (unlikely(s->ctor)) >> + if (unlikely(s->ctor)) { >> + kasan_disable_local(); >> s->ctor(object); >> + kasan_enable_local(); >> + } >> } >> static struct page *new_slab(struct kmem_cache *s, gfp_t flags, int node) >> @@ -1425,11 +1441,12 @@ static void __free_slab(struct kmem_cache *s, struct page *page) >> >> if (kmem_cache_debug(s)) { >> void *p; >> - >> + kasan_disable_local(); >> slab_pad_check(s, page); >> for_each_object(p, s, page_address(page), >> page->objects) >> check_object(s, page, p, SLUB_RED_INACTIVE); >> + kasan_enable_local(); >> } >> >> kmemcheck_free_shadow(page, compound_order(page)); >> -- >> 1.8.5.5 >> >> -- >> To unsubscribe, send a message with 'unsubscribe linux-mm' in >> the body to majordomo@kvack.org. For more info on Linux MM, >> see: http://www.linux-mm.org/ . >> Don't email: email@kvack.org > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/