Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S966490AbbBCRnv (ORCPT <rfc822;w@1wt.eu>);
	Tue, 3 Feb 2015 12:43:51 -0500
Received: from mailout1.w1.samsung.com ([210.118.77.11]:52357 "EHLO
	mailout1.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S966418AbbBCRni (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 3 Feb 2015 12:43:38 -0500
X-AuditID: cbfec7f5-b7fc86d0000066b7-98-54d108365a69
From: Andrey Ryabinin <a.ryabinin@samsung.com>
To: linux-kernel@vger.kernel.org
Cc: Andrey Ryabinin <a.ryabinin@samsung.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Konstantin Serebryany <kcc@google.com>,
        Dmitry Chernenkov <dmitryc@google.com>,
        Andrey Konovalov <adech.fo@gmail.com>,
        Yuri Gribov <tetra2005@gmail.com>,
        Konstantin Khlebnikov <koct9i@gmail.com>,
        Sasha Levin <sasha.levin@oracle.com>, Christoph Lameter <cl@linux.com>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Dave Hansen <dave.hansen@intel.com>, Andi Kleen <andi@firstfloor.org>,
        x86@kernel.org, linux-mm@kvack.org, Pekka Enberg <penberg@kernel.org>,
        David Rientjes <rientjes@google.com>
Subject: [PATCH v11 08/19] mm: slub: introduce
 metadata_access_enable()/metadata_access_disable()
Date: Tue, 03 Feb 2015 20:43:01 +0300
Message-id: <1422985392-28652-9-git-send-email-a.ryabinin@samsung.com>
X-Mailer: git-send-email 2.2.2
In-reply-to: <1422985392-28652-1-git-send-email-a.ryabinin@samsung.com>
References: <1404905415-9046-1-git-send-email-a.ryabinin@samsung.com>
 <1422985392-28652-1-git-send-email-a.ryabinin@samsung.com>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrALMWRmVeSWpSXmKPExsVy+t/xK7pmHBdDDGbf5LLY9usRm8XvvTNZ
	LeasX8NmceTad3aL69/eMFp8evmA0eL5w4fsFhMetrFbrOxuZrPY/uwtk8XKzgesFpd3zWGz
	uLfmP6tF2+d/QGLJRiaLxUduM1u8ezaZ2eLHhsesDkIe83d+ZPTYOesuu8eCTaUei/e8ZPLY
	tKqTzWPTp0nsHl1vrzB5nJjxm8XjyZXpTB4fn95i8ejbsorR4/MmuQCeKC6blNSczLLUIn27
	BK6MEys/sRW8EKvoef+IvYHxvFAXIyeHhICJxKb3l1ghbDGJC/fWs3UxcnEICSxllLjVu5MF
	wuljktjYD5Lh5GAT0JP4N2s7mC0ioCCxufcZK0gRs8BnFonHXdfAEsICyRIP328Cs1kEVCXe
	71/KAmLzCrhJXH+6AqiBA2idnMSFj/EgYU4Bd4l9/c8YIZY1MUq8WdzCPIGRdwEjwypG0dTS
	5ILipPRcI73ixNzi0rx0veT83E2MkFj4uoNx6TGrQ4wCHIxKPLwa7y6ECLEmlhVX5h5ilOBg
	VhLh3fMbKMSbklhZlVqUH19UmpNafIiRiYNTqoGRc4VabsixyC+hnsdvCyiuTz842yQktNhY
	/JPQtUP9sceiXl9vk1h9arI0x//bPccuP9nfeVxnbpOVZ87nfVlzb7l5PH7Od3mx5WIb5mVH
	ltbeWx8nY8USe+N3wOFpQvf0HdX3PiqSi3Zec6n/0k6p/2bRgp6Ndpu/2j5KTsnXKMxY+D1m
	T1WyEktxRqKhFnNRcSIAvbsmsWMCAAA=
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 3071
Lines: 99

It's ok for slub to access memory that marked by kasan as inaccessible
(object's metadata). Kasan shouldn't print report in that case because
these accesses are valid. Disabling instrumentation of slub.c code is
not enough to achieve this because slub passes pointer to object's
metadata into external functions like memchr_inv().

We don't want to disable instrumentation for memchr_inv() because
this is quite generic function, and we don't want to miss bugs.

metadata_access_enable/metadata_access_disable used to tell
KASan where accesses to metadata starts/end, so we
could temporarily disable KASan reports.

Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
---
 mm/slub.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/mm/slub.c b/mm/slub.c
index 3eb73f5..390972f 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -20,6 +20,7 @@
 #include <linux/proc_fs.h>
 #include <linux/notifier.h>
 #include <linux/seq_file.h>
+#include <linux/kasan.h>
 #include <linux/kmemcheck.h>
 #include <linux/cpu.h>
 #include <linux/cpuset.h>
@@ -468,12 +469,30 @@ static char *slub_debug_slabs;
 static int disable_higher_order_debug;
 
 /*
+ * slub is about to manipulate internal object metadata.  This memory lies
+ * outside the range of the allocated object, so accessing it would normally
+ * be reported by kasan as a bounds error.  metadata_access_enable() is used
+ * to tell kasan that these accesses are OK.
+ */
+static inline void metadata_access_enable(void)
+{
+	kasan_disable_current();
+}
+
+static inline void metadata_access_disable(void)
+{
+	kasan_enable_current();
+}
+
+/*
  * Object debugging
  */
 static void print_section(char *text, u8 *addr, unsigned int length)
 {
+	metadata_access_enable();
 	print_hex_dump(KERN_ERR, text, DUMP_PREFIX_ADDRESS, 16, 1, addr,
 			length, 1);
+	metadata_access_disable();
 }
 
 static struct track *get_track(struct kmem_cache *s, void *object,
@@ -503,7 +522,9 @@ static void set_track(struct kmem_cache *s, void *object,
 		trace.max_entries = TRACK_ADDRS_COUNT;
 		trace.entries = p->addrs;
 		trace.skip = 3;
+		metadata_access_enable();
 		save_stack_trace(&trace);
+		metadata_access_disable();
 
 		/* See rant in lockdep.c */
 		if (trace.nr_entries != 0 &&
@@ -677,7 +698,9 @@ static int check_bytes_and_report(struct kmem_cache *s, struct page *page,
 	u8 *fault;
 	u8 *end;
 
+	metadata_access_enable();
 	fault = memchr_inv(start, value, bytes);
+	metadata_access_disable();
 	if (!fault)
 		return 1;
 
@@ -770,7 +793,9 @@ static int slab_pad_check(struct kmem_cache *s, struct page *page)
 	if (!remainder)
 		return 1;
 
+	metadata_access_enable();
 	fault = memchr_inv(end - remainder, POISON_INUSE, remainder);
+	metadata_access_disable();
 	if (!fault)
 		return 1;
 	while (end > fault && end[-1] == POISON_INUSE)
-- 
2.2.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/