Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754657AbbFSOGh (ORCPT ); Fri, 19 Jun 2015 10:06:37 -0400 Received: from mail.skyhub.de ([78.46.96.112]:38869 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751954AbbFSOG3 (ORCPT ); Fri, 19 Jun 2015 10:06:29 -0400 Date: Fri, 19 Jun 2015 16:06:22 +0200 From: Borislav Petkov To: Ingo Molnar Cc: Andrey Ryabinin , Alexander Popov , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Andrey Konovalov , Andrew Morton , Andy Lutomirski , Alexander Kuleshov , Denys Vlasenko , Peter Zijlstra , Kees Cook , x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v6 1/1] x86_64: fix KASan shadow region page tables Message-ID: <20150619140622.GF17826@pd.tnic> References: <1434613012-16046-1-git-send-email-alpopov@ptsecurity.com> <20150618090857.GB1385@pd.tnic> <5582B801.80705@samsung.com> <20150618145510.GC1385@pd.tnic> <5582EC30.8080104@samsung.com> <20150618163846.GF1385@pd.tnic> <558401BF.3040809@samsung.com> <20150619120603.GE17826@pd.tnic> <55841ACF.50302@samsung.com> <20150619140051.GA18930@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20150619140051.GA18930@gmail.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5903 Lines: 96 On Fri, Jun 19, 2015 at 04:00:51PM +0200, Ingo Molnar wrote: > It should also printk a one line message at bootup, so that people can > be sure they are running a KASan-enabled kernel. Yeah, especially if it slows down teh kernel by orders of magnitude. In any case, here's what it says in the guest: [ 117.061393] kasan test: kmalloc_oob_right out-of-bounds to right [ 117.067973] ================================================================== [ 117.071656] BUG: KASan: out of bounds access in kmalloc_oob_right+0x65/0x75 [test_kasan] at addr ffff88006816915b [ 117.071656] Write of size 1 by task insmod/3942 [ 117.071656] ============================================================================= [ 117.071656] BUG kmalloc-128 (Not tainted): kasan: bad access detected [ 117.071656] ----------------------------------------------------------------------------- [ 117.071656] [ 117.071656] Disabling lock debugging due to kernel taint [ 117.071656] INFO: Allocated in kmalloc_oob_right+0x3d/0x75 [test_kasan] age=5 cpu=1 pid=3942 [ 117.071656] __slab_alloc.isra.60.constprop.62+0x4c4/0x5e0 [ 117.071656] kmem_cache_alloc_trace+0x167/0x330 [ 117.071656] kmalloc_oob_right+0x3d/0x75 [test_kasan] [ 117.071656] kmalloc_tests_init+0x9/0x51 [test_kasan] [ 117.071656] do_one_initcall+0xb1/0x220 [ 117.071656] do_init_module+0xf7/0x2f8 [ 117.071656] load_module+0x2fe7/0x3e00 [ 117.071656] SyS_init_module+0x10d/0x120 [ 117.071656] system_call_fastpath+0x16/0x73 [ 117.071656] INFO: Freed in rcu_process_callbacks+0x3d3/0xd90 age=1511 cpu=6 pid=0 [ 117.071656] __slab_free+0x433/0x610 [ 117.071656] kfree+0x279/0x380 [ 117.071656] rcu_process_callbacks+0x3d3/0xd90 [ 117.071656] __do_softirq+0x154/0x7b0 [ 117.071656] irq_exit+0xba/0xe0 [ 117.071656] smp_apic_timer_interrupt+0x6a/0x80 [ 117.071656] apic_timer_interrupt+0x6d/0x80 [ 117.071656] arch_cpu_idle+0xf/0x20 [ 117.071656] cpu_startup_entry+0x5f1/0x7a0 [ 117.071656] start_secondary+0x21d/0x230 [ 117.071656] INFO: Slab 0xffffea0001a05a00 objects=37 used=31 fp=0xffff880068169290 flags=0x4000000000004080 [ 117.071656] INFO: Object 0xffff8800681690e0 @offset=4320 fp=0xffff88006816a880 [ 117.071656] [ 117.071656] Bytes b4 ffff8800681690d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 117.071656] Object ffff8800681690e0: 80 a8 16 68 00 88 ff ff ff ff ff ff 00 00 00 00 ...h............ [ 117.071656] Object ffff8800681690f0: ff ff ff ff ff ff ff ff c0 f2 01 83 ff ff ff ff ................ [ 117.071656] Object ffff880068169100: 60 91 87 82 ff ff ff ff 00 00 00 00 00 00 00 00 `............... [ 117.071656] Object ffff880068169110: 05 0a c4 81 ff ff ff ff 06 00 00 00 1c 00 1b 00 ................ [ 117.071656] Object ffff880068169120: 74 d6 0d 81 ff ff ff ff 28 91 16 68 00 88 ff ff t.......(..h.... [ 117.071656] Object ffff880068169130: 28 91 16 68 00 88 ff ff 00 00 00 00 00 00 00 00 (..h............ [ 117.071656] Object ffff880068169140: 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 ........`....... [ 117.071656] Object ffff880068169150: 00 00 00 00 40 00 38 00 07 00 40 00 18 00 17 00 ....@.8...@..... [ 117.071656] CPU: 1 PID: 3942 Comm: insmod Tainted: G B 4.1.0-rc8+ #3 [ 117.071656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 117.071656] 0000000000000001 ffff880061c77a28 ffffffff819af359 00000000000001b0 [ 117.071656] ffff88006ac07800 ffff880061c77a58 ffffffff8121280d ffff88006ac07800 [ 117.071656] ffffea0001a05a00 ffff8800681690e0 ffffffffa0008765 ffff880061c77a88 [ 117.071656] Call Trace: [ 117.071656] [] dump_stack+0x4f/0x7b [ 117.071656] [] print_trailer+0xfd/0x160 [ 117.071656] [] ? kmem_cache_oob+0xbc/0xbc [test_kasan] [ 117.071656] [] object_err+0x41/0x50 [ 117.071656] [] kasan_report_error+0x1e8/0x410 [ 117.071656] [] ? kmem_cache_oob+0xbc/0xbc [test_kasan] [ 117.071656] [] kasan_report+0x40/0x50 [ 117.071656] [] ? kmalloc_oob_right+0x65/0x75 [test_kasan] [ 117.071656] [] __asan_store1+0x54/0x80 [ 117.071656] [] ? kmem_cache_oob+0xbc/0xbc [test_kasan] [ 117.071656] [] kmalloc_oob_right+0x65/0x75 [test_kasan] [ 117.071656] [] kmalloc_tests_init+0x9/0x51 [test_kasan] [ 117.071656] [] do_one_initcall+0xb1/0x220 [ 117.071656] [] ? kasan_kmalloc+0x49/0x50 [ 117.071656] [] ? kmem_cache_alloc_trace+0x106/0x330 [ 117.071656] [] ? do_init_module+0x3b/0x2f8 [ 117.071656] [] do_init_module+0xf7/0x2f8 [ 117.071656] [] load_module+0x2fe7/0x3e00 [ 117.071656] [] ? store_uevent+0x50/0x50 [ 117.071656] [] SyS_init_module+0x10d/0x120 [ 117.071656] [] system_call_fastpath+0x16/0x73 [ 117.071656] Memory state around the buggy address: [ 117.071656] ffff880068169000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 117.071656] ffff880068169080: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 [ 117.071656] >ffff880068169100: 00 00 00 00 00 00 00 00 00 00 00 03 fc fc fc fc [ 117.071656] ^ [ 117.071656] ffff880068169180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 117.071656] ffff880068169200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 117.071656] ================================================================== ... -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply. -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in Please read the FAQ at http://www.tux.org/lkml/