Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp741647ybd; Wed, 26 Jun 2019 05:23:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqyEYYlrwpkrN5+aKuemzfiFzA7h480o+9zyJhPOh8wbjxSm+jCWmmQuomR65zBakAIENYES X-Received: by 2002:a17:902:b94a:: with SMTP id h10mr5251640pls.125.1561551837854; Wed, 26 Jun 2019 05:23:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561551837; cv=none; d=google.com; s=arc-20160816; b=zBnPU810oEioCDw+6IPqc4Xmb33swVEE8VjYOyfzb9uwyQomIra/pUGTKsd2VIpIAN 5fFUE3eIxAdBwTDvHwAmz32w64WqHxyYh1HBttAUKv9HU6CKoiWXpqjxEt1/XTv9aEN/ P2bU/P0zy8pNTb5Zl0Wa7ivxoMg8ZPTrYtUMCuFZZgFDKBUWPTvEWVoklxo6kU8duKXz N1oS6ezVfIceU5N/e+LIiPUS3m3vahXXwnJyKh4goJ5zwCTSOrYIPFCHnToWDkebNOEA 1RiOIs4+d42OZjpB/DeHpsPdCAx27EBh1tkynVsp+mrwaUmi5CXaeOXk0yxXUYbGiFJG nk3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=aEBIaaWYace9y+Mt2DPGrWS6yavzA5TNBst3S/YiRr8=; b=ePCpOywTTh+H3M2qE1HCJYWATPhfmAcoZc4Udu43L+tkjTTXjyqm539cNtejDN06Nd kdgT9vmwlUu59hHpwL5+FFBEA05erjsvjoSREMZestb8JZ3AfcN0X9S9uKrbZTHG57Yu dh1lcxlsyG+Fd/fLuHIjVpUXumEBaNreaXudZW+INQfAApt3E4OWJZN2h+uGFoK5xitZ WViYI8uzgHxxVtmMFOYwPWdaTSJ3+1dCoOLH5BRj/ZEQQKPNc1lBHJTMk6rrfI40fI5h bA13S+O/vquhMzg+lDTAp7VCixqPis3P+pUCpvrmVjmGJzPLIlymx5Cnxmm99GU2pevB QrTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dr+4yvWO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m11si1997961pjr.100.2019.06.26.05.23.40; Wed, 26 Jun 2019 05:23:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dr+4yvWO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727432AbfFZMXN (ORCPT + 99 others); Wed, 26 Jun 2019 08:23:13 -0400 Received: from mail-qt1-f202.google.com ([209.85.160.202]:43284 "EHLO mail-qt1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726104AbfFZMXN (ORCPT ); Wed, 26 Jun 2019 08:23:13 -0400 Received: by mail-qt1-f202.google.com with SMTP id z16so2619384qto.10 for ; Wed, 26 Jun 2019 05:23:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=aEBIaaWYace9y+Mt2DPGrWS6yavzA5TNBst3S/YiRr8=; b=dr+4yvWO8HKtBnImTSl+5RFoaisRmPyXQjXtuLieYwMP39/noqW8cVheUwz6irESV0 3TfgWgfZhjmOr/wFcdgoRLZSv92Fyr0xK3mm5fwriKMI8R1088jct+j7hVvdqWc87MU9 Nr67s0LKq5dzkWLUc5ztAJ9wpuvDlDTp8IACsm8hvZvF4NCxIYuxZFEg6atsfKWVNrTU E1B8cGpMonffJtkYxB7FLkqEi0gSbZTKuamnOvlLOp20etfu/XVDck85GJBgOFfSpzw7 L/i/NguP+nb/lETpV0WxTBasvmPBJfBB0lM2qo11MyoBTaWBZsjLOw5AQ0ek/E9lI2qG YCAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=aEBIaaWYace9y+Mt2DPGrWS6yavzA5TNBst3S/YiRr8=; b=TcIqrAjCW9W4EET7xkDYLqOJS7V/rc9ob88d1LJ82ktOuC7K+HB62w4MnQlBC4fXXT c38QyixvvFOxd4F1YBhfl1virLdns7dnLfGhct10lUybPhZ3Mc9ts5CjZvjC2XvwQjg0 ErUlc39agwqNaelg7yLXHtdg/TdE9Wwfk9lH5wjfiWn6sGX+FOMfSmbsWqj2EDyLE08d SM6T+gj+iJqrZLtr8j/p6N7dph7HxqbOBbAsGRUoUJjipa1BTSo9WJYz3Jk1w0YFc6lB gIs1n0QhWHtWSBBNu4W+Y2IjAh/+Pna1W9jPrEHjcgmAM6xe+rBnB6RohAX2X9fYhYHv y1FA== X-Gm-Message-State: APjAAAWni9hfBvyfku9mPBU11pAcbrHwT0F4XrFe8046aw0WKTMtOUVJ 5CnUtWTMkKgnngSwkWH+/8YbYlE2nQ== X-Received: by 2002:ac8:25d9:: with SMTP id f25mr3394375qtf.256.1561551791675; Wed, 26 Jun 2019 05:23:11 -0700 (PDT) Date: Wed, 26 Jun 2019 14:20:16 +0200 In-Reply-To: <20190626122018.171606-1-elver@google.com> Message-Id: <20190626122018.171606-2-elver@google.com> Mime-Version: 1.0 References: <20190626122018.171606-1-elver@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v2 1/4] mm/kasan: Introduce __kasan_check_{read,write} From: Marco Elver To: aryabinin@virtuozzo.com, dvyukov@google.com, glider@google.com, andreyknvl@google.com Cc: linux-kernel@vger.kernel.org, Marco Elver , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This introduces __kasan_check_{read,write} which return a bool if the access was valid or not. __kasan_check functions may be used from anywhere, even compilation units that disable instrumentation selectively. For consistency, kasan_check_{read,write} have been changed to also return a bool. This change eliminates the need for the __KASAN_INTERNAL definition. Signed-off-by: Marco Elver Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Andrew Morton Cc: kasan-dev@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org --- include/linux/kasan-checks.h | 35 ++++++++++++++++++++++++++++------- mm/kasan/common.c | 14 ++++++-------- mm/kasan/generic.c | 13 +++++++------ mm/kasan/kasan.h | 10 +++++++++- mm/kasan/tags.c | 12 +++++++----- 5 files changed, 57 insertions(+), 27 deletions(-) diff --git a/include/linux/kasan-checks.h b/include/linux/kasan-checks.h index a61dc075e2ce..b8cf8a7cad34 100644 --- a/include/linux/kasan-checks.h +++ b/include/linux/kasan-checks.h @@ -2,14 +2,35 @@ #ifndef _LINUX_KASAN_CHECKS_H #define _LINUX_KASAN_CHECKS_H -#if defined(__SANITIZE_ADDRESS__) || defined(__KASAN_INTERNAL) -void kasan_check_read(const volatile void *p, unsigned int size); -void kasan_check_write(const volatile void *p, unsigned int size); +/* + * __kasan_check_*: Always available when KASAN is enabled. This may be used + * even in compilation units that selectively disable KASAN, but must use KASAN + * to validate access to an address. Never use these in header files! + */ +#ifdef CONFIG_KASAN +bool __kasan_check_read(const volatile void *p, unsigned int size); +bool __kasan_check_write(const volatile void *p, unsigned int size); #else -static inline void kasan_check_read(const volatile void *p, unsigned int size) -{ } -static inline void kasan_check_write(const volatile void *p, unsigned int size) -{ } +static inline bool __kasan_check_read(const volatile void *p, unsigned int size) +{ return true; } +static inline bool __kasan_check_write(const volatile void *p, unsigned int size) +{ return true; } +#endif + +/* + * kasan_check_*: Only available when the particular compilation unit has KASAN + * instrumentation enabled. May be used in header files. + */ +#ifdef __SANITIZE_ADDRESS__ +static inline bool kasan_check_read(const volatile void *p, unsigned int size) +{ return __kasan_check_read(p, size); } +static inline bool kasan_check_write(const volatile void *p, unsigned int size) +{ return __kasan_check_read(p, size); } +#else +static inline bool kasan_check_read(const volatile void *p, unsigned int size) +{ return true; } +static inline bool kasan_check_write(const volatile void *p, unsigned int size) +{ return true; } #endif #endif diff --git a/mm/kasan/common.c b/mm/kasan/common.c index 242fdc01aaa9..2277b82902d8 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -14,8 +14,6 @@ * */ -#define __KASAN_INTERNAL - #include #include #include @@ -89,17 +87,17 @@ void kasan_disable_current(void) current->kasan_depth--; } -void kasan_check_read(const volatile void *p, unsigned int size) +bool __kasan_check_read(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, false, _RET_IP_); + return check_memory_region((unsigned long)p, size, false, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_read); +EXPORT_SYMBOL(__kasan_check_read); -void kasan_check_write(const volatile void *p, unsigned int size) +bool __kasan_check_write(const volatile void *p, unsigned int size) { - check_memory_region((unsigned long)p, size, true, _RET_IP_); + return check_memory_region((unsigned long)p, size, true, _RET_IP_); } -EXPORT_SYMBOL(kasan_check_write); +EXPORT_SYMBOL(__kasan_check_write); #undef memset void *memset(void *addr, int c, size_t len) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 504c79363a34..616f9dd82d12 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -166,29 +166,30 @@ static __always_inline bool memory_is_poisoned(unsigned long addr, size_t size) return memory_is_poisoned_n(addr, size); } -static __always_inline void check_memory_region_inline(unsigned long addr, +static __always_inline bool check_memory_region_inline(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { if (unlikely(size == 0)) - return; + return true; if (unlikely((void *)addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } if (likely(!memory_is_poisoned(addr, size))) - return; + return true; kasan_report(addr, size, write, ret_ip); + return false; } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { - check_memory_region_inline(addr, size, write, ret_ip); + return check_memory_region_inline(addr, size, write, ret_ip); } void kasan_cache_shrink(struct kmem_cache *cache) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 3ce956efa0cb..e62ea45d02e3 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -123,7 +123,15 @@ static inline bool addr_has_shadow(const void *addr) void kasan_poison_shadow(const void *address, size_t size, u8 value); -void check_memory_region(unsigned long addr, size_t size, bool write, +/** + * check_memory_region - Check memory region, and report if invalid access. + * @addr: the accessed address + * @size: the accessed size + * @write: true if access is a write access + * @ret_ip: return address + * @return: true if access was valid, false if invalid + */ +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip); void *find_first_bad_addr(void *addr, size_t size); diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c index 63fca3172659..0e987c9ca052 100644 --- a/mm/kasan/tags.c +++ b/mm/kasan/tags.c @@ -76,7 +76,7 @@ void *kasan_reset_tag(const void *addr) return reset_tag(addr); } -void check_memory_region(unsigned long addr, size_t size, bool write, +bool check_memory_region(unsigned long addr, size_t size, bool write, unsigned long ret_ip) { u8 tag; @@ -84,7 +84,7 @@ void check_memory_region(unsigned long addr, size_t size, bool write, void *untagged_addr; if (unlikely(size == 0)) - return; + return true; tag = get_tag((const void *)addr); @@ -106,22 +106,24 @@ void check_memory_region(unsigned long addr, size_t size, bool write, * set to KASAN_TAG_KERNEL (0xFF)). */ if (tag == KASAN_TAG_KERNEL) - return; + return true; untagged_addr = reset_tag((const void *)addr); if (unlikely(untagged_addr < kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) { kasan_report(addr, size, write, ret_ip); - return; + return false; } shadow_first = kasan_mem_to_shadow(untagged_addr); shadow_last = kasan_mem_to_shadow(untagged_addr + size - 1); for (shadow = shadow_first; shadow <= shadow_last; shadow++) { if (*shadow != tag) { kasan_report(addr, size, write, ret_ip); - return; + return false; } } + + return true; } #define DEFINE_HWASAN_LOAD_STORE(size) \ -- 2.22.0.410.gd8fdbe21b5-goog