Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp5629599ybi; Wed, 31 Jul 2019 00:39:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqxvhP+kjOLq9SNC54vOtkDnROzoBQVoOrSxmSAUk1HS2CpuMxrmDSMBo3YiF7HfjJqXnkg3 X-Received: by 2002:a63:3dcd:: with SMTP id k196mr64578603pga.283.1564558786680; Wed, 31 Jul 2019 00:39:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564558786; cv=none; d=google.com; s=arc-20160816; b=ggiBEuANY+U4PUfIzkVuRG5V9VNqC/HdmCjtLxGxOt8qWyAa1tJg3sNvaPy3+YOkGy 3z4ppXRkGjx8EdL+Iq/0v9Hjw1K/BVOxzSJ45Dnqqwg/u3vPwgAm3KtCBB7Zmdm+/HWk 5e5kf04DixblWwfeb+8LESAtU3blvnrY89l/p1rTp59WYropyZBqrkVnxuvJFJobYg2g 3eLff3L9Rw/GSBaFmX8jwLwpLvDttkKLoczbdVnENdyzX9RHbQT1Qs2sMB2VyE6ArlPE OeH7Q5ozPFBfCC9Q9Ijvdp3Z4ID4TQ8Bc7+J1/JnDzzO/xh/buJqx0hIRjYCwUiDKjp1 PDXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=pBb3SjcJAJvGT3ZKVh7XtBW59bi/thuEuHRFZNsNtKI=; b=y+udDIMRTBEuR+r6m5QSsnCIzn4BjzegGOhdncdAp5wUOtT/+NqW5ISLXjLl++WsGW GTAlHrIIreUOyevfY9pSL/mQePjq1ERRw/KanmAu7X+Lqi4N8Q83gzZLzjML94XQSrER xpnSaGnLXGHkM7wKt/zzm832n7BiUsM09o85+r6T3BlXL4dH3IoEM00JYzo9Xdb1gLCw V9iDP2OqjEyLT+D7a8CXiHP2bINVevLhtHm2MMQ78SZ0LCcUCnEMUccP/RiECV5MuxfU 93RJfSBbKaVIwR7BzEvSUzUfss+yUup87WFF2hVtC/UE0SUhkHkTfehbHy26y7tKsx+W WXBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@axtens.net header.s=google header.b=AHPx62HM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p3si866797pjr.18.2019.07.31.00.39.32; Wed, 31 Jul 2019 00:39:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@axtens.net header.s=google header.b=AHPx62HM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727915AbfGaHP4 (ORCPT + 99 others); Wed, 31 Jul 2019 03:15:56 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:44927 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725913AbfGaHP4 (ORCPT ); Wed, 31 Jul 2019 03:15:56 -0400 Received: by mail-pf1-f196.google.com with SMTP id t16so31300998pfe.11 for ; Wed, 31 Jul 2019 00:15:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=pBb3SjcJAJvGT3ZKVh7XtBW59bi/thuEuHRFZNsNtKI=; b=AHPx62HMhQa8hHRMGLqgFiw+CumV6LiEgGPvYRqjcrvfGuwSMk4T9h6ZBLhXoSWrCI K8hKp875yeBKlerrIoeiIERsQFuw95uNk88vGcgWCgVb/quRyN0yqEth5OX9ZrewsaRf QpRSPaGOI1njJ5BGhn1bmjkrIUghufDipHuDQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=pBb3SjcJAJvGT3ZKVh7XtBW59bi/thuEuHRFZNsNtKI=; b=N5v38SQCCNuk2GRq19qTNLKgPC0y1Yy0YO8NqoWRGLHJAKfywpRqaiDQTkDX8QFW33 lnM7jfPDE4J0bWh/TmbqCNC2rOfFN6S77lIKBwvI9n6gjuu7NmDW0qZLhuFPcwC8PyRY aWvhUusdXwwR7P8kxdxnapwI7k80u56+aFRFeH2Tm3IMVKwuCvyuO3lSPDV9HAfkCNW9 TA2biflzfF0GQhgmVJWJmFuHdio3WBQ6m1o+qgAWi8cEmtzy2i4SUdbXZ5oGKUR3HQgl m8K8///DAqvFoxlYyjkEMrEVz1GmNqsDI8sFIDuLx+rrAvD4QWkXsjp9zDzAt9/bjQ7j ANjg== X-Gm-Message-State: APjAAAXAa3H+JcTzef9X1Ll7AKr8fFOIC92HTCM7MZ94HEApdLcgUtpU 7+9QAbNdnM9QMpgHsqOOffWynmpI X-Received: by 2002:a17:90a:29c5:: with SMTP id h63mr1357413pjd.83.1564557355793; Wed, 31 Jul 2019 00:15:55 -0700 (PDT) Received: from localhost (ppp167-251-205.static.internode.on.net. [59.167.251.205]) by smtp.gmail.com with ESMTPSA id x13sm71508648pfn.6.2019.07.31.00.15.54 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 31 Jul 2019 00:15:55 -0700 (PDT) From: Daniel Axtens To: kasan-dev@googlegroups.com, linux-mm@kvack.org, x86@kernel.org, aryabinin@virtuozzo.com, glider@google.com, luto@kernel.org, linux-kernel@vger.kernel.org, mark.rutland@arm.com, dvyukov@google.com Cc: Daniel Axtens Subject: [PATCH v3 0/3] kasan: support backing vmalloc space with real shadow memory Date: Wed, 31 Jul 2019 17:15:47 +1000 Message-Id: <20190731071550.31814-1-dja@axtens.net> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, vmalloc space is backed by the early shadow page. This means that kasan is incompatible with VMAP_STACK, and it also provides a hurdle for architectures that do not have a dedicated module space (like powerpc64). This series provides a mechanism to back vmalloc space with real, dynamically allocated memory. I have only wired up x86, because that's the only currently supported arch I can work with easily, but it's very easy to wire up other architectures. This has been discussed before in the context of VMAP_STACK: - https://bugzilla.kernel.org/show_bug.cgi?id=202009 - https://lkml.org/lkml/2018/7/22/198 - https://lkml.org/lkml/2019/7/19/822 In terms of implementation details: Most mappings in vmalloc space are small, requiring less than a full page of shadow space. Allocating a full shadow page per mapping would therefore be wasteful. Furthermore, to ensure that different mappings use different shadow pages, mappings would have to be aligned to KASAN_SHADOW_SCALE_SIZE * PAGE_SIZE. Instead, share backing space across multiple mappings. Allocate a backing page the first time a mapping in vmalloc space uses a particular page of the shadow region. Keep this page around regardless of whether the mapping is later freed - in the mean time the page could have become shared by another vmalloc mapping. This can in theory lead to unbounded memory growth, but the vmalloc allocator is pretty good at reusing addresses, so the practical memory usage appears to grow at first but then stay fairly stable. If we run into practical memory exhaustion issues, I'm happy to consider hooking into the book-keeping that vmap does, but I am not convinced that it will be an issue. v1: https://lore.kernel.org/linux-mm/20190725055503.19507-1-dja@axtens.net/ v2: https://lore.kernel.org/linux-mm/20190729142108.23343-1-dja@axtens.net/ Address review comments: - Patch 1: use kasan_unpoison_shadow's built-in handling of ranges that do not align to a full shadow byte - Patch 3: prepopulate pgds rather than faulting things in v3: Address comments from Mark Rutland: - kasan_populate_vmalloc is a better name - handle concurrency correctly - various nits and cleanups - relax module alignment in KASAN_VMALLOC case Daniel Axtens (3): kasan: support backing vmalloc space with real shadow memory fork: support VMAP_STACK with KASAN_VMALLOC x86/kasan: support KASAN_VMALLOC Documentation/dev-tools/kasan.rst | 60 ++++++++++++++++++++++ arch/Kconfig | 9 ++-- arch/x86/Kconfig | 1 + arch/x86/mm/kasan_init_64.c | 61 +++++++++++++++++++++++ include/linux/kasan.h | 16 ++++++ include/linux/moduleloader.h | 2 +- kernel/fork.c | 4 ++ lib/Kconfig.kasan | 16 ++++++ lib/test_kasan.c | 26 ++++++++++ mm/kasan/common.c | 83 +++++++++++++++++++++++++++++++ mm/kasan/generic_report.c | 3 ++ mm/kasan/kasan.h | 1 + mm/vmalloc.c | 15 +++++- 13 files changed, 291 insertions(+), 6 deletions(-) -- 2.20.1