Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp85420ybl;
        Fri, 9 Aug 2019 02:56:43 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxGoUWHGSigvvOu+tAdCMU/p8fN9edDeRX+1q/+F5pHhBqz68TiNOPhyJqRZJjjeqEKbakt
X-Received: by 2002:a65:690f:: with SMTP id s15mr16285938pgq.432.1565344603014;
        Fri, 09 Aug 2019 02:56:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565344603; cv=none;
        d=google.com; s=arc-20160816;
        b=KpKH4ghZGm46ApTRtHCrLLR2sr1wzeuyfNGcQk1qq1kwdrv/cLxJcDu6osY/LlHC8l
         56QfacriwzTOWQARpn3OP3ITkn+IxOhRP6YiVnYqs78+Izy2XzE4dLaY8Nh88bQSbmA7
         R+HOiGlRJOqoGRT4jkQIEfpYPrEq/6EsRTIqSa1VjpMup+PZBrkL8rLLx4nT5B0g8jyd
         hgRk69K5JSZ9we27IXwZT2dr/3jwBneLr705bq8h0kplvbflm3P/VoRWV4UAlWpT7B0y
         m5dDYAApvBIit+ViS6JLU/OHFxWW/geW8yPyCuRMdnUGXHN/X5X+7xR3vKRn7NoBNufy
         LAEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=GwruKyw7mHs3C54oT/QuJsxh7Ksfp9svOQkHJNfLpNk=;
        b=KBQ1VbCOKNdFeSpNEUWi0T2+Qrzx144p6CYAMSqJ6zIJWjXHvjJ2KhgiwldoaJ2V1B
         K874ZP4C/iySQP9ce7jAwiN7srckr3bhKumhdTftcm5IaJWtuSu0H2nZeOsY4rAefLtQ
         5lt663a4RrEP8MiaLKag0mV5fyMviLa0tNF4hQbi9NL7We0dtD9fYUkDVbqZry6cYzP6
         TvCIccvl3kbI0BXpDGnkdtPryZm/E02Ra5jxYHT3oIfkae3heit90u/1plsi7vRfgPRC
         ONw5RWb931V8xg2IGafrHdatjDj2YUrDFT06zmkdZYJjYA8X0ige6tTJuhseZ/cmIPSw
         b3/Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z186si53953579pgd.162.2019.08.09.02.56.27;
        Fri, 09 Aug 2019 02:56:43 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2406209AbfHIJyk (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Fri, 9 Aug 2019 05:54:40 -0400
Received: from foss.arm.com ([217.140.110.172]:44740 "EHLO foss.arm.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726152AbfHIJyk (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Aug 2019 05:54:40 -0400
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4CFA015A2;
        Fri,  9 Aug 2019 02:54:39 -0700 (PDT)
Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0F7113F575;
        Fri,  9 Aug 2019 02:54:37 -0700 (PDT)
Date:   Fri, 9 Aug 2019 10:54:35 +0100
From:   Mark Rutland <mark.rutland@arm.com>
To:     Daniel Axtens <dja@axtens.net>
Cc:     kasan-dev@googlegroups.com, linux-mm@kvack.org, x86@kernel.org,
        aryabinin@virtuozzo.com, glider@google.com, luto@kernel.org,
        linux-kernel@vger.kernel.org, dvyukov@google.com
Subject: Re: [PATCH v3 1/3] kasan: support backing vmalloc space with real
 shadow memory
Message-ID: <20190809095435.GD48423@lakrids.cambridge.arm.com>
References: <20190731071550.31814-1-dja@axtens.net>
 <20190731071550.31814-2-dja@axtens.net>
 <20190808135037.GA47131@lakrids.cambridge.arm.com>
 <20190808174325.GD47131@lakrids.cambridge.arm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190808174325.GD47131@lakrids.cambridge.arm.com>
User-Agent: Mutt/1.11.1+11 (2f07cb52) (2018-12-01)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Aug 08, 2019 at 06:43:25PM +0100, Mark Rutland wrote:
> On Thu, Aug 08, 2019 at 02:50:37PM +0100, Mark Rutland wrote:
> > Hi Daniel,
> > 
> > This is looking really good!
> > 
> > I spotted a few more things we need to deal with, so I've suggested some
> > (not even compile-tested) code for that below. Mostly that's just error
> > handling, and using helpers to avoid things getting too verbose.
> 
> FWIW, I had a quick go at that, and I've pushed the (corrected) results
> to my git repo, along with an initial stab at arm64 support (which is
> currently broken):
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/log/?h=kasan/vmalloc

I've fixed my arm64 patch now, and that appears to work in basic tests
(example below), so I'll throw my arm64 Syzkaller instance at that today
to shake out anything major that we've missed or that I've botched.

I'm very excited to see this!

Are you happy to pick up my modified patch 1 for v4?

Thanks,
Mark.

# echo STACK_GUARD_PAGE_LEADING > DIRECT 
[  107.453162] lkdtm: Performing direct entry STACK_GUARD_PAGE_LEADING
[  107.454672] lkdtm: attempting bad read from page below current stack
[  107.456672] ==================================================================
[  107.457929] BUG: KASAN: vmalloc-out-of-bounds in lkdtm_STACK_GUARD_PAGE_LEADING+0x88/0xb4
[  107.459398] Read of size 1 at addr ffff20001515ffff by task sh/214
[  107.460864] 
[  107.461271] CPU: 0 PID: 214 Comm: sh Not tainted 5.3.0-rc3-00004-g84f902ca9396-dirty #7
[  107.463101] Hardware name: linux,dummy-virt (DT)
[  107.464407] Call trace:
[  107.464951]  dump_backtrace+0x0/0x1e8
[  107.465781]  show_stack+0x14/0x20
[  107.466824]  dump_stack+0xbc/0xf4
[  107.467780]  print_address_description+0x60/0x33c
[  107.469221]  __kasan_report+0x140/0x1a0
[  107.470388]  kasan_report+0xc/0x18
[  107.471439]  __asan_load1+0x4c/0x58
[  107.472428]  lkdtm_STACK_GUARD_PAGE_LEADING+0x88/0xb4
[  107.473908]  lkdtm_do_action+0x40/0x50
[  107.475255]  direct_entry+0x128/0x1b0
[  107.476348]  full_proxy_write+0x90/0xc8
[  107.477595]  __vfs_write+0x54/0xa8
[  107.478780]  vfs_write+0xd0/0x230
[  107.479762]  ksys_write+0xc4/0x170
[  107.480738]  __arm64_sys_write+0x40/0x50
[  107.481888]  el0_svc_common.constprop.0+0xc0/0x1c0
[  107.483240]  el0_svc_handler+0x34/0x88
[  107.484211]  el0_svc+0x8/0xc
[  107.484996] 
[  107.485429] 
[  107.485895] Memory state around the buggy address:
[  107.487107]  ffff20001515fe80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  107.489162]  ffff20001515ff00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  107.491157] >ffff20001515ff80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[  107.493193]                                                                 ^
[  107.494973]  ffff200015160000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.497103]  ffff200015160080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  107.498795] ==================================================================
[  107.500495] Disabling lock debugging due to kernel taint
[  107.503212] Unable to handle kernel paging request at virtual address ffff20001515ffff
[  107.505177] Mem abort info:
[  107.505797]   ESR = 0x96000007
[  107.506554]   Exception class = DABT (current EL), IL = 32 bits
[  107.508031]   SET = 0, FnV = 0
[  107.508547]   EA = 0, S1PTW = 0
[  107.509125] Data abort info:
[  107.509704]   ISV = 0, ISS = 0x00000007
[  107.510388]   CM = 0, WnR = 0
[  107.511089] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041c65000
[  107.513221] [ffff20001515ffff] pgd=00000000bdfff003, pud=00000000bdffe003, pmd=00000000aa31e003, pte=0000000000000000
[  107.515915] Internal error: Oops: 96000007 [#1] PREEMPT SMP
[  107.517295] Modules linked in:
[  107.518074] CPU: 0 PID: 214 Comm: sh Tainted: G    B             5.3.0-rc3-00004-g84f902ca9396-dirty #7
[  107.520755] Hardware name: linux,dummy-virt (DT)
[  107.522208] pstate: 60400005 (nZCv daif +PAN -UAO)
[  107.523670] pc : lkdtm_STACK_GUARD_PAGE_LEADING+0x88/0xb4
[  107.525176] lr : lkdtm_STACK_GUARD_PAGE_LEADING+0x88/0xb4
[  107.526809] sp : ffff200015167b90
[  107.527856] x29: ffff200015167b90 x28: ffff800002294740 
[  107.529728] x27: 0000000000000000 x26: 0000000000000000 
[  107.531523] x25: ffff200015167df0 x24: ffff2000116e8400 
[  107.533234] x23: ffff200015160000 x22: dfff200000000000 
[  107.534694] x21: ffff040002a2cf7a x20: ffff2000116e9ee0 
[  107.536238] x19: 1fffe40002a2cf7a x18: 0000000000000000 
[  107.537699] x17: 0000000000000000 x16: 0000000000000000 
[  107.539288] x15: 0000000000000000 x14: 0000000000000000 
[  107.540584] x13: 0000000000000000 x12: ffff10000d672bb9 
[  107.541920] x11: 1ffff0000d672bb8 x10: ffff10000d672bb8 
[  107.543438] x9 : 1ffff0000d672bb8 x8 : dfff200000000000 
[  107.545008] x7 : ffff10000d672bb9 x6 : ffff80006b395dc0 
[  107.546570] x5 : 0000000000000001 x4 : dfff200000000000 
[  107.547936] x3 : ffff20001113274c x2 : 0000000000000007 
[  107.549121] x1 : eb957a6c7b3ab400 x0 : 0000000000000000 
[  107.550220] Call trace:
[  107.551017]  lkdtm_STACK_GUARD_PAGE_LEADING+0x88/0xb4
[  107.552288]  lkdtm_do_action+0x40/0x50
[  107.553302]  direct_entry+0x128/0x1b0
[  107.554290]  full_proxy_write+0x90/0xc8
[  107.555332]  __vfs_write+0x54/0xa8
[  107.556278]  vfs_write+0xd0/0x230
[  107.557000]  ksys_write+0xc4/0x170
[  107.557834]  __arm64_sys_write+0x40/0x50
[  107.558980]  el0_svc_common.constprop.0+0xc0/0x1c0
[  107.560111]  el0_svc_handler+0x34/0x88
[  107.560936]  el0_svc+0x8/0xc
[  107.561580] Code: 91140280 97ded9e3 d10006e0 97e4672e (385ff2e1) 
[  107.563208] ---[ end trace 9e69aa587e1dc0cc ]---