Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp193841ybe; Tue, 3 Sep 2019 20:42:21 -0700 (PDT) X-Google-Smtp-Source: APXvYqxU8gZQ6TtVyBEXZBSQ2uGYYgwgzP0WD3F1qsQDIFveHIHsrYwM6Ijj2dMU2VvS9sls1PuH X-Received: by 2002:a17:902:748c:: with SMTP id h12mr10107991pll.58.1567568541143; Tue, 03 Sep 2019 20:42:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567568541; cv=none; d=google.com; s=arc-20160816; b=hy3LjydQ2p0lXu0uWUZD9EjgPwiDjrfF7JTEu6plT/yLQfgxS3c9bVGXJBWN8Ihv63 4KGEEHIjN/xYOS/pwv9Lo5zQX+eU3qCW6GZugsLTzfoEL6F+Zf3aWs/isNEW3O7Q6AjD V9X9YQDNPvGSkzL8y+4z98dmKMlc5lKk1bPpka3/zcUIlsjGdAcLTMayGoxnyEYiQSrm iv9QGNymRhmfrukF8jZiNJBpdNAP1PQxjMiZ+bYNiucR5FfjPw1o/HEjH39XwB/fT98J 0Uc4i391ANz25PjbRAttf/+tbIC7ztjhAOQUiywgoch85LeBxjmgd46uagTkiYAPfj2z hVBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :references:in-reply-to:date:cc:to:from:subject:message-id; bh=dqxakFlc9/alj64lMc1Aa3qAzgA2Ue+Np9eIjjCYt1A=; b=xYOtUob2Ys3E7/h4+in0qXOxsoSTa/CBk4PJAGkWHFf3xvpAk2I1xM382ivp4ro9mg SzIAT4rP8yTPnDzOn+zz8TK+98cntEbussJHAoMN7cIEMi/k3YRrdhuz2JLNA87gm3N6 zlZWi3LKXkgS6GvfGsJlBD7yU0QlvnUH6grJtOBx2CS7iavynCUaT9u1Ub5HPrupWYih GmoWpOdJjwSZwDja+FkrNCuz37B+2V9u5hLaBigiOBiPd4pCsA69/2rgkGEOKhVF9zJ2 FafivcACdA3YmEV1MiHS391dp/OJH6Jtc7d0MduWa0iHA/AWqHdUtLLqx+sJ8bSuN6B3 sS0A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y8si17078068pgr.89.2019.09.03.20.42.05; Tue, 03 Sep 2019 20:42:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728067AbfIDDlO (ORCPT + 99 others); Tue, 3 Sep 2019 23:41:14 -0400 Received: from mailgw01.mediatek.com ([210.61.82.183]:12532 "EHLO mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727692AbfIDDlO (ORCPT ); Tue, 3 Sep 2019 23:41:14 -0400 X-UUID: 307026c154a34123ae996d4f0cac5f5a-20190904 X-UUID: 307026c154a34123ae996d4f0cac5f5a-20190904 Received: from mtkmrs01.mediatek.inc [(172.21.131.159)] by mailgw01.mediatek.com (envelope-from ) (Cellopoint E-mail Firewall v4.1.10 Build 0809 with TLS) with ESMTP id 1655979396; Wed, 04 Sep 2019 11:41:07 +0800 Received: from mtkcas08.mediatek.inc (172.21.101.126) by mtkmbs08n1.mediatek.inc (172.21.101.55) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 4 Sep 2019 11:41:06 +0800 Received: from [172.21.84.99] (172.21.84.99) by mtkcas08.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1395.4 via Frontend Transport; Wed, 4 Sep 2019 11:41:06 +0800 Message-ID: <1567568466.9011.34.camel@mtksdccf07> Subject: Re: [PATCH v5] kasan: add memory corruption identification for software tag-based mode From: Walter Wu To: Andrey Konovalov CC: Andrey Ryabinin , Andrew Morton , Dmitry Vyukov , "Alexander Potapenko" , kasan-dev , Linux Memory Management List , LKML Date: Wed, 4 Sep 2019 11:41:06 +0800 In-Reply-To: References: <20190821180332.11450-1-aryabinin@virtuozzo.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.2.3-0ubuntu6 Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-MTK: N Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > const char *get_bug_type(struct kasan_access_info *info) > > { > > +#ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY > > + struct kasan_alloc_meta *alloc_meta; > > + struct kmem_cache *cache; > > + struct page *page; > > + const void *addr; > > + void *object; > > + u8 tag; > > + int i; > > + > > + tag = get_tag(info->access_addr); > > + addr = reset_tag(info->access_addr); > > + page = kasan_addr_to_page(addr); > > + if (page && PageSlab(page)) { > > + cache = page->slab_cache; > > + object = nearest_obj(cache, page, (void *)addr); > > + alloc_meta = get_alloc_info(cache, object); > > + > > + for (i = 0; i < KASAN_NR_FREE_STACKS; i++) > > + if (alloc_meta->free_pointer_tag[i] == tag) > > + return "use-after-free"; > > + return "out-of-bounds"; > > I think we should keep the "invalid-access" bug type here if we failed > to identify the bug as a "use-after-free" (and change the patch > description accordingly). > > Other than that: > > Acked-by: Andrey Konovalov > Thanks your suggestion. If slab records is not found, it may be use-after-free or out-of-bounds. Maybe We can think how to avoid the situation(check object range or other?), if possible, I will send patch or adopt your suggestion modification. regards, Walter