Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5641259ybe; Tue, 10 Sep 2019 06:50:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqx49MLAtxC8f7Ll9GQPpyT/RX6XZHRNoob1ZuhHrrLCRphwa6HMzviuHH3IwRbOlLaP2X57 X-Received: by 2002:aa7:dc59:: with SMTP id g25mr31055391edu.183.1568123446320; Tue, 10 Sep 2019 06:50:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568123446; cv=none; d=google.com; s=arc-20160816; b=NaKKAQ2ymCFPzAgdL6aUUhzmPX/FfIJaRcYbFjAN16msk9ySSXCjws4+WddWjy5Cbh RVcAWwEVbuKtWJ6ZtiTo5oIxiWDubzTBo1utQbCvCWX6VL3gfhbXQUcHss4wcfzcipuQ 6gBuvXvegUt4ykot+MSlXLQQCCVWxDvPp49vSC0uwX+N3MOtofRV//TXP8dDiBmH8CpV yCKEcFjgQiJRozuntGfdxO0Krm54bhNksMWzB/28ce1qHPzUHU5oWETbF5hauuw9wr2c YWYSGp6onNXNFy/Mn35NeWTHkU73WF1A+5RwKNbLKBIYk7cwUeUiw1/A5rmDrk9yBNqN LKvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :references:in-reply-to:date:cc:to:from:subject:message-id; bh=f6TUAR15VJVpSesKQ3w1fx0laV2YC1XRmKoWW9cMSjE=; b=wGmR6ESEGDHoVxC8zROIi7Ff9kOGoRW+fGZH0l+H4EpBkRWoE15Eq9KXPOcZ7JFMM9 BKGSBz1reHa0DMFwvwqC7mj9ywKivkVz2mtAot8vgOS6HgKBnQJAfUfpLUDvfgz+3AeA macffNaVoaMnKd4ZBbtKwWcjAwIjxsvgVG3koXDsfg2ic9trROkm8qRc3HTToBcrAWgc VDa2YKS+91rk5LoRByJHtjaSgpo9DY0hMPcoKEBSxOq/b+uECAHr/h59yDm78kWc/MMv I/bdaj8VWK7F7S0OPSmmeZfpKA9skvMjSzv6rN4Ifs0LqkbL0vH2VH2B81WGrPSrHuyN 2sQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f3si9061522ejk.313.2019.09.10.06.50.21; Tue, 10 Sep 2019 06:50:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392398AbfIJMqX (ORCPT + 99 others); Tue, 10 Sep 2019 08:46:23 -0400 Received: from mailgw01.mediatek.com ([210.61.82.183]:57252 "EHLO mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726193AbfIJMqX (ORCPT ); Tue, 10 Sep 2019 08:46:23 -0400 X-UUID: 3abd29dae8c34e82833ece7ce660722c-20190910 X-UUID: 3abd29dae8c34e82833ece7ce660722c-20190910 Received: from mtkexhb02.mediatek.inc [(172.21.101.103)] by mailgw01.mediatek.com (envelope-from ) (Cellopoint E-mail Firewall v4.1.10 Build 0809 with TLS) with ESMTP id 723714861; Tue, 10 Sep 2019 20:46:17 +0800 Received: from mtkcas07.mediatek.inc (172.21.101.84) by mtkmbs07n2.mediatek.inc (172.21.101.141) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 10 Sep 2019 20:46:14 +0800 Received: from [172.21.84.99] (172.21.84.99) by mtkcas07.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1395.4 via Frontend Transport; Tue, 10 Sep 2019 20:46:14 +0800 Message-ID: <1568119575.24886.20.camel@mtksdccf07> Subject: Re: [PATCH v2 0/2] mm/kasan: dump alloc/free stack for page allocator From: Walter Wu To: Andrey Ryabinin CC: Vlastimil Babka , Alexander Potapenko , Dmitry Vyukov , Matthias Brugger , Andrew Morton , "Martin Schwidefsky" , Will Deacon , Andrey Konovalov , Arnd Bergmann , Thomas Gleixner , Michal Hocko , Qian Cai , , , , , , Date: Tue, 10 Sep 2019 20:46:15 +0800 In-Reply-To: References: <20190909082412.24356-1-walter-zh.wu@mediatek.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.2.3-0ubuntu6 Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-MTK: N Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2019-09-10 at 13:50 +0300, Andrey Ryabinin wrote: > > On 9/9/19 4:07 PM, Vlastimil Babka wrote: > > On 9/9/19 10:24 AM, walter-zh.wu@mediatek.com wrote: > >> From: Walter Wu > >> > >> This patch is KASAN report adds the alloc/free stacks for page allocator > >> in order to help programmer to see memory corruption caused by page. > >> > >> By default, KASAN doesn't record alloc and free stack for page allocator. > >> It is difficult to fix up page use-after-free or dobule-free issue. > >> > >> Our patchsets will record the last stack of pages. > >> It is very helpful for solving the page use-after-free or double-free. > >> > >> KASAN report will show the last stack of page, it may be: > >> a) If page is in-use state, then it prints alloc stack. > >> It is useful to fix up page out-of-bound issue. > > > > I still disagree with duplicating most of page_owner functionality for the sake of using a single stack handle for both alloc and free (while page_owner + debug_pagealloc with patches in mmotm uses two handles). It reduces the amount of potentially important debugging information, and I really doubt the u32-per-page savings are significant, given the rest of KASAN overhead. > > > >> BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0x88/0x90 > >> Write of size 1 at addr ffffffc0d64ea00a by task cat/115 > >> ... > >> Allocation stack of page: > >> set_page_stack.constprop.1+0x30/0xc8 > >> kasan_alloc_pages+0x18/0x38 > >> prep_new_page+0x5c/0x150 > >> get_page_from_freelist+0xb8c/0x17c8 > >> __alloc_pages_nodemask+0x1a0/0x11b0 > >> kmalloc_order+0x28/0x58 > >> kmalloc_order_trace+0x28/0xe0 > >> kmalloc_pagealloc_oob_right+0x2c/0x68 > >> > >> b) If page is freed state, then it prints free stack. > >> It is useful to fix up page use-after-free or double-free issue. > >> > >> BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0x70/0x80 > >> Write of size 1 at addr ffffffc0d651c000 by task cat/115 > >> ... > >> Free stack of page: > >> kasan_free_pages+0x68/0x70 > >> __free_pages_ok+0x3c0/0x1328 > >> __free_pages+0x50/0x78 > >> kfree+0x1c4/0x250 > >> kmalloc_pagealloc_uaf+0x38/0x80 > >> > >> This has been discussed, please refer below link. > >> https://bugzilla.kernel.org/show_bug.cgi?id=203967 > > > > That's not a discussion, but a single comment from Dmitry, which btw contains "provide alloc *and* free stacks for it" ("it" refers to page, emphasis mine). It would be nice if he or other KASAN guys could clarify. > > > > For slab objects we memorize both alloc and free stacks. You'll never know in advance what information will be usefull > to fix an issue, so it usually better to provide more information. I don't think we should do anything different for pages. > > Given that we already have the page_owner responsible for providing alloc/free stacks for pages, all that we should in KASAN do is to > enable the feature by default. Free stack saving should be decoupled from debug_pagealloc into separate option so that it can be enabled > by KASAN and/or debug_pagealloc. Thanks your suggestion. We will send the patch v3 as described above.