Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp6641976ybv; Wed, 12 Feb 2020 16:38:34 -0800 (PST) X-Google-Smtp-Source: APXvYqyE8H7p5bmmIWnyceXHsPr8qQcCHG3Lq2fKHkaw5wv2FATEUQlnBuLiEMskcf+y8alzrOmx X-Received: by 2002:aca:4ad8:: with SMTP id x207mr1169702oia.55.1581554314623; Wed, 12 Feb 2020 16:38:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581554314; cv=none; d=google.com; s=arc-20160816; b=aejo425aCx1hqON6HD+aH1oER+A9NjHudVY+i2kN/XoUnR3f1Pdjh01QiUdio/oLco cVbfnV0SUd3mFdYwicyBiWMSP9qiZveH8+XePfxWKsEzJzb4FJOfERpE9HkSO+/pyBUA QBVxrwuolJ9Y7LTmK9jjYt0lX9x0N34AbJiIv62x3H7yqz/QEpIAsID/Vh3oNmRueWGm poXZgn1r7Ews2u5P6jxL+xnJDXS7rPxkTRUyfHqmkEDHOH6jovZDTDSPSgHc/GmkoEpx Q0CgmcGNWURxjLH7Wr27ndIDfRAyjbu7Wby6KWvEB7WzqRxof10Ymr2CphsZPapXPfC/ FTXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Uu9p1NHkE2MkYSqLVKem4JSGakNOnN3LkVvsdFKxSS0=; b=JCqtyR9738mod84VXhUyQXhKT7n89HgnLbuFbb8NbtvkGnCia4AcT0H873jB8YRhaZ xjmP6innk3w44j422G0GD73U04SMrOYu8RQnhfm8xoa5KvDCM3yXRbpx2WJoGYIvQxnC RNRmQnRwICYc2IJQU3J/uLXNWsN0oc3mRUgzAPc/1wLnxHwaZhRsncMZEyx8nOkI3Hfp FhnkWDbpeDM0SICJOgAz7HnhnMYR9ALbULDw7DCApSkGbUZrzjzaPNfvVsCPZE4JiyPv vGSA+fS8sdc2rHS5G/zpdxDK3FsVLlG+fA6XEVieYVmO8zN2/zYeKf9ebHxxbIDaeSLW ZxhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=C1VSERI1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s21si260304otr.304.2020.02.12.16.38.21; Wed, 12 Feb 2020 16:38:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=C1VSERI1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729353AbgBMAiO (ORCPT + 99 others); Wed, 12 Feb 2020 19:38:14 -0500 Received: from mail-wr1-f65.google.com ([209.85.221.65]:44387 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729190AbgBMAiN (ORCPT ); Wed, 12 Feb 2020 19:38:13 -0500 Received: by mail-wr1-f65.google.com with SMTP id m16so4559502wrx.11 for ; Wed, 12 Feb 2020 16:38:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Uu9p1NHkE2MkYSqLVKem4JSGakNOnN3LkVvsdFKxSS0=; b=C1VSERI1Zhn2+zwNq4GK6omW9Pu8n04thGggoaimCH1HofOfRHUCOQ5eRuXLOKllFc RX9W6HYCh+X9U4q+03sYtLor09rSeoyf+ckAi45iIrgRkMtyJ3kibvnFsEqp1eDBlTfS mVMLsY3zEFVRNDD+XeN5jD4tizPm7byE3GOwlkb74Wkh7GebPOjUPkIZ44B8cGktU+J5 apRTM6MlGFpSrFIFlPyktFh92vU1H4Y/SVS01GeIKVbPKR5M9wObqBORQb9PgTcZCBXe Dxbzv2zhc8mDcI2DbOKhVb7TLu4fn4zJMQ06LjAnab5mTAb2GUkRaqil7WQ3dRCt7VQd 6lOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Uu9p1NHkE2MkYSqLVKem4JSGakNOnN3LkVvsdFKxSS0=; b=qmbHXsnD9jv/W4bndgA9/HjHBw+TbY+CdBRTY2e4hZdKoyIG8UxqeWztlafP3b1TqN RI1ZtzrUaFmBC+hWdBWh6IcnfJS+qTTMV/wo7/C7smumgT3qUH+o96bf6jH12ivwjhCg OUb/adU6l3ve91W7AmrkQqRNq8knEExn4iD7v0Gkjp823pIyo6ZBdkZ0vwzTktig3aaM oc5sSKPjcteBGh/sVh/6yRSrXfe19/CGO/wePgwpOplFnDDZT9Kj5+Q4t37VAvM/hY61 wuc/0k9+c7pn4whe3Q0nbPUAlBXxasE1WW7I8CyZO9QIh8j0n+BKjjcPLH+CG89HnV62 ORrQ== X-Gm-Message-State: APjAAAWIIThoYtOJonqnSNukq6LiFFDNjXVnly4ik1PudnOOHgYY53Kd +XRnfzABDzOS0s4ysHQE+lqE3VEos0Fep1GwlVVGYw== X-Received: by 2002:adf:81e3:: with SMTP id 90mr17109059wra.23.1581554291169; Wed, 12 Feb 2020 16:38:11 -0800 (PST) MIME-Version: 1.0 References: <20200210225806.249297-1-trishalfonso@google.com> <13b0ea0caff576e7944e4f9b91560bf46ac9caf0.camel@sipsolutions.net> In-Reply-To: <13b0ea0caff576e7944e4f9b91560bf46ac9caf0.camel@sipsolutions.net> From: Patricia Alfonso Date: Wed, 12 Feb 2020 16:37:59 -0800 Message-ID: Subject: Re: [RFC PATCH v2] UML: add support for KASAN under x86_64 To: Johannes Berg Cc: Jeff Dike , Richard Weinberger , anton.ivanov@cambridgegreys.com, Andrey Ryabinin , Dmitry Vyukov , David Gow , Brendan Higgins , kasan-dev , LKML , linux-um@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 11, 2020 at 12:21 AM Johannes Berg wrote: > > Hi, > > Looks very nice! Some questions/comments below: > > > Depends on Constructor support in UML and is based off of > > "[RFC PATCH] um: implement CONFIG_CONSTRUCTORS for modules" > > (https://patchwork.ozlabs.org/patch/1234551/) > > I guess I should resend this as a proper patch then. Did you test > modules? I can try (later) too. > I have not tested modules - you might want to test modules before sending it at a proper patch. I just know that it works for the purposes of this KASAN project. > > The location of the KASAN shadow memory, starting at > > KASAN_SHADOW_OFFSET, can be configured using the > > KASAN_SHADOW_OFFSET option. UML uses roughly 18TB of address > > space, and KASAN requires 1/8th of this. > > That also means if I have say 512MB memory allocated for UML, KASAN will > use an *additional* 64, unlike on a "real" system, where KASAN will take > about 1/8th of the available physical memory, right? > Currently, the amount of shadow memory allocated is a constant based on the amount of user space address space in x86_64 since this is the host architecture I have focused on. > > + help > > + This is the offset at which the ~2.25TB of shadow memory is > > + initialized > > Maybe that should say "mapped" instead of "initialized", since there are > relatively few machines on which it could actually all all be used? > Valid point! > > +// used in kasan_mem_to_shadow to divide by 8 > > +#define KASAN_SHADOW_SCALE_SHIFT 3 > > nit: use /* */ style comments > Will do > > +#define KASAN_SHADOW_START (KASAN_SHADOW_OFFSET) > > +#define KASAN_SHADOW_END (KASAN_SHADOW_START + KASAN_SHADOW_SIZE) > > + > > +#ifdef CONFIG_KASAN > > +void kasan_init(void); > > +#else > > +static inline void kasan_init(void) { } > > +#endif /* CONFIG_KASAN */ > > + > > +void kasan_map_memory(void *start, unsigned long len); > > +void kasan_unpoison_shadow(const void *address, size_t size); > > + > > +#endif /* __ASM_UM_KASAN_H */ > > diff --git a/arch/um/kernel/Makefile b/arch/um/kernel/Makefile > > index 5aa882011e04..875e1827588b 100644 > > --- a/arch/um/kernel/Makefile > > +++ b/arch/um/kernel/Makefile > > @@ -8,6 +8,28 @@ > > # kernel. > > KCOV_INSTRUMENT := n > > > > +# The way UMl deals with the stack causes seemingly false positive KASAN > > +# reports such as: > > +# BUG: KASAN: stack-out-of-bounds in show_stack+0x15e/0x1fb > > +# Read of size 8 at addr 000000006184bbb0 by task swapper/1 > > +# ================================================================== > > +# BUG: KASAN: stack-out-of-bounds in dump_trace+0x141/0x1c5 > > +# Read of size 8 at addr 0000000071057eb8 by task swapper/1 > > +# ================================================================== > > +# BUG: KASAN: stack-out-of-bounds in get_wchan+0xd7/0x138 > > +# Read of size 8 at addr 0000000070e8fc80 by task systemd/1 > > +# > > +# With these files removed from instrumentation, those reports are > > +# eliminated, but KASAN still repeatedly reports a bug on syscall_stub_data: > > +# ================================================================== > > +# BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x299/0x2bf > > +# Read of size 128 at addr 0000000071457c50 by task swapper/1 > > So that's actually something to fix still? Just trying to understand, > I'll test it later. > Yes, I have not found a fix for these issues yet and even with these few files excluded from instrumentation, the syscall_stub_data error occurs(unless CONFIG_STACK is disabled, but CONFIG_STACK is enabled by default when using gcc to compile). It is unclear whether this is a bug that KASAN has found in UML or it is a mismatch of KASAN error detection on UML. > > -extern int printf(const char *msg, ...); > > -static void early_print(void) > > +#ifdef CONFIG_KASAN > > +void kasan_init(void) > > { > > - printf("I'm super early, before constructors\n"); > > + kasan_map_memory((void *)KASAN_SHADOW_START, KASAN_SHADOW_SIZE); > > Heh, you *actually* based it on my patch, in git terms, not just in code > terms. I think you should just pick up the few lines that you need from > that patch and squash them into this one, I just posted that to > demonstrate more clearly what I meant :-) > I did base this on your patch. I figured it was more likely to get merged before this patch anyway. To clarify, do you want me to include your constructors patch with this one as a patchset? > > +/** > > + * kasan_map_memory() - maps memory from @start with a size of @len. > > I think the () shouldn't be there? > Okay! > > +void kasan_map_memory(void *start, size_t len) > > +{ > > + if (mmap(start, > > + len, > > + PROT_READ|PROT_WRITE, > > + MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE|MAP_NORESERVE, > > + -1, > > + 0) == MAP_FAILED) > > + os_info("Couldn't allocate shadow memory %s", strerror(errno)); > > If that fails, can we even continue? > Probably not, but with this executing before main(), what is the best way to have an error occur? Or maybe there's a way we can just continue without KASAN enabled and print to the console that KASAN failed to initialize? > johannes > -- Patricia Alfonso