Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3683065ybb; Tue, 31 Mar 2020 09:55:01 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsGZU36AVHH0eZn9xa/Q2ugyTWL8xaLzEGmoGLBAE2PP1jteuWHSpRRTRY1M46QUMKhIpy3 X-Received: by 2002:a9d:7147:: with SMTP id y7mr14490601otj.230.1585673701525; Tue, 31 Mar 2020 09:55:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585673701; cv=none; d=google.com; s=arc-20160816; b=PAdJgy0opV9mP84W/bE83RBm2pgFgGNOAzZIGugMXSZ7zeW0EDFbgoAJrLpg7wpxCN jnHmq9slKuVNRU+BafGa5Mt89Fh03QKn9oq8OQHyxCrb5ogg3h5gko2t7gODaZd+PDO5 8tXo6NkFeGyFBOpCrG4Y0g7vHDV5+ak9jilBIKe6Mrs9OkpHWsoRTWv4tB3sgtpNSbcw bxGjgYy9xqkVmeDua0wJkYMOz8V3KMx/SXfVZCjz77TBLMKQiBm1NYxwiYK9AeaFkXOJ YOzQeqyLNw0BiS5vzg/4kEyFZ7kkq9Fb/LDji49KQ9caAz56unscxKwNyfQBV8ake8iH t5yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date; bh=g7G+b8qzBQ+S3aB6NtOhr/mtqnkU6wGYs5qbKVWrkNg=; b=AEd+VZlk+Bh9ArYU0L8lH8S53d2oIpfoPLUA1xbQyrjhMRl5lX6jiVlJYej/sZ0rnb GAEPGja0GRE3d00QgBbdtay7QFW7UxlYoNrHUZ5pou/MQjTnF8yUQalvhKqVEFn+KZOc mpjZdKMD8KYxcU5s416hTriD8GLaC8LajFH4bw4L7Dkhs9JKeDXEkQ2mgSccJyK2xGtn r+RPvnrBZNUDm0vz6pd93HMeuk2svqx6Nu9thLxLfF66UiXaxxoc2LtXId3Z5X/4+xE+ Vfr61B9ngjc1onVc92clvEMqhsWLHK+KqtUqaL+/HdGggjfEipwi1Pk2SOuuXJctfQLd NoAg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a190si6688077oib.146.2020.03.31.09.54.49; Tue, 31 Mar 2020 09:55:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731051AbgCaQyS convert rfc822-to-8bit (ORCPT + 99 others); Tue, 31 Mar 2020 12:54:18 -0400 Received: from lithops.sigma-star.at ([195.201.40.130]:39116 "EHLO lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730149AbgCaQyS (ORCPT ); Tue, 31 Mar 2020 12:54:18 -0400 Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id 1FE5E60A073D; Tue, 31 Mar 2020 18:54:15 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id bCAazVMZJRqh; Tue, 31 Mar 2020 18:54:13 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id 0280B609D2F6; Tue, 31 Mar 2020 18:54:13 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 82ywUB7fjkiv; Tue, 31 Mar 2020 18:54:12 +0200 (CEST) Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130]) by lithops.sigma-star.at (Postfix) with ESMTP id D47F7609D2E2; Tue, 31 Mar 2020 18:54:12 +0200 (CEST) Date: Tue, 31 Mar 2020 18:54:12 +0200 (CEST) From: Richard Weinberger To: Patricia Alfonso Cc: Johannes Berg , Dmitry Vyukov , Jeff Dike , anton ivanov , Andrey Ryabinin , Brendan Higgins , davidgow , linux-um , linux-kernel , kasan-dev Message-ID: <418158403.63080.1585673652800.JavaMail.zimbra@nod.at> In-Reply-To: References: <20200226004608.8128-1-trishalfonso@google.com> <2cee72779294550a3ad143146283745b5cccb5fc.camel@sipsolutions.net> Subject: Re: [PATCH] UML: add support for KASAN under x86_64 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-Originating-IP: [195.201.40.130] X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF68 (Linux)/8.8.12_GA_3809) Thread-Topic: add support for KASAN under x86_64 Thread-Index: PKJWQW+CVN2ItfoQyPENtJL8H3bmwg== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Patricia, ----- Ursprüngliche Mail ----- > Von: "Patricia Alfonso" > An: "Johannes Berg" > CC: "Dmitry Vyukov" , "Jeff Dike" , "richard" , "anton ivanov" > , "Andrey Ryabinin" , "Brendan Higgins" > , "davidgow" , "linux-um" , > "linux-kernel" , "kasan-dev" > Gesendet: Dienstag, 31. März 2020 18:39:21 > Betreff: Re: [PATCH] UML: add support for KASAN under x86_64 > On Mon, Mar 30, 2020 at 1:41 AM Johannes Berg wrote: >> >> On Mon, 2020-03-30 at 10:38 +0200, Dmitry Vyukov wrote: >> > On Mon, Mar 30, 2020 at 9:44 AM Johannes Berg wrote: >> > > On Fri, 2020-03-20 at 16:18 +0100, Dmitry Vyukov wrote: >> > > > > Wait ... Now you say 0x7fbfffc000, but that is almost fine? I think you >> > > > > confused the values - because I see, on userspace, the following: >> > > > >> > > > Oh, sorry, I copy-pasted wrong number. I meant 0x7fff8000. >> > > >> > > Right, ok. >> > > >> > > > Then I would expect 0x1000 0000 0000 to work, but you say it doesn't... >> > > >> > > So it just occurred to me - as I was mentioning this whole thing to >> > > Richard - that there's probably somewhere some check about whether some >> > > space is userspace or not. >> > > > > Yeah, it seems the "Kernel panic - not syncing: Segfault with no mm", > "Kernel mode fault at addr...", and "Kernel tried to access user > memory at addr..." errors all come from segv() in > arch/um/kernel/trap.c due to what I think is this type of check > whether the address is > in userspace or not. Segfault with no mm means that a (not fixable) pagefault happened while kernel code ran. >> > > I'm beginning to think that we shouldn't just map this outside of the >> > > kernel memory system, but properly treat it as part of the memory that's >> > > inside. And also use KASAN_VMALLOC. >> > > >> > > We can probably still have it at 0x7fff8000, just need to make sure we >> > > actually map it? I tried with vm_area_add_early() but it didn't really >> > > work once you have vmalloc() stuff... >> > > > What x86 does when KASAN_VMALLOC is disabled is make all vmalloc > region accesses succeed by default > by using the early shadow memory to have completely unpoisoned and > unpoisonable read-only pages for all of vmalloc (which includes > modules). When KASAN_VMALLOC is enabled in x86, the shadow memory is not > allocated for the vmalloc region at startup. New chunks of shadow > memory are allocated and unpoisoned every time there's a vmalloc() > call. A similar thing might have to be done here by mprotect()ing > the vmalloc space as read only, unpoisoned without KASAN_VMALLOC. This > issue here is that > kasan_init runs so early in the process that the vmalloc region for > uml is not setup yet. > > >> > But we do mmap it, no? See kasan_init() -> kasan_map_memory() -> mmap. >> >> Of course. But I meant inside the UML PTE system. We end up *unmapping* >> it when loading modules, because it overlaps vmalloc space, and then we >> vfree() something again, and unmap it ... because of the overlap. >> >> And if it's *not* in the vmalloc area, then the kernel doesn't consider >> it valid, and we seem to often just fault when trying to determine >> whether it's valid kernel memory or not ... Though I'm not really sure I >> understand the failure part of this case well yet. >> > > I have been testing this issue in a multitude of ways and have only > been getting more confused. It's still very unclear where exactly the > problem occurs, mostly because the errors I found most frequently were > reported in segv(), but the stack traces never contained segv. > > Does anyone know if/how UML determines if memory being accessed is > kernel or user memory? In contrast to classic x86, without KPTI and SMAP/SMEP, UML has a strong separation between user- and kernel-memory. This is also why copy_from/to_user() is so expensive. In arch/um/kernel/trap.c segv() you can see the logic. Also see UPT_IS_USER(). Thanks, //richard