Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp1650438ybj;
        Wed, 6 May 2020 02:40:21 -0700 (PDT)
X-Google-Smtp-Source: APiQypKa5QDsZNjHkN3n5z8RvzHIy4L7/d+cxxCx/D2gDvvclE6VY7pbHI/RxdqpJQYazuhCZn/M
X-Received: by 2002:a17:907:9c4:: with SMTP id bx4mr6332439ejc.199.1588758021017;
        Wed, 06 May 2020 02:40:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588758021; cv=none;
        d=google.com; s=arc-20160816;
        b=FrY/3odlUizEBnZxyofRS2MPXEo6wKLsc7H6y1HO+eg2MbH5R8uc1WQtH2+MWO7hIb
         IpqYKwCDBgqX5Wkl4FIzRq4eLWPkFJlu46WQxhtf+iVmKEJpZgyfp/rWpBsi3tU8TfmW
         b0Ir0hF9A7Eh9LljFlM/mhmyF/FF/RbCkiS2s6IZIiJLv2Y32MJVt8S/xHMMzsu3rzIy
         OclKZQbf7wUV4mFGJ6mDdhdS04Y9u+3hODOs7nDVEKsZCRJAo/RRz4v3snxDF6PFRs9u
         PFhh/hZxbGJ1l1Vdsa7ytGoT1CTmQeCWMzP8cmrHqPMwXZ9iIgOp3dczqfo4zfUXP7Zk
         Ii2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=da9Msd6VhXx/3o4OwwaQEairzk+A5t5H6NDxBwzjlV0=;
        b=JyJfNzXQaq+fxwtFqzECswToZsVv+jrBLi6lOohh3TiCnOCUuAYn61MrertziTEMCc
         IGbUHI9d0mJHXZFZ1330vSheaF1ji75F6r+tHowOlIvycy+kteUP26D82HOm9Tzmyd+t
         pdYxxlb8cjgQoFaZXsXdphfFEq3i0Hw+lMJIhZ1JDVKCGPf3IruvEeUQOSIT+rDJi9UI
         DlN8yL2k84yEFpcfS3ah7z2yTsOqEd53cF0fMyh+ITERlfhNKq/RoducUsBtY+qh6gHT
         eH5E3AC4dw+V/Wercxookr2Xvnbz6qsS6Hta6sEOG99SfrMrwrA52DTrdifi+GHqMMvW
         yj6A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="ncii/QMt";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a20si787485ejj.269.2020.05.06.02.39.57;
        Wed, 06 May 2020 02:40:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="ncii/QMt";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729051AbgEFJiI (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Wed, 6 May 2020 05:38:08 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60856 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S1728640AbgEFJiH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 May 2020 05:38:07 -0400
Received: from mail-qk1-x743.google.com (mail-qk1-x743.google.com [IPv6:2607:f8b0:4864:20::743])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A42DC061A0F
        for <linux-kernel@vger.kernel.org>; Wed,  6 May 2020 02:38:07 -0700 (PDT)
Received: by mail-qk1-x743.google.com with SMTP id s9so1224546qkm.6
        for <linux-kernel@vger.kernel.org>; Wed, 06 May 2020 02:38:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=da9Msd6VhXx/3o4OwwaQEairzk+A5t5H6NDxBwzjlV0=;
        b=ncii/QMt765z12zCCRyYs27sJbBG55KS6EXgAt7uA/nAMWDhb5SHWhLAsl67GI2EoZ
         M8oLJnLRBvHLjeXdD4dcTwGX5lvZsRQlXW/VdJ5A5UG4MK0C0ulIURk5H/8tNBoDaiIx
         gdHY6M1cX35EHbi2BxS2kf8m7sXjfDgqqg+VdiCZ49OiOv2jz2Ef46X8koWsWasgYdK+
         bpeXm4R264TMadTOVkieNdWTkWI29YNk27LeBy3LsP8sRxUuonyXbewfko/HGB0BL9AB
         CTgR25v8+cAv6LwtMchkSgHRNjqGZDYpLsrhiIe5fjWVqJq9Nb1O7fnneO6+SAspPv3J
         L7Pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=da9Msd6VhXx/3o4OwwaQEairzk+A5t5H6NDxBwzjlV0=;
        b=gx/SsJtbiiPXu1gI79iBFvZQ2BLN//VuqUWLEZAwoCTbJIo850KWOFeDIq0s+qCiS1
         r93J5xRwRobgS1Q/SRxd2nsDRMIFIi3/5Vee8VRKuxfbSSBz+iU3hCBJ1eQQd+dHcHm8
         YLBE/1QzTc8bim4opo5G5q3nuQ1JJVKR7trpHSRRvJFucFklOL+aSdQYn1MlEM/14IQQ
         QLyDfd8Qf7VIbsvOpgaCID4VoON8BhnM/GEtyLmrWI7kMvNh3cbQbqfl+nOR0Tfor5iP
         RhKTVm0RnibMtnXOu2R/JCYHzaGg9tYDmNu7sTodO9Q8ASVE29qsMvArdZ84F+U2r0u0
         xFuw==
X-Gm-Message-State: AGi0PuY2jaIIsX63LuW+saORxQKronuhW8ErBydBGs9t52xmUnk0YkYy
        /ehUL2zcCj7M2QIQTHBfJ82woVBYDi5/LBHtLKpx9w==
X-Received: by 2002:ae9:ed05:: with SMTP id c5mr2109866qkg.250.1588757886424;
 Wed, 06 May 2020 02:38:06 -0700 (PDT)
MIME-Version: 1.0
References: <20200506051853.14380-1-walter-zh.wu@mediatek.com>
 <2BF68E83-4611-48B2-A57F-196236399219@lca.pw> <1588746219.16219.10.camel@mtksdccf07>
In-Reply-To: <1588746219.16219.10.camel@mtksdccf07>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Wed, 6 May 2020 11:37:54 +0200
Message-ID: <CACT4Y+atTS6p4b23AH+G9LM-k2gU=kMdkKQdARSboxc-H8CLTQ@mail.gmail.com>
Subject: Re: [PATCH 0/3] kasan: memorize and print call_rcu stack
To:     Walter Wu <walter-zh.wu@mediatek.com>
Cc:     Qian Cai <cai@lca.pw>, Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        Matthias Brugger <matthias.bgg@gmail.com>,
        "Paul E . McKenney" <paulmck@kernel.org>,
        Josh Triplett <josh@joshtriplett.org>,
        Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
        Lai Jiangshan <jiangshanlai@gmail.com>,
        Joel Fernandes <joel@joelfernandes.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        kasan-dev <kasan-dev@googlegroups.com>,
        Linux-MM <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        wsd_upstream <wsd_upstream@mediatek.com>,
        linux-mediatek@lists.infradead.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 6, 2020 at 8:23 AM Walter Wu <walter-zh.wu@mediatek.com> wrote:
> > > This patchset improves KASAN reports by making them to have
> > > call_rcu() call stack information. It is helpful for programmers
> > > to solve use-after-free or double-free memory issue.
> > >
> > > The KASAN report was as follows(cleaned up slightly):
> > >
> > > BUG: KASAN: use-after-free in kasan_rcu_reclaim+0x58/0x60
> > >
> > > Freed by task 0:
> > > save_stack+0x24/0x50
> > > __kasan_slab_free+0x110/0x178
> > > kasan_slab_free+0x10/0x18
> > > kfree+0x98/0x270
> > > kasan_rcu_reclaim+0x1c/0x60
> > > rcu_core+0x8b4/0x10f8
> > > rcu_core_si+0xc/0x18
> > > efi_header_end+0x238/0xa6c
> > >
> > > First call_rcu() call stack:
> > > save_stack+0x24/0x50
> > > kasan_record_callrcu+0xc8/0xd8
> > > call_rcu+0x190/0x580
> > > kasan_rcu_uaf+0x1d8/0x278
> > >
> > > Last call_rcu() call stack:
> > > (stack is not available)
> > >
> > >
> > > Add new CONFIG option to record first and last call_rcu() call stack
> > > and KASAN report prints two call_rcu() call stack.
> > >
> > > This option doesn't increase the cost of memory consumption. It is
> > > only suitable for generic KASAN.
> >
> > I don=E2=80=99t understand why this needs to be a Kconfig option at all=
. If call_rcu() stacks are useful in general, then just always gather those=
 information. How do developers judge if they need to select this option or=
 not?
>
> Because we don't want to increase slub meta-data size, so enabling this
> option can print call_rcu() stacks, but the in-use slub object doesn't
> print free stack. So if have out-of-bound issue, then it will not print
> free stack. It is a trade-off, see [1].
>
> [1] https://bugzilla.kernel.org/show_bug.cgi?id=3D198437

Hi Walter,

Great you are tackling this!

I have the same general sentiment as Qian. I would enable this
unconditionally because:

1. We still can't get both rcu stack and free stack. I would assume
most kernel testing systems need to enable this (we definitely enable
on syzbot). This means we do not have free stack for allocation
objects in any reports coming from testing systems. Which greatly
diminishes the value of the other mode.

2. Kernel is undertested. Introducing any additional configuration
options is a problem in such context. Chances are that some of the
modes are not working or will break in future.

3. That free stack actually causes lots of confusion and I never found
it useful:
https://bugzilla.kernel.org/show_bug.cgi?id=3D198425
If it's a very delayed UAF, either one may get another report for the
same bug with not so delayed UAF, or if it's way too delayed, then the
previous free stack is wrong as well.

4. Most users don't care that much about debugging tools to learn
every bit of every debugging tool and spend time fine-tuning it for
their context. Most KASAN users won't even be aware of this choice,
and they will just use whatever is the default.

5. Each configuration option increases implementation complexity.

What would have value is if we figure out how to make both of them
work at the same time without increasing memory consumption. But I
don't see any way to do this.

I propose to make this the only mode. I am sure lots of users will
find this additional stack useful, whereas the free stack is even
frequently confusing.