Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2749109pxa; Tue, 25 Aug 2020 02:04:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxLUTF+kj/SP+jZwNnhZAMQvKkDgL3KgJayECjZIZpL7+AKVe+JO+RYwXxbveyOEXuAukwo X-Received: by 2002:a17:906:a43:: with SMTP id x3mr9275847ejf.321.1598346250251; Tue, 25 Aug 2020 02:04:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598346250; cv=none; d=google.com; s=arc-20160816; b=tCKLqIFw4Yp+xe2vx2ttt5L5QduX4lBiEW/C82hzv0Kp0HcebdZ5XV6kOTmAMQLVx7 UFMfTIzm1mbW6JCAT9CbMkxz4TDJoDLIkvoEJwOENYcfPWAOio/Z+vo+x/tcnznNPZeB l8H2hSx3L8EMkA0xMnwtFWTIy9hpmvYLar+DMSUXyNQLx/yeb50/mXLBouwSzsJQvjwa aMpi6ZfcC4EO5sQluysycIFXwYe/r7XX372JRWYwPDn1EKSID7f4SlF9N/mJ9KBjIhy5 APzZz78X2lMmj8I5sNvF+YP1+u0zStUJl6o7TRhPiR5Z700DeFO68S5KMDSE3j9oh0Ul ix+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=FC5Hg6COXCLaWmmWNTz40PS96oTnHUqlyjZL5YEDjmI=; b=NzS4QSCXBi9tsUFES6N9jSq0l2368p11GHB3WsdATV2LFJtsi0U6duQX0BfJX54nY5 CwOC+gAgEX/VwNi2BfXnyyBzuPR+JUY00gslsRvUtR/CVVAIfey7G/23nOgLvjXXhq6N Uihi3WvLJGG0MFzAPVCOgvWvhwgyVh+ivJC7hjLaKzD5zE8VPcXpOwfeQcVEs+/WqKQb uui8XFRHPJUWkZ517cdmHOeRjTebNBUNAu/GGpjxjlw16U/TQ3dCPVGi+N5SDT5rfko5 FyhB+kubuOtSM4/pU4rsIAg6oXHZtcpt6120JlbpNqkEiYSrGD4bK79N/xRmZ4ZA96Xk NrtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="mE7Ydj/t"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qn20si5913275ejb.727.2020.08.25.02.03.45; Tue, 25 Aug 2020 02:04:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="mE7Ydj/t"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728641AbgHYI0o (ORCPT + 99 others); Tue, 25 Aug 2020 04:26:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728133AbgHYI0m (ORCPT ); Tue, 25 Aug 2020 04:26:42 -0400 Received: from mail-oi1-x243.google.com (mail-oi1-x243.google.com [IPv6:2607:f8b0:4864:20::243]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6074DC061574 for ; Tue, 25 Aug 2020 01:26:42 -0700 (PDT) Received: by mail-oi1-x243.google.com with SMTP id u24so10896683oic.7 for ; Tue, 25 Aug 2020 01:26:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FC5Hg6COXCLaWmmWNTz40PS96oTnHUqlyjZL5YEDjmI=; b=mE7Ydj/tIvyII6lomwmN1NR0MhMKAfEoekSi7y1J/k3ZNS2dnD6AhDjL5WPSSwIQhm 2Q0JrJSi23rD3J5faSQlxhqF+ng5SP2GoY1jmrM9ck4FQNHYVtYw5Xf9DtY3k+SyszJ0 uuXE7w7FrYLEXnDuOEPQx1wFVWbq40auNwZI2K+5sQsOdeUllOFcORseNaiXyghzY8Fz zTncDRbkjQoLPYoEXGJhL8nVkDUwA2XLDskzTyh7KR1ULBHzjN+sdbf3m8I9nksHQLrj PL+6W5Xb9f2gylfIg2mMFkN2yhST1Xw0vv/Cenk0s0RPc9aixJEPovw86FBtXCDVSMDv o98A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FC5Hg6COXCLaWmmWNTz40PS96oTnHUqlyjZL5YEDjmI=; b=Hp5HlBk4GJAJtm74IS85mbbRCZWeYaCecWrx52BCHfA6sbj5F9sWYwlMciyUS4cOz1 SrXJF9kRilR4K3Q4vVIY5H3U2sU2PVfEr3l1F+pwWJ6At4QNaXNcjdPbfAMbnUrlCJmP mw6gokvBAGMUSHGR69yeWMOL6ozGXNI9y6UEf82LP29K+s1DoJmWNR+txjQ/TQshnzpS wFmKxdYmCply5vOAKhsQVDp/c8cYdH1PZl8P1N/vLVndVNGFQT0Gz8N/RIhvNk860pzc nXkfSYZH3+94mj6pAZNnQK3xeVwTEHLT8BREgZAIxpLZj3BrJn4zBd2Z63CvStSXs8Im 3OqA== X-Gm-Message-State: AOAM531FaPlZR/UyQlKk33okpMa+UuLHVnRHHJiyWaRPOKnZRNQt6xEd jydtGWjNl8eCMizcOJngf+abBpaANMnesIggzxPWng== X-Received: by 2002:aca:aa8c:: with SMTP id t134mr407296oie.121.1598344001584; Tue, 25 Aug 2020 01:26:41 -0700 (PDT) MIME-Version: 1.0 References: <20200825015654.27781-1-walter-zh.wu@mediatek.com> In-Reply-To: <20200825015654.27781-1-walter-zh.wu@mediatek.com> From: Marco Elver Date: Tue, 25 Aug 2020 10:26:30 +0200 Message-ID: Subject: Re: [PATCH v3 0/6] kasan: add workqueue and timer stack for generic KASAN To: Walter Wu Cc: Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Matthias Brugger , John Stultz , Stephen Boyd , Andrew Morton , Tejun Heo , Lai Jiangshan , kasan-dev , Linux Memory Management List , LKML , Linux ARM , wsd_upstream , linux-mediatek@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 25 Aug 2020 at 03:57, Walter Wu wrote: > > Syzbot reports many UAF issues for workqueue or timer, see [1] and [2]. > In some of these access/allocation happened in process_one_work(), > we see the free stack is useless in KASAN report, it doesn't help > programmers to solve UAF on workqueue. The same may stand for times. > > This patchset improves KASAN reports by making them to have workqueue > queueing stack and timer stack information. It is useful for programmers > to solve use-after-free or double-free memory issue. > > Generic KASAN also records the last two workqueue and timer stacks and > prints them in KASAN report. It is only suitable for generic KASAN. > > [1]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22+process_one_work > [2]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22%20expire_timers > [3]https://bugzilla.kernel.org/show_bug.cgi?id=198437 > > Walter Wu (6): > timer: kasan: record timer stack > workqueue: kasan: record workqueue stack > kasan: print timer and workqueue stack > lib/test_kasan.c: add timer test case > lib/test_kasan.c: add workqueue test case > kasan: update documentation for generic kasan Acked-by: Marco Elver > --- > > Changes since v2: > - modify kasan document to be more readable. > Thanks for Marco suggestion. > > Changes since v1: > - Thanks for Marco and Thomas suggestion. > - Remove unnecessary code and fix commit log > - reuse kasan_record_aux_stack() and aux_stack > to record timer and workqueue stack. > - change the aux stack title for common name. > > --- > > Documentation/dev-tools/kasan.rst | 4 ++-- > kernel/time/timer.c | 3 +++ > kernel/workqueue.c | 3 +++ > lib/test_kasan.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > mm/kasan/report.c | 4 ++-- > 5 files changed, 64 insertions(+), 4 deletions(-) > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200825015654.27781-1-walter-zh.wu%40mediatek.com.