Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp164912pxu; Wed, 2 Dec 2020 18:25:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJxjfLIFwBaLav8FNdskQ9f7ubsBi7p3aekpEnPsPlR6dBhUBQ/WZ53R/15sAR1gg7d7jYAH X-Received: by 2002:a17:906:3ac2:: with SMTP id z2mr658733ejd.26.1606962331948; Wed, 02 Dec 2020 18:25:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606962331; cv=none; d=google.com; s=arc-20160816; b=PSCX2vyNVKvkxW4x/8YM5tejMOWDXex6FO4p8kZFkBwJnXN4XkvjaQMxOllT5ca7R1 uklksUC86w+1QTfxy+cWoVDsVRxGEWyeXlKczuLOKKWqhYkcWAWspPq4mFdbbUWU1QKl lngvfO6Xlf4ZVmgPl2hEAl+2wBO9ySdKKhf3WWnGigr8NlbS5hszbIx1uFsBvq1yot5X YXOrSPOpVI2jKuYr8Lvj4OBKZXRsJrW5ju1eQKiek3NSUVInpPVhDbgDVOHeBOdBQDbW SBPT/QhPo3NcypbKBhe3VHXrXmf+5zqbef8z7LMj8oTi/x83FT9nRqSkKxUcIEDvX6TN bp7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from; bh=2kTyQM18OjXa5jDe7ZCyNrJHu6mLY/DySS9qhlUox6k=; b=dPD6LftpRrGbiFxoWQ9iv5YQmPpW7b9AsbMwydhIl4LK+N7NJkWFyEIghLR72HQy1R o0fRPYxcrqHTVCf0b9mIou0mK8C7TyBmZuha0moOnBnwzZLgLLrvVNs5j+Lp8WhxzUpm 70tImXbm1woiGSXC+rTX0fb2606SfikBA0RW5Ch83fAg5Nd0nBmJNDL+0TJ5+OUmmg3w 6eO2ebjt7oDWCCWnwjRDLftE4ZiJZCy2QT3vCnsnl0Fym4WhvmpI5gi+sXUpvclYXjwV jWUKenmBpCNgAs7tgLXTLJqUDK+bHPDuLbRTo6XD/mLKsHGY33TZiY8QjVXCkFosu+zx SIRQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r2si105063edx.114.2020.12.02.18.25.04; Wed, 02 Dec 2020 18:25:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728279AbgLCCWi (ORCPT + 99 others); Wed, 2 Dec 2020 21:22:38 -0500 Received: from mailgw01.mediatek.com ([210.61.82.183]:48951 "EHLO mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727811AbgLCCWh (ORCPT ); Wed, 2 Dec 2020 21:22:37 -0500 X-UUID: aeebf121efbd4d459fec7a872a8ac5b6-20201203 X-UUID: aeebf121efbd4d459fec7a872a8ac5b6-20201203 Received: from mtkcas10.mediatek.inc [(172.21.101.39)] by mailgw01.mediatek.com (envelope-from ) (Cellopoint E-mail Firewall v4.1.14 Build 0819 with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 2076224499; Thu, 03 Dec 2020 10:21:52 +0800 Received: from mtkcas07.mediatek.inc (172.21.101.84) by mtkmbs01n1.mediatek.inc (172.21.101.68) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 3 Dec 2020 10:21:48 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkcas07.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 3 Dec 2020 10:21:49 +0800 From: Walter Wu To: Andrew Morton , Tejun Heo , Lai Jiangshan , Marco Elver , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Andrey Konovalov , Matthias Brugger CC: , , , , wsd_upstream , , Walter Wu Subject: [PATCH v5 0/4] kasan: add workqueue stack for generic KASAN Date: Thu, 3 Dec 2020 10:21:48 +0800 Message-ID: <20201203022148.29754-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 Content-Type: text/plain X-MTK: N Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Syzbot reports many UAF issues for workqueue, see [1]. In some of these access/allocation happened in process_one_work(), we see the free stack is useless in KASAN report, it doesn't help programmers to solve UAF for workqueue issue. This patchset improves KASAN reports by making them to have workqueue queueing stack. It is useful for programmers to solve use-after-free or double-free memory issue. Generic KASAN also records the last two workqueue stacks and prints them in KASAN report. It is only suitable for generic KASAN. [1]https://groups.google.com/g/syzkaller-bugs/search?q=%22use-after-free%22+process_one_work [2]https://bugzilla.kernel.org/show_bug.cgi?id=198437 Walter Wu (4): workqueue: kasan: record workqueue stack kasan: print workqueue stack lib/test_kasan.c: add workqueue test case kasan: update documentation for generic kasan --- Changes since v4: - Not found timer use case, so that remove timer patch - remove a mention of call_rcu() from the kasan_record_aux_stack() Thanks for Dmitry and Alexander suggestion. Changes since v3: - testcases have merge conflict, so that need to be rebased onto the KASAN-KUNIT. Changes since v2: - modify kasan document to be readable, Thanks for Marco suggestion. Changes since v1: - Thanks for Marco and Thomas suggestion. - Remove unnecessary code and fix commit log - reuse kasan_record_aux_stack() and aux_stack to record timer and workqueue stack. - change the aux stack title for common name. --- Documentation/dev-tools/kasan.rst | 5 +++-- kernel/workqueue.c | 3 +++ lib/test_kasan_module.c | 29 +++++++++++++++++++++++++++++ mm/kasan/generic.c | 4 +--- mm/kasan/report.c | 4 ++-- 5 files changed, 38 insertions(+), 7 deletions(-)