Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1882690pxv; Sat, 26 Jun 2021 03:14:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxXqow7uR/iRVIUQZZ1pahR8rcyHUBAFkagPD7vFTeH9gv1xSCa83lymnuLqSdWvkhZmxHY X-Received: by 2002:a05:6402:48f:: with SMTP id k15mr20570913edv.262.1624702496452; Sat, 26 Jun 2021 03:14:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624702496; cv=none; d=google.com; s=arc-20160816; b=HpRJvMYq1bE46WBGOV+NIq7iJQsgJqShdoac7QCBDDC5EXbMb60kE6GlrUlTTmY9KO DiWJ0NYnLkLoPRxmTRZ1+8zCiZEYUpvq+eQg76db3Zeezxnb7Y3YRkUZowsM/PTaw5JS AGYpBWwmN7fdVuLRkV+Vx8fGDsyNGAetogZxm0nqwmh/HbnFy5+d4mDptBHWN9oyiCRq vD9YK1hoIayk4I+odQZH7w2fNgZnZwh3RpuHHc3RVxwUaf2cbsiZQwcnZ3Qrzv+SjJPP V//auEdBzE7DDc/pCBaHuOnWRSfYNs+O0YpUSTzMMtg/dON8Z4X4+dJ0KyyVLk7J6BVv 3CKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from; bh=OBEd1liD/TmfuiGRpQAJF9DRgw6eXsnCIS5fM59Iwz0=; b=XZuCHDCrMNqFdn0fTX0gRmDtveX0iHjb5/KXxtAy5KoBhXmyrCcguJgXwj37tLfpOV /LJbBBUQxo/8Q7wfxCrckBrOipxrEYlIV0e9xjgt++AcCpcLFAcvEE8xw7uepj6R42Sj vg1lgosVU9+WCgo/mrdWvLidkyDencu6S3V9YG/LCGoikzCYgZ+bUr7276gaDVH/kznW PwhtFGvZXbcDqtkcCDOae8FNcr06Bkt/s5uhuT8q44Wr245qbKmS4f756KbL73betU/a tfMRqAdmPDexXTbKIhyomMv9KXgQ94q5ot9SJeCxrf1PamE3S4AIyf7+ZMzDtQkJNWtG 1woA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jx19si9211477ejc.135.2021.06.26.03.14.33; Sat, 26 Jun 2021 03:14:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mediatek.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229930AbhFZKMF (ORCPT + 99 others); Sat, 26 Jun 2021 06:12:05 -0400 Received: from mailgw01.mediatek.com ([60.244.123.138]:58718 "EHLO mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S229924AbhFZKMD (ORCPT ); Sat, 26 Jun 2021 06:12:03 -0400 X-UUID: 4491aa219bdb461f8a170b3e63e34f03-20210626 X-UUID: 4491aa219bdb461f8a170b3e63e34f03-20210626 Received: from mtkcas11.mediatek.inc [(172.21.101.40)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 2140284229; Sat, 26 Jun 2021 18:09:40 +0800 Received: from MTKCAS06.mediatek.inc (172.21.101.30) by mtkmbs01n2.mediatek.inc (172.21.101.79) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 26 Jun 2021 18:09:38 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by MTKCAS06.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sat, 26 Jun 2021 18:09:38 +0800 From: Kuan-Ying Lee To: Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Marco Elver , Dmitry Vyukov , Andrew Morton , Matthias Brugger CC: , , , , , , , , Kuan-Ying Lee Subject: [PATCH v4 3/3] kasan: add memory corruption identification support for hardware tag-based mode Date: Sat, 26 Jun 2021 18:09:31 +0800 Message-ID: <20210626100931.22794-4-Kuan-Ying.Lee@mediatek.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20210626100931.22794-1-Kuan-Ying.Lee@mediatek.com> References: <20210626100931.22794-1-Kuan-Ying.Lee@mediatek.com> MIME-Version: 1.0 Content-Type: text/plain X-MTK: N Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add memory corruption identification support for hardware tag-based mode. We store one old free pointer tag and free backtrace instead of five because hardware tag-based kasan only has 16 different tags. If we store as many stacks as SW tag-based kasan does(5 stacks), there is high probability to find the same tag in the stacks when out-of-bound issues happened and we will mistake out-of-bound issue for use-after-free. Signed-off-by: Kuan-Ying Lee Suggested-by: Marco Elver Reviewed-by: Alexander Potapenko Reviewed-by: Andrey Konovalov Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Andrew Morton --- lib/Kconfig.kasan | 2 +- mm/kasan/kasan.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan index fdb4a08dba83..1e2d10f86011 100644 --- a/lib/Kconfig.kasan +++ b/lib/Kconfig.kasan @@ -169,7 +169,7 @@ config KASAN_STACK config KASAN_TAGS_IDENTIFY bool "Enable memory corruption identification" - depends on KASAN_SW_TAGS + depends on KASAN_SW_TAGS || KASAN_HW_TAGS help This option enables best-effort identification of bug type (use-after-free or out-of-bounds) at the cost of increased diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 952df2db7fdd..f58672f6029a 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -153,7 +153,7 @@ struct kasan_track { depot_stack_handle_t stack; }; -#ifdef CONFIG_KASAN_TAGS_IDENTIFY +#if defined(CONFIG_KASAN_TAGS_IDENTIFY) && defined(CONFIG_KASAN_SW_TAGS) #define KASAN_NR_FREE_STACKS 5 #else #define KASAN_NR_FREE_STACKS 1 -- 2.18.0