Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3542430pxb; Mon, 24 Jan 2022 11:49:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJwR1ndLM3Jkn9mxzcQDUPOiegJCTuRiXo+HVPl0GrpBNSYEoNxRW2t/zo+kDQFBrhRMH491 X-Received: by 2002:a05:6a00:1693:b0:44c:64a3:d318 with SMTP id k19-20020a056a00169300b0044c64a3d318mr15323796pfc.81.1643053774951; Mon, 24 Jan 2022 11:49:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643053774; cv=none; d=google.com; s=arc-20160816; b=SdPKP2QKi45nDtWfop2aqDp5YFdMcQrU3GfJq8vkPemT4AJin6B6WquaRlt+hpso+j RzxvAlX8BGZgi48kNJUplxlgKwAHx+x07ADc/NdKib5bpwy+VKOp8p275XUgEba5o3LV 4Yut7o5/ec8tDN24g9pJNiY86Wujyd5wPSnLDZmthZ/Wf4xoHj2XPuhT061YBALBZ0CP /b1eihxi1QKjXIomO5scBF80naM02FJS0asxVHKlFFwIhqaEohuc8cB+mjynEilTP7NG llUOVtB1LNYYTGnIOeOLz9YyW9u4N0aiY1+TYqi8q7SNpwxq+srGfwSEYPDDQ0S9mo6E nwjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/N3qdDIkK02IcRD/4YwZog5TYpzf/9zqE2SCjAPJ/fo=; b=f3DNZUWQopD2WCaQuBryDg2HlRaehbf4+vFk7nga9Z09GyzwGt57cYZjabChB5vuXL UKPTdxBaSIiRoc5j6HeIWXNgtZAWLPJ+/ccnLEuUU0aJ81sboB9v3Ngcxzclo9R01S/r xLUYt9J0GdddQhluAvfCmmXeG5Y3fOLb8JoNGuAq6U6K/bpdtWgtLat7D5Rr73ba1mvQ WehbW8+ikzowh9MGp7T04EH8lhJnlOid1Aok6x6JOYEt0W/KtgEkLCwpGMEx5FTYw4ZO GfE8mcJM02j7/PjeBUb9oKV/MOF9A0K/RmA0hZOOoO4VSSTJv7Cjy2KZbSFY4S6srNrb pClQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=X22x6Nk7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h1si6041603plf.506.2022.01.24.11.49.22; Mon, 24 Jan 2022 11:49:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=X22x6Nk7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245004AbiAXSF3 (ORCPT + 99 others); Mon, 24 Jan 2022 13:05:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244939AbiAXSFU (ORCPT ); Mon, 24 Jan 2022 13:05:20 -0500 Received: from out2.migadu.com (out2.migadu.com [IPv6:2001:41d0:2:aacc::]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DED3C06173B for ; Mon, 24 Jan 2022 10:05:20 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1643047519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/N3qdDIkK02IcRD/4YwZog5TYpzf/9zqE2SCjAPJ/fo=; b=X22x6Nk7eeDNKyn6jDiceM514SFnSoHru/VAQOLzZLldG21QaixqVBSg86I0UztwdBtMtg JPUzlMPCVfCvFMJwh/k4DJtNggOxtGGGSF65z12K7nNrzF0AEIWYcfrCzONMd1Q8WABZls 2P85qxtuD/DfJXyVbP8EBzYILeq/ung= From: andrey.konovalov@linux.dev To: Andrew Morton Cc: Andrey Konovalov , Marco Elver , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, linux-mm@kvack.org, Vincenzo Frascino , Catalin Marinas , Will Deacon , Mark Rutland , linux-arm-kernel@lists.infradead.org, Peter Collingbourne , Evgenii Stepanov , linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH v6 21/39] kasan, vmalloc: reset tags in vmalloc functions Date: Mon, 24 Jan 2022 19:04:55 +0100 Message-Id: <046003c5f683cacb0ba18e1079e9688bb3dca943.1643047180.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andrey Konovalov In preparation for adding vmalloc support to SW/HW_TAGS KASAN, reset pointer tags in functions that use pointer values in range checks. vread() is a special case here. Despite the untagging of the addr pointer in its prologue, the accesses performed by vread() are checked. Instead of accessing the virtual mappings though addr directly, vread() recovers the physical address via page_address(vmalloc_to_page()) and acceses that. And as page_address() recovers the pointer tag, the accesses get checked. Signed-off-by: Andrey Konovalov --- Changes v1->v2: - Clarified the description of untagging in vread(). --- mm/vmalloc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index b6712a25c996..38bf3b418b81 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -74,7 +74,7 @@ static const bool vmap_allow_huge = false; bool is_vmalloc_addr(const void *x) { - unsigned long addr = (unsigned long)x; + unsigned long addr = (unsigned long)kasan_reset_tag(x); return addr >= VMALLOC_START && addr < VMALLOC_END; } @@ -632,7 +632,7 @@ int is_vmalloc_or_module_addr(const void *x) * just put it in the vmalloc space. */ #if defined(CONFIG_MODULES) && defined(MODULES_VADDR) - unsigned long addr = (unsigned long)x; + unsigned long addr = (unsigned long)kasan_reset_tag(x); if (addr >= MODULES_VADDR && addr < MODULES_END) return 1; #endif @@ -806,6 +806,8 @@ static struct vmap_area *find_vmap_area_exceed_addr(unsigned long addr) struct vmap_area *va = NULL; struct rb_node *n = vmap_area_root.rb_node; + addr = (unsigned long)kasan_reset_tag((void *)addr); + while (n) { struct vmap_area *tmp; @@ -827,6 +829,8 @@ static struct vmap_area *__find_vmap_area(unsigned long addr) { struct rb_node *n = vmap_area_root.rb_node; + addr = (unsigned long)kasan_reset_tag((void *)addr); + while (n) { struct vmap_area *va; @@ -2145,7 +2149,7 @@ EXPORT_SYMBOL_GPL(vm_unmap_aliases); void vm_unmap_ram(const void *mem, unsigned int count) { unsigned long size = (unsigned long)count << PAGE_SHIFT; - unsigned long addr = (unsigned long)mem; + unsigned long addr = (unsigned long)kasan_reset_tag(mem); struct vmap_area *va; might_sleep(); @@ -3404,6 +3408,8 @@ long vread(char *buf, char *addr, unsigned long count) unsigned long buflen = count; unsigned long n; + addr = kasan_reset_tag(addr); + /* Don't allow overflow */ if ((unsigned long) addr + count < count) count = -(unsigned long) addr; -- 2.25.1