Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4401621rdb; Fri, 15 Sep 2023 00:30:18 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFbXaf/2EimMAiR2FRtcDAnp7FtSWeTrdxstg+dZPuOl+eGwjUeqGC/qA0z59hqUvXNmd6u X-Received: by 2002:a17:90a:7562:b0:26d:4312:17ec with SMTP id q89-20020a17090a756200b0026d431217ecmr710743pjk.1.1694763018475; Fri, 15 Sep 2023 00:30:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694763018; cv=none; d=google.com; s=arc-20160816; b=m3413j0Gxz7pqgjgwP1UpdpF30aOTn5+NQaPPfyfkJ530gNz3pUgoT/mQlTaM5Tw6w zBHAnvZYzFClMucJ0uYZeMw9AsmIWtGTUAmXyCCVVZ3YJeJpIp/LTWoIQvsU+FTiKRfN 6Scj9ZStb8puKR/mxPN8uzbQmncRHGYJ3yWAg00UJ8BdgZTHgsQET4XZqYDdfSpJHoL9 m/iQ/zh3NUz9IYFG69ei0wUtDnkjZm0QaPkKYrfEaT22dUpbtMxZ5Mhw8r8POoCHVDPh oayGaUARwQSGfpviMnbY61GpkK14w+WGidf7Dh3EZQz4y/PPc3ntIWv43TRlYtj4J3VE Scmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=J3P8BZDl5uXhLdi7mCkkSTzXwn0E2WaaQT91SGIepdI=; fh=mOFVByfsJNle5OoL3xMTOfgYLnLvVWdorHp2SYW++nc=; b=K/QRR9f3XWDXYndCexAAcucRugzIHCEwH9ax0qpZIiovHyOANs9u92jUFwvC5z/zS1 yUXevOe5/LTknXbL4qnQvzwG8oVa3rrfmNcGcC0LbHUwp/ruQxVG4rR3gRKigleEt7Ty Uz+ak5c7u/vrjtUioaBwSopDXUtcMnq398FU2N6nk3jfRfunfsTdIXIThsVvtw0CJjzG w1SUOXXG4s0N2xfFBxnVdOl1uJF79SComPLOrp24EzBIqp2Jk+e0gDkpzwShRRc69DJR J6VANDd19+sd/lfCg+B2yfJcgnp0hwiA5JB5KBXBDHfSnxiYMc6nLP3H07ynqyttOgkS U9oQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=T86moxrA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id ng8-20020a17090b1a8800b0025eeb3cc4b2si3179758pjb.9.2023.09.15.00.30.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 00:30:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=T86moxrA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 25A8882FABF9; Thu, 14 Sep 2023 10:47:07 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240076AbjINRrH (ORCPT + 99 others); Thu, 14 Sep 2023 13:47:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238757AbjINRrG (ORCPT ); Thu, 14 Sep 2023 13:47:06 -0400 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21E921FF6 for ; Thu, 14 Sep 2023 10:47:02 -0700 (PDT) Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-274939681b5so75028a91.0 for ; Thu, 14 Sep 2023 10:47:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694713621; x=1695318421; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=J3P8BZDl5uXhLdi7mCkkSTzXwn0E2WaaQT91SGIepdI=; b=T86moxrA6ZxDzK1VuFftiohtlOQoe2n31VCssoVqGtI/u1UR606gImuByBxFRgr+Tj FLs58GtffSYI8AlYpboCkmyF9ECAkcvR6iNnnLZ2jznEKe1w7bpJqUHWC1mappSoV6NQ ty2w7DtI9/cSYFgIhQH47mmOKJCqat1jpvXxG88iwvCFyNe+Jscb/wcowDag1vWWX2cu lXCPIhXsNl/6opjs/9mRh8/46i0kmdhXjaHQzWTQ7w00KY92itReDvWE8utAeFF5sfAS MmbEz6iWF3RczB1D//FBJdO5cEvvHALLBmt0j48kuxXaTU9Suc0sIJrfrH/WPhKL5hhI uF1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694713621; x=1695318421; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J3P8BZDl5uXhLdi7mCkkSTzXwn0E2WaaQT91SGIepdI=; b=EqQlrQSwG6WF18k+AjmCmhDVv+iSvphoS+pBcMM+XT+TzAvCfXkVNbe1xlDsPp0wxP fkks3jgxAeo41St6cRppu/ATH45gR8Holu3/2TSiZss67o6jOWCN56CQfgHg2o/rTts1 bGu1xJfTovUHA7o8uCntA6fS+rhxVqKtcSy+KCx/aT2kAyW0fPsV6t8rN2QE92Ub6B9d CrcU2thktVbByqzHLT2qIt/R4MNVyWxhf8cU7cdr/HUKDFf27FBrKoWDtJgySecFuyzV auwxjMHRVTzIqSzYuy2u5gZpgpdUQ+FgU6nu/gRapP4py1IRHQOfBL+fatpgNWlP6XfG XLwQ== X-Gm-Message-State: AOJu0YxW/uzJtQ4t3PA6EhagbwhMN/OidR67j7TnC3IavQn8EaSeJCSg jhvMNKUaZHNIEPL7GTJrbj4mvm03OfD30lg2+LE= X-Received: by 2002:a17:90b:1d87:b0:268:5bed:708e with SMTP id pf7-20020a17090b1d8700b002685bed708emr5548210pjb.24.1694713621533; Thu, 14 Sep 2023 10:47:01 -0700 (PDT) MIME-Version: 1.0 References: <20230914080833.50026-1-haibo.li@mediatek.com> In-Reply-To: <20230914080833.50026-1-haibo.li@mediatek.com> From: Andrey Konovalov Date: Thu, 14 Sep 2023 19:46:50 +0200 Message-ID: Subject: Re: [PATCH] kasan:fix access invalid shadow address when input is illegal To: Haibo Li Cc: linux-kernel@vger.kernel.org, xiaoming.yu@mediatek.com, Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Matthias Brugger , AngeloGioacchino Del Regno , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Sep 2023 10:47:07 -0700 (PDT) On Thu, Sep 14, 2023 at 10:08=E2=80=AFAM 'Haibo Li' via kasan-dev wrote: > > when the input address is illegal,the corresponding shadow address > from kasan_mem_to_shadow may have no mapping in mmu table. > Access such shadow address causes kernel oops. > Here is a sample about oops on arm64(VA 39bit) with KASAN_SW_TAGS on: > > [ffffffb80aaaaaaa] pgd=3D000000005d3ce003, p4d=3D000000005d3ce003, > pud=3D000000005d3ce003, pmd=3D0000000000000000 > Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP > Modules linked in: > CPU: 3 PID: 100 Comm: sh Not tainted 6.6.0-rc1-dirty #43 > Hardware name: linux,dummy-virt (DT) > pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) > pc : __hwasan_load8_noabort+0x5c/0x90 > lr : do_ib_ob+0xf4/0x110 > ffffffb80aaaaaaa is the shadow address for efffff80aaaaaaaa. > The problem is reading invalid shadow in kasan_check_range. > > The generic kasan also has similar oops. > > To fix it,check shadow address by reading it with no fault. > > After this patch,KASAN is able to report invalid memory access > for this case. Hi Haibo, I thought this should be covered by the kasan_non_canonical_hook handler, which prints some additional information about how the GPF could be caused by accessing shadow memory. Does it not work in your case? It might be that we need to add kasan_non_canonical_hook to some other arm64 internal fault handler functions then. Thanks!