Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4856851rdh; Wed, 29 Nov 2023 12:42:31 -0800 (PST) X-Google-Smtp-Source: AGHT+IGVNl3pIEC2ATS+o6JPloFMG0YmR7eTTkFueUbX1wYDzvcrRoyDNRJFAXr1+TGY0GtaIbF2 X-Received: by 2002:a17:90b:1b11:b0:285:a115:4e1a with SMTP id nu17-20020a17090b1b1100b00285a1154e1amr14878704pjb.34.1701290550644; Wed, 29 Nov 2023 12:42:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701290550; cv=none; d=google.com; s=arc-20160816; b=Cfjujv9KsCWIvnffXFgSod3gMfETGYXk+oVh/Kui9x+oJoywfEp0GnmjSn8tXGPR3/ SCrFKTM00RCbMtad3evFY7HTmLSEUctlP3Ema7KYZ/L8a0w0L3pj/6C+2mgShkP2EALu o0I6Z1jKd5lXXH6F5cBiVowFFNTUPMPS8CUUh0DfU1CkA1KgjqGPJC0X38rQEv361N7e MgtnKZ/uruYaQtsYMXcj5e58UwrlUAU3ReI09mBCTNzE5Id8szwVugp2xfRhmIi3S4lz iNdNj+canmq9ORvwEmrC4kyQqDKRhGAP+1dNertvFqR7q786a0I5cEIKRWUTV1LzWOv4 Uddw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:user-agent:from :references:in-reply-to:mime-version:dkim-signature; bh=SjyD2uy7rhiIwUguKMOS6O61vfhptuzTgpHO35Q0vkM=; fh=mNh2dTT9hNlTAwR4JHScUJJPxlkXeBvbZ1V6FxZnDSc=; b=Fl709QWMZGM/TaOe5OR65wSSj0PCyA9GuKsaU/6F4lrz//isMg86a3XsYS1tR9Qfmr mTVc2Z7KW+cVkrXHUptwEYAUT6edEbsdtpBtqfj43RkOjdWRhKvHV1VB+G+cMyeifUIj 5qLTY7R2hUOrOQTEP7Wvp4P5Vwc4BFoIiN7wxOUIrQlvZxWq7JQd61kipDZKLZHUVz9w ALR6/sSsZmZ4WUGrmTY0Q+PhhVfp1LjfO4W/xGco4vnVNRHLlErSuxUH8MgTlir+PUfD SgpWMQpt8ln99QQBkr7C9C9LMMD7Jd7e3hFmYE5fvKc4FhIT9Kd4jqgumQ0AxSY8GuGE AA9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=eGs95RLO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id g2-20020a17090a9b8200b0028511e48364si1920006pjp.176.2023.11.29.12.42.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Nov 2023 12:42:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=eGs95RLO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 4902280440FC; Wed, 29 Nov 2023 12:42:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234010AbjK2UmM (ORCPT + 99 others); Wed, 29 Nov 2023 15:42:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55620 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231549AbjK2UmK (ORCPT ); Wed, 29 Nov 2023 15:42:10 -0500 Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D20CAD67 for ; Wed, 29 Nov 2023 12:42:16 -0800 (PST) Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2c50fbc218bso2893241fa.3 for ; Wed, 29 Nov 2023 12:42:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1701290535; x=1701895335; darn=vger.kernel.org; h=cc:to:subject:message-id:date:user-agent:from:references :in-reply-to:mime-version:from:to:cc:subject:date:message-id :reply-to; bh=SjyD2uy7rhiIwUguKMOS6O61vfhptuzTgpHO35Q0vkM=; b=eGs95RLOGruwTbMSTqo73RrVdIvHASzU+mtaPm12UPVwwBpCy4NnDgxxgB8Ld6YnsE iIvVLvBnyLGc3R9MoKjPxe9bbVDNScQm2pio82wb/OOXWJxBFfstAiFAkt1hakxfg/pY 1BK1A9ycFaMtDNqyhDxXY1rV5kZp/+JSz64J8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701290535; x=1701895335; h=cc:to:subject:message-id:date:user-agent:from:references :in-reply-to:mime-version:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=SjyD2uy7rhiIwUguKMOS6O61vfhptuzTgpHO35Q0vkM=; b=nYBZPxM+uMRGsyqxikVGjz7DKxwcxSpHsnWCBrZtNdyROc40J2BecqaKItaR6F3UUP IaxmAYbXN8NEaSH1x3kGbsYW4Q5GUYyTFzc1fdQi+K0s0LaE8NTTOExuRy+fr0o6kwfh DKHNdXNiWObI4nUsZTtfy4Yt8m7LUMP8oplzE+a88YtRp1YVJiBasLeZZCw6nH0Msf8s rmtMvIVpUDo51C2tps3yYq6uytonvxwNlxHcQKvYz5fuOUqqgG2XmdA5MUbyHh/9fdop 8xhVlnQ6qLAbwYJHExESSM4hFx36m9F/wtguGZn5O7a7Mpi2/GXHS8Gul37EwCrVgxER mjsA== X-Gm-Message-State: AOJu0YwRPV4fm6MiUHQEQRxhqhfW5CHjQcqmsbQFhWpgKkwKzb+D17bM +rkw4peOqA10Q2q1Yf2rZMwEb1SpMuMYnVzdI0D8UQ== X-Received: by 2002:a2e:9d8e:0:b0:2c9:c22e:31eb with SMTP id c14-20020a2e9d8e000000b002c9c22e31ebmr1958958ljj.22.1701290534275; Wed, 29 Nov 2023 12:42:14 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Wed, 29 Nov 2023 12:42:13 -0800 MIME-Version: 1.0 In-Reply-To: <202311291219.A6E3E58@keescook> References: <20231127234946.2514120-1-swboyd@chromium.org> <202311291219.A6E3E58@keescook> From: Stephen Boyd User-Agent: alot/0.10 Date: Wed, 29 Nov 2023 12:42:13 -0800 Message-ID: Subject: Re: [PATCH] lkdtm: Add kfence read after free crash type To: Kees Cook Cc: linux-kernel@vger.kernel.org, patches@lists.linux.dev, Arnd Bergmann , Greg Kroah-Hartman , Alexander Potapenko , Marco Elver , Dmitry Vyukov , kasan-dev@googlegroups.com, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 29 Nov 2023 12:42:28 -0800 (PST) Adding kfence folks (will add on v2). Quoting Kees Cook (2023-11-29 12:22:27) > On Mon, Nov 27, 2023 at 03:49:45PM -0800, Stephen Boyd wrote: > > Add the ability to allocate memory from kfence and trigger a read after > > free on that memory to validate that kfence is working properly. This is > > used by ChromeOS integration tests to validate that kfence errors can be > > collected on user devices and parsed properly. > > This looks really good; thanks for adding this! > > > > > Signed-off-by: Stephen Boyd > > --- > > drivers/misc/lkdtm/heap.c | 64 +++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 64 insertions(+) > > > > diff --git a/drivers/misc/lkdtm/heap.c b/drivers/misc/lkdtm/heap.c > > index 0ce4cbf6abda..608872bcc7e0 100644 > > --- a/drivers/misc/lkdtm/heap.c > > +++ b/drivers/misc/lkdtm/heap.c > > @@ -4,6 +4,7 @@ > > * page allocation and slab allocations. > > */ > > #include "lkdtm.h" > > +#include > > #include > > #include > > #include > > @@ -132,6 +133,66 @@ static void lkdtm_READ_AFTER_FREE(void) > > kfree(val); > > } > > > > +#if IS_ENABLED(CONFIG_KFENCE) > > I really try hard to avoid having tests disappear depending on configs, > and instead report the expected failure case (as you have). Can this be > built without the IS_ENABLED() tests? > We need IS_ENABLED() for the kfence_sample_interval variable. I suppose if the config isn't set that variable can be assumed as zero and then the timeout would hit immediately. We can either define the name 'kfence_sample_interval' as 0 in the header, or put an ifdef in the function. ---8<--- diff --git a/drivers/misc/lkdtm/heap.c b/drivers/misc/lkdtm/heap.c index 4f467d3972a6..574d0aa726dc 100644 --- a/drivers/misc/lkdtm/heap.c +++ b/drivers/misc/lkdtm/heap.c @@ -138,6 +138,14 @@ static void lkdtm_KFENCE_READ_AFTER_FREE(void) int *base, val, saw; unsigned long timeout, resched_after; size_t len = 1024; + unsigned long interval; + +#ifdef CONFIG_KFENCE + interval = kfence_sample_interval; +#else + interval = 0; +#endif + /* * The slub allocator will use the either the first word or * the middle of the allocation to store the free pointer, @@ -150,13 +158,13 @@ static void lkdtm_KFENCE_READ_AFTER_FREE(void) * 100x the sample interval should be more than enough to ensure we get * a KFENCE allocation eventually. */ - timeout = jiffies + msecs_to_jiffies(100 * kfence_sample_interval); + timeout = jiffies + msecs_to_jiffies(100 * interval); /* * Especially for non-preemption kernels, ensure the allocation-gate * timer can catch up: after @resched_after, every failed allocation * attempt yields, to ensure the allocation-gate timer is scheduled. */ - resched_after = jiffies + msecs_to_jiffies(kfence_sample_interval); + resched_after = jiffies + msecs_to_jiffies(interval); do { base = kmalloc(len, GFP_KERNEL); if (!base) { ---8<---- diff --git a/include/linux/kfence.h b/include/linux/kfence.h index 401af4757514..88100cc9caba 100644 --- a/include/linux/kfence.h +++ b/include/linux/kfence.h @@ -223,6 +223,8 @@ bool __kfence_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *sla #else /* CONFIG_KFENCE */ +#define kfence_sample_interval (0) + static inline bool is_kfence_address(const void *addr) { return false; } static inline void kfence_alloc_pool_and_metadata(void) { } static inline void kfence_init(void) { }