Received: by 10.223.164.202 with SMTP id h10csp2733052wrb; Mon, 27 Nov 2017 23:55:05 -0800 (PST) X-Google-Smtp-Source: AGs4zMaenXsGcS2/SNrzFxqjab4/OvO6YvKuCDQKmwGLMrhzdGQkjdsVPKjQWz89Y6d4DLjqN0gC X-Received: by 10.101.100.24 with SMTP id a24mr40388477pgv.239.1511855705654; Mon, 27 Nov 2017 23:55:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511855705; cv=none; d=google.com; s=arc-20160816; b=wvLUBNuimW+QA9HiCbVfSfho5pSh03c8MZImCXkCDolCMkhH1JCBB6XW0wZTPMtFo3 u2jxvG9yRO4nVpJEAyShZKw7CFj7qMgsmpZA2r0FEom5hcW7e4B+b4Bjz1O+nppSGmqp rP3S63omQq2Gg3km55kr7rQJzuet+h4fDaLwSoU4g1EMKD84B/n+XqKEwTBiqyyqynCv EAFXXX4ytS/fBnYAFzKDLkdaFK1wX+1tf6ug8oYnKreG9PGS6WbBLzJ8qK4bWsGr2vCH ox/rNGPizHZNhezYjl6SiCdKy9GOe0XGIu0e1xYwy8SqPuBjFMqOATduSZqB+XK+UCDO gXwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=4mhA9KVgaEN4JV6ltu2ZktrXTZN/gT0ZZ6RSbBiRCis=; b=YThPdI6+zeNoicNm0mcWkWrldAcGiEq0+XTrBIXOamVKzuKc9fWRTO/Au01dihmwy/ Je1P+qkjT27oKvxS7x8zKYI4pg7wjTIwg/82TyztPbLU6YmyeSvNwqlN2nrKxMLNnGaW dRxSWlSRwgUZKyjPFXBTlkGv3Dh5/4BssdlrmKozVbqs+aEpBXdh1aPYSInnXLJNqox3 J9OJ4VLsZz7x9QpYK+YhoNp5TSUGJme9aGNjWjL/C5rmAydr3+DUJGaDYeOIl54W0SRS cs0Ldk4geMjMYL41KoQz3dUY14rbdQofIEYFxhUKRzqYIyMYIvhizzbP5CutvLszoBeB Fung== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aptARi2i; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c32si6727619plj.58.2017.11.27.23.54.54; Mon, 27 Nov 2017 23:55:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aptARi2i; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752272AbdK1Htu (ORCPT + 78 others); Tue, 28 Nov 2017 02:49:50 -0500 Received: from mail-pg0-f65.google.com ([74.125.83.65]:43958 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752236AbdK1Htr (ORCPT ); Tue, 28 Nov 2017 02:49:47 -0500 Received: by mail-pg0-f65.google.com with SMTP id r12so19916180pgu.10 for ; Mon, 27 Nov 2017 23:49:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4mhA9KVgaEN4JV6ltu2ZktrXTZN/gT0ZZ6RSbBiRCis=; b=aptARi2i75980gGDOr024EYYS/Qt5p/5dvd6+GQ3wgD4lCcJArRlw6ofdfZHFzggEy 27qJU8+HRStd5iPkXFkcanoW8Xz4oALBFEIIaSUquXg46Q/nKcwK4Hho5XRqnPaYfWDY h9gOKio3xcDrByiSvc08a2kNDedNhRdeaKwojPtZ8Qa2aLE2lHnhjTRk/CEsNl8Ntv/o ffSH1oNbrop0VUDyPN4trW4HydcvPc2PKM+aOPgd1HFK7FDn93jkZXQXjuH7Kgj1jO3S lJTT1wKNAGmGIPrmfJz+YqAOeuHQi2FlEBKmNOZo9Fy2acHyb74DwMVEnTekDfrzg4jH UR/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4mhA9KVgaEN4JV6ltu2ZktrXTZN/gT0ZZ6RSbBiRCis=; b=iHOOUkbGVVI5H30pXK1chvHrtRUevJHRTN2cpC50dSMjBSs1vEn2bLXx3CCq/s7jvv qpdoS1Zc81VIsUUpRGxoXYhIz5VpZqGaEj8/fEdRW1OLi8OhUtb1YmToOQ+pA6gV7IDH t5tWMZiE1GGlF63S2c+Ls4jk3fpeykAz28gPZjJpYb8934Sicrn8bY9ANtHXEOj95TdQ iEV0RcRlDH8ijf5nNrYOXJ/Z1ckoZjKij/J1T7EW0GdBnf5kwK9BxPR7qwl9Z+QhZX3d venAeBj8Ti6ykyaK799JLHlNommKd+rOBT+c6eDsGtqJKzvYQGuw3XefhGWd8dxiFxdB FH4g== X-Gm-Message-State: AJaThX68lxOo99fKfSDTdELXfxUHs6WSI0tbo2U+kbFc2IhXzkfBiPnw ITUoJNeZG0XooRO6fm6+WqI= X-Received: by 10.98.28.5 with SMTP id c5mr39490888pfc.154.1511855386893; Mon, 27 Nov 2017 23:49:46 -0800 (PST) Received: from localhost.localdomain ([124.56.155.17]) by smtp.gmail.com with ESMTPSA id 67sm39403946pfz.171.2017.11.27.23.49.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 27 Nov 2017 23:49:46 -0800 (PST) From: js1304@gmail.com X-Google-Original-From: iamjoonsoo.kim@lge.com To: Andrew Morton Cc: Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Namhyung Kim , Wengang Wang , Joonsoo Kim Subject: [PATCH 08/18] vchecker: Add 'callstack' checker Date: Tue, 28 Nov 2017 16:48:43 +0900 Message-Id: <1511855333-3570-9-git-send-email-iamjoonsoo.kim@lge.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1511855333-3570-1-git-send-email-iamjoonsoo.kim@lge.com> References: <1511855333-3570-1-git-send-email-iamjoonsoo.kim@lge.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Namhyung Kim The callstack checker is to find invalid code paths accessing to a certain field in an object. Currently it only saves all stack traces at the given offset. Reporting will be added in the next patch. The below example checks callstack of anon_vma: # cd /sys/kernel/debug/vchecker # echo 0 8 > anon_vma/callstack # offset 0, size 8 # echo 1 > anon_vma/enable # cat anon_vma/callstack # show saved callstacks 0x0 0x8 callstack total: 42 callstack #0 anon_vma_fork+0x101/0x280 copy_process.part.10+0x15ff/0x2a40 _do_fork+0x155/0x7d0 SyS_clone+0x19/0x20 do_syscall_64+0xdf/0x460 return_from_SYSCALL_64+0x0/0x7a ... Signed-off-by: Namhyung Kim Signed-off-by: Joonsoo Kim --- mm/kasan/vchecker.c | 172 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 161 insertions(+), 11 deletions(-) diff --git a/mm/kasan/vchecker.c b/mm/kasan/vchecker.c index 15a1b18..0c9a4fc 100644 --- a/mm/kasan/vchecker.c +++ b/mm/kasan/vchecker.c @@ -31,6 +31,7 @@ struct vchecker { enum vchecker_type_num { VCHECKER_TYPE_VALUE = 0, + VCHECKER_TYPE_CALLSTACK, VCHECKER_TYPE_MAX, }; @@ -45,7 +46,7 @@ struct vchecker_type { char *buf, size_t cnt); void (*fini)(struct vchecker_cb *cb); void (*show)(struct kmem_cache *s, struct seq_file *f, - struct vchecker_cb *cb, void *object); + struct vchecker_cb *cb, void *object, bool verbose); bool (*check)(struct kmem_cache *s, struct vchecker_cb *cb, void *object, bool write, unsigned long begin, unsigned long end); @@ -64,6 +65,12 @@ struct vchecker_value_arg { u64 value; }; +#define CALLSTACK_MAX_HANDLE (PAGE_SIZE / sizeof(depot_stack_handle_t)) +struct vchecker_callstack_arg { + depot_stack_handle_t *handles; + atomic_t count; +}; + static struct dentry *debugfs_root; static struct vchecker_type vchecker_types[VCHECKER_TYPE_MAX]; static DEFINE_MUTEX(vchecker_meta); @@ -82,7 +89,7 @@ static bool need_check(struct vchecker_cb *cb, } static void show_cb(struct kmem_cache *s, struct seq_file *f, - struct vchecker_cb *cb, void *object) + struct vchecker_cb *cb, void *object, bool verbose) { if (f) { seq_printf(f, "%s checker for offset %ld ~ %ld\n", @@ -92,7 +99,7 @@ static void show_cb(struct kmem_cache *s, struct seq_file *f, cb->type->name, cb->begin, cb->end, object); } - cb->type->show(s, f, cb, object); + cb->type->show(s, f, cb, object, verbose); } static void add_cb(struct kmem_cache *s, struct vchecker_cb *cb) @@ -189,7 +196,7 @@ static void vchecker_report(unsigned long addr, size_t size, bool write, pr_err("%s of size %zu by task %s/%d\n", write ? "Write" : "Read", size, current->comm, task_pid_nr(current)); - show_cb(s, NULL, cb, object); + show_cb(s, NULL, cb, object, true); describe_object(s, object, (const void *)addr); pr_err("==================================================================\n"); @@ -284,14 +291,14 @@ bool vchecker_check(unsigned long addr, size_t size, return vchecker_poisoned((void *)addr, size); } -static noinline depot_stack_handle_t save_stack(void) +static noinline depot_stack_handle_t save_stack(int skip, bool *is_new) { unsigned long entries[VCHECKER_STACK_DEPTH]; struct stack_trace trace = { .nr_entries = 0, .entries = entries, .max_entries = VCHECKER_STACK_DEPTH, - .skip = 0 + .skip = skip, }; save_stack_trace(&trace); @@ -299,7 +306,7 @@ static noinline depot_stack_handle_t save_stack(void) trace.entries[trace.nr_entries-1] == ULONG_MAX) trace.nr_entries--; - return depot_save_stack(NULL, &trace, GFP_NOWAIT, NULL); + return depot_save_stack(NULL, &trace, GFP_NOWAIT, is_new); } static ssize_t vchecker_type_write(struct file *filp, const char __user *ubuf, @@ -381,7 +388,7 @@ static int vchecker_type_show(struct seq_file *f, enum vchecker_type_num type) if (cb->type != &vchecker_types[type]) continue; - show_cb(s, f, cb, NULL); + show_cb(s, f, cb, NULL, true); } mutex_unlock(&vchecker_meta); @@ -398,7 +405,7 @@ static int enable_show(struct seq_file *f, void *v) seq_printf(f, "%s\n", checker->enabled ? "1" : "0"); list_for_each_entry(cb, &checker->cb_list, list) - show_cb(s, f, cb, NULL); + show_cb(s, f, cb, NULL, false); mutex_unlock(&vchecker_meta); @@ -509,7 +516,7 @@ static void show_value_stack(struct vchecker_data *data) } static void show_value(struct kmem_cache *s, struct seq_file *f, - struct vchecker_cb *cb, void *object) + struct vchecker_cb *cb, void *object, bool verbose) { struct vchecker_value_arg *arg = cb->arg; struct vchecker_data *data; @@ -538,7 +545,7 @@ static bool check_value(struct kmem_cache *s, struct vchecker_cb *cb, if (!write) goto check; - handle = save_stack(); + handle = save_stack(0, NULL); if (!handle) { pr_err("VCHECKER: %s: fail at addr %p\n", __func__, object); dump_stack(); @@ -581,9 +588,152 @@ static const struct file_operations fops_value = { .release = single_release, }; +static int init_callstack(struct kmem_cache *s, struct vchecker_cb *cb, + char *buf, size_t cnt) +{ + unsigned long begin, len; + struct vchecker_callstack_arg *arg; + unsigned long max_size = round_up(s->object_size, sizeof(u64)); + + BUILD_BUG_ON(sizeof(u64) != KASAN_SHADOW_SCALE_SIZE); + + if (sscanf(buf, "%lu %lu", &begin, &len) != 2) + return -EINVAL; + + if (len > max_size || begin > max_size - len) + return -EINVAL; + + arg = kzalloc(sizeof(struct vchecker_callstack_arg), GFP_KERNEL); + if (!arg) + return -ENOMEM; + + arg->handles = (void *)get_zeroed_page(GFP_KERNEL); + if (!arg->handles) { + kfree(arg); + return -ENOMEM; + } + atomic_set(&arg->count, 0); + + cb->begin = begin; + cb->end = begin + len; + cb->arg = arg; + + return 0; +} + +static void fini_callstack(struct vchecker_cb *cb) +{ + struct vchecker_callstack_arg *arg = cb->arg; + + free_page((unsigned long)arg->handles); + kfree(arg); +} + +static void show_callstack_handle(struct seq_file *f, int idx, + struct vchecker_callstack_arg *arg) +{ + struct stack_trace trace; + unsigned int i; + + seq_printf(f, "callstack #%d\n", idx); + + depot_fetch_stack(NULL, arg->handles[idx], &trace); + + for (i = 0; i < trace.nr_entries; i++) + seq_printf(f, " %pS\n", (void *)trace.entries[i]); + seq_putc(f, '\n'); +} + +static void show_callstack(struct kmem_cache *s, struct seq_file *f, + struct vchecker_cb *cb, void *object, bool verbose) +{ + struct vchecker_callstack_arg *arg = cb->arg; + int count = atomic_read(&arg->count); + int i; + + if (f) { + seq_printf(f, "total: %d\n", count); + + if (!verbose) + return; + + if (count > CALLSTACK_MAX_HANDLE) { + seq_printf(f, "callstack is overflowed: (%d / %ld)\n", + count, CALLSTACK_MAX_HANDLE); + count = CALLSTACK_MAX_HANDLE; + } + + for (i = 0; i < count; i++) + show_callstack_handle(f, i, arg); + } else { + pr_err("invalid callstack found #%d\n", count - 1); + /* current stack trace will be shown by kasan_object_err() */ + } +} + +/* + * number of stacks to skip (at least). + * + * __asan_loadX -> vchecker_check -> cb->check() -> save_stack + * -> save_stack_trace + */ +#define STACK_SKIP 5 + +static bool check_callstack(struct kmem_cache *s, struct vchecker_cb *cb, + void *object, bool write, + unsigned long begin, unsigned long end) +{ + u32 handle; + bool is_new = false; + struct vchecker_callstack_arg *arg = cb->arg; + int idx; + + handle = save_stack(STACK_SKIP, &is_new); + if (!is_new) + return true; + + idx = atomic_fetch_inc(&arg->count); + + /* TODO: support handle table in multiple pages */ + if (idx < CALLSTACK_MAX_HANDLE) + arg->handles[idx] = handle; + + /* TODO: support reporting new callstack */ + return true; +} + +static int callstack_show(struct seq_file *f, void *v) +{ + return vchecker_type_show(f, VCHECKER_TYPE_CALLSTACK); +} + +static int callstack_open(struct inode *inode, struct file *file) +{ + return single_open(file, callstack_show, inode->i_private); +} + +static ssize_t callstack_write(struct file *filp, const char __user *ubuf, + size_t cnt, loff_t *ppos) +{ + /* add a new (disabled) callstack checker at the given offset */ + return vchecker_type_write(filp, ubuf, cnt, ppos, + VCHECKER_TYPE_CALLSTACK); +} + +static const struct file_operations fops_callstack = { + .open = callstack_open, + .write = callstack_write, + .read = seq_read, + .llseek = seq_lseek, + .release = single_release, +}; + +/* also need to update enum VCHECKER_TYPE_XXX */ static struct vchecker_type vchecker_types[VCHECKER_TYPE_MAX] = { { "value", &fops_value, init_value, fini_value, show_value, check_value }, + { "callstack", &fops_callstack, init_callstack, fini_callstack, + show_callstack, check_callstack }, }; static void free_vchecker(struct kmem_cache *s) -- 2.7.4 From 1588543903715624358@xxx Wed Jan 03 04:25:21 +0000 2018 X-GM-THRID: 1585972073530690234 X-Gmail-Labels: Inbox,Category Forums,Downloaded_2018-01