| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Jan 2015 09:34:57 +0400 From: Andrey Ryabinin <ryabinin.a.a@...il.com> To: Sasha Levin <sasha.levin@...cle.com> Cc: Andrey Ryabinin <a.ryabinin@...sung.com>, LKML <linux-kernel@...r.kernel.org>, Dmitry Vyukov <dvyukov@...gle.com>, Konstantin Serebryany <kcc@...gle.com>, Dmitry Chernenkov <dmitryc@...gle.com>, Andrey Konovalov <adech.fo@...il.com>, Yuri Gribov <tetra2005@...il.com>, Konstantin Khlebnikov <koct9i@...il.com>, Michal Marek <mmarek@...e.cz>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Christoph Lameter <cl@...ux.com>, Pekka Enberg <penberg@...nel.org>, David Rientjes <rientjes@...gle.com>, Joonsoo Kim <iamjoonsoo.kim@....com>, Andrew Morton <akpm@...ux-foundation.org>, Dave Hansen <dave.hansen@...el.com>, Andi Kleen <andi@...stfloor.org>, Vegard Nossum <vegard.nossum@...il.com>, "H. Peter Anvin" <hpa@...or.com>, "x86@...nel.org" <x86@...nel.org>, "linux-mm@...ck.org" <linux-mm@...ck.org>, Randy Dunlap <rdunlap@...radead.org>, Peter Zijlstra <peterz@...radead.org>, Alexander Viro <viro@...iv.linux.org.uk>, Dave Jones <davej@...hat.com>, Jonathan Corbet <corbet@....net>, Linus Torvalds <torvalds@...ux-foundation.org>, Catalin Marinas <catalin.marinas@....com> Subject: Re: [PATCH v9 00/17] Kernel address sanitizer - runtime memory debugger. 2015-01-22 3:22 GMT+03:00 Sasha Levin <sasha.levin@...cle.com>: > On 01/21/2015 11:51 AM, Andrey Ryabinin wrote: >> Changes since v8: >> - Fixed unpoisoned redzones for not-allocated-yet object >> in newly allocated slab page. (from Dmitry C.) >> >> - Some minor non-function cleanups in kasan internals. >> >> - Added ack from Catalin >> >> - Added stack instrumentation. With this we could detect >> out of bounds accesses in stack variables. (patch 12) >> >> - Added globals instrumentation - catching out of bounds in >> global varibles. (patches 13-17) >> >> - Shadow moved out from vmalloc into hole between vmemmap >> and %esp fixup stacks. For globals instrumentation >> we will need shadow backing modules addresses. >> So we need some sort of a shadow memory allocator >> (something like vmmemap_populate() function, except >> that it should be available after boot). >> >> __vmalloc_node_range() suits that purpose, except that >> it can't be used for allocating for shadow in vmalloc >> area because shadow in vmalloc is already 'allocated' >> to protect us from other vmalloc users. So we need >> 16TB of unused addresses. And we have big enough hole >> between vmemmap and %esp fixup stacks. So I moved shadow >> there. > > I'm not sure which new addition caused it, but I'm getting tons of > false positives from platform drivers trying to access memory they > don't "own" - because they expect to find hardware there. > To be sure, that this is really false positives, could you try with patches in attachment? That should fix some bugs in several platform drivers. > I suspect we'd need to mark that memory region somehow to prevent > accesses to it from triggering warnings? > > > Thanks, > Sasha > View attachment "backlight-da9052_bl-terminate-da9052_wled_ids-array-with-empty-element.patch" of type "text/x-patch" (414 bytes) View attachment "crypto-ccp-terminate-ccp_support-array-with-empty-element.patch" of type "text/x-patch" (360 bytes) View attachment "rtc-s5m-terminate-s5m_rtc_id-array-with-empty-element.patch" of type "text/x-patch" (419 bytes)
Powered by blists - more mailing lists