lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 10 Jul 2014 23:48:45 +0400
From:	Andrey Ryabinin <>
To:	Dave Hansen <>
Cc:	Andrey Ryabinin <>,, Dmitry Vyukov <>,
	Konstantin Serebryany <>,
	Alexey Preobrazhensky <>,
	Andrey Konovalov <>,
	Yuri Gribov <>,
	Konstantin Khlebnikov <>,
	Sasha Levin <>,
	Michal Marek <>,
	Russell King <>,
	Thomas Gleixner <>,
	Ingo Molnar <>,
	Christoph Lameter <>,
	Pekka Enberg <>,
	David Rientjes <>,
	Joonsoo Kim <>,
	Andrew Morton <>,,,,
Subject: Re: [RFC/PATCH RESEND -next 01/21] Add kernel address sanitizer infrastructure.

2014-07-10 19:55 GMT+04:00 Dave Hansen <>:
> On 07/10/2014 05:12 AM, Andrey Ryabinin wrote:
>> On 07/10/14 00:26, Dave Hansen wrote:
>>> On 07/09/2014 04:29 AM, Andrey Ryabinin wrote:
>>>> Address sanitizer dedicates 1/8 of the low memory to the shadow memory and uses direct
>>>> mapping with a scale and offset to translate a memory address to its corresponding
>>>> shadow address.
>>>> Here is function to translate address to corresponding shadow address:
>>>>      unsigned long kasan_mem_to_shadow(unsigned long addr)
>>>>      {
>>>>                 return ((addr - PAGE_OFFSET) >> KASAN_SHADOW_SCALE_SHIFT)
>>>>                              + kasan_shadow_start;
>>>>      }
>>> How does this interact with vmalloc() addresses or those from a kmap()?
>> It's used only for lowmem:
>> static inline bool addr_is_in_mem(unsigned long addr)
>> {
>>       return likely(addr >= PAGE_OFFSET && addr < (unsigned long)high_memory);
>> }
> That's fine, and definitely covers the common cases.  Could you make
> sure to call this out explicitly?  Also, there's nothing to _keep_ this
> approach working for things out of the direct map, right?  It would just
> be a matter of updating the shadow memory to have entries for the other
> virtual address ranges.

Why do you want shadow for things out of the direct map?
If you want to catch use-after-free in vmalloc than DEBUG_PAGEALLOC
will be enough.
If you want catch out-of-bounds in vmalloc you don't need anything,
because vmalloc
allocates guarding hole in the end.
Or do you want something else?

> addr_is_in_mem() is a pretty bad name for what it's doing. :)
> I'd probably call it something like kasan_tracks_vaddr().

> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to  For more info on Linux MM,
> see: .
> Don't email: <a href=mailto:""> </a>

Best regards,
Andrey Ryabinin
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists