lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170322160647.32032-1-aryabinin@virtuozzo.com>
Date:   Wed, 22 Mar 2017 19:06:47 +0300
From:   Andrey Ryabinin <aryabinin@...tuozzo.com>
To:     Andrew Morton <akpm@...ux-foundation.org>
CC:     Mark Rutland <mark.rutland@....com>,
        Alexander Potapenko <glider@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        <kasan-dev@...glegroups.com>, <linux-mm@...ck.org>,
        <linux-kernel@...r.kernel.org>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>
Subject: [PATCH] kasan: report only the first error

Disable kasan after the first report. There are several reasons for this:
 * Single bug quite often has multiple invalid memory accesses causing
    storm in the dmesg.
 * Write OOB access might corrupt metadata so the next report will print
    bogus alloc/free stacktraces.
 * Reports after the first easily could be not bugs by itself but just side
    effects of the first one.

Given that multiple reports only do harm, it makes sense to disable
kasan after the first one. Except for the tests in lib/test_kasan.c
as we obviously want to see all reports from test.

Signed-off-by: Andrey Ryabinin <aryabinin@...tuozzo.com>
---
 lib/test_kasan.c  | 9 +++++++++
 mm/kasan/report.c | 7 +++++++
 2 files changed, 16 insertions(+)

diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 0b1d314..5112663 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -11,6 +11,7 @@
 
 #define pr_fmt(fmt) "kasan test: %s " fmt, __func__
 
+#include <linux/atomic.h>
 #include <linux/delay.h>
 #include <linux/kernel.h>
 #include <linux/mman.h>
@@ -21,6 +22,8 @@
 #include <linux/uaccess.h>
 #include <linux/module.h>
 
+extern atomic_t kasan_report_count;
+
 /*
  * Note: test functions are marked noinline so that their names appear in
  * reports.
@@ -474,6 +477,9 @@ static noinline void __init use_after_scope_test(void)
 
 static int __init kmalloc_tests_init(void)
 {
+	/* Rise reports limit high enough to see all the following bugs */
+	atomic_set(&kasan_report_count, 100);
+
 	kmalloc_oob_right();
 	kmalloc_oob_left();
 	kmalloc_node_oob_right();
@@ -499,6 +505,9 @@ static int __init kmalloc_tests_init(void)
 	ksize_unpoisons_memory();
 	copy_user_test();
 	use_after_scope_test();
+
+	/* kasan is unreliable now, disable reports */
+	atomic_set(&kasan_report_count, 0);
 	return -EAGAIN;
 }
 
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 718a10a..7eab229 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -13,6 +13,7 @@
  *
  */
 
+#include <linux/atomic.h>
 #include <linux/ftrace.h>
 #include <linux/kernel.h>
 #include <linux/mm.h>
@@ -354,6 +355,9 @@ static void kasan_report_error(struct kasan_access_info *info)
 	kasan_end_report(&flags);
 }
 
+atomic_t kasan_report_count = ATOMIC_INIT(1);
+EXPORT_SYMBOL_GPL(kasan_report_count);
+
 void kasan_report(unsigned long addr, size_t size,
 		bool is_write, unsigned long ip)
 {
@@ -362,6 +366,9 @@ void kasan_report(unsigned long addr, size_t size,
 	if (likely(!kasan_report_enabled()))
 		return;
 
+	if (atomic_dec_if_positive(&kasan_report_count) < 0)
+		return;
+
 	disable_trace_on_warning();
 
 	info.access_addr = (void *)addr;
-- 
2.10.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ