lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171011082227.20546-1-liuwenliang@huawei.com>
Date:   Wed, 11 Oct 2017 16:22:16 +0800
From:   Abbott Liu <liuwenliang@...wei.com>
To:     <linux@...linux.org.uk>, <aryabinin@...tuozzo.com>,
        <liuwenliang@...wei.com>, <afzal.mohd.ma@...il.com>,
        <f.fainelli@...il.com>, <labbott@...hat.com>,
        <kirill.shutemov@...ux.intel.com>, <mhocko@...e.com>,
        <cdall@...aro.org>, <marc.zyngier@....com>,
        <catalin.marinas@....com>, <akpm@...ux-foundation.org>,
        <mawilcox@...rosoft.com>, <tglx@...utronix.de>,
        <thgarnie@...gle.com>, <keescook@...omium.org>, <arnd@...db.de>,
        <vladimir.murzin@....com>, <tixy@...aro.org>,
        <ard.biesheuvel@...aro.org>, <robin.murphy@....com>,
        <mingo@...nel.org>, <grygorii.strashko@...aro.org>
CC:     <glider@...gle.com>, <dvyukov@...gle.com>, <opendmb@...il.com>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>, <kasan-dev@...glegroups.com>,
        <linux-mm@...ck.org>, <jiazhenghua@...wei.com>,
        <dylix.dailei@...wei.com>, <zengweilin@...wei.com>,
        <heshaoliang@...wei.com>
Subject: [PATCH 00/11] KASan for arm

Hi,all:
   These patches add arch specific code for kernel address sanitizer 
(see Documentation/kasan.txt). 

   1/8 of kernel addresses reserved for shadow memory. There was no 
big enough hole for this, so virtual addresses for shadow were 
stolen from user space.
   
   At early boot stage the whole shadow region populated with just 
one physical page (kasan_zero_page). Later, this page reused 
as readonly zero shadow for some memory that KASan currently 
don't track (vmalloc). 

  After mapping the physical memory, pages for shadow memory are 
allocated and mapped. 

  KASan's stack instrumentation significantly increases stack's 
consumption, so CONFIG_KASAN doubles THREAD_SIZE.
  
  Functions like memset/memmove/memcpy do a lot of memory accesses. 
If bad pointer passed to one of these function it is important 
to catch this. Compiler's instrumentation cannot do this since 
these functions are written in assembly. 

  KASan replaces memory functions with manually instrumented variants. 
Original functions declared as weak symbols so strong definitions 
in mm/kasan/kasan.c could replace them. Original functions have aliases 
with '__' prefix in name, so we could call non-instrumented variant 
if needed. 

  Some files built without kasan instrumentation (e.g. mm/slub.c). 
Original mem* function replaced (via #define) with prefixed variants 
to disable memory access checks for such files. 

  On arm LPAE architecture,  the mapping table of KASan shadow memory(if 
PAGE_OFFSET is 0xc0000000, the KASan shadow memory's virtual space is 
0xb6e000000~0xbf000000) can't be filled in do_translation_fault function, 
because kasan instrumentation maybe cause do_translation_fault function 
accessing KASan shadow memory. The accessing of KASan shadow memory in 
do_translation_fault function maybe cause dead circle. So the mapping table 
of KASan shadow memory need be copyed in pgd_alloc function.


Most of the code comes from:
https://github.com/aryabinin/linux/commit/0b54f17e70ff50a902c4af05bb92716eb95acefe.

These patches are tested on vexpress-ca15, vexpress-ca9

Cc: Andrey Ryabinin <a.ryabinin@...sung.com>
Tested-by: Abbott Liu <liuwenliang@...wei.com>
Signed-off-by: Abbott Liu <liuwenliang@...wei.com>

Abbott Liu (6):
  Define the virtual space of KASan's shadow region
  change memory_is_poisoned_16 for aligned error
  Add support arm LPAE
  Don't need to map the shadow of KASan's shadow memory
  Change mapping of kasan_zero_page int readonly
  Add KASan layout

Andrey Ryabinin (5):
  Initialize the mapping of KASan shadow memory
  replace memory function
  arm: Kconfig: enable KASan
  Disable kasan's instrumentation
  Avoid cleaning the KASan shadow area's mapping table

 arch/arm/Kconfig                   |   1 +
 arch/arm/boot/compressed/Makefile  |   1 +
 arch/arm/include/asm/kasan.h       |  20 +++
 arch/arm/include/asm/kasan_def.h   |  51 +++++++
 arch/arm/include/asm/memory.h      |   5 +
 arch/arm/include/asm/pgalloc.h     |   5 +-
 arch/arm/include/asm/pgtable.h     |   1 +
 arch/arm/include/asm/proc-fns.h    |  33 +++++
 arch/arm/include/asm/string.h      |  18 ++-
 arch/arm/include/asm/thread_info.h |   4 +
 arch/arm/kernel/entry-armv.S       |   7 +-
 arch/arm/kernel/head-common.S      |   4 +
 arch/arm/kernel/setup.c            |   2 +
 arch/arm/kernel/unwind.c           |   3 +-
 arch/arm/lib/memcpy.S              |   3 +
 arch/arm/lib/memmove.S             |   5 +-
 arch/arm/lib/memset.S              |   3 +
 arch/arm/mm/Makefile               |   5 +
 arch/arm/mm/init.c                 |   6 +
 arch/arm/mm/kasan_init.c           | 265 +++++++++++++++++++++++++++++++++++++
 arch/arm/mm/mmu.c                  |   7 +-
 arch/arm/mm/pgd.c                  |  12 ++
 arch/arm/vdso/Makefile             |   2 +
 mm/kasan/kasan.c                   |  22 ++-
 24 files changed, 478 insertions(+), 7 deletions(-)
 create mode 100644 arch/arm/include/asm/kasan.h
 create mode 100644 arch/arm/include/asm/kasan_def.h
 create mode 100644 arch/arm/mm/kasan_init.c

-- 
2.9.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ