lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAAeHK+zsYPRqGTOZxt_wdd3vnOFWPO4viv2_tbhbCFTCJCNf4Q@mail.gmail.com>
Date:   Thu, 21 Jun 2018 14:40:42 +0200
From:   Andrey Konovalov <andreyknvl@...gle.com>
To:     kbuild test robot <lkp@...el.com>
Cc:     kbuild-all@...org, Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Alexander Potapenko <glider@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        Christoph Lameter <cl@...ux.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Mark Rutland <mark.rutland@....com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Marc Zyngier <marc.zyngier@....com>,
        Dave Martin <dave.martin@....com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        "Eric W . Biederman" <ebiederm@...ssion.com>,
        Ingo Molnar <mingo@...nel.org>,
        Paul Lawrence <paullawrence@...gle.com>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        Arnd Bergmann <arnd@...db.de>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        Mike Rapoport <rppt@...ux.vnet.ibm.com>,
        kasan-dev <kasan-dev@...glegroups.com>,
        linux-doc@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        linux-sparse@...r.kernel.org,
        Linux Memory Management List <linux-mm@...ck.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Kostya Serebryany <kcc@...gle.com>,
        Evgeniy Stepanov <eugenis@...gle.com>,
        Lee Smith <Lee.Smith@....com>,
        Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>,
        Jacob Bramley <Jacob.Bramley@....com>,
        Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>,
        Jann Horn <jannh@...gle.com>,
        Mark Brand <markbrand@...gle.com>,
        Chintan Pandya <cpandya@...eaurora.org>
Subject: Re: [PATCH v3 02/17] khwasan: move common kasan and khwasan code to common.c

On Wed, Jun 20, 2018 at 10:36 PM, kbuild test robot <lkp@...el.com> wrote:
> Hi Andrey,
>
> Thank you for the patch! Yet something to improve:
>
> [auto build test ERROR on mmotm/master]
> [also build test ERROR on v4.18-rc1 next-20180620]
> [if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
>
> url:    https://github.com/0day-ci/linux/commits/Andrey-Konovalov/khwasan-kernel-hardware-assisted-address-sanitizer/20180621-035912
> base:   git://git.cmpxchg.org/linux-mmotm.git master
> config: x86_64-randconfig-x011-201824 (attached as .config)
> compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
> reproduce:
>         # save the attached .config to linux build tree
>         make ARCH=x86_64
>
> Note: the linux-review/Andrey-Konovalov/khwasan-kernel-hardware-assisted-address-sanitizer/20180621-035912 HEAD 0e30ed7118e854b38bb6ab96365e7c74a2518290 builds fine.
>       It only hurts bisectibility.

Will fix in v4, thanks!

>
> All errors (new ones prefixed by >>):
>
>>> mm//kasan/report.c:42:20: error: conflicting types for 'find_first_bad_addr'
>     static const void *find_first_bad_addr(const void *addr, size_t size)
>                        ^~~~~~~~~~~~~~~~~~~
>    In file included from mm//kasan/report.c:33:0:
>    mm//kasan/kasan.h:130:7: note: previous declaration of 'find_first_bad_addr' was here
>     void *find_first_bad_addr(void *addr, size_t size);
>           ^~~~~~~~~~~~~~~~~~~
>>> mm//kasan/report.c:54:13: error: conflicting types for 'addr_has_shadow'
>     static bool addr_has_shadow(struct kasan_access_info *info)
>                 ^~~~~~~~~~~~~~~
>    In file included from mm//kasan/report.c:33:0:
>    mm//kasan/kasan.h:120:20: note: previous definition of 'addr_has_shadow' was here
>     static inline bool addr_has_shadow(const void *addr)
>                        ^~~~~~~~~~~~~~~
>    mm//kasan/report.c: In function 'get_shadow_bug_type':
>    mm//kasan/report.c:86:2: error: duplicate case value
>      case KASAN_KMALLOC_REDZONE:
>      ^~~~
>    mm//kasan/report.c:85:2: note: previously used here
>      case KASAN_PAGE_REDZONE:
>      ^~~~
>    mm//kasan/report.c:98:2: error: duplicate case value
>      case KASAN_FREE_PAGE:
>      ^~~~
>    mm//kasan/report.c:85:2: note: previously used here
>      case KASAN_PAGE_REDZONE:
>      ^~~~
>    mm//kasan/report.c:99:2: error: duplicate case value
>      case KASAN_KMALLOC_FREE:
>      ^~~~
>    mm//kasan/report.c:85:2: note: previously used here
>      case KASAN_PAGE_REDZONE:
>      ^~~~
>    mm//kasan/report.c: At top level:
>>> mm//kasan/report.c:128:20: error: static declaration of 'get_bug_type' follows non-static declaration
>     static const char *get_bug_type(struct kasan_access_info *info)
>                        ^~~~~~~~~~~~
>    In file included from mm//kasan/report.c:33:0:
>    mm//kasan/kasan.h:131:13: note: previous declaration of 'get_bug_type' was here
>     const char *get_bug_type(struct kasan_access_info *info);
>                 ^~~~~~~~~~~~
>
> vim +/find_first_bad_addr +42 mm//kasan/report.c
>
> 0b24becc Andrey Ryabinin  2015-02-13   41
> 0b24becc Andrey Ryabinin  2015-02-13  @42  static const void *find_first_bad_addr(const void *addr, size_t size)
> 0b24becc Andrey Ryabinin  2015-02-13   43  {
> 0b24becc Andrey Ryabinin  2015-02-13   44       u8 shadow_val = *(u8 *)kasan_mem_to_shadow(addr);
> 0b24becc Andrey Ryabinin  2015-02-13   45       const void *first_bad_addr = addr;
> 0b24becc Andrey Ryabinin  2015-02-13   46
> 0b24becc Andrey Ryabinin  2015-02-13   47       while (!shadow_val && first_bad_addr < addr + size) {
> 0b24becc Andrey Ryabinin  2015-02-13   48               first_bad_addr += KASAN_SHADOW_SCALE_SIZE;
> 0b24becc Andrey Ryabinin  2015-02-13   49               shadow_val = *(u8 *)kasan_mem_to_shadow(first_bad_addr);
> 0b24becc Andrey Ryabinin  2015-02-13   50       }
> 0b24becc Andrey Ryabinin  2015-02-13   51       return first_bad_addr;
> 0b24becc Andrey Ryabinin  2015-02-13   52  }
> 0b24becc Andrey Ryabinin  2015-02-13   53
> 5e82cd12 Andrey Konovalov 2017-05-03  @54  static bool addr_has_shadow(struct kasan_access_info *info)
> 5e82cd12 Andrey Konovalov 2017-05-03   55  {
> 5e82cd12 Andrey Konovalov 2017-05-03   56       return (info->access_addr >=
> 5e82cd12 Andrey Konovalov 2017-05-03   57               kasan_shadow_to_mem((void *)KASAN_SHADOW_START));
> 5e82cd12 Andrey Konovalov 2017-05-03   58  }
> 5e82cd12 Andrey Konovalov 2017-05-03   59
> 5e82cd12 Andrey Konovalov 2017-05-03   60  static const char *get_shadow_bug_type(struct kasan_access_info *info)
> 0b24becc Andrey Ryabinin  2015-02-13   61  {
> 0952d87f Andrey Konovalov 2015-11-05   62       const char *bug_type = "unknown-crash";
> cdf6a273 Andrey Konovalov 2015-11-05   63       u8 *shadow_addr;
> 0b24becc Andrey Ryabinin  2015-02-13   64
> 0b24becc Andrey Ryabinin  2015-02-13   65       info->first_bad_addr = find_first_bad_addr(info->access_addr,
> 0b24becc Andrey Ryabinin  2015-02-13   66                                               info->access_size);
> 0b24becc Andrey Ryabinin  2015-02-13   67
> cdf6a273 Andrey Konovalov 2015-11-05   68       shadow_addr = (u8 *)kasan_mem_to_shadow(info->first_bad_addr);
> 0b24becc Andrey Ryabinin  2015-02-13   69
> cdf6a273 Andrey Konovalov 2015-11-05   70       /*
> cdf6a273 Andrey Konovalov 2015-11-05   71        * If shadow byte value is in [0, KASAN_SHADOW_SCALE_SIZE) we can look
> cdf6a273 Andrey Konovalov 2015-11-05   72        * at the next shadow byte to determine the type of the bad access.
> cdf6a273 Andrey Konovalov 2015-11-05   73        */
> cdf6a273 Andrey Konovalov 2015-11-05   74       if (*shadow_addr > 0 && *shadow_addr <= KASAN_SHADOW_SCALE_SIZE - 1)
> cdf6a273 Andrey Konovalov 2015-11-05   75               shadow_addr++;
> cdf6a273 Andrey Konovalov 2015-11-05   76
> cdf6a273 Andrey Konovalov 2015-11-05   77       switch (*shadow_addr) {
> 0952d87f Andrey Konovalov 2015-11-05   78       case 0 ... KASAN_SHADOW_SCALE_SIZE - 1:
> cdf6a273 Andrey Konovalov 2015-11-05   79               /*
> cdf6a273 Andrey Konovalov 2015-11-05   80                * In theory it's still possible to see these shadow values
> cdf6a273 Andrey Konovalov 2015-11-05   81                * due to a data race in the kernel code.
> cdf6a273 Andrey Konovalov 2015-11-05   82                */
> 0952d87f Andrey Konovalov 2015-11-05   83               bug_type = "out-of-bounds";
> b8c73fc2 Andrey Ryabinin  2015-02-13   84               break;
> 0316bec2 Andrey Ryabinin  2015-02-13   85       case KASAN_PAGE_REDZONE:
> 0316bec2 Andrey Ryabinin  2015-02-13   86       case KASAN_KMALLOC_REDZONE:
> 0952d87f Andrey Konovalov 2015-11-05   87               bug_type = "slab-out-of-bounds";
> 0952d87f Andrey Konovalov 2015-11-05   88               break;
> bebf56a1 Andrey Ryabinin  2015-02-13   89       case KASAN_GLOBAL_REDZONE:
> 0952d87f Andrey Konovalov 2015-11-05   90               bug_type = "global-out-of-bounds";
> 0b24becc Andrey Ryabinin  2015-02-13   91               break;
> c420f167 Andrey Ryabinin  2015-02-13   92       case KASAN_STACK_LEFT:
> c420f167 Andrey Ryabinin  2015-02-13   93       case KASAN_STACK_MID:
> c420f167 Andrey Ryabinin  2015-02-13   94       case KASAN_STACK_RIGHT:
> c420f167 Andrey Ryabinin  2015-02-13   95       case KASAN_STACK_PARTIAL:
> 0952d87f Andrey Konovalov 2015-11-05   96               bug_type = "stack-out-of-bounds";
> 0952d87f Andrey Konovalov 2015-11-05   97               break;
> 0952d87f Andrey Konovalov 2015-11-05   98       case KASAN_FREE_PAGE:
> 0952d87f Andrey Konovalov 2015-11-05  @99       case KASAN_KMALLOC_FREE:
> 0952d87f Andrey Konovalov 2015-11-05  100               bug_type = "use-after-free";
> c420f167 Andrey Ryabinin  2015-02-13  101               break;
> 828347f8 Dmitry Vyukov    2016-11-30  102       case KASAN_USE_AFTER_SCOPE:
> 828347f8 Dmitry Vyukov    2016-11-30  103               bug_type = "use-after-scope";
> 828347f8 Dmitry Vyukov    2016-11-30  104               break;
> 342061ee Paul Lawrence    2018-02-06  105       case KASAN_ALLOCA_LEFT:
> 342061ee Paul Lawrence    2018-02-06  106       case KASAN_ALLOCA_RIGHT:
> 342061ee Paul Lawrence    2018-02-06  107               bug_type = "alloca-out-of-bounds";
> 342061ee Paul Lawrence    2018-02-06  108               break;
> 0b24becc Andrey Ryabinin  2015-02-13  109       }
> 0b24becc Andrey Ryabinin  2015-02-13  110
> 5e82cd12 Andrey Konovalov 2017-05-03  111       return bug_type;
> 5e82cd12 Andrey Konovalov 2017-05-03  112  }
> 5e82cd12 Andrey Konovalov 2017-05-03  113
> 822d5ec2 Colin Ian King   2017-07-10  114  static const char *get_wild_bug_type(struct kasan_access_info *info)
> 5e82cd12 Andrey Konovalov 2017-05-03  115  {
> 5e82cd12 Andrey Konovalov 2017-05-03  116       const char *bug_type = "unknown-crash";
> 5e82cd12 Andrey Konovalov 2017-05-03  117
> 5e82cd12 Andrey Konovalov 2017-05-03  118       if ((unsigned long)info->access_addr < PAGE_SIZE)
> 5e82cd12 Andrey Konovalov 2017-05-03  119               bug_type = "null-ptr-deref";
> 5e82cd12 Andrey Konovalov 2017-05-03  120       else if ((unsigned long)info->access_addr < TASK_SIZE)
> 5e82cd12 Andrey Konovalov 2017-05-03  121               bug_type = "user-memory-access";
> 5e82cd12 Andrey Konovalov 2017-05-03  122       else
> 5e82cd12 Andrey Konovalov 2017-05-03  123               bug_type = "wild-memory-access";
> 5e82cd12 Andrey Konovalov 2017-05-03  124
> 5e82cd12 Andrey Konovalov 2017-05-03  125       return bug_type;
> 5e82cd12 Andrey Konovalov 2017-05-03  126  }
> 5e82cd12 Andrey Konovalov 2017-05-03  127
> 7d418f7b Andrey Konovalov 2017-05-03 @128  static const char *get_bug_type(struct kasan_access_info *info)
> 7d418f7b Andrey Konovalov 2017-05-03  129  {
> 7d418f7b Andrey Konovalov 2017-05-03  130       if (addr_has_shadow(info))
> 7d418f7b Andrey Konovalov 2017-05-03  131               return get_shadow_bug_type(info);
> 7d418f7b Andrey Konovalov 2017-05-03  132       return get_wild_bug_type(info);
> 7d418f7b Andrey Konovalov 2017-05-03  133  }
> 7d418f7b Andrey Konovalov 2017-05-03  134
>
> :::::: The code at line 42 was first introduced by commit
> :::::: 0b24becc810dc3be6e3f94103a866f214c282394 kasan: add kernel address sanitizer infrastructure
>
> :::::: TO: Andrey Ryabinin <a.ryabinin@...sung.com>
> :::::: CC: Linus Torvalds <torvalds@...ux-foundation.org>
>
> ---
> 0-DAY kernel test infrastructure                Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@...glegroups.com.
> To post to this group, send email to kasan-dev@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/201806210451.tOaA22Qm%25fengguang.wu%40intel.com.
> For more options, visit https://groups.google.com/d/optout.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ