| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Feb 2021 22:46:12 +0800
From: Lecopzer Chen <lecopzer@...il.com>
To: will@...nel.org
Cc: akpm@...ux-foundation.org, andreyknvl@...gle.com, ardb@...nel.org,
aryabinin@...tuozzo.com, broonie@...nel.org,
catalin.marinas@....com, dan.j.williams@...el.com,
dvyukov@...gle.com, glider@...gle.com, gustavoars@...nel.org,
kasan-dev@...glegroups.com, lecopzer.chen@...iatek.com,
lecopzer@...il.com, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org, linux-mediatek@...ts.infradead.org,
linux-mm@...ck.org, linux@...ck-us.net, robin.murphy@....com,
rppt@...nel.org, tyhicks@...ux.microsoft.com,
vincenzo.frascino@....com, yj.chiang@...iatek.com
Subject: Re: [PATCH v2 1/4] arm64: kasan: don't populate vmalloc area for CONFIG_KASAN_VMALLOC
> On Sat, Jan 09, 2021 at 06:32:49PM +0800, Lecopzer Chen wrote:
> > Linux support KAsan for VMALLOC since commit 3c5c3cfb9ef4da9
> > ("kasan: support backing vmalloc space with real shadow memory")
> >
> > Like how the MODULES_VADDR does now, just not to early populate
> > the VMALLOC_START between VMALLOC_END.
> > similarly, the kernel code mapping is now in the VMALLOC area and
> > should keep these area populated.
> >
> > Signed-off-by: Lecopzer Chen <lecopzer.chen@...iatek.com>
> > ---
> > arch/arm64/mm/kasan_init.c | 23 ++++++++++++++++++-----
> > 1 file changed, 18 insertions(+), 5 deletions(-)
> >
> > diff --git a/arch/arm64/mm/kasan_init.c b/arch/arm64/mm/kasan_init.c
> > index d8e66c78440e..39b218a64279 100644
> > --- a/arch/arm64/mm/kasan_init.c
> > +++ b/arch/arm64/mm/kasan_init.c
> > @@ -214,6 +214,7 @@ static void __init kasan_init_shadow(void)
> > {
> > u64 kimg_shadow_start, kimg_shadow_end;
> > u64 mod_shadow_start, mod_shadow_end;
> > + u64 vmalloc_shadow_start, vmalloc_shadow_end;
> > phys_addr_t pa_start, pa_end;
> > u64 i;
> >
> > @@ -223,6 +224,9 @@ static void __init kasan_init_shadow(void)
> > mod_shadow_start = (u64)kasan_mem_to_shadow((void *)MODULES_VADDR);
> > mod_shadow_end = (u64)kasan_mem_to_shadow((void *)MODULES_END);
> >
> > + vmalloc_shadow_start = (u64)kasan_mem_to_shadow((void *)VMALLOC_START);
> > + vmalloc_shadow_end = (u64)kasan_mem_to_shadow((void *)VMALLOC_END);
> > +
> > /*
> > * We are going to perform proper setup of shadow memory.
> > * At first we should unmap early shadow (clear_pgds() call below).
> > @@ -241,12 +245,21 @@ static void __init kasan_init_shadow(void)
> >
> > kasan_populate_early_shadow(kasan_mem_to_shadow((void *)PAGE_END),
> > (void *)mod_shadow_start);
> > - kasan_populate_early_shadow((void *)kimg_shadow_end,
> > - (void *)KASAN_SHADOW_END);
> > + if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) {
>
> Do we really need yet another CONFIG option for KASAN? What's the use-case
> for *not* enabling this if you're already enabling one of the KASAN
> backends?
As I know, KASAN_VMALLOC now only supports KASAN_GENERIC and also
KASAN_VMALLOC uses more memory to map real shadow memory (1/8 of vmalloc va).
There should be someone can enable KASAN_GENERIC but can't use VMALLOC
due to memory issue.
> > + kasan_populate_early_shadow((void *)vmalloc_shadow_end,
> > + (void *)KASAN_SHADOW_END);
> > + if (vmalloc_shadow_start > mod_shadow_end)
>
> To echo Ard's concern: when is the above 'if' condition true?
After reviewing this code,
since VMALLOC_STAR is a compiler defined macro of MODULES_END,
this if-condition will never be true.
I also test it with removing this and works fine.
I'll remove this in the next version patch,
thanks a lot for pointing out this.
BRs,
Lecopzer
Powered by blists - more mailing lists