| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jun 2021 11:17:55 +0800
From: Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
To: Andrey Konovalov <andreyknvl@...il.com>
CC: Andrey Ryabinin <ryabinin.a.a@...il.com>,
Alexander Potapenko <glider@...gle.com>,
Marco Elver <elver@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
"Matthias Brugger" <matthias.bgg@...il.com>,
kasan-dev <kasan-dev@...glegroups.com>,
LKML <linux-kernel@...r.kernel.org>,
Linux Memory Management List <linux-mm@...ck.org>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
<linux-mediatek@...ts.infradead.org>, <wsd_upstream@...iatek.com>,
<chinwen.chang@...iatek.com>, <nicholas.tang@...iatek.com>
Subject: Re: [PATCH v3 2/3] kasan: integrate the common part of two KASAN
tag-based modes
On Tue, 2021-06-22 at 16:54 +0300, Andrey Konovalov wrote:
> On Sun, Jun 20, 2021 at 2:48 PM Kuan-Ying Lee
> <Kuan-Ying.Lee@...iatek.com> wrote:
> >
> > 1. Move kasan_get_free_track() and kasan_set_free_info()
> > into tags.c
>
> Please mention that the patch doesn't only move but also combines
> these functions for SW_TAGS and HW_TAGS modes.
>
Got it.
> > --- /dev/null
> > +++ b/mm/kasan/report_tags.h
> > @@ -0,0 +1,55 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +/*
> > + * Copyright (c) 2014 Samsung Electronics Co., Ltd.
> > + * Copyright (c) 2020 Google, Inc.
> > + */
> > +#ifndef __MM_KASAN_REPORT_TAGS_H
> > +#define __MM_KASAN_REPORT_TAGS_H
> > +
> > +#include "kasan.h"
> > +#include "../slab.h"
> > +
> > +const char *kasan_get_bug_type(struct kasan_access_info *info)
>
> As mentioned by Alex, don't put this implementation into a header.
> Put
> it into report_tags.c. The declaration is already in kasan.h.
>
Ok. I will refactor in v4.
Thanks for suggestions.
> > +{
> > +#ifdef CONFIG_KASAN_TAGS_IDENTIFY
> > + struct kasan_alloc_meta *alloc_meta;
> > + struct kmem_cache *cache;
> > + struct page *page;
> > + const void *addr;
> > + void *object;
> > + u8 tag;
> > + int i;
> > +
> > + tag = get_tag(info->access_addr);
> > + addr = kasan_reset_tag(info->access_addr);
> > + page = kasan_addr_to_page(addr);
> > + if (page && PageSlab(page)) {
> > + cache = page->slab_cache;
> > + object = nearest_obj(cache, page, (void *)addr);
> > + alloc_meta = kasan_get_alloc_meta(cache, object);
> > +
> > + if (alloc_meta) {
> > + for (i = 0; i < KASAN_NR_FREE_STACKS; i++)
> > {
> > + if (alloc_meta->free_pointer_tag[i]
> > == tag)
> > + return "use-after-free";
> > + }
> > + }
> > + return "out-of-bounds";
> > + }
> > +#endif
> > +
> > + /*
> > + * If access_size is a negative number, then it has reason
> > to be
> > + * defined as out-of-bounds bug type.
> > + *
> > + * Casting negative numbers to size_t would indeed turn up
> > as
> > + * a large size_t and its value will be larger than
> > ULONG_MAX/2,
> > + * so that this can qualify as out-of-bounds.
> > + */
> > + if (info->access_addr + info->access_size < info-
> > >access_addr)
> > + return "out-of-bounds";
> > +
> > + return "invalid-access";
> > +}
Powered by blists - more mailing lists