lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 27 Feb 2022 21:47:25 +0800
From:   Lecopzer Chen <lecopzer.chen@...iatek.com>
To:     <linus.walleij@...aro.org>, <linux-kernel@...r.kernel.org>
CC:     <andreyknvl@...il.com>, <anshuman.khandual@....com>,
        <ardb@...nel.org>, <arnd@...db.de>, <dvyukov@...gle.com>,
        <geert+renesas@...der.be>, <glider@...gle.com>,
        <kasan-dev@...glegroups.com>, <lecopzer.chen@...iatek.com>,
        <linux-arm-kernel@...ts.infradead.org>, <linux@...linux.org.uk>,
        <lukas.bulwahn@...il.com>, <mark.rutland@....com>,
        <masahiroy@...nel.org>, <matthias.bgg@...il.com>,
        <rmk+kernel@...linux.org.uk>, <ryabinin.a.a@...il.com>,
        <yj.chiang@...iatek.com>
Subject: [PATCH v3 1/2] arm: kasan: support CONFIG_KASAN_VMALLOC

Simply make shadow of vmalloc area mapped on demand.

Since the virtual address of vmalloc for Arm is also between
MODULE_VADDR and 0x100000000 (ZONE_HIGHMEM), which means the shadow
address has already included between KASAN_SHADOW_START and
KASAN_SHADOW_END.
Thus we need to change nothing for memory map of Arm.

This can fix ARM_MODULE_PLTS with KASan, support KASan for higmem
and provide the first step to support CONFIG_VMAP_STACK with Arm.

Signed-off-by: Lecopzer Chen <lecopzer.chen@...iatek.com>
---
 arch/arm/Kconfig                 |  1 +
 arch/arm/include/asm/kasan_def.h | 11 ++++++++++-
 arch/arm/mm/kasan_init.c         |  6 +++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4c97cb40eebb..78250e246cc6 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -72,6 +72,7 @@ config ARM
 	select HAVE_ARCH_KFENCE if MMU && !XIP_KERNEL
 	select HAVE_ARCH_KGDB if !CPU_ENDIAN_BE32 && MMU
 	select HAVE_ARCH_KASAN if MMU && !XIP_KERNEL
+	select HAVE_ARCH_KASAN_VMALLOC if HAVE_ARCH_KASAN
 	select HAVE_ARCH_MMAP_RND_BITS if MMU
 	select HAVE_ARCH_PFN_VALID
 	select HAVE_ARCH_SECCOMP
diff --git a/arch/arm/include/asm/kasan_def.h b/arch/arm/include/asm/kasan_def.h
index 5739605aa7cf..96fd1d3b5a0c 100644
--- a/arch/arm/include/asm/kasan_def.h
+++ b/arch/arm/include/asm/kasan_def.h
@@ -19,7 +19,16 @@
  * space to use as shadow memory for KASan as follows:
  *
  * +----+ 0xffffffff
- * |    |							\
+ * |    |\
+ * |    | |-> ZONE_HIGHMEM for vmalloc virtual address space.
+ * |    | |   Such as vmalloc(), GFP_HIGHUSER (__GFP__HIGHMEM),
+ * |    | |   module address using ARM_MODULE_PLTS, etc.
+ * |    | |
+ * |    | |   If CONFIG_KASAN_VMALLOC=y, this area would populate
+ * |    | |   shadow address on demand.
+ * |    |/
+ * +----+ VMALLOC_START
+ * |    |\
  * |    | |-> Static kernel image (vmlinux) BSS and page table
  * |    |/
  * +----+ PAGE_OFFSET
diff --git a/arch/arm/mm/kasan_init.c b/arch/arm/mm/kasan_init.c
index 5ad0d6c56d56..29caee9c79ce 100644
--- a/arch/arm/mm/kasan_init.c
+++ b/arch/arm/mm/kasan_init.c
@@ -236,7 +236,11 @@ void __init kasan_init(void)
 
 	clear_pgds(KASAN_SHADOW_START, KASAN_SHADOW_END);
 
-	kasan_populate_early_shadow(kasan_mem_to_shadow((void *)VMALLOC_START),
+	if (!IS_ENABLED(CONFIG_KASAN_VMALLOC))
+		kasan_populate_early_shadow(kasan_mem_to_shadow((void *)VMALLOC_START),
+					    kasan_mem_to_shadow((void *)VMALLOC_END));
+
+	kasan_populate_early_shadow(kasan_mem_to_shadow((void *)VMALLOC_END),
 				    kasan_mem_to_shadow((void *)-1UL) + 1);
 
 	for_each_mem_range(i, &pa_start, &pa_end) {
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ