| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5949bc710889be1324d5dada995a263fd3c29cb5.camel@mediatek.com>
Date: Tue, 21 Jun 2022 15:17:52 +0800
From: Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
To: "andrey.konovalov@...ux.dev" <andrey.konovalov@...ux.dev>,
Marco Elver <elver@...gle.com>,
Alexander Potapenko <glider@...gle.com>
CC: Andrey Konovalov <andreyknvl@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Andrey Ryabinin <ryabinin.a.a@...il.com>,
"kasan-dev@...glegroups.com" <kasan-dev@...glegroups.com>,
"Peter Collingbourne" <pcc@...gle.com>,
Evgenii Stepanov <eugenis@...gle.com>,
Florian Mayer <fmayer@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Andrey Konovalov <andreyknvl@...gle.com>
Subject: Re: [PATCH 21/32] kasan: simplify invalid-free reporting
On Tue, 2022-06-14 at 04:14 +0800, andrey.konovalov@...ux.dev wrote:
> From: Andrey Konovalov <andreyknvl@...gle.com>
>
> Right now, KASAN uses the kasan_report_type enum to describe report
> types.
>
> As this enum only has two options, replace it with a bool variable.
>
> Also, unify printing report header for invalid-free and other bug
> types
> in print_error_description().
>
> Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
> ---
> mm/kasan/kasan.h | 7 +------
> mm/kasan/report.c | 16 +++++++---------
> 2 files changed, 8 insertions(+), 15 deletions(-)
>
> diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
> index e8329935fbfb..f696d50b09fb 100644
> --- a/mm/kasan/kasan.h
> +++ b/mm/kasan/kasan.h
> @@ -146,16 +146,11 @@ static inline bool kasan_requires_meta(void)
> #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW *
> KASAN_GRANULE_SIZE)
> #define META_ROWS_AROUND_ADDR 2
>
> -enum kasan_report_type {
> - KASAN_REPORT_ACCESS,
> - KASAN_REPORT_INVALID_FREE,
> -};
> -
> struct kasan_report_info {
> - enum kasan_report_type type;
> void *access_addr;
> void *first_bad_addr;
> size_t access_size;
> + bool is_free;
> bool is_write;
> unsigned long ip;
> };
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index f951fd39db74..7269b6249488 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -175,14 +175,12 @@ static void end_report(unsigned long *flags,
> void *addr)
>
Hi Andrey,
Do we need to distinguish "double free" case from "invalid free" or
we just print "double-free or invalid-free"?
I sent a patch[1] to separate double free case from invalid
free last week and I saw it has been merged into akpm tree.
[1]
https://lore.kernel.org/linux-mm/20220615062219.22618-1-Kuan-Ying.Lee@mediatek.com/
Thanks,
Kuan-Ying Lee
> static void print_error_description(struct kasan_report_info *info)
> {
> - if (info->type == KASAN_REPORT_INVALID_FREE) {
> - pr_err("BUG: KASAN: double-free or invalid-free in
> %pS\n",
> - (void *)info->ip);
> - return;
> - }
> + const char *bug_type = info->is_free ?
> + "double-free or invalid-free" :
> kasan_get_bug_type(info);
>
> - pr_err("BUG: KASAN: %s in %pS\n",
> - kasan_get_bug_type(info), (void *)info->ip);
> + pr_err("BUG: KASAN: %s in %pS\n", bug_type, (void *)info-
> >ip);
> + if (info->is_free)
> + return;
> if (info->access_size)
> pr_err("%s of size %zu at addr %px by task %s/%d\n",
> info->is_write ? "Write" : "Read", info-
> >access_size,
> @@ -435,11 +433,11 @@ void kasan_report_invalid_free(void *ptr,
> unsigned long ip)
>
> start_report(&flags, true);
>
> - info.type = KASAN_REPORT_INVALID_FREE;
> info.access_addr = ptr;
> info.first_bad_addr = kasan_reset_tag(ptr);
> info.access_size = 0;
> info.is_write = false;
> + info.is_free = true;
> info.ip = ip;
>
> print_report(&info);
> @@ -468,11 +466,11 @@ bool kasan_report(unsigned long addr, size_t
> size, bool is_write,
>
> start_report(&irq_flags, true);
>
> - info.type = KASAN_REPORT_ACCESS;
> info.access_addr = ptr;
> info.first_bad_addr = kasan_find_first_bad_addr(ptr, size);
> info.access_size = size;
> info.is_write = is_write;
> + info.is_free = false;
> info.ip = ip;
>
> print_report(&info);
> --
> 2.25.1
>
>
Powered by blists - more mailing lists