lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 21 Jun 2022 15:17:52 +0800
From:   Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
To:     "andrey.konovalov@...ux.dev" <andrey.konovalov@...ux.dev>,
        Marco Elver <elver@...gle.com>,
        Alexander Potapenko <glider@...gle.com>
CC:     Andrey Konovalov <andreyknvl@...il.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Andrey Ryabinin <ryabinin.a.a@...il.com>,
        "kasan-dev@...glegroups.com" <kasan-dev@...glegroups.com>,
        "Peter Collingbourne" <pcc@...gle.com>,
        Evgenii Stepanov <eugenis@...gle.com>,
        Florian Mayer <fmayer@...gle.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Andrey Konovalov <andreyknvl@...gle.com>
Subject: Re: [PATCH 21/32] kasan: simplify invalid-free reporting

On Tue, 2022-06-14 at 04:14 +0800, andrey.konovalov@...ux.dev wrote:
> From: Andrey Konovalov <andreyknvl@...gle.com>
> 
> Right now, KASAN uses the kasan_report_type enum to describe report
> types.
> 
> As this enum only has two options, replace it with a bool variable.
> 
> Also, unify printing report header for invalid-free and other bug
> types
> in print_error_description().
> 
> Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
> ---
>  mm/kasan/kasan.h  |  7 +------
>  mm/kasan/report.c | 16 +++++++---------
>  2 files changed, 8 insertions(+), 15 deletions(-)
> 
> diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
> index e8329935fbfb..f696d50b09fb 100644
> --- a/mm/kasan/kasan.h
> +++ b/mm/kasan/kasan.h
> @@ -146,16 +146,11 @@ static inline bool kasan_requires_meta(void)
>  #define META_MEM_BYTES_PER_ROW (META_BYTES_PER_ROW *
> KASAN_GRANULE_SIZE)
>  #define META_ROWS_AROUND_ADDR 2
> 
> -enum kasan_report_type {
> -       KASAN_REPORT_ACCESS,
> -       KASAN_REPORT_INVALID_FREE,
> -};
> -
>  struct kasan_report_info {
> -       enum kasan_report_type type;
>         void *access_addr;
>         void *first_bad_addr;
>         size_t access_size;
> +       bool is_free;
>         bool is_write;
>         unsigned long ip;
>  };
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index f951fd39db74..7269b6249488 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -175,14 +175,12 @@ static void end_report(unsigned long *flags,
> void *addr)
> 

Hi Andrey,

Do we need to distinguish "double free" case from "invalid free" or
we just print "double-free or invalid-free"?

I sent a patch[1] to separate double free case from invalid
free last week and I saw it has been merged into akpm tree.

[1] 
https://lore.kernel.org/linux-mm/20220615062219.22618-1-Kuan-Ying.Lee@mediatek.com/

Thanks,
Kuan-Ying Lee

>  static void print_error_description(struct kasan_report_info *info)
>  {
> -       if (info->type == KASAN_REPORT_INVALID_FREE) {
> -               pr_err("BUG: KASAN: double-free or invalid-free in
> %pS\n",
> -                      (void *)info->ip);
> -               return;
> -       }
> +       const char *bug_type = info->is_free ?
> +               "double-free or invalid-free" :
> kasan_get_bug_type(info);
> 
> -       pr_err("BUG: KASAN: %s in %pS\n",
> -               kasan_get_bug_type(info), (void *)info->ip);
> +       pr_err("BUG: KASAN: %s in %pS\n", bug_type, (void *)info-
> >ip);
> +       if (info->is_free)
> +               return;
>         if (info->access_size)
>                 pr_err("%s of size %zu at addr %px by task %s/%d\n",
>                         info->is_write ? "Write" : "Read", info-
> >access_size,
> @@ -435,11 +433,11 @@ void kasan_report_invalid_free(void *ptr,
> unsigned long ip)
> 
>         start_report(&flags, true);
> 
> -       info.type = KASAN_REPORT_INVALID_FREE;
>         info.access_addr = ptr;
>         info.first_bad_addr = kasan_reset_tag(ptr);
>         info.access_size = 0;
>         info.is_write = false;
> +       info.is_free = true;
>         info.ip = ip;
> 
>         print_report(&info);
> @@ -468,11 +466,11 @@ bool kasan_report(unsigned long addr, size_t
> size, bool is_write,
> 
>         start_report(&irq_flags, true);
> 
> -       info.type = KASAN_REPORT_ACCESS;
>         info.access_addr = ptr;
>         info.first_bad_addr = kasan_find_first_bad_addr(ptr, size);
>         info.access_size = size;
>         info.is_write = is_write;
> +       info.is_free = false;
>         info.ip = ip;
> 
>         print_report(&info);
> --
> 2.25.1
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ