lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+fCnZcDyS8FJwE6x66THExYU_t_n9cTA=9Qy3wL-RSssEb55g@mail.gmail.com>
Date: Sat, 1 Mar 2025 01:21:52 +0100
From: Andrey Konovalov <andreyknvl@...il.com>
To: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
Cc: Vitaly Buka <vitalybuka@...gle.com>, kees@...nel.org, 
	julian.stecklina@...erus-technology.de, kevinloughlin@...gle.com, 
	peterz@...radead.org, tglx@...utronix.de, justinstitt@...gle.com, 
	catalin.marinas@....com, wangkefeng.wang@...wei.com, bhe@...hat.com, 
	ryabinin.a.a@...il.com, kirill.shutemov@...ux.intel.com, will@...nel.org, 
	ardb@...nel.org, jason.andryuk@....com, dave.hansen@...ux.intel.com, 
	pasha.tatashin@...een.com, guoweikang.kernel@...il.com, dwmw@...zon.co.uk, 
	mark.rutland@....com, broonie@...nel.org, apopple@...dia.com, bp@...en8.de, 
	rppt@...nel.org, kaleshsingh@...gle.com, richard.weiyang@...il.com, 
	luto@...nel.org, glider@...gle.com, pankaj.gupta@....com, 
	pawan.kumar.gupta@...ux.intel.com, kuan-ying.lee@...onical.com, 
	tony.luck@...el.com, tj@...nel.org, jgross@...e.com, dvyukov@...gle.com, 
	baohua@...nel.org, samuel.holland@...ive.com, dennis@...nel.org, 
	akpm@...ux-foundation.org, thomas.weissschuh@...utronix.de, surenb@...gle.com, 
	kbingham@...nel.org, ankita@...dia.com, nathan@...nel.org, ziy@...dia.com, 
	xin@...or.com, rafael.j.wysocki@...el.com, andriy.shevchenko@...ux.intel.com, 
	cl@...ux.com, jhubbard@...dia.com, hpa@...or.com, 
	scott@...amperecomputing.com, david@...hat.com, jan.kiszka@...mens.com, 
	vincenzo.frascino@....com, corbet@....net, maz@...nel.org, mingo@...hat.com, 
	arnd@...db.de, ytcoode@...il.com, xur@...gle.com, morbo@...gle.com, 
	thiago.bauermann@...aro.org, linux-doc@...r.kernel.org, 
	kasan-dev@...glegroups.com, linux-kernel@...r.kernel.org, 
	llvm@...ts.linux.dev, linux-mm@...ck.org, 
	linux-arm-kernel@...ts.infradead.org, x86@...nel.org
Subject: Re: [PATCH v2 01/14] kasan: sw_tags: Use arithmetic shift for shadow computation

On Fri, Feb 28, 2025 at 5:13 PM Maciej Wieczor-Retman
<maciej.wieczor-retman@...el.com> wrote:
>
> I was applying your other comments to the series and came up with something like
> this. What do you think?
>
>         /*
>          * With the default kasan_mem_to_shadow() algorithm, all addresses
>          * returned by the memory-to-shadow mapping (even for bogus pointers)
>          * must be within a certain displacement from KASAN_SHADOW_OFFSET.
>          *
>          * For Generic KASAN the displacement is unsigned so the mapping from zero
>          * to the last kernel address needs checking.
>          */
>         if (IS_ENABLED(CONFIG_KASAN_GENERIC)) {
>                 if (addr < KASAN_SHADOW_OFFSET ||
>                     addr >= KASAN_SHADOW_OFFSET + max_shadow_size)
>                         return;
>         } else {
>                 /*
>                  * For the tag-based mode the compiler resets tags in addresses at
>                  * the start of kasan_mem_to_shadow(). Because of this it's not
>                  * necessary to check a mapping of the entire address space but only
>                  * whether a range of [0xFF00000000000000 - 0xFFFFFFFFFFFFFFFF] is a
>                  * valid memory-to-shadow mapping. On x86, tags are located in bits
>                  * 62:57 so the range becomes [0x7E00000000000000 - 0xFFFFFFFFFFFFFFFF].
>                  * The check below tries to exclude invalid addresses by
>                  * checking spaces between [0x7E00000000000000 - 0x7FFFFFFFFFFFFFFF]
>                  * (which are positive and will overflow the memory-to-shadow
>                  * mapping) and [0xFE00000000000000 - 0xFFFFFFFFFFFFFFFF]
>                  */
>                  if (addr > KASAN_SHADOW_OFFSET ||
>                      (addr < (u64)kasan_mem_to_shadow((void *)(0xFEUL << 56)) &&
>                      addr > (u64)kasan_mem_to_shadow((void *)(~0UL >> 1))) ||
>                      addr < (u64)kasan_mem_to_shadow((void *)(0x7EUL << 56)))
>                         return;
>         }
>
> The comment is a bit long and has a lot of hexes but maybe it's good to leave a
> longer explanation so no one has to dig through the mailing archives to
> understand the logic :b

Explaining the logic sounds good to me!

I think your patch is close to what would look good, but I think the
parentheses in the long if condition look suspicious.

Please check the attached diff (Gmail makes it hard to inline code): I
fixed the parentheses (if I'm right about them being wrong), made the
checks look uniform, added an arm-specific check, and reworked the
comments (please check if they make sense).

If the diff looks good to you, let's use that.

It also would be great, if you could test this: add some code that
dereferences various bad addresses and see if the extra KASAN message
line gets printed during the GPF.

View attachment "kasan_non_canonical_hook.patch" of type "text/x-patch" (2896 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ