| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8ace14464d88b51f309b289874760b5d6265e438.1755004923.git.maciej.wieczor-retman@intel.com>
Date: Tue, 12 Aug 2025 15:23:50 +0200
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: nathan@...nel.org,
arnd@...db.de,
broonie@...nel.org,
Liam.Howlett@...cle.com,
urezki@...il.com,
will@...nel.org,
kaleshsingh@...gle.com,
rppt@...nel.org,
leitao@...ian.org,
coxu@...hat.com,
surenb@...gle.com,
akpm@...ux-foundation.org,
luto@...nel.org,
jpoimboe@...nel.org,
changyuanl@...gle.com,
hpa@...or.com,
dvyukov@...gle.com,
kas@...nel.org,
corbet@....net,
vincenzo.frascino@....com,
smostafa@...gle.com,
nick.desaulniers+lkml@...il.com,
morbo@...gle.com,
andreyknvl@...il.com,
alexander.shishkin@...ux.intel.com,
thiago.bauermann@...aro.org,
catalin.marinas@....com,
ryabinin.a.a@...il.com,
jan.kiszka@...mens.com,
jbohac@...e.cz,
dan.j.williams@...el.com,
joel.granados@...nel.org,
baohua@...nel.org,
kevin.brodsky@....com,
nicolas.schier@...ux.dev,
pcc@...gle.com,
andriy.shevchenko@...ux.intel.com,
wei.liu@...nel.org,
bp@...en8.de,
ada.coupriediaz@....com,
xin@...or.com,
pankaj.gupta@....com,
vbabka@...e.cz,
glider@...gle.com,
jgross@...e.com,
kees@...nel.org,
jhubbard@...dia.com,
joey.gouly@....com,
ardb@...nel.org,
thuth@...hat.com,
pasha.tatashin@...een.com,
kristina.martsenko@....com,
bigeasy@...utronix.de,
maciej.wieczor-retman@...el.com,
lorenzo.stoakes@...cle.com,
jason.andryuk@....com,
david@...hat.com,
graf@...zon.com,
wangkefeng.wang@...wei.com,
ziy@...dia.com,
mark.rutland@....com,
dave.hansen@...ux.intel.com,
samuel.holland@...ive.com,
kbingham@...nel.org,
trintaeoitogc@...il.com,
scott@...amperecomputing.com,
justinstitt@...gle.com,
kuan-ying.lee@...onical.com,
maz@...nel.org,
tglx@...utronix.de,
samitolvanen@...gle.com,
mhocko@...e.com,
nunodasneves@...ux.microsoft.com,
brgerst@...il.com,
willy@...radead.org,
ubizjak@...il.com,
peterz@...radead.org,
mingo@...hat.com,
sohil.mehta@...el.com
Cc: linux-mm@...ck.org,
linux-kbuild@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
x86@...nel.org,
llvm@...ts.linux.dev,
kasan-dev@...glegroups.com,
linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v4 14/18] kasan: x86: Apply multishot to the inline report handler
KASAN by default reports only one tag mismatch and based on other
command line parameters either keeps going or panics. The multishot
mechanism - enabled either through a command line parameter or by inline
enable/disable function calls - lifts that restriction and allows an
infinite number of tag mismatch reports to be shown.
Inline KASAN uses the INT3 instruction to pass metadata to the report
handling function. Currently the "recover" field in that metadata is
broken in the compiler layer and causes every inline tag mismatch to
panic the kernel.
Check the multishot state in the KASAN hook called inside the INT3
handling function.
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
---
Changelog v4:
- Add this patch to the series.
arch/x86/mm/kasan_inline.c | 3 +++
include/linux/kasan.h | 3 +++
mm/kasan/report.c | 8 +++++++-
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/mm/kasan_inline.c b/arch/x86/mm/kasan_inline.c
index 9f85dfd1c38b..f837caf32e6c 100644
--- a/arch/x86/mm/kasan_inline.c
+++ b/arch/x86/mm/kasan_inline.c
@@ -17,6 +17,9 @@ bool kasan_inline_handler(struct pt_regs *regs)
if (!kasan_report((void *)addr, size, write, pc))
return false;
+ if (kasan_multi_shot_enabled())
+ return true;
+
kasan_inline_recover(recover, "Oops - KASAN", regs, metadata, die);
return true;
diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index 8691ad870f3b..7a2527794549 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -663,7 +663,10 @@ void kasan_non_canonical_hook(unsigned long addr);
static inline void kasan_non_canonical_hook(unsigned long addr) { }
#endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */
+bool kasan_multi_shot_enabled(void);
+
#ifdef CONFIG_KASAN_SW_TAGS
+
/*
* The instrumentation allows to control whether we can proceed after
* a crash was detected. This is done by passing the -recover flag to
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 93c6cadb0765..cfa2da0e2985 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -121,6 +121,12 @@ static void report_suppress_stop(void)
#endif
}
+bool kasan_multi_shot_enabled(void)
+{
+ return test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags);
+}
+EXPORT_SYMBOL(kasan_multi_shot_enabled);
+
/*
* Used to avoid reporting more than one KASAN bug unless kasan_multi_shot
* is enabled. Note that KASAN tests effectively enable kasan_multi_shot
@@ -128,7 +134,7 @@ static void report_suppress_stop(void)
*/
static bool report_enabled(void)
{
- if (test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))
+ if (kasan_multi_shot_enabled())
return true;
return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags);
}
--
2.50.1
Powered by blists - more mailing lists