lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <hw7xa2ooqeyjo5ypc5jluuyjlgyzimxtylj5sh6igyffsxtyaf@qajqp37h6v2n>
Date: Mon, 8 Sep 2025 14:54:32 +0200
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: Andrey Konovalov <andreyknvl@...il.com>
CC: <sohil.mehta@...el.com>, <baohua@...nel.org>, <david@...hat.com>,
	<kbingham@...nel.org>, <weixugc@...gle.com>, <Liam.Howlett@...cle.com>,
	<alexandre.chartre@...cle.com>, <kas@...nel.org>, <mark.rutland@....com>,
	<trintaeoitogc@...il.com>, <axelrasmussen@...gle.com>, <yuanchu@...gle.com>,
	<joey.gouly@....com>, <samitolvanen@...gle.com>, <joel.granados@...nel.org>,
	<graf@...zon.com>, <vincenzo.frascino@....com>, <kees@...nel.org>,
	<ardb@...nel.org>, <thiago.bauermann@...aro.org>, <glider@...gle.com>,
	<thuth@...hat.com>, <kuan-ying.lee@...onical.com>,
	<pasha.tatashin@...een.com>, <nick.desaulniers+lkml@...il.com>,
	<vbabka@...e.cz>, <kaleshsingh@...gle.com>, <justinstitt@...gle.com>,
	<catalin.marinas@....com>, <alexander.shishkin@...ux.intel.com>,
	<samuel.holland@...ive.com>, <dave.hansen@...ux.intel.com>, <corbet@....net>,
	<xin@...or.com>, <dvyukov@...gle.com>, <tglx@...utronix.de>,
	<scott@...amperecomputing.com>, <jason.andryuk@....com>, <morbo@...gle.com>,
	<nathan@...nel.org>, <lorenzo.stoakes@...cle.com>, <mingo@...hat.com>,
	<brgerst@...il.com>, <kristina.martsenko@....com>, <bigeasy@...utronix.de>,
	<luto@...nel.org>, <jgross@...e.com>, <jpoimboe@...nel.org>,
	<urezki@...il.com>, <mhocko@...e.com>, <ada.coupriediaz@....com>,
	<hpa@...or.com>, <leitao@...ian.org>, <peterz@...radead.org>,
	<wangkefeng.wang@...wei.com>, <surenb@...gle.com>, <ziy@...dia.com>,
	<smostafa@...gle.com>, <ryabinin.a.a@...il.com>, <ubizjak@...il.com>,
	<jbohac@...e.cz>, <broonie@...nel.org>, <akpm@...ux-foundation.org>,
	<guoweikang.kernel@...il.com>, <rppt@...nel.org>, <pcc@...gle.com>,
	<jan.kiszka@...mens.com>, <nicolas.schier@...ux.dev>, <will@...nel.org>,
	<jhubbard@...dia.com>, <bp@...en8.de>, <x86@...nel.org>,
	<linux-doc@...r.kernel.org>, <linux-mm@...ck.org>, <llvm@...ts.linux.dev>,
	<linux-kbuild@...r.kernel.org>, <kasan-dev@...glegroups.com>,
	<linux-kernel@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v5 13/19] kasan: x86: Handle int3 for inline KASAN reports

On 2025-09-08 at 12:38:57 +0200, Maciej Wieczor-Retman wrote:
>On 2025-09-06 at 19:19:01 +0200, Andrey Konovalov wrote:
>>On Mon, Aug 25, 2025 at 10:30 PM Maciej Wieczor-Retman
>>> diff --git a/arch/x86/mm/kasan_inline.c b/arch/x86/mm/kasan_inline.c
>>> new file mode 100644
>>> index 000000000000..9f85dfd1c38b
>>> --- /dev/null
>>> +++ b/arch/x86/mm/kasan_inline.c
>>> @@ -0,0 +1,23 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +#include <linux/kasan.h>
>>> +#include <linux/kdebug.h>
>>> +
>>> +bool kasan_inline_handler(struct pt_regs *regs)
>>> +{
>>> +       int metadata = regs->ax;
>>> +       u64 addr = regs->di;
>>> +       u64 pc = regs->ip;
>>> +       bool recover = metadata & KASAN_RAX_RECOVER;
>>> +       bool write = metadata & KASAN_RAX_WRITE;
>>> +       size_t size = KASAN_RAX_SIZE(metadata);
>>> +
>>> +       if (user_mode(regs))
>>> +               return false;
>>> +
>>> +       if (!kasan_report((void *)addr, size, write, pc))
>>> +               return false;
>>
>>Hm, this part is different than on arm64: there, we don't check the
>>return value.
>>
>>Do I understand correctly that the return value from this function
>>controls whether we skip over the int3 instruction and continue the
>>execution? If so, we should return the same value regardless of
>>whether the report is suppressed or not. And then you should not need
>>to explicitly check for KASAN_BIT_MULTI_SHOT in the latter patch.
>
>I recall there were some corner cases where this code path got called in outline
>mode, didn't have a mismatch but still died due to the die() below. But I'll
>recheck and either apply what you wrote above or get add a better explanation
>to the patch message.

Okay, so the int3_selftest_ip() is causing a problem in outline mode.

I tried disabling kasan with kasan_disable_current() but thinking of it now it
won't work because int3 handler will still be called and die() will happen.

What did you mean by "return the same value regardless of kasan_report()"? Then
it will never reach the kasan_inline_recover() which I assume is needed for
inline mode (once recover will work).

-- 
Kind regards
Maciej Wieczór-Retman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ