| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <hw7xa2ooqeyjo5ypc5jluuyjlgyzimxtylj5sh6igyffsxtyaf@qajqp37h6v2n>
Date: Mon, 8 Sep 2025 14:54:32 +0200
From: Maciej Wieczor-Retman <maciej.wieczor-retman@...el.com>
To: Andrey Konovalov <andreyknvl@...il.com>
CC: <sohil.mehta@...el.com>, <baohua@...nel.org>, <david@...hat.com>,
<kbingham@...nel.org>, <weixugc@...gle.com>, <Liam.Howlett@...cle.com>,
<alexandre.chartre@...cle.com>, <kas@...nel.org>, <mark.rutland@....com>,
<trintaeoitogc@...il.com>, <axelrasmussen@...gle.com>, <yuanchu@...gle.com>,
<joey.gouly@....com>, <samitolvanen@...gle.com>, <joel.granados@...nel.org>,
<graf@...zon.com>, <vincenzo.frascino@....com>, <kees@...nel.org>,
<ardb@...nel.org>, <thiago.bauermann@...aro.org>, <glider@...gle.com>,
<thuth@...hat.com>, <kuan-ying.lee@...onical.com>,
<pasha.tatashin@...een.com>, <nick.desaulniers+lkml@...il.com>,
<vbabka@...e.cz>, <kaleshsingh@...gle.com>, <justinstitt@...gle.com>,
<catalin.marinas@....com>, <alexander.shishkin@...ux.intel.com>,
<samuel.holland@...ive.com>, <dave.hansen@...ux.intel.com>, <corbet@....net>,
<xin@...or.com>, <dvyukov@...gle.com>, <tglx@...utronix.de>,
<scott@...amperecomputing.com>, <jason.andryuk@....com>, <morbo@...gle.com>,
<nathan@...nel.org>, <lorenzo.stoakes@...cle.com>, <mingo@...hat.com>,
<brgerst@...il.com>, <kristina.martsenko@....com>, <bigeasy@...utronix.de>,
<luto@...nel.org>, <jgross@...e.com>, <jpoimboe@...nel.org>,
<urezki@...il.com>, <mhocko@...e.com>, <ada.coupriediaz@....com>,
<hpa@...or.com>, <leitao@...ian.org>, <peterz@...radead.org>,
<wangkefeng.wang@...wei.com>, <surenb@...gle.com>, <ziy@...dia.com>,
<smostafa@...gle.com>, <ryabinin.a.a@...il.com>, <ubizjak@...il.com>,
<jbohac@...e.cz>, <broonie@...nel.org>, <akpm@...ux-foundation.org>,
<guoweikang.kernel@...il.com>, <rppt@...nel.org>, <pcc@...gle.com>,
<jan.kiszka@...mens.com>, <nicolas.schier@...ux.dev>, <will@...nel.org>,
<jhubbard@...dia.com>, <bp@...en8.de>, <x86@...nel.org>,
<linux-doc@...r.kernel.org>, <linux-mm@...ck.org>, <llvm@...ts.linux.dev>,
<linux-kbuild@...r.kernel.org>, <kasan-dev@...glegroups.com>,
<linux-kernel@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v5 13/19] kasan: x86: Handle int3 for inline KASAN reports
On 2025-09-08 at 12:38:57 +0200, Maciej Wieczor-Retman wrote:
>On 2025-09-06 at 19:19:01 +0200, Andrey Konovalov wrote:
>>On Mon, Aug 25, 2025 at 10:30 PM Maciej Wieczor-Retman
>>> diff --git a/arch/x86/mm/kasan_inline.c b/arch/x86/mm/kasan_inline.c
>>> new file mode 100644
>>> index 000000000000..9f85dfd1c38b
>>> --- /dev/null
>>> +++ b/arch/x86/mm/kasan_inline.c
>>> @@ -0,0 +1,23 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +#include <linux/kasan.h>
>>> +#include <linux/kdebug.h>
>>> +
>>> +bool kasan_inline_handler(struct pt_regs *regs)
>>> +{
>>> + int metadata = regs->ax;
>>> + u64 addr = regs->di;
>>> + u64 pc = regs->ip;
>>> + bool recover = metadata & KASAN_RAX_RECOVER;
>>> + bool write = metadata & KASAN_RAX_WRITE;
>>> + size_t size = KASAN_RAX_SIZE(metadata);
>>> +
>>> + if (user_mode(regs))
>>> + return false;
>>> +
>>> + if (!kasan_report((void *)addr, size, write, pc))
>>> + return false;
>>
>>Hm, this part is different than on arm64: there, we don't check the
>>return value.
>>
>>Do I understand correctly that the return value from this function
>>controls whether we skip over the int3 instruction and continue the
>>execution? If so, we should return the same value regardless of
>>whether the report is suppressed or not. And then you should not need
>>to explicitly check for KASAN_BIT_MULTI_SHOT in the latter patch.
>
>I recall there were some corner cases where this code path got called in outline
>mode, didn't have a mismatch but still died due to the die() below. But I'll
>recheck and either apply what you wrote above or get add a better explanation
>to the patch message.
Okay, so the int3_selftest_ip() is causing a problem in outline mode.
I tried disabling kasan with kasan_disable_current() but thinking of it now it
won't work because int3 handler will still be called and die() will happen.
What did you mean by "return the same value regardless of kasan_report()"? Then
it will never reach the kasan_inline_recover() which I assume is needed for
inline mode (once recover will work).
--
Kind regards
Maciej Wieczór-Retman
Powered by blists - more mailing lists