PI" [1]
> - This is included in the KUnit 5.9-rci pull request[8]
>
> I'd _really_ like to get this into 5.9 if possible: we also have some
> other changes which depend on some things here.
Found a small issue in patch #3, but otherwise:
Tested-by: Andrey Konovalov
for the
On Sat, Aug 8, 2020 at 5:27 AM David Gow wrote:
>
> On Fri, Aug 7, 2020 at 9:15 PM 'Andrey Konovalov' via kasan-dev
> wrote:
> >
> > On Wed, Aug 5, 2020 at 6:29 AM David Gow wrote:
> > >
> > > This patchset contains everything needed to integrat
On Mon, Aug 10, 2020 at 12:22 PM Dmitry Vyukov wrote:
>
> On Mon, Aug 10, 2020 at 11:57 AM Greg KH wrote:
> >
> > On Mon, Aug 10, 2020 at 11:15:38AM +0200, Greg KH wrote:
> > > On Mon, Aug 10, 2020 at 11:08:33AM +0200, Greg KH wrote:
> > > > On Mon, Aug 10, 2020 at 11:00:07AM +0200, Dmitry Vyukov
g heap spraying.
> >
> > It may be worth clarifying that this is specifically only direct UAF and
> > doesn't help with spray-and-overflow-into-a-neighboring-object attacks
> > (i.e. both tend to use sprays, but the former doesn't depend on a write
> > over
On Fri, Jan 8, 2021 at 9:31 PM Arnd Bergmann wrote:
>
> On Fri, Jan 8, 2021 at 7:56 PM Andrey Konovalov wrote:
> > On Fri, Jan 8, 2021 at 5:09 AM Walter Wu wrote:
>
> > > @@ -2,6 +2,12 @@
> > > CFLAGS_KASAN_NOSANITIZE := -fno-builtin
> > > KASAN_SHA
When enable KASAN stack instrumentation, then for gcc we could do
> no prompt and default value y, and for clang prompt and default
> value n.
>
> [1]: https://bugzilla.kernel.org/show_bug.cgi?id=210221
>
> Signed-off-by: Walter Wu
> Suggested-by: Dmitry Vyukov
> Cc: Andrey R
On Mon, Jan 11, 2021 at 7:59 PM Nathan Chancellor
wrote:
>
> > > -config KASAN_STACK_ENABLE
> > > +config KASAN_STACK
> > > bool "Enable stack instrumentation (unsafe)" if CC_IS_CLANG &&
> > > !COMPILE_TEST
> >
> > Does this syntax mean that KASAN_STACK is only present for
> > CC_IS_CLANG
On Mon, Jan 11, 2021 at 8:11 PM Nathan Chancellor
wrote:
>
> On Mon, Jan 11, 2021 at 08:03:29PM +0100, Andrey Konovalov wrote:
> > On Mon, Jan 11, 2021 at 7:59 PM Nathan Chancellor
> > wrote:
> > >
> > > > > -config KASAN_STACK_ENABLE
> > > >
CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
> $(call cc-param,asan-globals=1) \
> $(call
> cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
> -$(call cc-param,asan-stack=$(CONFIG_KASAN_STACK)) \
> +$(call cc-param,asan-stack=$(stack_enable)) \
> $(call cc-param,asan-instrument-allocas=1)
> endif
>
> @@ -42,7 +48,7 @@ else
> endif
>
> CFLAGS_KASAN := -fsanitize=kernel-hwaddress \
> - -mllvm -hwasan-instrument-stack=$(CONFIG_KASAN_STACK) \
> + -mllvm -hwasan-instrument-stack=$(stack_enable) \
> -mllvm -hwasan-use-short-granules=0 \
> $(instrumentation_flags)
>
> --
> 2.18.0
Reviewed-by: Andrey Konovalov
Hi,
I'm getting a crash when trying to load a module into a kernel that
uses __ro_after_init static labels, see the crash below. The label is
defined and initialized in the main kernel binary, and is used in the
module. Is this not supported?
Thanks!
[ 15.088489] Unable to handle kernel
On Tue, Jan 12, 2021 at 8:53 AM Alexander Potapenko wrote:
>
> On Tue, Jan 5, 2021 at 7:28 PM Andrey Konovalov wrote:
> >
> > Clarify and update comments and info messages in KASAN tests.
> >
> > Signed-off-by: Andrey Konovalov
> > Link:
> >
On Tue, Jan 12, 2021 at 9:05 AM Alexander Potapenko wrote:
>
> On Tue, Jan 5, 2021 at 7:28 PM Andrey Konovalov wrote:
> >
> > Add 3 new tests for tag-based KASAN modes:
> >
> > 1. Check that match-all pointer tag is not assigned randomly.
> > 2. Check that 0
On Tue, Jan 12, 2021 at 2:17 PM Marco Elver wrote:
>
> On Tue, Jan 05, 2021 at 07:27PM +0100, Andrey Konovalov wrote:
> > Add 3 new tests for tag-based KASAN modes:
> >
> > 1. Check that match-all pointer tag is not assigned randomly.
> > 2. Check that 0xff works as
On Tue, Jan 12, 2021 at 9:10 AM Alexander Potapenko wrote:
>
> On Tue, Jan 5, 2021 at 7:28 PM Andrey Konovalov wrote:
> >
> > Rename CONFIG_TEST_KASAN_MODULE to CONFIG_KASAN_MODULE_TEST.
> >
> > This naming is more consistent with the existing CONFIG_KASAN_KUN
On Tue, Jan 12, 2021 at 2:33 PM Marco Elver wrote:
>
> On Tue, Jan 05, 2021 at 07:27PM +0100, Andrey Konovalov wrote:
> > Rename CONFIG_TEST_KASAN_MODULE to CONFIG_KASAN_MODULE_TEST.
> >
> > This naming is more consistent with the existing CONFIG_KASAN_KUNIT_TEST.
>
On Tue, Jan 12, 2021 at 9:18 AM Alexander Potapenko wrote:
>
> On Tue, Jan 5, 2021 at 7:28 PM Andrey Konovalov wrote:
> >
> > It might not be obvious to the compiler that the expression must be
> > executed between writing and reading to fail_data. In this case, the
>
On Tue, Jan 12, 2021 at 3:32 PM Marco Elver wrote:
>
> > +/*
> > + * Unlike kasan_check_read/write(), kasan_check_byte() is performed even
> > for
> > + * the hardware tag-based mode that doesn't rely on compiler
> > instrumentation.
> > + */
>
> We have too many check-functions, and the name ne
On Tue, Jan 12, 2021 at 9:30 AM Alexander Potapenko wrote:
>
> On Tue, Jan 5, 2021 at 7:28 PM Andrey Konovalov wrote:
> >
> > Since the hardware tag-based KASAN mode might not have a redzone that
> > comes after an allocated object (when kasan.mode=prod is enabled), t
On Tue, Jan 12, 2021 at 2:39 PM Marco Elver wrote:
>
> On Tue, Jan 05, 2021 at 07:27PM +0100, Andrey Konovalov wrote:
> > In the kmalloc_uaf2() test, the pointers to the two allocated memory
> > blocks might be the same, and the test will fail. With the software
>
On Tue, Jan 12, 2021 at 9:26 AM Alexander Potapenko wrote:
>
> Nit: s/adopt/adapt in the title.
>
>
> > +again:
> > ptr1 = kmalloc(size, GFP_KERNEL);
> > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
> >
> > @@ -384,6 +386,13 @@ static void kmalloc_uaf2(struct kunit *test)
> >
On Tue, Jan 12, 2021 at 8:50 PM Andrey Konovalov wrote:
>
> On Tue, Jan 12, 2021 at 9:18 AM Alexander Potapenko wrote:
> >
> > On Tue, Jan 5, 2021 at 7:28 PM Andrey Konovalov
> > wrote:
> > >
> > > It might not be obvious to the compiler that the
Andrey Konovalov (2):
kasan, mm: fix conflicts with init_on_alloc/free
kasan, arm64: fix pointer tags in KASAN reports
arch/arm64/mm/fault.c | 2 ++
mm/slub.c | 7 ---
2 files changed, 6 insertions(+), 3 deletions(-)
--
2.30.0.284.gd98b1dd5eaa7-goog
ps://linux-review.googlesource.com/id/I9ced973866036d8679e8f4ae325de547eb969649
Fixes: dceec3ff7807 ("arm64: expose FAR_EL1 tag bits in siginfo")
Fixes: 4291e9ee6189 ("kasan, arm64: print report from tag fault handler")
Signed-off-by: Andrey Konovalov
---
arch/arm64/mm/fault.c | 2 ++
https://linux-review.googlesource.com/id/I50dd32838a666e173fe06c3c5c766f2c36aae901
Fixes: aa1ef4d7b3f67 ("kasan, mm: reset tags when accessing metadata")
Reported-by: Dmitry Vyukov
Signed-off-by: Andrey Konovalov
---
mm/slub.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
heck.
- Rename kasan_check() to kasan_byte_accessible().
- Add a test for kmem_cache_bulk_alloc().
- Checks that pointer tags are assigned from [KASAN_TAG_MIN, KASAN_TAG_KERNEL).
- Don't run tests with kasan.mode=off.
Andrey Konovalov (14):
kasan: prefix global functions with kasan_
kasan: clarify HW_
lesource.com/id/I719cc93483d4ba288a634dba80ee6b7f2809cd26
Suggested-by: Marco Elver
Reviewed-by: Marco Elver
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
mm/kasan/common.c | 47 +++---
mm/kasan/generic.c| 36 ++---
mm/kasan/kasan.
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
Documentation/dev-tools/kasan.rst | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst
b/Documentation/dev-tools/kasan.rst
index 0fc3fb1860c4..26c99852a852 100644
Clarify and update comments in KASAN tests.
Link:
https://linux-review.googlesource.com/id/I6c816c51fa1e0eb7aa3dead6bda1f339d2af46c8
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c| 59 +
lib/test_kasan_module.c | 5 ++--
2 files changed
: Andrey Konovalov
---
lib/test_kasan.c | 101 +++
1 file changed, 31 insertions(+), 70 deletions(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 6f46e27c2af7..714ea27fcc3e 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -73,6 +73,20
during execution for the SW_TAGS mode.
Link:
https://linux-review.googlesource.com/id/I78f1375efafa162b37f3abcb2c5bc2f3955dfd8e
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 92
mm/kasan/kasan.h | 6
2 files changed, 98 insertions
the hardware tag-based
mode; fixes come in the next few patches.
Link:
https://linux-review.googlesource.com/id/Id94dc9eccd33b23cda4950be408c27f879e474c8
Signed-off-by: Andrey Konovalov
---
arch/arm64/include/asm/memory.h| 1 +
arch/arm64/include/asm/mte-kasan.h | 12 +
arch/arm64
-by: Andrey Konovalov
---
Documentation/dev-tools/kasan.rst | 8
lib/Kconfig.kasan | 2 +-
lib/Makefile | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst
b/Documentation/dev-tools/kasan.rst
index
and use READ/WRITE_ONCE() for accessing fail_data fields.
Link:
https://linux-review.googlesource.com/id/I046079f48641a1d36fe627fc8827a9249102fd50
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 17 -
mm/kasan/report.c | 2 +-
2 files changed, 13 insertions(+), 6 deletions
is 1/14, which is quite noticable.
Allow up to 16 attempts at generating different tags for the tag-based
modes.
Link:
https://linux-review.googlesource.com/id/Ibfa458ef2804ff465d8eb07434a300bf36388d55
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 11 +++
1 file change
Don't run KASAN tests when it's disabled with kasan.mode=off to avoid
corrupting kernel memory.
Link:
https://linux-review.googlesource.com/id/I6447af436a69a94bfc35477f6bf4e2122948355e
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 3 +++
1 file changed, 3 insertions(+)
di
Add a test for kmem_cache_alloc/free_bulk to make sure there are now
false-positives when these functions are used.
Link:
https://linux-review.googlesource.com/id/I2a8bf797aecf81baeac61380c567308f319e263d
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 39
: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 51 +++-
1 file changed, 46 insertions(+), 5 deletions(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 710e714dc0cb..5e3d054e5b8c 100644
--- a/lib/test_kasan.c
+++ b/lib
s
detected via ksize() itself, and via plain accesses that happen later.
Link:
https://linux-review.googlesource.com/id/Iaabf771881d0f9ce1b969f2a62938e99d3308ec5
Signed-off-by: Andrey Konovalov
---
include/linux/kasan-checks.h | 6 ++
include/linux/kasan.h| 16 +++
object's boundaries.
Link:
https://linux-review.googlesource.com/id/I67f51d1ee48f0a8d0fe2658c2a39e4879fe0832a
Reviewed-by: Marco Elver
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff
Hi Robert,
Thanks for you patch!
Reviewed-by: Andrey Konovalov
On 18.01.2021 22:01, Robert Foss wrote:
The previously added modes 3264x2448 & 1632x1224 are actually
configuring the sensor for BGGR mode, this is an issue since
the mode that is exposed through V4L incorrectly is set as
Oops.. I've missed a few mistypes
On 18.01.2021 22:18, Andrey Konovalov wrote:
Hi Robert,
Thanks for you patch!
Reviewed-by: Andrey Konovalov
On 18.01.2021 22:01, Robert Foss wrote:
The previously added modes 3264x2448 & 1632x1224 are actually
configuring the sensor for BGGR mode
ks,
Andrey
On Mon, 18 Jan 2021 at 20:28, Andrey Konovalov
wrote:
Oops.. I've missed a few mistypes
On 18.01.2021 22:18, Andrey Konovalov wrote:
Hi Robert,
Thanks for you patch!
Reviewed-by: Andrey Konovalov
On 18.01.2021 22:01, Robert Foss wrote:
The previously added modes 3264x2
t bad accesses
to page_alloc allocations on some configurations.
Fix this by recovering the tag after the metadata access.
Fixes: aa1ef4d7b3f6 ("kasan, mm: reset tags when accessing metadata")
Signed-off-by: Andrey Konovalov
---
mm/page_alloc.c | 2 ++
1 file changed, 2 insertions(+)
On Tue, Jan 19, 2021 at 4:45 PM Vincenzo Frascino
wrote:
>
> Hi Catalin,
>
> On 1/19/21 2:45 PM, Catalin Marinas wrote:
> > On Mon, Jan 18, 2021 at 06:30:33PM +, Vincenzo Frascino wrote:
> >> mte_assign_mem_tag_range() is called on production KASAN HW hot
> >> paths. It makes sense to inline i
On Tue, Jan 19, 2021 at 3:46 PM Mark Rutland wrote:
>
> Given there's no information available, I think it's simpler and
> preferable to handle the logging separately, as is done for
> kasan_report_invalid_free(). For example, we could do something roughly
> like:
>
> void kasan_report_async(void)
On Mon, Jan 18, 2021 at 7:30 PM Vincenzo Frascino
wrote:
> --- a/Documentation/dev-tools/kasan.rst
> +++ b/Documentation/dev-tools/kasan.rst
> @@ -162,6 +162,9 @@ particular KASAN features.
>
> - ``kasan=off`` or ``=on`` controls whether KASAN is enabled (default:
> ``on``).
>
> +- ``kasan.mode=
r_el1, SCTLR_ELx_TCF_MASK, SCTLR_ELx_TCF_SYNC);
> + sysreg_clear_set(sctlr_el1, SCTLR_ELx_TCF_MASK, tcf);
> isb();
> +
> + pr_info_once("MTE: enabled in %s mode at EL1\n", mode);
> +}
> +
> +void mte_enable_kernel_sync(void)
> +{
> + __mte_enable_kernel("synchronous", SCTLR_ELx_TCF_SYNC);
> +}
> +
> +void mte_enable_kernel_async(void)
> +{
> + __mte_enable_kernel("asynchronous", SCTLR_ELx_TCF_ASYNC);
> }
>
> static void update_sctlr_el1_tcf0(u64 tcf0)
> --
> 2.30.0
>
Reviewed-by: Andrey Konovalov
On Mon, Jan 18, 2021 at 7:30 PM Vincenzo Frascino
wrote:
>
> This patchset implements the asynchronous mode support for ARMv8.5-A
> Memory Tagging Extension (MTE), which is a debugging feature that allows
> to detect with the help of the architecture the C and C++ programmatic
> memory errors like
On Tue, Jan 19, 2021 at 7:57 PM Vincenzo Frascino
wrote:
>
>
>
> On 1/19/21 6:52 PM, Catalin Marinas wrote:
> > On Tue, Jan 19, 2021 at 07:27:43PM +0100, Andrey Konovalov wrote:
> >> On Tue, Jan 19, 2021 at 6:26 PM Vincenzo Frascino
> >> wrote:
> >>&
On Tue, Jan 19, 2021 at 8:00 PM Catalin Marinas wrote:
>
> On Tue, Jan 19, 2021 at 07:12:40PM +0100, Andrey Konovalov wrote:
> > On Tue, Jan 19, 2021 at 4:45 PM Vincenzo Frascino
> > wrote:
> > > On 1/19/21 2:45 PM, Catalin Marinas wrote:
> > > > O
An invalid address (e.g. NULL pointer address) passed to the
> function when, KASAN_HW_TAGS is enabled, leads to a kernel panic.
>
> Cc: Andrey Ryabinin
> Cc: Alexander Potapenko
> Cc: Dmitry Vyukov
> Cc: Leon Romanovsky
> Cc: Andrey Konovalov
> Signed-off-by: Vi
On Tue, Jan 19, 2021 at 9:32 PM Vincenzo Frascino
wrote:
>
> This seems not working on arm64 because according to virt_addr_valid 0 is a
> valid virtual address, in fact:
>
> __is_lm_address(0) == true && pfn_valid(virt_to_pfn(0)) == true.
>
> An option could be to make an exception for virtual ad
Done opencode in_serving_softirq() checks in __usb_hcd_giveback_urb() to
avoid cluttering the code, hide them in kcov helpers instead.
Fixes: aee9ddb1d371 ("kcov, usb: only collect coverage from
__usb_hcd_giveback_urb in softirq")
Signed-off-by: Andrey Konovalov
---
Changes v1-&g
On Wed, Jan 6, 2021 at 12:56 PM Vincenzo Frascino
wrote:
>
> MTE provides an asynchronous mode for detecting tag exceptions. In
> particular instead of triggering a fault the arm64 core updates a
> register which is checked by the kernel at the first entry after the tag
> exception has occurred.
>
On Thu, Jan 7, 2021 at 6:25 PM Vincenzo Frascino
wrote:
>
> Hi Andrey,
>
> On 1/7/21 4:29 PM, Andrey Konovalov wrote:
> > On Wed, Jan 6, 2021 at 12:56 PM Vincenzo Frascino
> > wrote:
> >>
> >> MTE provides an asynchronous mode for detecting tag
Hi Robert and Tomasz,
On 08.01.2021 12:49, Tomasz Figa wrote:
Hi Robert,
On Thu, Jan 7, 2021 at 11:21 PM Robert Foss wrote:
The Bayer GRBG10 mode used for earlier modes 3280x2460 and
1640x1232 isn't the mode output by the sensor for the
3264x2448 and 1632x1224 modes.
Switch from MEDIA_BUS_F
Hi Robert,
On 08.01.2021 13:46, Andrey Konovalov wrote:
Hi Robert and Tomasz,
On 08.01.2021 12:49, Tomasz Figa wrote:
Hi Robert,
On Thu, Jan 7, 2021 at 11:21 PM Robert Foss wrote:
The Bayer GRBG10 mode used for earlier modes 3280x2460 and
1640x1232 isn't the mode output by the senso
On Fri, Jan 8, 2021 at 11:44 AM Vincenzo Frascino
wrote:
>
> Hi Andrey,
>
> On 1/7/21 7:18 PM, Andrey Konovalov wrote:
> >> Boolean arguments are generally bad for legibility, hence I tend to avoid
> >> them.
> >> In this case exposing the constan
IFT);
> + kasan_remove_zero_shadow(start, size);
> return ret;
> }
> --
> 2.25.1
Reviewed-by: Andrey Konovalov
On Sun, Jan 3, 2021 at 2:56 PM Lecopzer Chen wrote:
>
> During testing kasan_populate_early_shadow and kasan_remove_zero_shadow,
> if the shadow start and end address in kasan_remove_zero_shadow() is
> not aligned to PMD_SIZE, the remain unaligned PTE won't be removed.
>
> In the test case for kas
On Sun, Jan 3, 2021 at 6:13 PM Lecopzer Chen wrote:
>
> Now I have no device to test for HW_TAG, so keep it not selected
> until someone can test this.
>
> Signed-off-by: Lecopzer Chen
> ---
> arch/arm64/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/a
san: support KASAN_VMALLOC")
>
> Signed-off-by: Lecopzer Chen
Hi Lecopzer,
Thanks for working on this!
Acked-by: Andrey Konovalov
Tested-by: Andrey Konovalov
for the series along with the other two patches minding the nit in patch #3.
Will, Catalin, could you please take a look at the arm changes?
Thanks!
On Sun, Jan 3, 2021 at 6:12 PM Lecopzer Chen wrote:
>
> Linux supports KAsan for VMALLOC since commit 3c5c3cfb9ef4da9
> ("kasan: support backing vmalloc space with real shadow memory")
>
> Acroding to how x86 ported it [1], they early allocated p4d and pgd,
> but in arm64 I just simulate how KAsan
When enable KASAN stack instrumentation, then for gcc we could do
> no prompt and default value y, and for clang prompt and default
> value n.
>
> [1]: https://bugzilla.kernel.org/show_bug.cgi?id=210221
>
> Signed-off-by: Walter Wu
> Suggested-by: Dmitry Vyukov
> Cc: Andrey R
Hi Robert,
Thank you for the patch!
On 08.01.2021 15:04, Robert Foss wrote:
In order to support Qualcomm ISP hardware architectures that diverge
from older architectures, the VFE subdevice driver needs to be refactored
to better abstract the different ISP architectures.
Gen1 represents the CAM
Hi Robert,
Thanks for the patch!
On 08.01.2021 15:04, Robert Foss wrote:
This driver supports multiple architecture versions of the Qualcomm ISP.
The CAMSS architecure which this driver is name after, and with the
introduction of this series, the Titan architecture.
The ISPIF is IP-block that
Hi Robert,
Thank you for the patch!
On 08.01.2021 15:04, Robert Foss wrote:
Add register definitions for version 170 of the Titan architecture
and implement support for the RDI output mode.
The RDI mode as opposed to the PIX output mode for the VFE unit does
not support any ISP functionality.
On Wed, Jan 13, 2021 at 5:39 PM Marco Elver wrote:
>
> On Wed, 13 Jan 2021 at 17:22, Andrey Konovalov wrote:
> >
> > Don't run KASAN tests when it's disabled with kasan.mode=off to avoid
> > corrupting kernel memory.
> >
> > Link:
On Wed, Jan 13, 2021 at 5:38 PM Marco Elver wrote:
>
> On Wed, 13 Jan 2021 at 17:22, Andrey Konovalov wrote:
> >
> > Add a test for kmem_cache_alloc/free_bulk to make sure there are now
> > false-positives when these functions are used.
>
> s/now/no/ (but by itsel
On Wed, Jan 13, 2021 at 6:25 PM Vlastimil Babka wrote:
>
> On 1/13/21 5:03 PM, Andrey Konovalov wrote:
> > A few places where SLUB accesses object's data or metadata were missed in
> > a previous patch. This leads to false positives with hardware tag-based
> > KASAN w
On Wed, Jan 13, 2021 at 5:54 PM Marco Elver wrote:
>
> > +bool __kasan_check_byte(const void *addr, unsigned long ip);
> > +static __always_inline bool kasan_check_byte(const void *addr, unsigned
> > long ip)
> > +{
> > + if (kasan_enabled())
> > + return __kasan_check_byte(ad
On Wed, Jan 13, 2021 at 5:54 PM Marco Elver wrote:
>
> > +/*
> > + * Unlike kasan_check_read/write(), kasan_check_byte() is performed even
> > for
> > + * the hardware tag-based mode that doesn't rely on compiler
> > instrumentation.
> > + */
> > +bool __kasan_check_byte(const void *addr, unsign
ps://linux-review.googlesource.com/id/I9ced973866036d8679e8f4ae325de547eb969649
Fixes: dceec3ff7807 ("arm64: expose FAR_EL1 tag bits in siginfo")
Fixes: 4291e9ee6189 ("kasan, arm64: print report from tag fault handler")
Signed-off-by: Andrey Konovalov
---
arch/arm64/mm/fault.c | 2 ++
Changes v1->v2:
- Update changelog of patch #1.
Andrey Konovalov (2):
kasan, mm: fix conflicts with init_on_alloc/free
kasan, arm64: fix pointer tags in KASAN reports
arch/arm64/mm/fault.c | 2 ++
mm/slub.c | 7 ---
2 files changed, 6 insertions(+), 3 deleti
Acked-by: Vlastimil Babka
Signed-off-by: Andrey Konovalov
---
mm/slub.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index dc5b42e700b8..75fb097d990d 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2791,7 +2791,8 @@ static __always_inline void ma
ran with kasan.mode=off.
- Move _RET_IP_ to inline wrappers for kasan annotations.
Andrey Konovalov (15):
kasan: prefix global functions with kasan_
kasan: clarify HW_TAGS impact on TBI
kasan: clean up comments in tests
kasan: add macros to simplify checking test constraints
kasan: add match
lesource.com/id/I719cc93483d4ba288a634dba80ee6b7f2809cd26
Suggested-by: Marco Elver
Reviewed-by: Marco Elver
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
mm/kasan/common.c | 47 +++---
mm/kasan/generic.c| 36 ++---
mm/kasan/kasan.
Clarify and update comments in KASAN tests.
Link:
https://linux-review.googlesource.com/id/I6c816c51fa1e0eb7aa3dead6bda1f339d2af46c8
Reviewed-by: Marco Elver
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c| 59 +
lib/test_kasan_module.c
: Marco Elver
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 101 +++
1 file changed, 31 insertions(+), 70 deletions(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 6f46e27c2af7..714ea27fcc3e 100644
--- a
during execution for the SW_TAGS mode.
Link:
https://linux-review.googlesource.com/id/I78f1375efafa162b37f3abcb2c5bc2f3955dfd8e
Reviewed-by: Marco Elver
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 92
mm/kasan/kasan.h | 6
2 files
the hardware tag-based
mode; fixes come in the next few patches.
Link:
https://linux-review.googlesource.com/id/Id94dc9eccd33b23cda4950be408c27f879e474c8
Signed-off-by: Andrey Konovalov
---
arch/arm64/include/asm/memory.h| 1 +
arch/arm64/include/asm/mte-kasan.h | 12 +
arch/arm64
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
Documentation/dev-tools/kasan.rst | 16 +++-
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst
b/Documentation/dev-tools/kasan.rst
index 0fc3fb1860c4..26c99852a852 100644
and use READ/WRITE_ONCE() for accessing fail_data fields.
Link:
https://linux-review.googlesource.com/id/I046079f48641a1d36fe627fc8827a9249102fd50
Reviewed-by: Marco Elver
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 17 -
mm/kasan/report.c | 2 +-
2 files changed, 13
-by: Andrey Konovalov
---
Documentation/dev-tools/kasan.rst | 8
lib/Kconfig.kasan | 2 +-
lib/Makefile | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst
b/Documentation/dev-tools/kasan.rst
index
is 1/14, which is quite noticable.
Allow up to 16 attempts at generating different tags for the tag-based
modes.
Link:
https://linux-review.googlesource.com/id/Ibfa458ef2804ff465d8eb07434a300bf36388d55
Reviewed-by: Marco Elver
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Kono
object's boundaries.
Link:
https://linux-review.googlesource.com/id/I67f51d1ee48f0a8d0fe2658c2a39e4879fe0832a
Reviewed-by: Marco Elver
Reviewed-by: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff
Add a test for kmem_cache_alloc/free_bulk to make sure there are no
false-positives when these functions are used.
Link:
https://linux-review.googlesource.com/id/I2a8bf797aecf81baeac61380c567308f319e263d
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 38
Don't run KASAN tests when it's disabled with kasan.mode=off to avoid
corrupting kernel memory.
Link:
https://linux-review.googlesource.com/id/I6447af436a69a94bfc35477f6bf4e2122948355e
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 5 +
1 file changed, 5 insertions(+)
di
trace
pass _RET_IP_ to __kasan_check_byte().
Also add a new ksize_uaf() test that checks that a use-after-free is
detected via ksize() itself, and via plain accesses that happen later.
Link:
https://linux-review.googlesource.com/id/Iaabf771881d0f9ce1b969f2a62938e99d3308ec5
Signed-off-by: Andrey
P_ to those wrappers to simplify annotation call sites.
Link:
https://linux-review.googlesource.com/id/I8fb3c06d49671305ee184175a39591bc26647a67
Signed-off-by: Andrey Konovalov
---
include/linux/kasan.h | 20 +---
mm/mempool.c | 2 +-
mm/slab.c | 2 +-
mm/s
: Alexander Potapenko
Signed-off-by: Andrey Konovalov
---
lib/test_kasan.c | 51 +++-
1 file changed, 46 insertions(+), 5 deletions(-)
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 566d894ba20b..ab22a653762e 100644
--- a/lib/test_kasan.c
+++ b/lib
On Fri, Jan 15, 2021 at 11:49 AM Catalin Marinas
wrote:
>
> On Thu, Jan 14, 2021 at 08:33:57PM +0100, Andrey Konovalov wrote:
> > As of the "arm64: expose FAR_EL1 tag bits in siginfo" patch, the address
> > that is passed to report_tag_fault has pointer tags in the for
On Thu, Mar 18, 2021 at 7:56 PM Catalin Marinas wrote:
>
> On Mon, Mar 15, 2021 at 01:20:10PM +, Vincenzo Frascino wrote:
> > This patchset implements the asynchronous mode support for ARMv8.5-A
> > Memory Tagging Extension (MTE), which is a debugging feature that allows
> > to detect with the
Use my personal email, the @google.com one will stop functioning soon.
Signed-off-by: Andrey Konovalov
---
.mailmap | 1 +
1 file changed, 1 insertion(+)
diff --git a/.mailmap b/.mailmap
index 85b93cdefc87..11219fa3b62b 100644
--- a/.mailmap
+++ b/.mailmap
@@ -36,6 +36,7 @@ Andrew Morton
On Thu, Mar 18, 2021 at 7:56 PM Catalin Marinas wrote:
>
> On Mon, Mar 15, 2021 at 01:20:10PM +, Vincenzo Frascino wrote:
> > This patchset implements the asynchronous mode support for ARMv8.5-A
> > Memory Tagging Extension (MTE), which is a debugging feature that allows
> > to detect with the
On Thu, Mar 4, 2021 at 12:23 AM Andrew Morton wrote:
>
> On Fri, 26 Feb 2021 02:25:37 +0100 Andrey Konovalov
> wrote:
>
> > Currently, kasan_free_nondeferred_pages()->kasan_free_pages() is called
> > after debug_pagealloc_unmap_pages(). This causes a crash when
>
On Fri, Feb 19, 2021 at 1:22 AM Andrey Konovalov wrote:
>
> Currently, KASAN_SW_TAGS uses 0xFF as the default tag value for
> unallocated memory. The underlying idea is that since that memory
> hasn't been allocated yet, it's only supposed to be dereferenced
> through
On Fri, Feb 26, 2021 at 2:25 AM Andrey Konovalov wrote:
>
> Currently, kasan_free_nondeferred_pages()->kasan_free_pages() is called
> after debug_pagealloc_unmap_pages(). This causes a crash when
> debug_pagealloc is enabled, as HW_TAGS KASAN can't set tags on an
> unmapp
ap_pages() and arch_free_page(), which can also make
the page unavailable.
Fixes: 94ab5b61ee16 ("kasan, arm64: enable CONFIG_KASAN_HW_TAGS")
Cc:
Signed-off-by: Andrey Konovalov
---
Changes v1->v2:
- Move kasan_free_nondeferred_pages() before arch_free_page().
---
mm/page_alloc.c
On Sat, Mar 6, 2021 at 12:50 AM Andrew Morton wrote:
>
> On Sat, 6 Mar 2021 00:36:33 +0100 Andrey Konovalov
> wrote:
>
> > Currently, kasan_free_nondeferred_pages()->kasan_free_pages() is called
> > after debug_pagealloc_unmap_pages(). This causes a crash when
>
301 - 400 of 2085 matches
Mail list logo
