| Message ID | 1440577578-15813-10-git-send-email-aneesh.kumar@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
2015-08-26 11:26 GMT+03:00 Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>: > We we end up calling kasan_report in real mode, our shadow mapping > for even spinlock variable will show poisoned. Generally I agree with this patch. We should disable reports when we print report as early as possible to prevent recursion in case of bug in spinlock or printk etc. But I don't understand what is the problem that you observing. How we ended up with shadow poisoned for a valid spinlock struct? And since shadow poisoned for some valid memory we should get enormous amount of false positive reports. > This will result > in us calling kasan_report_error with lock_report spin lock held. > To prevent this disable kasan reporting when we are priting > error w.r.t kasan. > > Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> > --- > mm/kasan/report.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/mm/kasan/report.c b/mm/kasan/report.c > index 79fbc5d14bd2..82b41eb83e43 100644 > --- a/mm/kasan/report.c > +++ b/mm/kasan/report.c > @@ -185,6 +185,10 @@ void kasan_report_error(struct kasan_access_info *info) > { > unsigned long flags; > > + /* > + * Make sure we don't end up in loop. > + */ > + kasan_disable_current(); > spin_lock_irqsave(&report_lock, flags); > pr_err("=================================" > "=================================\n"); > @@ -194,12 +198,17 @@ void kasan_report_error(struct kasan_access_info *info) > pr_err("=================================" > "=================================\n"); > spin_unlock_irqrestore(&report_lock, flags); > + kasan_enable_current(); > } > > void kasan_report_user_access(struct kasan_access_info *info) > { > unsigned long flags; > > + /* > + * Make sure we don't end up in loop. > + */ > + kasan_disable_current(); > spin_lock_irqsave(&report_lock, flags); > pr_err("=================================" > "=================================\n"); > @@ -212,6 +221,7 @@ void kasan_report_user_access(struct kasan_access_info *info) > pr_err("=================================" > "=================================\n"); > spin_unlock_irqrestore(&report_lock, flags); > + kasan_enable_current(); > } > > void kasan_report(unsigned long addr, size_t size, > -- > 2.5.0 >
Andrey Ryabinin <ryabinin.a.a@gmail.com> writes: > 2015-08-26 11:26 GMT+03:00 Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>: >> We we end up calling kasan_report in real mode, our shadow mapping >> for even spinlock variable will show poisoned. > > Generally I agree with this patch. We should disable reports when we > print report as early > as possible to prevent recursion in case of bug in spinlock or printk etc. > > But I don't understand what is the problem that you observing. > How we ended up with shadow poisoned for a valid spinlock struct? > And since shadow poisoned for some valid memory we should get > enormous amount of false positive reports. > I still haven't fully isolated all the .c files which should not be kasan instrumented. That means in case of ppc64 i ended up calling kasan _load/_store in real mode. That will result in failure w.r.t to the above spin_lock code. -aneesh
diff --git a/mm/kasan/report.c b/mm/kasan/report.c index 79fbc5d14bd2..82b41eb83e43 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -185,6 +185,10 @@ void kasan_report_error(struct kasan_access_info *info) { unsigned long flags; + /* + * Make sure we don't end up in loop. + */ + kasan_disable_current(); spin_lock_irqsave(&report_lock, flags); pr_err("=================================" "=================================\n"); @@ -194,12 +198,17 @@ void kasan_report_error(struct kasan_access_info *info) pr_err("=================================" "=================================\n"); spin_unlock_irqrestore(&report_lock, flags); + kasan_enable_current(); } void kasan_report_user_access(struct kasan_access_info *info) { unsigned long flags; + /* + * Make sure we don't end up in loop. + */ + kasan_disable_current(); spin_lock_irqsave(&report_lock, flags); pr_err("=================================" "=================================\n"); @@ -212,6 +221,7 @@ void kasan_report_user_access(struct kasan_access_info *info) pr_err("=================================" "=================================\n"); spin_unlock_irqrestore(&report_lock, flags); + kasan_enable_current(); } void kasan_report(unsigned long addr, size_t size,
We we end up calling kasan_report in real mode, our shadow mapping for even spinlock variable will show poisoned. This will result in us calling kasan_report_error with lock_report spin lock held. To prevent this disable kasan reporting when we are priting error w.r.t kasan. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> --- mm/kasan/report.c | 10 ++++++++++ 1 file changed, 10 insertions(+)