From patchwork Fri Jul 1 09:16:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 1651102 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=YmCpXQad; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20210112 header.b=Ziw2qAXA; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LZ8ht3yNPz9sFx for ; Fri, 1 Jul 2022 19:16:46 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version: Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=OiZAwmLSMozSyZLPiVR+RzcZTwDnTSNmxtOhHiI8+84=; b=YmC pXQadhSVtGrp99idyRExqiz3KaFrV04Aeetucw+/Jip+1XFQYhuKIoaT9OzFiPmRHdHc/YFA+RMML CRlEnU3GcmiSewy9tW93BN07W/HL6yGNccqap420KDmlp9SVdsD2QMMIGtMrqNjXDaWGnrJl0OV10 yIhieOK+ZvQW5NYroqvkkXAJAwXYJrFFyJertyWFiebkbHhfHCgfxaokHN/Cr1j68d/UwuQ7xdVyb IU1ohtumUFV92o/Czqg/JmAwlhIkeyYfiK6ghdlLTNaJvg5Gvt5JqZ3VC/+eVgRMOp4zVj4dfy2oT pw540xWkboyCWeBiVC8PkZqLlftbC7w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7ClL-003ohL-AI; Fri, 01 Jul 2022 09:16:31 +0000 Received: from mail-pl1-x64a.google.com ([2607:f8b0:4864:20::64a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7ClI-003ofQ-8a for linux-um@lists.infradead.org; Fri, 01 Jul 2022 09:16:29 +0000 Received: by mail-pl1-x64a.google.com with SMTP id s9-20020a170902ea0900b0016a4515b2e4so1164924plg.16 for ; Fri, 01 Jul 2022 02:16:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=Gzf9MNYfzuExJ4letAUuWlfZz/ymERxaYUyT/EuC1fc=; b=Ziw2qAXAlzhNlbhTjbP0JE77DsFllvjUC3AvzRFw4OJ8KKLOHiNYxCskVSDnjCrbmk dRi/Tm4oQcCNrIY5p5Ziht1qS27pnUQatjR262bXMIcKV9YxIj2b/0029BocKRRLJlYU HP6zwkl7J2Icx8KXYVj+zvrUrOD58dKKWVnJye31y9E4/J2F4wUXrxoAQ4WcoSR7evCz ZSbWZjPy6gy16w95t0NfHgdbfNUgudhTVrD7nIgjoc8Kl8jNzBjvQSMW/2/0mC5xaqQu Wao9C47Jn/85zScpvweq1xtOni7nOQTixCgarYqulfUgkf2NQQ33BTBk593QPAqQQhv9 cLYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=Gzf9MNYfzuExJ4letAUuWlfZz/ymERxaYUyT/EuC1fc=; b=l3xoUC+29ydzyfi3bG5qCIcSWXd0ycstwyRREjKGJuP2lC1b1E2H73VpPLX858QDBj MLapOz5ZRZlucMet2hSxhxnZVHU4R5nP7V1Uk2TAHWKyJO1aIdHVjLeg16zXKk8lp/CE IbUDRVUP73DihxmXFfXWDKHiK8zn2wsMWdLI5D+LZZoUWGOVV7Bh1DhsM+6ibe7uCC/b TyJqEF3ZPW4K/pEMnWqPpSrWX8743pNsVgpauq4UVFVcqXDFBW0w4+ap4Eh09dUwKnb3 uT55qq7sfY5dAIYq5dRcYo6OLyR+OGi9D7S7XuZ3JRimVsZmH8mZNof4ZAp91ABcoQ82 7fHg== X-Gm-Message-State: AJIora9x1CBn+PJ0zlBKo4bCfq44PEpDbJwX8AWgldq1z3y9W1ZHWWYg SS6b3lbyNnx1t+D5RolD0dO6U3wByD/PUg== X-Google-Smtp-Source: AGRyM1tlgeuz2bKn2ETD5JL0peIvZI8MizDxt/mQxTKM/Btl6ArdfthuN5ner3m8FquTDc5cMpJaiqaGXiCE8g== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a17:90b:4a42:b0:1ec:adee:e298 with SMTP id lb2-20020a17090b4a4200b001ecadeee298mr17874949pjb.161.1656666986727; Fri, 01 Jul 2022 02:16:26 -0700 (PDT) Date: Fri, 1 Jul 2022 17:16:19 +0800 Message-Id: <20220701091621.3022368-1-davidgow@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v5 1/2] mm: Add PAGE_ALIGN_DOWN macro From: David Gow To: Vincent Whitchurch , Johannes Berg , Patricia Alfonso , Jeff Dike , Richard Weinberger , anton.ivanov@cambridgegreys.com, Dmitry Vyukov , Brendan Higgins , Andrew Morton , Andrey Konovalov , Andrey Ryabinin Cc: David Gow , kasan-dev , linux-um@lists.infradead.org, LKML , Daniel Latypov , linux-mm@kvack.org, kunit-dev@googlegroups.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220701_021628_362888_D0BEF6D6 X-CRM114-Status: GOOD ( 11.40 ) X-Spam-Score: -7.7 (-------) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This is just the same as PAGE_ALIGN(), but rounds the address down, not up. Suggested-by: Dmitry Vyukov Signed-off-by: David Gow Acked-by: Andrew Morton --- Please take this patch as part of the UML tree, [...] Content analysis details: (-7.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:64a listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender X-BeenThere: linux-um@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-um" Errors-To: linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This is just the same as PAGE_ALIGN(), but rounds the address down, not up. Suggested-by: Dmitry Vyukov Signed-off-by: David Gow Acked-by: Andrew Morton --- Please take this patch as part of the UML tree, along with patch #2, thanks! No changes to this patch since v4: https://lore.kernel.org/lkml/20220630080834.2742777-1-davidgow@google.com/ No changes to this patch since v3 (just a minor issue with patch #2): https://lore.kernel.org/lkml/20220630074757.2739000-1-davidgow@google.com/ Changes since v2: https://lore.kernel.org/lkml/20220527185600.1236769-1-davidgow@google.com/ - Add Andrew's Acked-by tag. v2 was the first version of this patch (it having been introduced as part of v2 of the UML/KASAN series). There are almost certainly lots of places where this macro should be used: just look for ALIGN_DOWN(..., PAGE_SIZE). I haven't gone through to try to replace them all. --- include/linux/mm.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 9f44254af8ce..9abe5975ad11 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -221,6 +221,9 @@ int overcommit_policy_handler(struct ctl_table *, int, void *, size_t *, /* to align the pointer to the (next) page boundary */ #define PAGE_ALIGN(addr) ALIGN(addr, PAGE_SIZE) +/* to align the pointer to the (prev) page boundary */ +#define PAGE_ALIGN_DOWN(addr) ALIGN_DOWN(addr, PAGE_SIZE) + /* test whether an address (unsigned long or pointer) is aligned to PAGE_SIZE */ #define PAGE_ALIGNED(addr) IS_ALIGNED((unsigned long)(addr), PAGE_SIZE) From patchwork Fri Jul 1 09:16:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gow X-Patchwork-Id: 1651103 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=ud4ynxm9; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20210112 header.b=WSNZeuIe; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LZ8hv5XJbz9sGH for ; Fri, 1 Jul 2022 19:16:47 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=R7Y/mjfjNDe2jE193vNqOIlYdU8/PHLUt7Ejp98Ot+c=; b=ud4ynxm9NtmmSouP6NVDcPM2hh csF/pvEQrFpYMomVMuatGx3ohEJrGt1EV4PP9K5BOLtm4wHRotz666qyhAZ/yKKIXGKN7FPYTppWh MoMaj6DaxKjMfNqYR/DFGLNJaNqlHQxJ98AWCW8Va746L4r5GKIyOU85vfKwmgp4Ud+dvWscpRJxt oSedA5rsE7LIlHZtl62Gjf8P2ZoKfQqqt4R4htPVeKOv5nnBiAuv2zbodNS88Wuh/SiQLCZRnhSPh mvEWpeA0vPpQnqBR4aNd/trOWAm7hGGy15r6cq6jrLPEJFEhjrgrlVithGFJjCB2weKxrfcch8m+W i1APHlww==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7ClQ-003ojc-Mz; Fri, 01 Jul 2022 09:16:36 +0000 Received: from mail-pg1-x549.google.com ([2607:f8b0:4864:20::549]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7ClN-003ohf-ER for linux-um@lists.infradead.org; Fri, 01 Jul 2022 09:16:35 +0000 Received: by mail-pg1-x549.google.com with SMTP id q132-20020a632a8a000000b00411eb01811fso250078pgq.3 for ; Fri, 01 Jul 2022 02:16:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=LUj/MmMrX1CouG6nvv7bW1CFaDLDEFEd/05MxXd49lU=; b=WSNZeuIe46Y0KIWAUiKaSegk2jDjEVN+RyrOOBOVf4ukUDLCeRduKcZLqnkDqOE0KY d1KWQyINNOah2aahQ0AFJ6wsmbv1ZFu469O2RgOgeBRxXzfXXKUMtHB9Dc3m2kH7pdMN fwani0puzfCxsu5VrRdPIF+iSC/w+U1r1/0jKCVprcBzNLcGuxMNgCyy5n0oOwFVMk/n Ug6V74BUdWCSY5Y+jHKV2T79yF1MoIq43kBfCUua9CiMJvAGz92F6w3VsRwHxJaI6Rdm QrRpDNbE/3P0aFDAoMPQXdb81pw4TePYrFwHvXqkxQAIj86+z6ifaCFPWev7ZH6bze7P btIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=LUj/MmMrX1CouG6nvv7bW1CFaDLDEFEd/05MxXd49lU=; b=Saf3+fMO7CEynbDpOKQz3PkjlkrC/IqocrX/wdjBrj6nDQg4VPRmQNq/J+dymdXqkP g1+9/REOqNkj4p5lAsfo6D4SAEjUMTkeioneOZKMk3hw+Sh0jzgge2yUdJG3/ZgJFbmj P1uoImI/j036Own0Qk9GLXtHF0e8Jzk+G8k3/gzG7nErnadHe75M+Z/O84kpY6QXBN36 sqFwPfEV4Erv6FhKWL3jtiZpcJ2x+ckEGeShXgq3Oct10rAk1A8m69PogI2fNXW4/+YO CNgGuXNIOkxmDtzR5PBadEcnXzjUinGGtu1N7rDC4Ey9kQFQ/pRcKArpagdodhdDQRYL 7aww== X-Gm-Message-State: AJIora/ttUEL6W6v6e4rFI1FBAjrn4eelHB/21g+b1MFmSLpJnVzDdMH 26HinB/sjX8o7CNpJKRVUSG6LACyB6py0g== X-Google-Smtp-Source: AGRyM1vJE95ZEy7xS17fdPoYiDWBwUrpdwlGJauOGp2809L/szQZdPeJ/4M1F9xPaHF4vjx4y9jAa/1W1lQSUQ== X-Received: from slicestar.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:20a1]) (user=davidgow job=sendgmr) by 2002:a17:90b:3147:b0:1ee:d3a3:f24f with SMTP id ip7-20020a17090b314700b001eed3a3f24fmr462191pjb.1.1656666990980; Fri, 01 Jul 2022 02:16:30 -0700 (PDT) Date: Fri, 1 Jul 2022 17:16:20 +0800 In-Reply-To: <20220701091621.3022368-1-davidgow@google.com> Message-Id: <20220701091621.3022368-2-davidgow@google.com> Mime-Version: 1.0 References: <20220701091621.3022368-1-davidgow@google.com> X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v5 2/2] UML: add support for KASAN under x86_64 From: David Gow To: Vincent Whitchurch , Johannes Berg , Patricia Alfonso , Jeff Dike , Richard Weinberger , anton.ivanov@cambridgegreys.com, Dmitry Vyukov , Brendan Higgins , Andrew Morton , Andrey Konovalov , Andrey Ryabinin Cc: kasan-dev , linux-um@lists.infradead.org, LKML , Daniel Latypov , linux-mm@kvack.org, kunit-dev@googlegroups.com, David Gow X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220701_021633_567674_670371DD X-CRM114-Status: GOOD ( 39.86 ) X-Spam-Score: -7.7 (-------) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Patricia Alfonso Make KASAN run on User Mode Linux on x86_64. The UML-specific KASAN initializer uses mmap to map the ~16TB of shadow memory to the location defined by KASAN_SHADOW_OFFSET. kasan_init() utilizes constructors to initialize KASAN before main(). Content analysis details: (-7.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:549 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 DKIMWL_WL_MED DKIMwl.org - Medium trust sender X-BeenThere: linux-um@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-um" Errors-To: linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Patricia Alfonso Make KASAN run on User Mode Linux on x86_64. The UML-specific KASAN initializer uses mmap to map the ~16TB of shadow memory to the location defined by KASAN_SHADOW_OFFSET. kasan_init() utilizes constructors to initialize KASAN before main(). The location of the KASAN shadow memory, starting at KASAN_SHADOW_OFFSET, can be configured using the KASAN_SHADOW_OFFSET option. The default location of this offset is 0x100000000000, which keeps it out-of-the-way even on UML setups with more "physical" memory. For low-memory setups, 0x7fff8000 can be used instead, which fits in an immediate and is therefore faster, as suggested by Dmitry Vyukov. There is usually enough free space at this location; however, it is a config option so that it can be easily changed if needed. Note that, unlike KASAN on other architectures, vmalloc allocations still use the shadow memory allocated upfront, rather than allocating and free-ing it per-vmalloc allocation. If another architecture chooses to go down the same path, we should replace the checks for CONFIG_UML with something more generic, such as: - A CONFIG_KASAN_NO_SHADOW_ALLOC option, which architectures could set - or, a way of having architecture-specific versions of these vmalloc and module shadow memory allocation options. Also note that, while UML supports both KASAN in inline mode (CONFIG_KASAN_INLINE) and static linking (CONFIG_STATIC_LINK), it does not support both at the same time. Signed-off-by: Patricia Alfonso Co-developed-by: Vincent Whitchurch Signed-off-by: Vincent Whitchurch Signed-off-by: David Gow Reviewed-by: Johannes Berg Reviewed-by: Dmitry Vyukov Reviewed-by: Andrey Konovalov --- This is v5 of the KASAN/UML port. It should be ready to go (this time, for sure! :-)) Note that this will fail to build if UML is linked statically due to: https://lore.kernel.org/all/20220526185402.955870-1-davidgow@google.com/ Changes since v4: https://lore.kernel.org/lkml/20220630080834.2742777-2-davidgow@google.com/ - Instrument all of the stacktrace code (except for the actual reading of the stack frames). - This means that stacktrace.c and sysrq.c are now instrumented. - Stack frames are read with READ_ONCE_NOCHECK() - Thanks Andrey for pointing this out. Changes since v3: https://lore.kernel.org/lkml/20220630074757.2739000-2-davidgow@google.com/ - Fix some tabs which got converted to spaces by a rogue vim plugin. Changes since v2: https://lore.kernel.org/lkml/20220527185600.1236769-2-davidgow@google.com/ - Don't define CONFIG_KASAN in USER_CFLAGS, given we dont' use it. (Thanks Johannes) - Update patch descriptions and comments given we allocate shadow memory based on the size of the virtual address space, not the "physical" memory used by UML. - This was changed between the original RFC and v1, with KASAN_SHADOW_SIZE's definition being updated. - References to UML using 18TB of space and the shadow memory taking 2.25TB were updated. (Thanks Johannes) - A mention of physical memory in a comment was updated. (Thanks Andrey) - Move some discussion of how the vmalloc() handling could be made more generic from a comment to the commit description. (Thanks Andrey) Changes since RFC v3: https://lore.kernel.org/all/20220526010111.755166-1-davidgow@google.com/ - No longer print "KernelAddressSanitizer initialized" (Johannes) - Document the reason for the CONFIG_UML checks in shadow.c (Dmitry) - Support static builds via kasan_arch_is_ready() (Dmitry) - Get rid of a redundant call to kasam_mem_to_shadow() (Dmitry) - Use PAGE_ALIGN and the new PAGE_ALIGN_DOWN macros (Dmitry) - Reinstate missing arch/um/include/asm/kasan.h file (Johannes) Changes since v1: https://lore.kernel.org/all/20200226004608.8128-1-trishalfonso@google.com/ - Include several fixes from Vincent Whitchurch: https://lore.kernel.org/all/20220525111756.GA15955@axis.com/ - Support for KASAN_VMALLOC, by changing the way kasan_{populate,release}_vmalloc work to update existing shadow memory, rather than allocating anything new. - A similar fix for modules' shadow memory. - Support for KASAN_STACK - This requires the bugfix here: https://lore.kernel.org/lkml/20220523140403.2361040-1-vincent.whitchurch@axis.com/ - Plus a couple of files excluded from KASAN. - Revert the default shadow offset to 0x100000000000 - This was breaking when mem=1G for me, at least. - A few minor fixes to linker sections and scripts. - I've added one to dyn.lds.S on top of the ones Vincent added. --- arch/um/Kconfig | 15 +++++++++++++ arch/um/include/asm/common.lds.S | 2 ++ arch/um/include/asm/kasan.h | 37 ++++++++++++++++++++++++++++++++ arch/um/kernel/dyn.lds.S | 6 +++++- arch/um/kernel/mem.c | 19 ++++++++++++++++ arch/um/kernel/stacktrace.c | 2 +- arch/um/os-Linux/mem.c | 22 +++++++++++++++++++ arch/um/os-Linux/user_syms.c | 4 ++-- arch/x86/um/Makefile | 3 ++- arch/x86/um/vdso/Makefile | 3 +++ mm/kasan/shadow.c | 29 +++++++++++++++++++++++-- 11 files changed, 135 insertions(+), 7 deletions(-) create mode 100644 arch/um/include/asm/kasan.h diff --git a/arch/um/Kconfig b/arch/um/Kconfig index 8062a0c08952..289c9dc226d6 100644 --- a/arch/um/Kconfig +++ b/arch/um/Kconfig @@ -12,6 +12,8 @@ config UML select ARCH_HAS_STRNLEN_USER select ARCH_NO_PREEMPT select HAVE_ARCH_AUDITSYSCALL + select HAVE_ARCH_KASAN if X86_64 + select HAVE_ARCH_KASAN_VMALLOC if HAVE_ARCH_KASAN select HAVE_ARCH_SECCOMP_FILTER select HAVE_ASM_MODVERSIONS select HAVE_UID16 @@ -220,6 +222,19 @@ config UML_TIME_TRAVEL_SUPPORT It is safe to say Y, but you probably don't need this. +config KASAN_SHADOW_OFFSET + hex + depends on KASAN + default 0x100000000000 + help + This is the offset at which the ~16TB of shadow memory is + mapped and used by KASAN for memory debugging. This can be any + address that has at least KASAN_SHADOW_SIZE (total address space divided + by 8) amount of space so that the KASAN shadow memory does not conflict + with anything. The default is 0x100000000000, which works even if mem is + set to a large value. On low-memory systems, try 0x7fff8000, as it fits + into the immediate of most instructions, improving performance. + endmenu source "arch/um/drivers/Kconfig" diff --git a/arch/um/include/asm/common.lds.S b/arch/um/include/asm/common.lds.S index eca6c452a41b..fd481ac371de 100644 --- a/arch/um/include/asm/common.lds.S +++ b/arch/um/include/asm/common.lds.S @@ -83,6 +83,8 @@ } .init_array : { __init_array_start = .; + *(.kasan_init) + *(.init_array.*) *(.init_array) __init_array_end = .; } diff --git a/arch/um/include/asm/kasan.h b/arch/um/include/asm/kasan.h new file mode 100644 index 000000000000..0d6547f4ec85 --- /dev/null +++ b/arch/um/include/asm/kasan.h @@ -0,0 +1,37 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_UM_KASAN_H +#define __ASM_UM_KASAN_H + +#include +#include + +#define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL) + +/* used in kasan_mem_to_shadow to divide by 8 */ +#define KASAN_SHADOW_SCALE_SHIFT 3 + +#ifdef CONFIG_X86_64 +#define KASAN_HOST_USER_SPACE_END_ADDR 0x00007fffffffffffUL +/* KASAN_SHADOW_SIZE is the size of total address space divided by 8 */ +#define KASAN_SHADOW_SIZE ((KASAN_HOST_USER_SPACE_END_ADDR + 1) >> \ + KASAN_SHADOW_SCALE_SHIFT) +#else +#error "KASAN_SHADOW_SIZE is not defined for this sub-architecture" +#endif /* CONFIG_X86_64 */ + +#define KASAN_SHADOW_START (KASAN_SHADOW_OFFSET) +#define KASAN_SHADOW_END (KASAN_SHADOW_START + KASAN_SHADOW_SIZE) + +#ifdef CONFIG_KASAN +void kasan_init(void); +void kasan_map_memory(void *start, unsigned long len); +extern int kasan_um_is_ready; + +#ifdef CONFIG_STATIC_LINK +#define kasan_arch_is_ready() (kasan_um_is_ready) +#endif +#else +static inline void kasan_init(void) { } +#endif /* CONFIG_KASAN */ + +#endif /* __ASM_UM_KASAN_H */ diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S index 2f2a8ce92f1e..2b7fc5b54164 100644 --- a/arch/um/kernel/dyn.lds.S +++ b/arch/um/kernel/dyn.lds.S @@ -109,7 +109,11 @@ SECTIONS be empty, which isn't pretty. */ . = ALIGN(32 / 8); .preinit_array : { *(.preinit_array) } - .init_array : { *(.init_array) } + .init_array : { + *(.kasan_init) + *(.init_array.*) + *(.init_array) + } .fini_array : { *(.fini_array) } .data : { INIT_TASK_DATA(KERNEL_STACK_SIZE) diff --git a/arch/um/kernel/mem.c b/arch/um/kernel/mem.c index 15295c3237a0..276a1f0b91f1 100644 --- a/arch/um/kernel/mem.c +++ b/arch/um/kernel/mem.c @@ -18,6 +18,25 @@ #include #include #include +#include + +#ifdef CONFIG_KASAN +int kasan_um_is_ready; +void kasan_init(void) +{ + /* + * kasan_map_memory will map all of the required address space and + * the host machine will allocate physical memory as necessary. + */ + kasan_map_memory((void *)KASAN_SHADOW_START, KASAN_SHADOW_SIZE); + init_task.kasan_depth = 0; + kasan_um_is_ready = true; +} + +static void (*kasan_init_ptr)(void) +__section(".kasan_init") __used += kasan_init; +#endif /* allocated in paging_init, zeroed in mem_init, and unchanged thereafter */ unsigned long *empty_zero_page = NULL; diff --git a/arch/um/kernel/stacktrace.c b/arch/um/kernel/stacktrace.c index 86df52168bd9..fd3b61b3d4d2 100644 --- a/arch/um/kernel/stacktrace.c +++ b/arch/um/kernel/stacktrace.c @@ -27,7 +27,7 @@ void dump_trace(struct task_struct *tsk, frame = (struct stack_frame *)bp; while (((long) sp & (THREAD_SIZE-1)) != 0) { - addr = *sp; + addr = READ_ONCE_NOCHECK(*sp); if (__kernel_text_address(addr)) { reliable = 0; if ((unsigned long) sp == bp + sizeof(long)) { diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c index 3c1b77474d2d..8530b2e08604 100644 --- a/arch/um/os-Linux/mem.c +++ b/arch/um/os-Linux/mem.c @@ -17,6 +17,28 @@ #include #include +/* + * kasan_map_memory - maps memory from @start with a size of @len. + * The allocated memory is filled with zeroes upon success. + * @start: the start address of the memory to be mapped + * @len: the length of the memory to be mapped + * + * This function is used to map shadow memory for KASAN in uml + */ +void kasan_map_memory(void *start, size_t len) +{ + if (mmap(start, + len, + PROT_READ|PROT_WRITE, + MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE|MAP_NORESERVE, + -1, + 0) == MAP_FAILED) { + os_info("Couldn't allocate shadow memory: %s\n.", + strerror(errno)); + exit(1); + } +} + /* Set by make_tempfile() during early boot. */ static char *tempdir = NULL; diff --git a/arch/um/os-Linux/user_syms.c b/arch/um/os-Linux/user_syms.c index 715594fe5719..cb667c9225ab 100644 --- a/arch/um/os-Linux/user_syms.c +++ b/arch/um/os-Linux/user_syms.c @@ -27,10 +27,10 @@ EXPORT_SYMBOL(strstr); #ifndef __x86_64__ extern void *memcpy(void *, const void *, size_t); EXPORT_SYMBOL(memcpy); -#endif - EXPORT_SYMBOL(memmove); EXPORT_SYMBOL(memset); +#endif + EXPORT_SYMBOL(printf); /* Here, instead, I can provide a fake prototype. Yes, someone cares: genksyms. diff --git a/arch/x86/um/Makefile b/arch/x86/um/Makefile index ba5789c35809..f778e37494ba 100644 --- a/arch/x86/um/Makefile +++ b/arch/x86/um/Makefile @@ -28,7 +28,8 @@ else obj-y += syscalls_64.o vdso/ -subarch-y = ../lib/csum-partial_64.o ../lib/memcpy_64.o ../entry/thunk_64.o +subarch-y = ../lib/csum-partial_64.o ../lib/memcpy_64.o ../entry/thunk_64.o \ + ../lib/memmove_64.o ../lib/memset_64.o endif diff --git a/arch/x86/um/vdso/Makefile b/arch/x86/um/vdso/Makefile index 5943387e3f35..8c0396fd0e6f 100644 --- a/arch/x86/um/vdso/Makefile +++ b/arch/x86/um/vdso/Makefile @@ -3,6 +3,9 @@ # Building vDSO images for x86. # +# do not instrument on vdso because KASAN is not compatible with user mode +KASAN_SANITIZE := n + # Prevents link failures: __sanitizer_cov_trace_pc() is not linked in. KCOV_INSTRUMENT := n diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index a4f07de21771..0e3648b603a6 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -295,9 +295,22 @@ int kasan_populate_vmalloc(unsigned long addr, unsigned long size) return 0; shadow_start = (unsigned long)kasan_mem_to_shadow((void *)addr); - shadow_start = ALIGN_DOWN(shadow_start, PAGE_SIZE); shadow_end = (unsigned long)kasan_mem_to_shadow((void *)addr + size); - shadow_end = ALIGN(shadow_end, PAGE_SIZE); + + /* + * User Mode Linux maps enough shadow memory for all of virtual memory + * at boot, so doesn't need to allocate more on vmalloc, just clear it. + * + * The remaining CONFIG_UML checks in this file exist for the same + * reason. + */ + if (IS_ENABLED(CONFIG_UML)) { + __memset((void *)shadow_start, KASAN_VMALLOC_INVALID, shadow_end - shadow_start); + return 0; + } + + shadow_start = PAGE_ALIGN_DOWN(shadow_start); + shadow_end = PAGE_ALIGN(shadow_end); ret = apply_to_page_range(&init_mm, shadow_start, shadow_end - shadow_start, @@ -466,6 +479,10 @@ void kasan_release_vmalloc(unsigned long start, unsigned long end, if (shadow_end > shadow_start) { size = shadow_end - shadow_start; + if (IS_ENABLED(CONFIG_UML)) { + __memset(shadow_start, KASAN_SHADOW_INIT, shadow_end - shadow_start); + return; + } apply_to_existing_page_range(&init_mm, (unsigned long)shadow_start, size, kasan_depopulate_vmalloc_pte, @@ -531,6 +548,11 @@ int kasan_alloc_module_shadow(void *addr, size_t size, gfp_t gfp_mask) if (WARN_ON(!PAGE_ALIGNED(shadow_start))) return -EINVAL; + if (IS_ENABLED(CONFIG_UML)) { + __memset((void *)shadow_start, KASAN_SHADOW_INIT, shadow_size); + return 0; + } + ret = __vmalloc_node_range(shadow_size, 1, shadow_start, shadow_start + shadow_size, GFP_KERNEL, @@ -554,6 +576,9 @@ int kasan_alloc_module_shadow(void *addr, size_t size, gfp_t gfp_mask) void kasan_free_module_shadow(const struct vm_struct *vm) { + if (IS_ENABLED(CONFIG_UML)) + return; + if (vm->flags & VM_KASAN) vfree(kasan_mem_to_shadow(vm->addr)); }