mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-16 05:26:07 +00:00
611806b4bf
The currently existing kasan_check_read/write() annotations are intended to be used for kernel modules that have KASAN compiler instrumentation disabled. Thus, they are only relevant for the software KASAN modes that rely on compiler instrumentation. However there's another use case for these annotations: ksize() checks that the object passed to it is indeed accessible before unpoisoning the whole object. This is currently done via __kasan_check_read(), which is compiled away for the hardware tag-based mode that doesn't rely on compiler instrumentation. This leads to KASAN missing detecting some memory corruptions. Provide another annotation called kasan_check_byte() that is available for all KASAN modes. As the implementation rename and reuse kasan_check_invalid_free(). Use this new annotation in ksize(). To avoid having ksize() as the top frame in the reported stack trace pass _RET_IP_ to __kasan_check_byte(). Also add a new ksize_uaf() test that checks that a use-after-free is detected via ksize() itself, and via plain accesses that happen later. Link: https://linux-review.googlesource.com/id/Iaabf771881d0f9ce1b969f2a62938e99d3308ec5 Link: https://lkml.kernel.org/r/f32ad74a60b28d8402482a38476f02bb7600f620.1610733117.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Marco Elver <elver@google.com> Reviewed-by: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Branislav Rankov <Branislav.Rankov@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgenii Stepanov <eugenis@google.com> Cc: Kevin Brodsky <kevin.brodsky@arm.com> Cc: Peter Collingbourne <pcc@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Will Deacon <will.deacon@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
51 lines
1.5 KiB
C
51 lines
1.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_KASAN_CHECKS_H
|
|
#define _LINUX_KASAN_CHECKS_H
|
|
|
|
#include <linux/types.h>
|
|
|
|
/*
|
|
* The annotations present in this file are only relevant for the software
|
|
* KASAN modes that rely on compiler instrumentation, and will be optimized
|
|
* away for the hardware tag-based KASAN mode. Use kasan_check_byte() instead.
|
|
*/
|
|
|
|
/*
|
|
* __kasan_check_*: Always available when KASAN is enabled. This may be used
|
|
* even in compilation units that selectively disable KASAN, but must use KASAN
|
|
* to validate access to an address. Never use these in header files!
|
|
*/
|
|
#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
|
|
bool __kasan_check_read(const volatile void *p, unsigned int size);
|
|
bool __kasan_check_write(const volatile void *p, unsigned int size);
|
|
#else
|
|
static inline bool __kasan_check_read(const volatile void *p, unsigned int size)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool __kasan_check_write(const volatile void *p, unsigned int size)
|
|
{
|
|
return true;
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* kasan_check_*: Only available when the particular compilation unit has KASAN
|
|
* instrumentation enabled. May be used in header files.
|
|
*/
|
|
#ifdef __SANITIZE_ADDRESS__
|
|
#define kasan_check_read __kasan_check_read
|
|
#define kasan_check_write __kasan_check_write
|
|
#else
|
|
static inline bool kasan_check_read(const volatile void *p, unsigned int size)
|
|
{
|
|
return true;
|
|
}
|
|
static inline bool kasan_check_write(const volatile void *p, unsigned int size)
|
|
{
|
|
return true;
|
|
}
|
|
#endif
|
|
|
|
#endif
|