On Thu, 10 Sep 2020 at 17:48, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote: > > On Thu, Sep 10, 2020 at 5:06 PM Marco Elver <elver@xxxxxxxxxx> wrote: > > > On Mon, Sep 7, 2020 at 3:41 PM Marco Elver <elver@xxxxxxxxxx> wrote: > > > > +config KFENCE_NUM_OBJECTS > > > > + int "Number of guarded objects available" > > > > + default 255 > > > > + range 1 65535 > > > > + help > > > > + The number of guarded objects available. For each KFENCE object, 2 > > > > + pages are required; with one containing the object and two adjacent > > > > + ones used as guard pages. > > > > > > Hi Marco, > > > > > > Wonder if you tested build/boot with KFENCE_NUM_OBJECTS=65535? Can a > > > compiler create such a large object? > > > > Indeed, I get a "ld: kernel image bigger than KERNEL_IMAGE_SIZE". > > Let's lower it to something more reasonable. > > > > The main reason to have the limit is to constrain random configs and > > avoid the inevitable error reports. > > > > > > +config KFENCE_FAULT_INJECTION > > > > + int "Fault injection for stress testing" > > > > + default 0 > > > > + depends on EXPERT > > > > + help > > > > + The inverse probability with which to randomly protect KFENCE object > > > > + pages, resulting in spurious use-after-frees. The main purpose of > > > > + this option is to stress-test KFENCE with concurrent error reports > > > > + and allocations/frees. A value of 0 disables fault injection. > > > > > > I would name this differently. "FAULT_INJECTION" is already taken for > > > a different thing, so it's a bit confusing. > > > KFENCE_DEBUG_SOMETHING may be a better name. > > > It would also be good to make it very clear in the short description > > > that this is for testing of KFENCE itself. When I configure syzbot I > > > routinely can't figure out if various DEBUG configs detect user > > > errors, or enable additional unit tests, or something else. > > > > Makes sense, we'll change the name. > > > > > Maybe it should depend on DEBUG_KERNEL as well? > > > > EXPERT selects DEBUG_KERNEL, so depending on DEBUG_KERNEL doesn't make sense. > > > > > > +/* > > > > + * Get the canary byte pattern for @addr. Use a pattern that varies based on the > > > > + * lower 3 bits of the address, to detect memory corruptions with higher > > > > + * probability, where similar constants are used. > > > > + */ > > > > +#define KFENCE_CANARY_PATTERN(addr) ((u8)0xaa ^ (u8)((unsigned long)addr & 0x7)) > > > > > > (addr) in macro body > > > > Done for v2. > > > > > > + seq_con_printf(seq, > > > > + "kfence-#%zd [0x" PTR_FMT "-0x" PTR_FMT > > > > > > PTR_FMT is only used in this file, should it be declared in report.c? > > > > It's also used by the test. > > > > > Please post example reports somewhere. It's hard to figure out all > > > details of the reporting/formatting. > > > > They can be seen in Documentation added later in the series (also > > viewable here: https://github.com/google/kasan/blob/kfence/Documentation/dev-tools/kfence.rst) > > > Looking at the first report. I got impression we are trying to skip > __kfence frames, but this includes it: > > kfence-#17 [0xffffffffb672f000-0xffffffffb672f01f, size=32, > cache=kmalloc-32] allocated in: > __kfence_alloc+0x42d/0x4c0 > __kmalloc+0x133/0x200 > > Is it working as intended? We're not skipping them for the allocation/free stacks. We can skip the kfence+kmalloc frame as well.
