On 01/30/2015 02:13 AM, Andrew Morton wrote:
> On Thu, 29 Jan 2015 18:12:01 +0300 Andrey Ryabinin <a.ryabinin@xxxxxxxxxxx> wrote:
>
>> This feature let us to detect accesses out of bounds
>> of global variables.
>
> global variables *within modules*, I think? More specificity needed here.
Within modules and within kernel image. Handling modules just the most
tricky part of this.
>
>> The idea of this is simple. Compiler increases each global variable
>> by redzone size and add constructors invoking __asan_register_globals()
>> function. Information about global variable (address, size,
>> size with redzone ...) passed to __asan_register_globals() so we could
>> poison variable's redzone.
>>
>> This patch also forces module_alloc() to return 8*PAGE_SIZE aligned
>> address making shadow memory handling ( kasan_module_alloc()/kasan_module_free() )
>> more simple. Such alignment guarantees that each shadow page backing
>> modules address space correspond to only one module_alloc() allocation.
>>
>> ...
>>
>> +int kasan_module_alloc(void *addr, size_t size)
>> +{
>> +
>> + size_t shadow_size = round_up(size >> KASAN_SHADOW_SCALE_SHIFT,
>> + PAGE_SIZE);
>> + unsigned long shadow_start = kasan_mem_to_shadow((unsigned long)addr);
>> + void *ret;
>
> Like this:
>
> size_t shadow_size;
> unsigned long shadow_start;
> void *ret;
>
> shadow_size = round_up(size >> KASAN_SHADOW_SCALE_SHIFT, PAGE_SIZE);
> shadow_start = kasan_mem_to_shadow((unsigned long)addr);
>
> it's much easier to read and avoids the 80-column trickery.
>
> I do suspect that
>
> void *kasan_mem_to_shadow(const void *addr);
>
> would clean up lots and lots of code.
>
Agreed.
>> + if (WARN_ON(!PAGE_ALIGNED(shadow_start)))
>> + return -EINVAL;
>> +
>> + ret = __vmalloc_node_range(shadow_size, 1, shadow_start,
>> + shadow_start + shadow_size,
>> + GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO,
>> + PAGE_KERNEL, VM_NO_GUARD, NUMA_NO_NODE,
>> + __builtin_return_address(0));
>> + return ret ? 0 : -ENOMEM;
>> +}
>> +
>>
>> ...
>>
>> +struct kasan_global {
>> + const void *beg; /* Address of the beginning of the global variable. */
>> + size_t size; /* Size of the global variable. */
>> + size_t size_with_redzone; /* Size of the variable + size of the red zone. 32 bytes aligned */
>> + const void *name;
>> + const void *module_name; /* Name of the module where the global variable is declared. */
>> + unsigned long has_dynamic_init; /* This needed for C++ */
>
> This can be removed?
>
No, compiler dictates layout of this struct. That probably deserves a comment.
>> +#if KASAN_ABI_VERSION >= 4
>> + struct kasan_source_location *location;
>> +#endif
>> +};
>>
>> ...
>>
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
