Kasan advanced check, I'm going to add this feature. Currently Kasan provide the detection of use-after-free and out-of-bounds problems. It is not able to find the overwrite-on-allocated-memory issue. We sometimes hit this kind of issue: We have a messed up structure (usually dynamially allocated), some of the fields in the structure were overwritten with unreasaonable values. And kernel may panic due to those overeritten values. We know those fields were overwritten somehow, but we have no easy way to find out which path did the overwritten. The advanced check wants to help in this scenario. The idea is to define the memory owner. When write accesses come from non-owner, error should be reported. Normally the write accesses on a given structure happen in only several or a dozen of functions if the structure is not that complicated. We call those functions "allowed functions". The work of defining the owner and binding memory to owner is expected to be done by the memory consumer. In the above case, memory consume register the owner as the functions which have write accesses to the structure then bind all the structures to the owner. Then kasan will do the "owner check" after the basic checks. As implementation, kasan provides a API to it's user to register their allowed functions. The API returns a token to users. At run time, users bind the memory ranges they are interested in to the check they registered. Kasan then checks the bound memory ranges with the allowed functions. Signed-off-by: Wengang Wang <wen.gang.wang@xxxxxxxxxx> 0001-mm-kasan-make-space-in-shadow-bytes-for-advanced-che.patch 0002-mm-kasan-pass-access-mode-to-poison-check-functions.patch 0003-mm-kasan-do-advanced-check.patch 0004-mm-kasan-register-check-and-bind-it-to-memory.patch 0005-mm-kasan-add-advanced-check-test-case.patch include/linux/kasan.h | 16 ++ lib/test_kasan.c | 73 ++++++++++++ mm/kasan/kasan.c | 292 +++++++++++++++++++++++++++++++++++++++++++------- mm/kasan/kasan.h | 42 +++++++ mm/kasan/report.c | 44 ++++++- 5 files changed, 424 insertions(+), 43 deletions(-) -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
