On Tue, Mar 13, 2018 at 4:05 PM, 'Alexander Potapenko' via kasan-dev
<kasan-dev@xxxxxxxxxxxxxxxx> wrote:
> On Fri, Mar 2, 2018 at 8:44 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
>> void *kasan_kmalloc_large(const void *ptr, size_t size, gfp_t flags)
>> {
>> - return (void *)ptr;
>> + unsigned long redzone_start, redzone_end;
>> + u8 tag;
>> + struct page *page;
>> +
>> + if (!READ_ONCE(khwasan_enabled))
>> + return (void *)ptr;
>> +
>> + if (unlikely(ptr == NULL))
>> + return NULL;
>> +
>> + page = virt_to_page(ptr);
>> + redzone_start = round_up((unsigned long)(ptr + size),
>> + KASAN_SHADOW_SCALE_SIZE);
>> + redzone_end = (unsigned long)ptr + (PAGE_SIZE << compound_order(page));
>> +
>> + tag = khwasan_random_tag();
>> + kasan_poison_shadow(ptr, redzone_start - (unsigned long)ptr, tag);
>> + kasan_poison_shadow((void *)redzone_start, redzone_end - redzone_start,
>> + khwasan_random_tag());
> Am I understanding right that the object and the redzone may receive
> identical tags here?
Correct.
> Does it make sense to generate the redzone tag from the object tag
> (e.g. by addding 1 to it)?
Yes, I think so, will do!
