On Thu, Apr 12, 2018 at 7:20 PM, Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx> wrote: >> 1. Tag memory with a random tag in kasan_alloc_pages() and returned a >> tagged pointer from pagealloc. > > Tag memory with a random tag in kasan_alloc_pages() and store that tag in page struct (that part is also in kasan_alloc_pages()). > page_address(page) will retrieve that tag from struct page to return tagged address. > > I've no idea what do you mean by "returning a tagged pointer from pagealloc". > Once again, the page allocator (__alloc_pages_nodemask()) returns pointer to *struct page*, > not the address in the linear mapping where is that page mapped (or not mapped at all if this is highmem). > One have to call page_address()/kmap() to use that page. Ah, that's what I've been missing. OK, I'll do that. Thanks! > > >> 2. Restore the tag for the pointers returned from page_address for >> !PageSlab() pages. >> > > Right. > >> 3. Set the tag to 0xff for the pointers returned from page_address for >> PageSlab() pages. >> > > Right. > >> Is this correct? >> >> In 2 instead of storing the tag in page_struct, we can just recover it >> from the shadow memory that corresponds to that page. What do you >> think about this? > > Sounds ok. Don't see any problem with that. > >
