On Fri, Jan 15, 2021 at 2:18 PM Marco Elver <elver@xxxxxxxxxx> wrote: > > On Thu, Jan 14, 2021 at 08:36PM +0100, Andrey Konovalov wrote: > > The currently existing kasan_check_read/write() annotations are intended > > to be used for kernel modules that have KASAN compiler instrumentation > > disabled. Thus, they are only relevant for the software KASAN modes that > > rely on compiler instrumentation. > > > > However there's another use case for these annotations: ksize() checks > > that the object passed to it is indeed accessible before unpoisoning the > > whole object. This is currently done via __kasan_check_read(), which is > > compiled away for the hardware tag-based mode that doesn't rely on > > compiler instrumentation. This leads to KASAN missing detecting some > > memory corruptions. > > > > Provide another annotation called kasan_check_byte() that is available > > for all KASAN modes. As the implementation rename and reuse > > kasan_check_invalid_free(). Use this new annotation in ksize(). > > To avoid having ksize() as the top frame in the reported stack trace > > pass _RET_IP_ to __kasan_check_byte(). > > > > Also add a new ksize_uaf() test that checks that a use-after-free is > > detected via ksize() itself, and via plain accesses that happen later. > > > > Link: https://linux-review.googlesource.com/id/Iaabf771881d0f9ce1b969f2a62938e99d3308ec5 > > Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > > Reviewed-by: Marco Elver <elver@xxxxxxxxxx> Reviewed-by: Alexander Potapenko <glider@xxxxxxxxxx>
