Re: [PATCH v6 1/1] x86_64: fix KASan shadow region page tables
From: Borislav Petkov
Date: Fri Jun 19 2015 - 10:06:39 EST
On Fri, Jun 19, 2015 at 04:00:51PM +0200, Ingo Molnar wrote:
> It should also printk a one line message at bootup, so that people can
> be sure they are running a KASan-enabled kernel.
Yeah, especially if it slows down teh kernel by orders of magnitude.
In any case, here's what it says in the guest:
[ 117.061393] kasan test: kmalloc_oob_right out-of-bounds to right
[ 117.067973] ==================================================================
[ 117.071656] BUG: KASan: out of bounds access in kmalloc_oob_right+0x65/0x75 [test_kasan] at addr ffff88006816915b
[ 117.071656] Write of size 1 by task insmod/3942
[ 117.071656] =============================================================================
[ 117.071656] BUG kmalloc-128 (Not tainted): kasan: bad access detected
[ 117.071656] -----------------------------------------------------------------------------
[ 117.071656]
[ 117.071656] Disabling lock debugging due to kernel taint
[ 117.071656] INFO: Allocated in kmalloc_oob_right+0x3d/0x75 [test_kasan] age=5 cpu=1 pid=3942
[ 117.071656] __slab_alloc.isra.60.constprop.62+0x4c4/0x5e0
[ 117.071656] kmem_cache_alloc_trace+0x167/0x330
[ 117.071656] kmalloc_oob_right+0x3d/0x75 [test_kasan]
[ 117.071656] kmalloc_tests_init+0x9/0x51 [test_kasan]
[ 117.071656] do_one_initcall+0xb1/0x220
[ 117.071656] do_init_module+0xf7/0x2f8
[ 117.071656] load_module+0x2fe7/0x3e00
[ 117.071656] SyS_init_module+0x10d/0x120
[ 117.071656] system_call_fastpath+0x16/0x73
[ 117.071656] INFO: Freed in rcu_process_callbacks+0x3d3/0xd90 age=1511 cpu=6 pid=0
[ 117.071656] __slab_free+0x433/0x610
[ 117.071656] kfree+0x279/0x380
[ 117.071656] rcu_process_callbacks+0x3d3/0xd90
[ 117.071656] __do_softirq+0x154/0x7b0
[ 117.071656] irq_exit+0xba/0xe0
[ 117.071656] smp_apic_timer_interrupt+0x6a/0x80
[ 117.071656] apic_timer_interrupt+0x6d/0x80
[ 117.071656] arch_cpu_idle+0xf/0x20
[ 117.071656] cpu_startup_entry+0x5f1/0x7a0
[ 117.071656] start_secondary+0x21d/0x230
[ 117.071656] INFO: Slab 0xffffea0001a05a00 objects=37 used=31 fp=0xffff880068169290 flags=0x4000000000004080
[ 117.071656] INFO: Object 0xffff8800681690e0 @offset=4320 fp=0xffff88006816a880
[ 117.071656]
[ 117.071656] Bytes b4 ffff8800681690d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 117.071656] Object ffff8800681690e0: 80 a8 16 68 00 88 ff ff ff ff ff ff 00 00 00 00 ...h............
[ 117.071656] Object ffff8800681690f0: ff ff ff ff ff ff ff ff c0 f2 01 83 ff ff ff ff ................
[ 117.071656] Object ffff880068169100: 60 91 87 82 ff ff ff ff 00 00 00 00 00 00 00 00 `...............
[ 117.071656] Object ffff880068169110: 05 0a c4 81 ff ff ff ff 06 00 00 00 1c 00 1b 00 ................
[ 117.071656] Object ffff880068169120: 74 d6 0d 81 ff ff ff ff 28 91 16 68 00 88 ff ff t.......(..h....
[ 117.071656] Object ffff880068169130: 28 91 16 68 00 88 ff ff 00 00 00 00 00 00 00 00 (..h............
[ 117.071656] Object ffff880068169140: 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 ........`.......
[ 117.071656] Object ffff880068169150: 00 00 00 00 40 00 38 00 07 00 40 00 18 00 17 00 ....@.8...@.....
[ 117.071656] CPU: 1 PID: 3942 Comm: insmod Tainted: G B 4.1.0-rc8+ #3
[ 117.071656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 117.071656] 0000000000000001 ffff880061c77a28 ffffffff819af359 00000000000001b0
[ 117.071656] ffff88006ac07800 ffff880061c77a58 ffffffff8121280d ffff88006ac07800
[ 117.071656] ffffea0001a05a00 ffff8800681690e0 ffffffffa0008765 ffff880061c77a88
[ 117.071656] Call Trace:
[ 117.071656] [<ffffffff819af359>] dump_stack+0x4f/0x7b
[ 117.071656] [<ffffffff8121280d>] print_trailer+0xfd/0x160
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffff81218501>] object_err+0x41/0x50
[ 117.071656] [<ffffffff8121a4b8>] kasan_report_error+0x1e8/0x410
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffff8121ab90>] kasan_report+0x40/0x50
[ 117.071656] [<ffffffffa0008111>] ? kmalloc_oob_right+0x65/0x75 [test_kasan]
[ 117.071656] [<ffffffff81219c54>] __asan_store1+0x54/0x80
[ 117.071656] [<ffffffffa0008765>] ? kmem_cache_oob+0xbc/0xbc [test_kasan]
[ 117.071656] [<ffffffffa0008111>] kmalloc_oob_right+0x65/0x75 [test_kasan]
[ 117.071656] [<ffffffffa000876e>] kmalloc_tests_init+0x9/0x51 [test_kasan]
[ 117.071656] [<ffffffff81000301>] do_one_initcall+0xb1/0x220
[ 117.071656] [<ffffffff81219d19>] ? kasan_kmalloc+0x49/0x50
[ 117.071656] [<ffffffff812170f6>] ? kmem_cache_alloc_trace+0x106/0x330
[ 117.071656] [<ffffffff819ae865>] ? do_init_module+0x3b/0x2f8
[ 117.071656] [<ffffffff819ae921>] do_init_module+0xf7/0x2f8
[ 117.071656] [<ffffffff8114aa37>] load_module+0x2fe7/0x3e00
[ 117.071656] [<ffffffff811454d0>] ? store_uevent+0x50/0x50
[ 117.071656] [<ffffffff8114b95d>] SyS_init_module+0x10d/0x120
[ 117.071656] [<ffffffff819ba31b>] system_call_fastpath+0x16/0x73
[ 117.071656] Memory state around the buggy address:
[ 117.071656] ffff880068169000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ffff880068169080: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
[ 117.071656] >ffff880068169100: 00 00 00 00 00 00 00 00 00 00 00 03 fc fc fc fc
[ 117.071656] ^
[ 117.071656] ffff880068169180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ffff880068169200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 117.071656] ==================================================================
...
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at http://www.tux.org/lkml/