Re: [PATCH v6 6/9] kfence, kasan: make KFENCE compatible with KASAN
From: Jann Horn
Date: Thu Oct 29 2020 - 22:50:18 EST
On Thu, Oct 29, 2020 at 2:17 PM Marco Elver <elver@xxxxxxxxxx> wrote:
> We make KFENCE compatible with KASAN for testing KFENCE itself. In
> particular, KASAN helps to catch any potential corruptions to KFENCE
> state, or other corruptions that may be a result of freepointer
> corruptions in the main allocators.
>
> To indicate that the combination of the two is generally discouraged,
> CONFIG_EXPERT=y should be set. It also gives us the nice property that
> KFENCE will be build-tested by allyesconfig builds.
>
> Reviewed-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
> Co-developed-by: Marco Elver <elver@xxxxxxxxxx>
> Signed-off-by: Marco Elver <elver@xxxxxxxxxx>
> Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
Reviewed-by: Jann Horn <jannh@xxxxxxxxxx>
with one nit:
[...]
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
[...]
> @@ -141,6 +142,14 @@ void kasan_unpoison_shadow(const void *address, size_t size)
> */
> address = reset_tag(address);
>
> + /*
> + * We may be called from SL*B internals, such as ksize(): with a size
> + * not a multiple of machine-word size, avoid poisoning the invalid
> + * portion of the word for KFENCE memory.
> + */
> + if (is_kfence_address(address))
> + return;
It might be helpful if you could add a comment that explains that
kasan_poison_object_data() does not need a similar guard because
kasan_poison_object_data() is always paired with
kasan_unpoison_object_data() - that threw me off a bit at first.