mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 06:33:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/include
History
Haibo Li 4e14f2d588 kasan: print the original fault addr when access invalid shadow 
commit babddbfb7d upstream.

when the checked address is illegal,the corresponding shadow address from
kasan_mem_to_shadow may have no mapping in mmu table.  Access such shadow
address causes kernel oops.  Here is a sample about oops on arm64(VA
39bit) with KASAN_SW_TAGS and KASAN_OUTLINE on:

[ffffffb80aaaaaaa] pgd=000000005d3ce003, p4d=000000005d3ce003,
    pud=000000005d3ce003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 3 PID: 100 Comm: sh Not tainted 6.6.0-rc1-dirty #43
Hardware name: linux,dummy-virt (DT)
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __hwasan_load8_noabort+0x5c/0x90
lr : do_ib_ob+0xf4/0x110
ffffffb80aaaaaaa is the shadow address for efffff80aaaaaaaa.
The problem is reading invalid shadow in kasan_check_range.

The generic kasan also has similar oops.

It only reports the shadow address which causes oops but not
the original address.

Commit 2f004eea0fc8("x86/kasan: Print original address on #GP")
introduce to kasan_non_canonical_hook but limit it to KASAN_INLINE.

This patch extends it to KASAN_OUTLINE mode.

Link: https://lkml.kernel.org/r/20231009073748.159228-1-haibo.li@mediatek.com
Fixes: 2f004eea0fc8("x86/kasan: Print original address on #GP")
Signed-off-by: Haibo Li <haibo.li@mediatek.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Haibo Li <haibo.li@mediatek.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-11-08 17:26:40 +01:00
..
acpi ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error 2023-07-23 13:47:18 +02:00
asm-generic word-at-a-time: use the same return type for has_zero regardless of endianness 2023-08-11 15:13:49 +02:00
clocksource
crypto crypto: api - Use work queue in crypto_destroy_instance 2023-09-19 12:22:33 +02:00
drm drm/display/dp: Fix the DP DSC Receiver cap size 2023-08-30 16:18:19 +02:00
dt-bindings
keys KEYS: trusted: allow use of kernel RNG for key material 2023-10-19 23:05:33 +02:00
kunit
kvm
linux kasan: print the original fault addr when access invalid shadow 2023-11-08 17:26:40 +01:00
math-emu
media media: v4l2-mem2mem: add lock to protect parameter num_rdy 2023-08-26 14:23:23 +02:00
memory
misc
net tcp: cleanup tcp_remove_empty_skb() use 2023-11-08 17:26:35 +01:00
pcmcia
ras
rdma RDMA/cma: Always set static rate to 0 for RoCE 2023-06-21 15:59:17 +02:00
scsi scsi: core: Rename scsi_mq_done() into scsi_done() and export it 2023-10-19 23:05:32 +02:00
soc
sound ASoC: soc-pcm: test if a BE can be prepared 2023-06-21 15:59:13 +02:00
target scsi: target: Fix multiple LUN_RESET handling 2023-05-11 23:00:26 +09:00
trace neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section 2023-10-25 11:58:57 +02:00
uapi gtp: uapi: fix GTPA_MAX 2023-11-08 17:26:39 +01:00
vdso
video
xen ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 2023-05-11 23:00:22 +09:00