kasan: report only the first error by default

Disable kasan after the first report. There are several reasons for this: - Single bug quite often has multiple invalid memory accesses causing storm in the dmesg. - Write OOB access might corrupt metadata so the next report will print bogus alloc/free stacktraces. - Reports after the first easily could be not bugs by itself but just side effects of the first one. Given that multiple reports usually only do harm, it makes sense to disable kasan after the first one. If user wants to see all the reports, the boot-time parameter kasan_multi_shot must be used. [aryabinin@virtuozzo.com: wrote changelog and doc, added missing include] Link: http://lkml.kernel.org/r/20170323154416.30257-1-aryabinin@virtuozzo.com Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Andrey Konovalov <andreyknvl@google.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Mark Rutland <mark.rutland@arm.com> 2017-03-31 18:12:04 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-03-31 20:13:30 -0400
commit: b0845ce58379d11dcad4cdb6824a6410de260216 (patch)
tree: f74773a6b97f15de8734c1190f3395375089bf34
parent: 4742a35d9de745e867405b4311e1aac412f0ace1 (diff)
5 files changed, 55 insertions, 5 deletions
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 2ba45caabada..facc20a3f962 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1725,6 +1725,12 @@
                        kernel and module base offset ASLR (Address Space
                        Layout Randomization).
+        kasan_multi_shot
+                        [KNL] Enforce KASAN (Kernel Address Sanitizer) to print
+                        report on every invalid memory access. Without this
+                        parameter KASAN will print report only for the first
+                        invalid access.
        keepinitrd      [HW,ARM]
        kernelcore=     [KNL,X86,IA-64,PPC]
diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index 5734480c9590..a5c7046f26b4 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -76,6 +76,9 @@ size_t ksize(const void *);
 static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); }
 size_t kasan_metadata_size(struct kmem_cache *cache);
+bool kasan_save_enable_multi_shot(void);
+void kasan_restore_multi_shot(bool enabled);
 #else /* CONFIG_KASAN */
 static inline void kasan_unpoison_shadow(const void *address, size_t size) {}
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 0b1d3140fbb8..a25c9763fce1 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -20,6 +20,7 @@
 #include <linux/string.h>
 #include <linux/uaccess.h>
 #include <linux/module.h>
+#include <linux/kasan.h>
 /*
 * Note: test functions are marked noinline so that their names appear in
@@ -474,6 +475,12 @@ static noinline void __init use_after_scope_test(void)
 static int __init kmalloc_tests_init(void)
 {
+        /*
+         * Temporarily enable multi-shot mode. Otherwise, we'd only get a
+         * report for the first case.
+         */
+        bool multishot = kasan_save_enable_multi_shot();
        kmalloc_oob_right();
        kmalloc_oob_left();
        kmalloc_node_oob_right();
@@ -499,6 +506,9 @@ static int __init kmalloc_tests_init(void)
        ksize_unpoisons_memory();
        copy_user_test();
        use_after_scope_test();
+        kasan_restore_multi_shot(multishot);
        return -EAGAIN;
 }
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index 1c260e6b3b3c..dd2dea8eb077 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -96,11 +96,6 @@ static inline const void *kasan_shadow_to_mem(const void *shadow_addr)
                << KASAN_SHADOW_SCALE_SHIFT);
 }
-static inline bool kasan_report_enabled(void)
-{
-        return !current->kasan_depth;
-}
 void kasan_report(unsigned long addr, size_t size,
                bool is_write, unsigned long ip);
 void kasan_report_double_free(struct kmem_cache *cache, void *object,
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index f479365530b6..ab42a0803f16 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -13,7 +13,9 @@
 *
 */
+#include <linux/bitops.h>
 #include <linux/ftrace.h>
+#include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/mm.h>
 #include <linux/printk.h>
@@ -293,6 +295,40 @@ static void kasan_report_error(struct kasan_access_info *info)
        kasan_end_report(&flags);
 }
+static unsigned long kasan_flags;
+#define KASAN_BIT_REPORTED      0
+#define KASAN_BIT_MULTI_SHOT    1
+bool kasan_save_enable_multi_shot(void)
+{
+        return test_and_set_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags);
+}
+EXPORT_SYMBOL_GPL(kasan_save_enable_multi_shot);
+void kasan_restore_multi_shot(bool enabled)
+{
+        if (!enabled)
+                clear_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags);
+}
+EXPORT_SYMBOL_GPL(kasan_restore_multi_shot);
+static int __init kasan_set_multi_shot(char *str)
+{
+        set_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags);
+        return 1;
+}
+__setup("kasan_multi_shot", kasan_set_multi_shot);
+static inline bool kasan_report_enabled(void)
+{
+        if (current->kasan_depth)
+                return false;
+        if (test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))
+                return true;
+        return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags);
+}
 void kasan_report(unsigned long addr, size_t size,
                bool is_write, unsigned long ip)
 {
author	Mark Rutland <mark.rutland@arm.com>	2017-03-31 18:12:04 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-03-31 20:13:30 -0400
commit	b0845ce58379d11dcad4cdb6824a6410de260216 (patch)
tree	f74773a6b97f15de8734c1190f3395375089bf34
parent	4742a35d9de745e867405b4311e1aac412f0ace1 (diff)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 2ba45caabada..facc20a3f962 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -1725,6 +1725,12 @@
1725	kernel and module base offset ASLR (Address Space	1725	kernel and module base offset ASLR (Address Space
1726	Layout Randomization).	1726	Layout Randomization).
1727		1727
		1728	kasan_multi_shot
		1729	[KNL] Enforce KASAN (Kernel Address Sanitizer) to print
		1730	report on every invalid memory access. Without this
		1731	parameter KASAN will print report only for the first
		1732	invalid access.
		1733
1728	keepinitrd [HW,ARM]	1734	keepinitrd [HW,ARM]
1729		1735
1730	kernelcore= [KNL,X86,IA-64,PPC]	1736	kernelcore= [KNL,X86,IA-64,PPC]


diff --git a/include/linux/kasan.h b/include/linux/kasan.h index 5734480c9590..a5c7046f26b4 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h
@@ -76,6 +76,9 @@ size_t ksize(const void *);
76	static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); }	76	static inline void kasan_unpoison_slab(const void *ptr) { ksize(ptr); }
77	size_t kasan_metadata_size(struct kmem_cache *cache);	77	size_t kasan_metadata_size(struct kmem_cache *cache);
78		78
		79	bool kasan_save_enable_multi_shot(void);
		80	void kasan_restore_multi_shot(bool enabled);
		81
79	#else /* CONFIG_KASAN */	82	#else /* CONFIG_KASAN */
80		83
81	static inline void kasan_unpoison_shadow(const void *address, size_t size) {}	84	static inline void kasan_unpoison_shadow(const void *address, size_t size) {}


diff --git a/lib/test_kasan.c b/lib/test_kasan.c index 0b1d3140fbb8..a25c9763fce1 100644 --- a/lib/test_kasan.c +++ b/lib/test_kasan.c
@@ -20,6 +20,7 @@
20	#include <linux/string.h>	20	#include <linux/string.h>
21	#include <linux/uaccess.h>	21	#include <linux/uaccess.h>
22	#include <linux/module.h>	22	#include <linux/module.h>
		23	#include <linux/kasan.h>
23		24
24	/*	25	/*
25	* Note: test functions are marked noinline so that their names appear in	26	* Note: test functions are marked noinline so that their names appear in
@@ -474,6 +475,12 @@ static noinline void __init use_after_scope_test(void)
474		475
475	static int __init kmalloc_tests_init(void)	476	static int __init kmalloc_tests_init(void)
476	{	477	{
		478	/*
		479	* Temporarily enable multi-shot mode. Otherwise, we'd only get a
		480	* report for the first case.
		481	*/
		482	bool multishot = kasan_save_enable_multi_shot();
		483
477	kmalloc_oob_right();	484	kmalloc_oob_right();
478	kmalloc_oob_left();	485	kmalloc_oob_left();
479	kmalloc_node_oob_right();	486	kmalloc_node_oob_right();
@@ -499,6 +506,9 @@ static int __init kmalloc_tests_init(void)
499	ksize_unpoisons_memory();	506	ksize_unpoisons_memory();
500	copy_user_test();	507	copy_user_test();
501	use_after_scope_test();	508	use_after_scope_test();
		509
		510	kasan_restore_multi_shot(multishot);
		511
502	return -EAGAIN;	512	return -EAGAIN;
503	}	513	}
504		514


diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 1c260e6b3b3c..dd2dea8eb077 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h
@@ -96,11 +96,6 @@ static inline const void kasan_shadow_to_mem(const void shadow_addr)
96	<< KASAN_SHADOW_SCALE_SHIFT);	96	<< KASAN_SHADOW_SCALE_SHIFT);
97	}	97	}
98		98
99	static inline bool kasan_report_enabled(void)
100	{
101	return !current->kasan_depth;
102	}
103
104	void kasan_report(unsigned long addr, size_t size,	99	void kasan_report(unsigned long addr, size_t size,
105	bool is_write, unsigned long ip);	100	bool is_write, unsigned long ip);
106	void kasan_report_double_free(struct kmem_cache cache, void object,	101	void kasan_report_double_free(struct kmem_cache cache, void object,


diff --git a/mm/kasan/report.c b/mm/kasan/report.c index f479365530b6..ab42a0803f16 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c
@@ -13,7 +13,9 @@
13	*	13	*
14	*/	14	*/
15		15
		16	#include <linux/bitops.h>
16	#include <linux/ftrace.h>	17	#include <linux/ftrace.h>
		18	#include <linux/init.h>
17	#include <linux/kernel.h>	19	#include <linux/kernel.h>
18	#include <linux/mm.h>	20	#include <linux/mm.h>
19	#include <linux/printk.h>	21	#include <linux/printk.h>
@@ -293,6 +295,40 @@ static void kasan_report_error(struct kasan_access_info *info)
293	kasan_end_report(&flags);	295	kasan_end_report(&flags);
294	}	296	}
295		297
		298	static unsigned long kasan_flags;
		299
		300	#define KASAN_BIT_REPORTED 0
		301	#define KASAN_BIT_MULTI_SHOT 1
		302
		303	bool kasan_save_enable_multi_shot(void)
		304	{
		305	return test_and_set_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags);
		306	}
		307	EXPORT_SYMBOL_GPL(kasan_save_enable_multi_shot);
		308
		309	void kasan_restore_multi_shot(bool enabled)
		310	{
		311	if (!enabled)
		312	clear_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags);
		313	}
		314	EXPORT_SYMBOL_GPL(kasan_restore_multi_shot);
		315
		316	static int __init kasan_set_multi_shot(char *str)
		317	{
		318	set_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags);
		319	return 1;
		320	}
		321	__setup("kasan_multi_shot", kasan_set_multi_shot);
		322
		323	static inline bool kasan_report_enabled(void)
		324	{
		325	if (current->kasan_depth)
		326	return false;
		327	if (test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags))
		328	return true;
		329	return !test_and_set_bit(KASAN_BIT_REPORTED, &kasan_flags);
		330	}
		331
296	void kasan_report(unsigned long addr, size_t size,	332	void kasan_report(unsigned long addr, size_t size,
297	bool is_write, unsigned long ip)	333	bool is_write, unsigned long ip)
298	{	334	{