[PATCH 0/5 v11] KASan for Arm

Linus Walleij linus.walleij at linaro.org
Mon Jul 6 09:08:13 EDT 2020 

On Thu, Jul 2, 2020 at 1:03 AM Ard Biesheuvel <ardb at kernel.org> wrote:
> Florian:
> > Not that I can think of, the memory is mapped at PA 0x0000_0000 all the
> > way to 0xbfff_ffff and then all other memory is mapped at PA
> > 0x1_0000_0000 and aboved.
>
> OK, so assuming kasan_early_init() backs the entire shadow region with
> zero pages correctly, we are losing the mapping somewhere between
> there and kasan_init(), and there are quite a number of
> create_mapping() calls in the meantime.
>
> So if you have cycles to spend on this, do you mind instrumenting
> create_mapping() and see whether any of the ranges that are
> (re`)mapped come within 2 MB of bc800000-bc9fffff?

Hm. What I can think of is this code I have introduced in one
of the patches:

+#ifdef CONFIG_KASAN
+       /*
+        * KASan's shadow memory inserts itself between the TASK_SIZE
+        * and MODULES_VADDR. Do not clear the KASan shadow memory mappings.
+        */
+       for (addr = 0; addr < KASAN_SHADOW_START; addr += PMD_SIZE)
+               pmd_clear(pmd_off_k(addr));
+       /*
+        * Skip over the KASan shadow area. KASAN_SHADOW_END is sometimes
+        * equal to MODULES_VADDR and then we exit the pmd clearing. If we
+        * are using a thumb-compiled kernel, there there will be 8MB more
+        * to clear as KASan always offset to 16 MB below MODULES_VADDR.
+        */
+       for (addr = KASAN_SHADOW_END; addr < MODULES_VADDR; addr += PMD_SIZE)
+               pmd_clear(pmd_off_k(addr));
+#else
        for (addr = 0; addr < MODULES_VADDR; addr += PMD_SIZE)
                pmd_clear(pmd_off_k(addr));
+#endif

If you just augment this to clear the pmd:s for all the memory including the
8 MB not utilized when using thumb, what happens?

I.e. just delete the special case for CONFIG_KASAN with al ifdef and else
endif and have it be:

       for (addr = 0; addr < MODULES_VADDR; addr += PMD_SIZE)
               pmd_clear(pmd_off_k(addr));

This is what the patch used to look like but I introduced that this "hole" be
skipped over, maybe something is using it?

Yours,
Linus Walleij

More information about the linux-arm-kernel mailing list