[PATCH 0/5 v11] KASan for Arm

Ard Biesheuvel ardb at kernel.org
Tue Jun 30 17:41:16 EDT 2020 

On Tue, 30 Jun 2020 at 15:39, Linus Walleij <linus.walleij at linaro.org> wrote:
>
> This is the v11 version of the KASan patches for ARM.
>
> The main changes from the v10 version is:
>
> - LPAE now compiles and works again, at least Versatile Express
>   Cortex A15 TC1 in QEMU (which is the LPAE system I have
>   access to).
>
> - Rewrite some of the page directory initialization after
>   helpful feedback from Mike Rapoport and Russell King.
>
> Also minor improvements to commit messages and comments
> in the code so it is clear (for most cases I hope) why
> some ifdefs etc are there.
>
> All tested platforms from ARMv4 thru ARMv7 work fine. I
> have not been able to re-test with the Qualcomm DragonBoard
> APQ8060 yet, but I suspect the problem there is that the
> DT parser code reaches out into non-kernel memory and
> needs some de-instrumentation, possibly combined with the
> memory holding the device tree getting corrupted or reused
> before we have a chance to parse it.
>
> Abbott Liu (1):
>   ARM: Define the virtual space of KASan's shadow region
>
> Andrey Ryabinin (3):
>   ARM: Disable KASan instrumentation for some code
>   ARM: Replace string mem* functions for KASan
>   ARM: Enable KASan for ARM
>
> Linus Walleij (1):
>   ARM: Initialize the mapping of KASan shadow memory
>

Hi,

I needed the changes below to make this work on a 16 core GICv3
QEMU/KVM vm with 8 GB of RAM

Without masking start, I get a strange error where kasan_alloc_block()
runs out of memory, probably because one of the do..while stop
conditions fails to trigger and we loop until we run out of lowmem.

The TLB flush is really essential to make any of these page table
modifications take effect right away, and strange things can happen if
you don't. I also saw a crash in the DT unflatten code without this
change, but that is probably because it is simply the code that runs
immediately after.

If you see anything like

Unable to handle kernel paging request at virtual address b744077c
[b744077c] *pgd=80000040206003, *pmd=6abf5003, *pte=c000006abb471f

where the CPU faults on an address that appears to have a valid
mapping at each level, it means that the page table walker was using a
stale TLB entry to do the translation, triggered a fault and when we
look at the page tables in software, everything looks like it is
supposed to.




diff --git a/arch/arm/mm/kasan_init.c b/arch/arm/mm/kasan_init.c
index 535dce42e59d..b457922f8a48 100644
--- a/arch/arm/mm/kasan_init.c
+++ b/arch/arm/mm/kasan_init.c
@@ -209,7 +209,7 @@ static int __init create_mapping(unsigned long
start, unsigned long end,
                                int node)
 {
        pr_info("populating shadow for %lx, %lx\n", start, end);
-       kasan_pgd_populate(start, end, NUMA_NO_NODE, false);
+       kasan_pgd_populate(start & PAGE_MASK, end, NUMA_NO_NODE, false);
        return 0;
 }

@@ -281,6 +281,7 @@ void __init kasan_init(void)
                        pfn_pte(virt_to_pfn(kasan_early_shadow_page),
                                __pgprot(pgprot_val(PAGE_KERNEL)
                                        | L_PTE_RDONLY)));
+       local_flush_tlb_all();
        memset(kasan_early_shadow_page, 0, PAGE_SIZE);
        cpu_switch_mm(swapper_pg_dir, &init_mm);
        pr_info("Kernel address sanitizer initialized\n");



>  Documentation/arm/memory.rst                  |   5 +
>  Documentation/dev-tools/kasan.rst             |   4 +-
>  .../features/debug/KASAN/arch-support.txt     |   2 +-
>  arch/arm/Kconfig                              |  10 +
>  arch/arm/boot/compressed/Makefile             |   1 +
>  arch/arm/boot/compressed/string.c             |  19 ++
>  arch/arm/include/asm/kasan.h                  |  32 ++
>  arch/arm/include/asm/kasan_def.h              |  81 +++++
>  arch/arm/include/asm/memory.h                 |   5 +
>  arch/arm/include/asm/pgalloc.h                |   8 +-
>  arch/arm/include/asm/string.h                 |  21 ++
>  arch/arm/include/asm/thread_info.h            |   8 +
>  arch/arm/include/asm/uaccess-asm.h            |   2 +-
>  arch/arm/kernel/entry-armv.S                  |   3 +-
>  arch/arm/kernel/entry-common.S                |   9 +-
>  arch/arm/kernel/head-common.S                 |   7 +-
>  arch/arm/kernel/setup.c                       |   2 +
>  arch/arm/kernel/unwind.c                      |   6 +-
>  arch/arm/lib/memcpy.S                         |   3 +
>  arch/arm/lib/memmove.S                        |   5 +-
>  arch/arm/lib/memset.S                         |   3 +
>  arch/arm/mm/Makefile                          |   5 +
>  arch/arm/mm/kasan_init.c                      | 288 ++++++++++++++++++
>  arch/arm/mm/mmu.c                             |  18 ++
>  arch/arm/mm/pgd.c                             |  16 +-
>  arch/arm/vdso/Makefile                        |   2 +
>  26 files changed, 551 insertions(+), 14 deletions(-)
>  create mode 100644 arch/arm/include/asm/kasan.h
>  create mode 100644 arch/arm/include/asm/kasan_def.h
>  create mode 100644 arch/arm/mm/kasan_init.c
>
> --
> 2.25.4
>

More information about the linux-arm-kernel mailing list