• Mark Rutland's avatar
    arm64: mm: log potential KASAN shadow alias · 07b742a4
    Mark Rutland authored
    When the kernel is built with KASAN_GENERIC or KASAN_SW_TAGS, shadow
    memory is allocated and mapped for all legitimate kernel addresses, and
    prior to a regular memory access instrumentation will read from the
    corresponding shadow address.
    
    Due to the way memory addresses are converted to shadow addresses, bogus
    pointers (e.g. NULL) can generate shadow addresses out of the bounds of
    allocated shadow memory. For example, with KASAN_GENERIC and 48-bit VAs,
    NULL would have a shadow address of dfff800000000000, which falls
    between the TTBR ranges.
    
    To make such cases easier to debug, this patch makes die_kernel_fault()
    dump the real memory address range for any potential KASAN shadow access
    using kasan_non_canonical_hook(), which results in fault information as
    below when KASAN is enabled:
    
    | Unable to handle kernel paging request at virtual address dfff800000000017
    | KASAN: null-ptr-deref in range [0x00000000000000b8-0x00000000000000bf]
    | Mem abort info:
    |   ESR = 0x96000004
    |   EC = 0x25: DABT (current EL), IL = 32 bits
    |   SET = 0, FnV = 0
    |   EA = 0, S1PTW = 0
    |   FSC = 0x04: level 0 translation fault
    | Data abort info:
    |   ISV = 0, ISS = 0x00000004
    |   CM = 0, WnR = 0
    | [dfff800000000017] address between user and kernel address ranges
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    Cc: Alexander Potapenko <glider@google.com>
    Cc: Andrey Konovalov <andreyknvl@gmail.com>
    Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
    Cc: Dmitry Vyukov <dvyukov@google.com>
    Cc: Will Deacon <will@kernel.org>
    Tested-by: default avatarAndrey Konovalov <andreyknvl@gmail.com>
    Acked-by: default avatarWill Deacon <will@kernel.org>
    Link: https://lore.kernel.org/r/20211207183226.834557-3-mark.rutland@arm.comSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    07b742a4
fault.c 26.4 KB