)]}' { "commit": "55834c59098d0c5a97b0f3247e55832b67facdcf", "tree": "1fc63661f51c68e9b0aac76cb8ae6be3bea85133", "parents": [ "b8f1a75d61d8405a753380c6fb17ba84a5603cd4" ], "author": { "name": "Alexander Potapenko", "email": "glider@google.com", "time": "Fri May 20 16:59:11 2016 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri May 20 17:58:30 2016 -0700" }, "message": "mm: kasan: initial memory quarantine implementation\n\nQuarantine isolates freed objects in a separate queue. The objects are\nreturned to the allocator later, which helps to detect use-after-free\nerrors.\n\nWhen the object is freed, its state changes from KASAN_STATE_ALLOC to\nKASAN_STATE_QUARANTINE. The object is poisoned and put into quarantine\ninstead of being returned to the allocator, therefore every subsequent\naccess to that object triggers a KASAN error, and the error handler is\nable to say where the object has been allocated and deallocated.\n\nWhen it\u0027s time for the object to leave quarantine, its state becomes\nKASAN_STATE_FREE and it\u0027s returned to the allocator. From now on the\nallocator may reuse it for another allocation. Before that happens,\nit\u0027s still possible to detect a use-after free on that object (it\nretains the allocation/deallocation stacks).\n\nWhen the allocator reuses this object, the shadow is unpoisoned and old\nallocation/deallocation stacks are wiped. Therefore a use of this\nobject, even an incorrect one, won\u0027t trigger ASan warning.\n\nWithout the quarantine, it\u0027s not guaranteed that the objects aren\u0027t\nreused immediately, that\u0027s why the probability of catching a\nuse-after-free is lower than with quarantine in place.\n\nQuarantine isolates freed objects in a separate queue. The objects are\nreturned to the allocator later, which helps to detect use-after-free\nerrors.\n\nFreed objects are first added to per-cpu quarantine queues. When a\ncache is destroyed or memory shrinking is requested, the objects are\nmoved into the global quarantine queue. Whenever a kmalloc call allows\nmemory reclaiming, the oldest objects are popped out of the global queue\nuntil the total size of objects in quarantine is less than 3/4 of the\nmaximum quarantine size (which is a fraction of installed physical\nmemory).\n\nAs long as an object remains in the quarantine, KASAN is able to report\naccesses to it, so the chance of reporting a use-after-free is\nincreased. Once the object leaves quarantine, the allocator may reuse\nit, in which case the object is unpoisoned and KASAN can\u0027t detect\nincorrect accesses to it.\n\nRight now quarantine support is only enabled in SLAB allocator.\nUnification of KASAN features in SLAB and SLUB will be done later.\n\nThis patch is based on the \"mm: kasan: quarantine\" patch originally\nprepared by Dmitry Chernenkov. A number of improvements have been\nsuggested by Andrey Ryabinin.\n\n[glider@google.com: v9]\n Link: http://lkml.kernel.org/r/1462987130-144092-1-git-send-email-glider@google.com\nSigned-off-by: Alexander Potapenko \u003cglider@google.com\u003e\nCc: Christoph Lameter \u003ccl@linux.com\u003e\nCc: Pekka Enberg \u003cpenberg@kernel.org\u003e\nCc: David Rientjes \u003crientjes@google.com\u003e\nCc: Joonsoo Kim \u003ciamjoonsoo.kim@lge.com\u003e\nCc: Andrey Konovalov \u003cadech.fo@gmail.com\u003e\nCc: Dmitry Vyukov \u003cdvyukov@google.com\u003e\nCc: Andrey Ryabinin \u003cryabinin.a.a@gmail.com\u003e\nCc: Steven Rostedt \u003crostedt@goodmis.org\u003e\nCc: Konstantin Serebryany \u003ckcc@google.com\u003e\nCc: Dmitry Chernenkov \u003cdmitryc@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "737371b560442884338679ca3842f2269da69e31", "old_mode": 33188, "old_path": "include/linux/kasan.h", "new_id": "611927f5870d203e3b987d9cc462f8ce74a59b91", "new_mode": 33188, "new_path": "include/linux/kasan.h" }, { "type": "modify", "old_id": "131daadf40e471494ff014aafa4561c287c4bd94", "old_mode": 33188, "old_path": "mm/kasan/Makefile", "new_id": "1548749a3d452735c78028f4fb30ec3ac6bb10e8", "new_mode": 33188, "new_path": "mm/kasan/Makefile" }, { "type": "modify", "old_id": "38f1dd79acdbc4eab8f6226a968317f764814f5b", "old_mode": 33188, "old_path": "mm/kasan/kasan.c", "new_id": "8df666bb23be76dcbf1be0948089519be0dabb7f", "new_mode": 33188, "new_path": "mm/kasan/kasan.c" }, { "type": "modify", "old_id": "30a2f0ba0e097e0b270f58be50bcd7ff7e4177fa", "old_mode": 33188, "old_path": "mm/kasan/kasan.h", "new_id": "7f7ac51d7faf678ec1f4686f4450e1adedb778c4", "new_mode": 33188, "new_path": "mm/kasan/kasan.h" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "4973505a9bdde8fda4291debdf21bdadfaa76c3b", "new_mode": 33188, "new_path": "mm/kasan/quarantine.c" }, { "type": "modify", "old_id": "60869a5a0124ea10aabbb8140fec4e17243ff26a", "old_mode": 33188, "old_path": "mm/kasan/report.c", "new_id": "b3c122ddd45483566de8311ab1e1cf814ff18176", "new_mode": 33188, "new_path": "mm/kasan/report.c" }, { "type": "modify", "old_id": "9b7a14a791ccbed740bc9abed5ba406fe4e92731", "old_mode": 33188, "old_path": "mm/mempool.c", "new_id": "9e075f829d0d2598f6d404cb99b342bb6596b23f", "new_mode": 33188, "new_path": "mm/mempool.c" }, { "type": "modify", "old_id": "c11bf50079522f7ef60170301f629ac74c0aad0d", "old_mode": 33188, "old_path": "mm/slab.c", "new_id": "28864c0224300562b4dc8cf4098b6e87eb5b51cf", "new_mode": 33188, "new_path": "mm/slab.c" }, { "type": "modify", "old_id": "5969769fbee6b56dffa4a87e3b909c5d277ee17d", "old_mode": 33188, "old_path": "mm/slab.h", "new_id": "dedb1a920fb866ef0cc77ef59501e3b6ab52cb6e", "new_mode": 33188, "new_path": "mm/slab.h" }, { "type": "modify", "old_id": "3239bfd758e6be9c9e57aadd13feddb234533777", "old_mode": 33188, "old_path": "mm/slab_common.c", "new_id": "a65dad7fdcd12495a51eabd91fc76ed96edb0576", "new_mode": 33188, "new_path": "mm/slab_common.c" } ] }