| report.c (92a38eacd6412bb09f98245ba5b3aa89e3dd6656) | report.c (59e6e098d1c156f7c449af903c3b48a5470f6120) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * This file contains common KASAN error reporting code. 4 * 5 * Copyright (c) 2014 Samsung Electronics Co., Ltd. 6 * Author: Andrey Ryabinin <ryabinin.a.a@gmail.com> 7 * 8 * Some code borrowed from https://github.com/xairy/kasan-prototype by --- 171 unchanged lines hidden (view full) --- 180 return; 181 } 182 183 if (info->type == KASAN_REPORT_DOUBLE_FREE) { 184 pr_err("BUG: KASAN: double-free in %pS\n", (void *)info->ip); 185 return; 186 } 187 | 1// SPDX-License-Identifier: GPL-2.0 2/* 3 * This file contains common KASAN error reporting code. 4 * 5 * Copyright (c) 2014 Samsung Electronics Co., Ltd. 6 * Author: Andrey Ryabinin <ryabinin.a.a@gmail.com> 7 * 8 * Some code borrowed from https://github.com/xairy/kasan-prototype by --- 171 unchanged lines hidden (view full) --- 180 return; 181 } 182 183 if (info->type == KASAN_REPORT_DOUBLE_FREE) { 184 pr_err("BUG: KASAN: double-free in %pS\n", (void *)info->ip); 185 return; 186 } 187 |
| 188 pr_err("BUG: KASAN: %s in %pS\n", 189 kasan_get_bug_type(info), (void *)info->ip); | 188 pr_err("BUG: KASAN: %s in %pS\n", info->bug_type, (void *)info->ip); |
| 190 if (info->access_size) 191 pr_err("%s of size %zu at addr %px by task %s/%d\n", 192 info->is_write ? "Write" : "Read", info->access_size, 193 info->access_addr, current->comm, task_pid_nr(current)); 194 else 195 pr_err("%s at addr %px by task %s/%d\n", 196 info->is_write ? "Write" : "Read", 197 info->access_addr, current->comm, task_pid_nr(current)); --- 39 unchanged lines hidden (view full) --- 237 } 238 239 pr_err("The buggy address is located %d bytes %s of\n" 240 " %d-byte region [%px, %px)\n", 241 rel_bytes, rel_type, cache->object_size, (void *)object_addr, 242 (void *)(object_addr + cache->object_size)); 243} 244 | 189 if (info->access_size) 190 pr_err("%s of size %zu at addr %px by task %s/%d\n", 191 info->is_write ? "Write" : "Read", info->access_size, 192 info->access_addr, current->comm, task_pid_nr(current)); 193 else 194 pr_err("%s at addr %px by task %s/%d\n", 195 info->is_write ? "Write" : "Read", 196 info->access_addr, current->comm, task_pid_nr(current)); --- 39 unchanged lines hidden (view full) --- 236 } 237 238 pr_err("The buggy address is located %d bytes %s of\n" 239 " %d-byte region [%px, %px)\n", 240 rel_bytes, rel_type, cache->object_size, (void *)object_addr, 241 (void *)(object_addr + cache->object_size)); 242} 243 |
| 245static void describe_object_stacks(u8 tag, struct kasan_report_info *info) | 244static void describe_object_stacks(struct kasan_report_info *info) |
| 246{ | 245{ |
| 247 struct kasan_track *alloc_track; 248 struct kasan_track *free_track; 249 250 alloc_track = kasan_get_alloc_track(info->cache, info->object); 251 if (alloc_track) { 252 print_track(alloc_track, "Allocated"); | 246 if (info->alloc_track.stack) { 247 print_track(&info->alloc_track, "Allocated"); |
| 253 pr_err("\n"); 254 } 255 | 248 pr_err("\n"); 249 } 250 |
| 256 free_track = kasan_get_free_track(info->cache, info->object, tag); 257 if (free_track) { 258 print_track(free_track, "Freed"); | 251 if (info->free_track.stack) { 252 print_track(&info->free_track, "Freed"); |
| 259 pr_err("\n"); 260 } 261 262 kasan_print_aux_stacks(info->cache, info->object); 263} 264 | 253 pr_err("\n"); 254 } 255 256 kasan_print_aux_stacks(info->cache, info->object); 257} 258 |
| 265static void describe_object(const void *addr, u8 tag, 266 struct kasan_report_info *info) | 259static void describe_object(const void *addr, struct kasan_report_info *info) |
| 267{ 268 if (kasan_stack_collection_enabled()) | 260{ 261 if (kasan_stack_collection_enabled()) |
| 269 describe_object_stacks(tag, info); | 262 describe_object_stacks(info); |
| 270 describe_object_addr(addr, info->cache, info->object); 271} 272 273static inline bool kernel_or_module_addr(const void *addr) 274{ 275 if (is_kernel((unsigned long)addr)) 276 return true; 277 if (is_module_address((unsigned long)addr)) --- 12 unchanged lines hidden (view full) --- 290 struct kasan_report_info *info) 291{ 292 struct page *page = addr_to_page(addr); 293 294 dump_stack_lvl(KERN_ERR); 295 pr_err("\n"); 296 297 if (info->cache && info->object) { | 263 describe_object_addr(addr, info->cache, info->object); 264} 265 266static inline bool kernel_or_module_addr(const void *addr) 267{ 268 if (is_kernel((unsigned long)addr)) 269 return true; 270 if (is_module_address((unsigned long)addr)) --- 12 unchanged lines hidden (view full) --- 283 struct kasan_report_info *info) 284{ 285 struct page *page = addr_to_page(addr); 286 287 dump_stack_lvl(KERN_ERR); 288 pr_err("\n"); 289 290 if (info->cache && info->object) { |
| 298 describe_object(addr, tag, info); | 291 describe_object(addr, info); |
| 299 pr_err("\n"); 300 } 301 302 if (kernel_or_module_addr(addr) && !init_task_stack_addr(addr)) { 303 pr_err("The buggy address belongs to the variable:\n"); 304 pr_err(" %pS\n", addr); 305 pr_err("\n"); 306 } --- 114 unchanged lines hidden (view full) --- 421 info->first_bad_addr = addr; 422 423 slab = kasan_addr_to_slab(addr); 424 if (slab) { 425 info->cache = slab->slab_cache; 426 info->object = nearest_obj(info->cache, slab, addr); 427 } else 428 info->cache = info->object = NULL; | 292 pr_err("\n"); 293 } 294 295 if (kernel_or_module_addr(addr) && !init_task_stack_addr(addr)) { 296 pr_err("The buggy address belongs to the variable:\n"); 297 pr_err(" %pS\n", addr); 298 pr_err("\n"); 299 } --- 114 unchanged lines hidden (view full) --- 414 info->first_bad_addr = addr; 415 416 slab = kasan_addr_to_slab(addr); 417 if (slab) { 418 info->cache = slab->slab_cache; 419 info->object = nearest_obj(info->cache, slab, addr); 420 } else 421 info->cache = info->object = NULL; |
| 422 423 /* Fill in mode-specific report info fields. */ 424 kasan_complete_mode_report_info(info); |
|
| 429} 430 431void kasan_report_invalid_free(void *ptr, unsigned long ip, enum kasan_report_type type) 432{ 433 unsigned long flags; 434 struct kasan_report_info info; 435 436 /* 437 * Do not check report_suppressed(), as an invalid-free cannot be 438 * caused by accessing slab metadata and thus should not be 439 * suppressed by kasan_disable/enable_current() critical sections. 440 */ 441 if (unlikely(!report_enabled())) 442 return; 443 444 start_report(&flags, true); 445 | 425} 426 427void kasan_report_invalid_free(void *ptr, unsigned long ip, enum kasan_report_type type) 428{ 429 unsigned long flags; 430 struct kasan_report_info info; 431 432 /* 433 * Do not check report_suppressed(), as an invalid-free cannot be 434 * caused by accessing slab metadata and thus should not be 435 * suppressed by kasan_disable/enable_current() critical sections. 436 */ 437 if (unlikely(!report_enabled())) 438 return; 439 440 start_report(&flags, true); 441 |
| 442 memset(&info, 0, sizeof(info)); |
|
| 446 info.type = type; 447 info.access_addr = ptr; 448 info.access_size = 0; 449 info.is_write = false; 450 info.ip = ip; 451 452 complete_report_info(&info); 453 --- 18 unchanged lines hidden (view full) --- 472 473 if (unlikely(report_suppressed()) || unlikely(!report_enabled())) { 474 ret = false; 475 goto out; 476 } 477 478 start_report(&irq_flags, true); 479 | 443 info.type = type; 444 info.access_addr = ptr; 445 info.access_size = 0; 446 info.is_write = false; 447 info.ip = ip; 448 449 complete_report_info(&info); 450 --- 18 unchanged lines hidden (view full) --- 469 470 if (unlikely(report_suppressed()) || unlikely(!report_enabled())) { 471 ret = false; 472 goto out; 473 } 474 475 start_report(&irq_flags, true); 476 |
| 477 memset(&info, 0, sizeof(info)); |
|
| 480 info.type = KASAN_REPORT_ACCESS; 481 info.access_addr = ptr; 482 info.access_size = size; 483 info.is_write = is_write; 484 info.ip = ip; 485 486 complete_report_info(&info); 487 --- 70 unchanged lines hidden --- | 478 info.type = KASAN_REPORT_ACCESS; 479 info.access_addr = ptr; 480 info.access_size = size; 481 info.is_write = is_write; 482 info.ip = ip; 483 484 complete_report_info(&info); 485 --- 70 unchanged lines hidden --- |