[Devel] [PATCH RHEL7 COMMIT] ms/fs: dcache: manually unpoison dname after allocation to shut up kasan's reports

Konstantin Khorenko khorenko at virtuozzo.com
Thu Sep 3 08:27:40 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-229.7.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.6.6
------>
commit 6b444b2466dfe34ee64bf03a05c9e8a85c581f0a
Author: Andrey Ryabinin <aryabinin at odin.com>
Date:   Thu Sep 3 19:27:40 2015 +0400

    ms/fs: dcache: manually unpoison dname after allocation to shut up kasan's reports
    
    https://jira.sw.ru/browse/PSBM-26429
    
    From: Andrey Ryabinin <a.ryabinin at samsung.com>
    
    commit df4c0e36f1b1782b0611a77c52cc240e5c4752dd upstream.
    
    We need to manually unpoison rounded up allocation size for dname to avoid
    kasan's reports in dentry_string_cmp().  When CONFIG_DCACHE_WORD_ACCESS=y
    dentry_string_cmp may access few bytes beyound requested in kmalloc()
    size.
    
    dentry_string_cmp() relates on that fact that dentry allocated using
    kmalloc and kmalloc internally round up allocation size.  So this is not a
    bug, but this makes kasan to complain about such accesses.  To avoid such
    reports we mark rounded up allocation size in shadow as accessible.
    
    Signed-off-by: Andrey Ryabinin <a.ryabinin at samsung.com>
    Reported-by: Dmitry Vyukov <dvyukov at google.com>
    Cc: Konstantin Serebryany <kcc at google.com>
    Cc: Dmitry Chernenkov <dmitryc at google.com>
    Signed-off-by: Andrey Konovalov <adech.fo at gmail.com>
    Cc: Yuri Gribov <tetra2005 at gmail.com>
    Cc: Konstantin Khlebnikov <koct9i at gmail.com>
    Cc: Sasha Levin <sasha.levin at oracle.com>
    Cc: Christoph Lameter <cl at linux.com>
    Cc: Joonsoo Kim <iamjoonsoo.kim at lge.com>
    Cc: Dave Hansen <dave.hansen at intel.com>
    Cc: Andi Kleen <andi at firstfloor.org>
    Cc: Ingo Molnar <mingo at elte.hu>
    Cc: Thomas Gleixner <tglx at linutronix.de>
    Cc: "H. Peter Anvin" <hpa at zytor.com>
    Cc: Christoph Lameter <cl at linux.com>
    Cc: Pekka Enberg <penberg at kernel.org>
    Cc: David Rientjes <rientjes at google.com>
    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
    Signed-off-by: Andrey Ryabinin <aryabinin at odin.com>
    
    Signed-off-by: Andrey Ryabinin <aryabinin at odin.com>
---
 fs/dcache.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/dcache.c b/fs/dcache.c
index a341efe..a4f60d1 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -35,6 +35,7 @@
 #include <linux/hardirq.h>
 #include <linux/bit_spinlock.h>
 #include <linux/rculist_bl.h>
+#include <linux/kasan.h>
 #include <linux/prefetch.h>
 #include <linux/ratelimit.h>
 #include <linux/list_lru.h>
@@ -43,6 +44,7 @@
 #include "internal.h"
 #include "mount.h"
 
+
 /*
  * Usage:
  * dcache->d_inode->i_lock protects:
@@ -1550,6 +1552,11 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
 			kmem_cache_free(dentry_cache, dentry); 
 			return NULL;
 		}
+		if (IS_ENABLED(CONFIG_DCACHE_WORD_ACCESS))
+			kasan_unpoison_shadow(dname,
+					round_up(name->len + 1,
+						sizeof(unsigned long)));
+
 	} else  {
 		dname = dentry->d_iname;
 	}

More information about the Devel mailing list