github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
linux/mm/kasan
History
Andrey Ryabinin caf55fef61 kasan: fix bug type classification for SW_TAGS mode 
kasan_non_canonical_hook() derives orig_addr from kasan_shadow_to_mem(),
but the pointer tag may remain in the top byte.  In SW_TAGS mode this
tagged address is compared against PAGE_SIZE and TASK_SIZE, which leads to
incorrect bug classification.

As a result, NULL pointer dereferences may be reported as
"wild-memory-access".

Strip the tag before performing these range checks and use the untagged
value when reporting addresses in these ranges.

Before:
  [ ] Unable to handle kernel paging request at virtual address ffef800000000000
  [ ] KASAN: maybe wild-memory-access in range [0xff00000000000000-0xff0000000000000f]

After:
  [ ] Unable to handle kernel paging request at virtual address ffef800000000000
  [ ] KASAN: null-ptr-deref in range [0x0000000000000000-0x000000000000000f]

Link: https://lkml.kernel.org/r/20260305185659.20807-1-ryabinin.a.a@gmail.com
Signed-off-by: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2026-04-05 13:53:18 -07:00
..
common.c mm/kasan: fix KASAN poisoning in vrealloc() 2026-01-26 19:03:45 -08:00
generic.c kasan: cleanup of kasan_enabled() checks 2025-11-16 17:28:01 -08:00
hw_tags.c mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN 2025-12-23 11:23:11 -08:00
init.c mm/kasan: fix double free for kasan pXds 2026-04-05 13:53:11 -07:00
kasan_test_c.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
kasan_test_rust.rs rust: treewide: switch to the kernel Vec type 2024-10-15 23:10:32 +02:00
kasan.h kasan: remove __kasan_save_free_info wrapper 2025-11-16 17:28:01 -08:00
Makefile kbuild: Switch from -Wvla to -Wvla-larger-than=1 2025-05-08 09:42:06 -07:00
quarantine.c kasan: revert eviction of stack traces in generic mode 2024-02-23 17:27:12 -08:00
report_generic.c kasan: stop leaking stack trace handles 2024-01-05 10:17:45 -08:00
report_hw_tags.c kasan: use internal prototypes matching gcc-13 builtins 2023-06-09 16:25:19 -07:00
report_sw_tags.c kasan: use internal prototypes matching gcc-13 builtins 2023-06-09 16:25:19 -07:00
report_tags.c kasan: simplify kasan_complete_mode_report_info for tag-based modes 2023-12-29 11:58:47 -08:00
report.c kasan: fix bug type classification for SW_TAGS mode 2026-04-05 13:53:18 -07:00
shadow.c mm: introduce generic lazy_mmu helpers 2026-01-20 19:24:33 -08:00
sw_tags.c kasan: introduce ARCH_DEFER_KASAN and unify static key across modes 2025-09-21 14:21:58 -07:00
tags.c kasan: remove __kasan_save_free_info wrapper 2025-11-16 17:28:01 -08:00