RE: [PATCH v2] arm: print alloc free paths for address in registers

From: Maninder Singh <hidden>
Date: 2021-03-10 05:51:43
Also in: linux-arm-kernel, lkml

Possibly related (same subject, not in this thread)

2021-03-12 · Re: [PATCH v2] arm: print alloc free paths for address in registers · Vlastimil Babka <hidden>

Hi,

Any comments or updates?

Sender : Maninder Singh [off-list ref] Engineer/Platform S/W Group /SRI-Delhi/Samsung Electronics 
Date : 2021-02-25 13:57 (GMT+5:30)
Title : [PATCH v2] arm: print alloc free paths for address in registers

In case of "Use After Free" kernel OOPs, free path of object
is required to debug futher.
And in most of cases object address is present in one of registers.

Thus check for register address and if it belongs to slab,
print its alloc and free path.

e.g. in below issue  register r6 belongs to slab, and use after free issue
occurred on one of its derefer values:

[  124.310386] (ptrval)
[  124.312647] 8<--- cut here ---
[  124.313761] Unable to handle kernel paging request at virtual address 6b6b6b6f
[  124.315972] pgd = (ptrval)
...
[  124.328290] pc : [<c052fc0c>]    lr : [<c052fc00>]    psr: 60000013
[  124.330349] sp : c8993d28  ip : 0000bff4  fp : c8ae2020
[  124.332071] r10: 00000000  r9 : 00000001  r8 : c1804cc8
[  124.333803] r7 : 00000000  r6 : c8ae9180  r5 : c1804a80  r4 : c8ae2008
[  124.335936] r3 : 6b6b6b6b  r2 : 315049d6  r1 : 2d867000  r0 : c1396584
..
[  124.365233] register r6: c8ae9180 belongs to slab object
[  124.366364] INFO: Allocated in meminfo_proc_show+0x3c/0x500 age=1 cpu=0 pid=69
[  124.367545]  meminfo_proc_show+0x3c/0x500
[  124.368271]  seq_read_iter+0x10c/0x4bc
[  124.368994]  proc_reg_read_iter+0x74/0xa8
[  124.369712]  generic_file_splice_read+0xe8/0x178
[  124.370496]  splice_direct_to_actor+0xe0/0x2b8
[  124.371261]  do_splice_direct+0xa4/0xdc
[  124.371917]  do_sendfile+0x1c4/0x3ec
[  124.372550]  sys_sendfile64+0x128/0x130
[  124.373109]  ret_fast_syscall+0x0/0x54
[  124.373664]  0xbe9a2de4
[  124.374081] INFO: Freed in meminfo_proc_show+0x5c/0x500 age=1 cpu=0 pid=69
[  124.374933]  meminfo_proc_show+0x5c/0x500
[  124.375485]  seq_read_iter+0x10c/0x4bc
[  124.376020]  proc_reg_read_iter+0x74/0xa8
[  124.376643]  generic_file_splice_read+0xe8/0x178
[  124.377331]  splice_direct_to_actor+0xe0/0x2b8
[  124.378022]  do_splice_direct+0xa4/0xdc
[  124.378633]  do_sendfile+0x1c4/0x3ec
[  124.379220]  sys_sendfile64+0x128/0x130
[  124.379822]  ret_fast_syscall+0x0/0x54
[  124.380421]  0xbe9a2de4

Co-developed-by: Vaneet Narang <redacted>
Signed-off-by: Vaneet Narang <redacted>
Signed-off-by: Maninder Singh <redacted>
---
v1 -> v2: do address sanity with virt_addr_valid

arch/arm/include/asm/bug.h |  1 +
arch/arm/kernel/process.c  | 18 ++++++++++++++++++
arch/arm/kernel/traps.c    |  1 +
include/linux/slab.h       | 14 ++++++++++++++
mm/slab.h                  |  7 -------
mm/slub.c                  | 18 ++++++++++++++++++
6 files changed, 52 insertions(+), 7 deletions(-)

 

Thanks,
Maninder Singh

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help