Lines Matching +full:co +full:- +full:located
1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (c) 2014 Samsung Electronics Co., Ltd.
8 * Some code borrowed from https://github.com/xairy/kasan-prototype by
56 return -EINVAL; in early_kasan_fault()
65 return -EINVAL; in early_kasan_fault()
83 * 1. False-positive reports when accessing slab metadata,
86 * Hardware Tag-Based KASAN instead relies on:
93 if (current->kasan_depth) in report_suppressed_sw()
192 test = current->kunit_test; in fail_non_kasan_kunit_test()
246 pr_err("BUG: KASAN: %s in %pS\n", info->bug_type, (void *)info->ip); in print_error_description()
248 if (info->type != KASAN_REPORT_ACCESS) { in print_error_description()
250 info->access_addr, current->comm, task_pid_nr(current)); in print_error_description()
254 if (info->access_size) in print_error_description()
256 info->is_write ? "Write" : "Read", info->access_size, in print_error_description()
257 info->access_addr, current->comm, task_pid_nr(current)); in print_error_description()
260 info->is_write ? "Write" : "Read", in print_error_description()
261 info->access_addr, current->comm, task_pid_nr(current)); in print_error_description()
267 u64 ts_nsec = track->timestamp; in print_track()
274 prefix, track->pid, track->cpu, in print_track()
277 pr_err("%s by task %u:\n", prefix, track->pid); in print_track()
279 if (track->stack) in print_track()
280 stack_depot_print(track->stack); in print_track()
295 unsigned long object_addr = (unsigned long)info->object; in describe_object_addr()
301 info->object, info->cache->name, info->cache->object_size); in describe_object_addr()
305 rel_bytes = object_addr - access_addr; in describe_object_addr()
306 } else if (access_addr >= object_addr + info->alloc_size) { in describe_object_addr()
308 rel_bytes = access_addr - (object_addr + info->alloc_size); in describe_object_addr()
311 rel_bytes = access_addr - object_addr; in describe_object_addr()
315 * Tag-Based modes use the stack ring to infer the bug type, but the in describe_object_addr()
322 if (strcmp(info->bug_type, "slab-out-of-bounds") == 0) in describe_object_addr()
324 else if (strcmp(info->bug_type, "slab-use-after-free") == 0) in describe_object_addr()
328 pr_err("The buggy address is located %d bytes %s of\n" in describe_object_addr()
329 " %s%zu-byte region [%px, %px)\n", in describe_object_addr()
330 rel_bytes, rel_type, region_state, info->alloc_size, in describe_object_addr()
331 (void *)object_addr, (void *)(object_addr + info->alloc_size)); in describe_object_addr()
336 if (info->alloc_track.stack) { in describe_object_stacks()
337 print_track(&info->alloc_track, "Allocated"); in describe_object_stacks()
341 if (info->free_track.stack) { in describe_object_stacks()
342 print_track(&info->free_track, "Freed"); in describe_object_stacks()
346 kasan_print_aux_stacks(info->cache, info->object); in describe_object_stacks()
380 if (info->cache && info->object) { in print_address_description()
407 va->addr, va->addr + va->size, va->caller); in print_address_description()
439 (addr - row) / KASAN_GRANULE_SIZE * 3 + 1; in meta_pointer_offset()
448 - META_ROWS_AROUND_ADDR * META_MEM_BYTES_PER_ROW; in print_memory_metadata()
452 for (i = -META_ROWS_AROUND_ADDR; i <= META_ROWS_AROUND_ADDR; i++) { in print_memory_metadata()
479 void *addr = kasan_reset_tag((void *)info->access_addr); in print_report()
480 u8 tag = get_tag((void *)info->access_addr); in print_report()
484 kasan_print_tags(tag, info->first_bad_addr); in print_report()
489 print_memory_metadata(info->first_bad_addr); in print_report()
497 void *addr = kasan_reset_tag((void *)info->access_addr); in complete_report_info()
500 if (info->type == KASAN_REPORT_ACCESS) in complete_report_info()
501 info->first_bad_addr = kasan_find_first_bad_addr( in complete_report_info()
502 (void *)info->access_addr, info->access_size); in complete_report_info()
504 info->first_bad_addr = addr; in complete_report_info()
508 info->cache = slab->slab_cache; in complete_report_info()
509 info->object = nearest_obj(info->cache, slab, addr); in complete_report_info()
512 info->alloc_size = kasan_get_alloc_size(info->object, info->cache); in complete_report_info()
514 if (!info->alloc_size) in complete_report_info()
515 info->alloc_size = info->cache->object_size; in complete_report_info()
517 info->cache = info->object = NULL; in complete_report_info()
519 switch (info->type) { in complete_report_info()
521 info->bug_type = "invalid-free"; in complete_report_info()
524 info->bug_type = "double-free"; in complete_report_info()
531 /* Fill in mode-specific report info fields. */ in complete_report_info()
541 * Do not check report_suppressed_sw(), as an invalid-free cannot be in kasan_report_invalid_free()
545 * Note that for Hardware Tag-Based KASAN, kasan_report_invalid_free() in kasan_report_invalid_free()
547 * the CPU. Thus, reporting invalid-free is not suppressed as well. in kasan_report_invalid_free()
619 * Hardware Tag-Based KASAN. in kasan_report_async()
625 pr_err("BUG: KASAN: invalid-access\n"); in kasan_report_async()
639 * With compiler-based KASAN modes, accesses to bogus pointers (outside of the
651 * All addresses that came as a result of the memory-to-shadow mapping in kasan_non_canonical_hook()
665 * But the shadow for non-canonical addresses is a really large chunk in kasan_non_canonical_hook()
671 bug_type = "null-ptr-deref"; in kasan_non_canonical_hook()
673 bug_type = "probably user-memory-access"; in kasan_non_canonical_hook()
675 bug_type = "probably wild-memory-access"; in kasan_non_canonical_hook()
677 bug_type = "maybe wild-memory-access"; in kasan_non_canonical_hook()
678 pr_alert("KASAN: %s in range [0x%016lx-0x%016lx]\n", bug_type, in kasan_non_canonical_hook()
679 orig_addr, orig_addr + KASAN_GRANULE_SIZE - 1); in kasan_non_canonical_hook()