Lines Matching +full:co +full:- +full:located
1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (c) 2014 Samsung Electronics Co., Ltd.
8 * Some code borrowed from https://github.com/xairy/kasan-prototype by
57 return -EINVAL; in early_kasan_fault()
66 return -EINVAL; in early_kasan_fault()
84 * 1. False-positive reports when accessing slab metadata,
87 * Hardware Tag-Based KASAN instead relies on:
94 if (current->kasan_depth) in report_suppressed_sw()
193 test = current->kunit_test; in fail_non_kasan_kunit_test()
247 pr_err("BUG: KASAN: %s in %pS\n", info->bug_type, (void *)info->ip); in print_error_description()
249 if (info->type != KASAN_REPORT_ACCESS) { in print_error_description()
251 info->access_addr, current->comm, task_pid_nr(current)); in print_error_description()
255 if (info->access_size) in print_error_description()
257 info->is_write ? "Write" : "Read", info->access_size, in print_error_description()
258 info->access_addr, current->comm, task_pid_nr(current)); in print_error_description()
261 info->is_write ? "Write" : "Read", in print_error_description()
262 info->access_addr, current->comm, task_pid_nr(current)); in print_error_description()
268 u64 ts_nsec = track->timestamp; in print_track()
275 prefix, track->pid, track->cpu, in print_track()
278 pr_err("%s by task %u:\n", prefix, track->pid); in print_track()
280 if (track->stack) in print_track()
281 stack_depot_print(track->stack); in print_track()
296 unsigned long object_addr = (unsigned long)info->object; in describe_object_addr()
302 info->object, info->cache->name, info->cache->object_size); in describe_object_addr()
306 rel_bytes = object_addr - access_addr; in describe_object_addr()
307 } else if (access_addr >= object_addr + info->alloc_size) { in describe_object_addr()
309 rel_bytes = access_addr - (object_addr + info->alloc_size); in describe_object_addr()
312 rel_bytes = access_addr - object_addr; in describe_object_addr()
316 * Tag-Based modes use the stack ring to infer the bug type, but the in describe_object_addr()
323 if (strcmp(info->bug_type, "slab-out-of-bounds") == 0) in describe_object_addr()
325 else if (strcmp(info->bug_type, "slab-use-after-free") == 0) in describe_object_addr()
329 pr_err("The buggy address is located %d bytes %s of\n" in describe_object_addr()
330 " %s%zu-byte region [%px, %px)\n", in describe_object_addr()
331 rel_bytes, rel_type, region_state, info->alloc_size, in describe_object_addr()
332 (void *)object_addr, (void *)(object_addr + info->alloc_size)); in describe_object_addr()
337 if (info->alloc_track.stack) { in describe_object_stacks()
338 print_track(&info->alloc_track, "Allocated"); in describe_object_stacks()
342 if (info->free_track.stack) { in describe_object_stacks()
343 print_track(&info->free_track, "Freed"); in describe_object_stacks()
347 kasan_print_aux_stacks(info->cache, info->object); in describe_object_stacks()
379 * lockdep warning for this raw_spinlock -> spinlock dependency. This config
411 if (info->cache && info->object) { in print_address_description()
438 va->addr, va->addr + va->size, va->caller); in print_address_description()
472 (addr - row) / KASAN_GRANULE_SIZE * 3 + 1; in meta_pointer_offset()
481 - META_ROWS_AROUND_ADDR * META_MEM_BYTES_PER_ROW; in print_memory_metadata()
485 for (i = -META_ROWS_AROUND_ADDR; i <= META_ROWS_AROUND_ADDR; i++) { in print_memory_metadata()
512 void *addr = kasan_reset_tag((void *)info->access_addr); in print_report()
513 u8 tag = get_tag((void *)info->access_addr); in print_report()
517 kasan_print_tags(tag, info->first_bad_addr); in print_report()
522 print_memory_metadata(info->first_bad_addr); in print_report()
530 void *addr = kasan_reset_tag((void *)info->access_addr); in complete_report_info()
533 if (info->type == KASAN_REPORT_ACCESS) in complete_report_info()
534 info->first_bad_addr = kasan_find_first_bad_addr( in complete_report_info()
535 (void *)info->access_addr, info->access_size); in complete_report_info()
537 info->first_bad_addr = addr; in complete_report_info()
541 info->cache = slab->slab_cache; in complete_report_info()
542 info->object = nearest_obj(info->cache, slab, addr); in complete_report_info()
545 info->alloc_size = kasan_get_alloc_size(info->object, info->cache); in complete_report_info()
547 if (!info->alloc_size) in complete_report_info()
548 info->alloc_size = info->cache->object_size; in complete_report_info()
550 info->cache = info->object = NULL; in complete_report_info()
552 switch (info->type) { in complete_report_info()
554 info->bug_type = "invalid-free"; in complete_report_info()
557 info->bug_type = "double-free"; in complete_report_info()
564 /* Fill in mode-specific report info fields. */ in complete_report_info()
574 * Do not check report_suppressed_sw(), as an invalid-free cannot be in kasan_report_invalid_free()
578 * Note that for Hardware Tag-Based KASAN, kasan_report_invalid_free() in kasan_report_invalid_free()
580 * the CPU. Thus, reporting invalid-free is not suppressed as well. in kasan_report_invalid_free()
652 * Hardware Tag-Based KASAN. in kasan_report_async()
658 pr_err("BUG: KASAN: invalid-access\n"); in kasan_report_async()
672 * With compiler-based KASAN modes, accesses to bogus pointers (outside of the
684 * All addresses that came as a result of the memory-to-shadow mapping in kasan_non_canonical_hook()
698 * But the shadow for non-canonical addresses is a really large chunk in kasan_non_canonical_hook()
704 bug_type = "null-ptr-deref"; in kasan_non_canonical_hook()
706 bug_type = "probably user-memory-access"; in kasan_non_canonical_hook()
708 bug_type = "probably wild-memory-access"; in kasan_non_canonical_hook()
710 bug_type = "maybe wild-memory-access"; in kasan_non_canonical_hook()
711 pr_alert("KASAN: %s in range [0x%016lx-0x%016lx]\n", bug_type, in kasan_non_canonical_hook()
712 orig_addr, orig_addr + KASAN_GRANULE_SIZE - 1); in kasan_non_canonical_hook()