• Maninder Singh's avatar
    arm: print alloc free paths for address in registers · 5aa6b70e
    Maninder Singh authored
    In case of a use after free kernel oops, the freeing path of the object
    is required to debug futher.  In most of cases the object address is
    present in one of the registers.
    
    Thus check the register's address and if it belongs to slab, print its
    alloc and free path.
    
    e.g. in the below issue register r6 belongs to slab, and a use after
    free issue occurred on one of its dereferenced values:
    
      Unable to handle kernel paging request at virtual address 6b6b6b6f
      ....
      pc : [<c0538afc>]    lr : [<c0465674>]    psr: 60000013
      sp : c8927d40  ip : ffffefff  fp : c8aa8020
      r10: c8927e10  r9 : 00000001  r8 : 00400cc0
      r7 : 00000000  r6 : c8ab0180  r5 : c1804a80  r4 : c8aa8008
      r3 : c1a5661c  r2 : 00000000  r1 : 6b6b6b6b  r0 : c139bf48
      .....
      Register r6 information: slab kmalloc-64 start c8ab0140 data offset 64 pointer offset 0 size 64 allocated at meminfo_proc_show+0x40/0x4fc
          meminfo_proc_show+0x40/0x4fc
          seq_read_iter+0x18c/0x4c4
          proc_reg_read_iter+0x84/0xac
          generic_file_splice_read+0xe8/0x17c
          splice_direct_to_actor+0xb8/0x290
          do_splice_direct+0xa0/0xe0
          do_sendfile+0x2d0/0x438
          sys_sendfile64+0x12c/0x140
          ret_fast_syscall+0x0/0x58
          0xbeeacde4
       Free path:
          meminfo_proc_show+0x5c/0x4fc
          seq_read_iter+0x18c/0x4c4
          proc_reg_read_iter+0x84/0xac
          generic_file_splice_read+0xe8/0x17c
          splice_direct_to_actor+0xb8/0x290
          do_splice_direct+0xa0/0xe0
          do_sendfile+0x2d0/0x438
          sys_sendfile64+0x12c/0x140
          ret_fast_syscall+0x0/0x58
          0xbeeacde4
    
    Link: https://lkml.kernel.org/r/1615891032-29160-3-git-send-email-maninder1.s@samsung.comCo-developed-by: default avatarVaneet Narang <v.narang@samsung.com>
    Signed-off-by: default avatarVaneet Narang <v.narang@samsung.com>
    Signed-off-by: default avatarManinder Singh <maninder1.s@samsung.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Christoph Lameter <cl@linux.com>
    Cc: David Rientjes <rientjes@google.com>
    Cc: Dmitry Safonov <0x7f454c46@gmail.com>
    Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
    Cc: Paul E. McKenney <paulmck@kernel.org>
    Cc: Pekka Enberg <penberg@kernel.org>
    Cc: Russell King <linux@armlinux.org.uk>
    Cc: Vlastimil Babka <vbabka@suse.cz>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    5aa6b70e
bug.h 2.56 KB