arm64: mm: log potential KASAN shadow alias
When the kernel is built with KASAN_GENERIC or KASAN_SW_TAGS, shadow
memory is allocated and mapped for all legitimate kernel addresses, and
prior to a regular memory access instrumentation will read from the
corresponding shadow address.
Due to the way memory addresses are converted to shadow addresses,
bogus pointers (e.g. NULL) can generate shadow addresses out of the
bounds of allocated shadow memory. For example, with KASAN_GENERIC and
48-bit VAs, NULL would have a shadow address of dfff800000000000, which
falls between the TTBR ranges.
To make such cases easier to debug, this patch makes die_kernel_fault() dump
the real memory address range for any potential KASAN shadow access using
kasan_non_canonical_hook().
TODO: add an example splat here.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Will Deacon <will@kernel.org>
1 file changed
