212191 – KASAN (tags): better use-after-free report header

Bug 212191 - KASAN (tags): better use-after-free report header

Summary: KASAN (tags): better use-after-free report header

Status:	NEW

Alias:	None

Product:	Memory Management
Classification:	Unclassified
Component:	Sanitizers (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	MM/Sanitizers virtual assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-03-09 15:37 UTC by Andrey Konovalov
Modified:	2022-10-18 19:13 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	upstream
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Andrey Konovalov 2021-03-09 15:37:10 UTC

Currently, tag-based KASAN modes describe all detected bugs as "invalid-access". KASAN could describe some of them as "use-after-free". In particular when the accessed memory is tagged with the invalid (0xfe) tag as it is used for marking freed memory.

Comment 1 Andrey Konovalov 2022-10-18 19:13:35 UTC

This has been improved with the addition of the stack ring [1].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f538e1f2d294cf8a9486fb1a7d4d4f0d16e2b01

Note You need to log in before you can comment on or make changes to this bug.