commit e91210766341cb356ead7fd39f07493a3d00b80f
author Andrey Konovalov <andreyknvl@google.com> Thu Nov 05 18:50:55 2015 -0800
committer Linus Torvalds <torvalds@linux-foundation.org> Thu Nov 05 19:34:48 2015 -0800
tree 61dbc0295ce72f8df40571cdddde69f3d90e9b58
parent fc5aeeaf593278f07ffa4d97296e27423ecae867

kasan: update reported bug types for not user nor kernel memory accesses

Each access with address lower than
kasan_shadow_to_mem(KASAN_SHADOW_START) is reported as user-memory-access.
This is not always true, the accessed address might not be in user space.
Fix this by reporting such accesses as null-ptr-derefs or
wild-memory-accesses.

There's another reason for this change.  For userspace ASan we have a
bunch of systems that analyze error types for the purpose of
classification and deduplication.  Sooner of later we will write them to
KASAN as well.  Then clearly and explicitly stated error types will bring
value.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Konstantin Serebryany <kcc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

mm/kasan/kasan.c

diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 8da2114..1104cb0 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -235,18 +235,12 @@
 static __always_inline void check_memory_region(unsigned long addr,
 						size_t size, bool write)
 {
-	struct kasan_access_info info;
-
 	if (unlikely(size == 0))
 		return;
 
 	if (unlikely((void *)addr <
 		kasan_shadow_to_mem((void *)KASAN_SHADOW_START))) {
-		info.access_addr = (void *)addr;
-		info.access_size = size;
-		info.is_write = write;
-		info.ip = _RET_IP_;
-		kasan_report_user_access(&info);
+		kasan_report(addr, size, write, _RET_IP_);
 		return;
 	}