Commit | Line | Data |
---|---|---|
a0503b8a KYL |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* | |
3 | * Copyright (c) 2014 Samsung Electronics Co., Ltd. | |
4 | * Copyright (c) 2020 Google, Inc. | |
5 | */ | |
6 | ||
7 | #include "kasan.h" | |
8 | #include "../slab.h" | |
9 | ||
c965cdd6 | 10 | const char *kasan_get_bug_type(struct kasan_report_info *info) |
a0503b8a KYL |
11 | { |
12 | #ifdef CONFIG_KASAN_TAGS_IDENTIFY | |
13 | struct kasan_alloc_meta *alloc_meta; | |
14 | struct kmem_cache *cache; | |
6e48a966 | 15 | struct slab *slab; |
a0503b8a KYL |
16 | const void *addr; |
17 | void *object; | |
18 | u8 tag; | |
19 | int i; | |
20 | ||
21 | tag = get_tag(info->access_addr); | |
22 | addr = kasan_reset_tag(info->access_addr); | |
6e48a966 MWO |
23 | slab = kasan_addr_to_slab(addr); |
24 | if (slab) { | |
25 | cache = slab->slab_cache; | |
26 | object = nearest_obj(cache, slab, (void *)addr); | |
a0503b8a KYL |
27 | alloc_meta = kasan_get_alloc_meta(cache, object); |
28 | ||
29 | if (alloc_meta) { | |
30 | for (i = 0; i < KASAN_NR_FREE_STACKS; i++) { | |
31 | if (alloc_meta->free_pointer_tag[i] == tag) | |
32 | return "use-after-free"; | |
33 | } | |
34 | } | |
35 | return "out-of-bounds"; | |
36 | } | |
37 | #endif | |
38 | ||
39 | /* | |
40 | * If access_size is a negative number, then it has reason to be | |
41 | * defined as out-of-bounds bug type. | |
42 | * | |
43 | * Casting negative numbers to size_t would indeed turn up as | |
44 | * a large size_t and its value will be larger than ULONG_MAX/2, | |
45 | * so that this can qualify as out-of-bounds. | |
46 | */ | |
47 | if (info->access_addr + info->access_size < info->access_addr) | |
48 | return "out-of-bounds"; | |
49 | ||
50 | return "invalid-access"; | |
51 | } |