Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1074232pxu; Mon, 23 Nov 2020 10:59:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJxbPvz2mK/16Bx6b+wGScwkpTctOiq1npnkN4s5aX8Kb+mS3TAilypEXch/o+stYHCW0SBd X-Received: by 2002:a17:906:e2c3:: with SMTP id gr3mr871562ejb.471.1606157940703; Mon, 23 Nov 2020 10:59:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606157940; cv=none; d=google.com; s=arc-20160816; b=NNhme3Gn2w+Kg0V7Ms0Q4UlZoZeUF8wuvLTxJxg22uZ8n1aOJpU9mCzPKJfTG8zKuz vxA8LGyZRpNWCYcE1jm62Si0nGzsvWJ/pzYwVwxt5FY/Ex38zk7vyIZuYJkO8tgw42T+ hbARTR0564d3ZJfKaGOViqRSUJ8nbxCTZHvBw/gaS2IGm7/gga/Tl8xsG2fH5WivySRq C3pE5yt77MM4l6h43l0RZALPATMMHXHrzpnwmv4kc/a9m20RtZEbrMiKgAN15I/6koww ODf38N1HHhTBGpVmoYXAYqi9cI0EXUrVJvipEog28LHu3WBtA17ghPVkc6iBdfENKkr6 XTwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=X9Zd5o6/t2zXpVPXOIa1lwnDSa6wxu3aYly3YlPdS4M=; b=umqL31XIOnQR9xrqE6zuZVtx2KJwRmrlbpJeq38jOgKz1V0crbfqmFefG9nrEYzQY5 nmUjwoNnhd8CiBniA2lLAswlBprDDRjQGUqA2BqzIpnD5YEtmrMb9M/hnz9eWllrIXCL Ecw7Zd7hnXtFb5JS2HWs+G6gtCcynNi9r1Kukudd28c+Wvtwl/UfY5YNoX8yHD7lCPuC zusP8UvDTRKd0qJcX1ZrJZgfeq+FkuLxErKeldJvXHYCqoeBcqin0MZ36qjz4bfpimPg NKihyl4FGaC0f0ynQp1QWE/mbPV7k+stgi7+QeqgGiey05kaQU3nViNaNVsRVft7YChq x13Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SB0bFKQC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i6si7069374edr.610.2020.11.23.10.58.37; Mon, 23 Nov 2020 10:59:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SB0bFKQC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729824AbgKWSy7 (ORCPT + 99 others); Mon, 23 Nov 2020 13:54:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58928 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729298AbgKWSy6 (ORCPT ); Mon, 23 Nov 2020 13:54:58 -0500 Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6255C0613CF for ; Mon, 23 Nov 2020 10:54:58 -0800 (PST) Received: by mail-pg1-x541.google.com with SMTP id v21so15119775pgi.2 for ; Mon, 23 Nov 2020 10:54:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=X9Zd5o6/t2zXpVPXOIa1lwnDSa6wxu3aYly3YlPdS4M=; b=SB0bFKQC1IahCohNpOijmMkJPynNzlupWkgYlnLXxcr1pTiUhBsBmDKsCkJijTP+0A tdRtIxaG3SuFiTFT4s3E/6hx9tnQ+UVq32qpqFB7b85j0YbiUUFP1Q1Af5TVjct+HItH RLGzHX1F3tnBZUK6zshlTKwBtS/W6Bj+qMeW7JgCu9pne9+B8+OyrbjpR/w7jpXrYUtN kjx6aiGbbemuqgBRBHASeQCol3l4zIQ1w5dzq3mBjpkyWYZS/lFMOnrAupR5trFkFu74 88Hj617phBFazTycmAluIs6Dj1i+08wPJtX41RYXI4C+pVzQwRJACFSDjyUa9ENMU62i eqBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=X9Zd5o6/t2zXpVPXOIa1lwnDSa6wxu3aYly3YlPdS4M=; b=PffKhbE/WR5QSjTxUl+RJkYtlrnDj1gNdADOEpL8TkIy57h5/BFHJ7s4hOh83Uqv89 X+5hAfbIAOc8IzCyDz63iTPxeaopfWTacm0C98ilRTMnUhNnxVKHY6VpP7f8EeHSqvX7 C+mKFKNZcv1KmQTpYqQaXZjPvcikJwwIxAljLFqBTF/dOANTfdFyfYDrC4bYiwubKQVZ J+Gu0mFpbwmvR2SevnEH5TU0qogzbn78+7x7rFYzTadaK4sZIo7kuSsYbsr1ECvDZrWE 3k6NmXNMwFS9EeOf1OKlymJu/qJ0DBrIw9AGwQYUWhJo3LYOPQMllHcWfWb+FKXzSFpD M/1Q== X-Gm-Message-State: AOAM531MO6v10EvCJyXXElGY/eSGhv9YXuLmJtgwac6hzAAPLHYrwMMg YKFQCmoi4K43rP7W7jH2gpP1+be2L4rCu9LgKGrBww== X-Received: by 2002:a17:90a:4215:: with SMTP id o21mr326674pjg.166.1606157698246; Mon, 23 Nov 2020 10:54:58 -0800 (PST) MIME-Version: 1.0 References: <52518837b34d607abbf30855b3ac4cb1a9486946.1605305978.git.andreyknvl@google.com> In-Reply-To: From: Andrey Konovalov Date: Mon, 23 Nov 2020 19:54:47 +0100 Message-ID: Subject: Re: [PATCH mm v3 17/19] kasan: clean up metadata allocation and usage To: Dmitry Vyukov Cc: Andrew Morton , Catalin Marinas , Will Deacon , Vincenzo Frascino , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Evgenii Stepanov , Branislav Rankov , Kevin Brodsky , kasan-dev , Linux ARM , Linux-MM , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 17, 2020 at 2:12 PM Dmitry Vyukov wrote: > > > void __kasan_poison_slab(struct page *page) > > { > > @@ -272,11 +305,9 @@ void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache, > > struct kasan_alloc_meta *alloc_meta; > > > > if (kasan_stack_collection_enabled()) { > > - if (!(cache->flags & SLAB_KASAN)) > > - return (void *)object; > > Is it a subtle change in behavior? > Previously we had an early return and also did not set tag, now we > only skip memset but set tag... was it a bug before?... This is a change in behavior, see the patch description. We now always sanitize an object's contents, but only store/update the metadata when it fits. I'll update the patch title, as it might sound confusing, as it kind of implies we're not changing the behavior. > > @@ -135,7 +135,12 @@ static void qlink_free(struct qlist_node *qlink, struct kmem_cache *cache) > > if (IS_ENABLED(CONFIG_SLAB)) > > local_irq_save(flags); > > > > + /* > > + * As the object now gets freed from the quaratine, assume that its > > + * free track is now longer valid. > > typo: _no_ longer valid Will fix! > > > + */ > > *(u8 *)kasan_mem_to_shadow(object) = KASAN_KMALLOC_FREE; > > + > > ___cache_free(cache, object, _THIS_IP_); > > > > if (IS_ENABLED(CONFIG_SLAB)) > > @@ -168,6 +173,9 @@ void quarantine_put(struct kmem_cache *cache, void *object) > > struct qlist_head temp = QLIST_INIT; > > struct kasan_free_meta *meta = kasan_get_free_meta(cache, object); > > > > + if (!meta) > > + return; > > Humm... is this possible? If yes, we would be leaking the object here... > Perhaps BUG_ON with a comment instead. No, this isn't possible. Will turn this into a warning and add a comment. Thanks!