Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp158962pxb; Fri, 15 Jan 2021 09:44:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJx8lS2FBLMmvy0AweVzGWGpz3kwKPb3hhgLN46oKnYU3zrNet88BKolwp9PWz9yFySzCWBk X-Received: by 2002:aa7:cd62:: with SMTP id ca2mr5927784edb.81.1610732665913; Fri, 15 Jan 2021 09:44:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610732665; cv=none; d=google.com; s=arc-20160816; b=JCLTrEjuYcwq8FdAYujvxvZ2h88+AF23flzbQOjdNYkAzHIILNBuP0IxYQYCCwKKlo EbURJzH2CN6u8QHjqxuALDYwSDsetQ10nCP+EAvsd2C/oyrEPYqOtD7Yfp30s8+LeFTW F0cop93b4N3bJ3fClgwiPHfo/1HgZBNIJ8jKCGYRhCzrN5mbRTUBecoakijl/7w82tgi Z5KRTPU8r1SIIkXY91OmvJsuCYkWVDd5VHelJSeTSmTK/XIT/bSb32ieGHB8gqoYUPyk Y2357Tk3wJTgLAJJsdI9HTC1i/STAgsDCkdiYZ2Eom1SMHP52HOHJ/JcSd61nE+5IEFJ w6Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:sender:dkim-signature; bh=K3THHtce7/ygl6Gpfs3Di2sEUO2VBikWbOhVCkSY9ac=; b=HHlmJfGDAfFDG0ask7Hrd0wftu8dexZMT/IykRBDHuZtQtTu7/X1YeDE8oUrydi67y AOEeQ/NK2Z3dc3KIeRlGhue82e31Mjt7X+vJIdR4da3MyZMNIxI+RWtP5EuWKB9HUAcq FCh9aYVUwKTAQu036YmMwLDX22Ssy+QpEMWjsJh0faPNBOfsq6QhXiRP5aZslVbfvdqG 8y8ABVEaCPCyJbsema7iTG4m8Nv0YiMz2KLSRmbALIuBPSvCnZCOsXVc4oYhxhW1U0Uk M+QG7mkiHgYlBopQ39e37y1DDMavjrtNXGmmpruQ8gVc1qmai9ZQVKLUvw2Jc75Ss3kI 6XHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=YxIbv2JZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g21si4500726edb.12.2021.01.15.09.44.02; Fri, 15 Jan 2021 09:44:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=YxIbv2JZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732400AbhAORm7 (ORCPT + 99 others); Fri, 15 Jan 2021 12:42:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726657AbhAORm6 (ORCPT ); Fri, 15 Jan 2021 12:42:58 -0500 Received: from mail-qk1-x749.google.com (mail-qk1-x749.google.com [IPv6:2607:f8b0:4864:20::749]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F487C06179C for ; Fri, 15 Jan 2021 09:42:01 -0800 (PST) Received: by mail-qk1-x749.google.com with SMTP id i82so8715944qke.19 for ; Fri, 15 Jan 2021 09:42:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=K3THHtce7/ygl6Gpfs3Di2sEUO2VBikWbOhVCkSY9ac=; b=YxIbv2JZ/qV4zGXdFigX3S8ljfnrUEhn14Ys1aZ1tTUXEm8VYqpXbLen8V6PWdmX0a E1KPMLYLHXQTaNCWXtiwbrArQV7LeWFbU+EG84BCpcJgteiL6c+tG3fLF7sDwGzDfG3S r5hrWL8TSW7EFVfolYDnRo5v1syNLMimHqANOlQXZgKEVy9hu3vUcNELux9OWdB15Sox pEZaa+p/BXkx7IMyA0XmUFOGfe4MSjUg/7LDoHyIqRjQppiMSyORcYeBWw08mDINHECt mKMRs/P6jP83P3rj2rhk01YJ0AVD+WaIOHBRq+aF0M4Glu+TVEtCF0AwjpAyhvn6MJNs kr0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=K3THHtce7/ygl6Gpfs3Di2sEUO2VBikWbOhVCkSY9ac=; b=mO8xMbAi5NsMjrI0UPKK3eRfb0u+mbkYX+oxU1uMjOhA0KeRvBX52ZlTBBsqe8I+yb RvORpteTMFXUuugxc41Z74D2CzyUYhPBhjnkO3j5iJLTA12KfLskBrb4NYglIWmZtgJo 1nyTB74ovyFOigPONktUJnm6Sl3ujT9oUh8pptaZfUiEKG4XBD6aKC3O5ttPYMysGqA1 Hi7DRLKH774ahJfBuy65v3rqtQ1MVeAEtnUe6STRznaCdx2b8LQgUtw4Z8y+aFgZ1Ykb ZVumAN2s06IQ4+T0IwJ/11IIkxgIUnJMkXEKferj7lYTOrWL5aNMpJkauzt1id25zMVw RuNw== X-Gm-Message-State: AOAM530+MkQEZ6uU526z97zvoQNOWxkTR/Xuh2Fu9ZbN1jN+gdMnlqXT NPUmw8vbmqQu5ZyFt74NP60kKnFeb+msONLl Sender: "andreyknvl via sendgmr" X-Received: from andreyknvl3.muc.corp.google.com ([2a00:79e0:15:13:7220:84ff:fe09:7e9d]) (user=andreyknvl job=sendgmr) by 2002:a0c:c583:: with SMTP id a3mr12947974qvj.15.1610732520689; Fri, 15 Jan 2021 09:42:00 -0800 (PST) Date: Fri, 15 Jan 2021 18:41:52 +0100 In-Reply-To: Message-Id: <093428b5d2ca8b507f4a79f92f9929b35f7fada7.1610731872.git.andreyknvl@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.30.0.284.gd98b1dd5eaa7-goog Subject: [PATCH v3 1/2] kasan, mm: fix conflicts with init_on_alloc/free From: Andrey Konovalov To: Andrew Morton , Catalin Marinas , Vincenzo Frascino , Dmitry Vyukov , Alexander Potapenko , Marco Elver Cc: Will Deacon , Andrey Ryabinin , Peter Collingbourne , Evgenii Stepanov , Branislav Rankov , Kevin Brodsky , kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov , Vlastimil Babka Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A few places where SLUB accesses object's data or metadata were missed in a previous patch. This leads to false positives with hardware tag-based KASAN when bulk allocations are used with init_on_alloc/free. Fix the false-positives by resetting pointer tags during these accesses. (The kasan_reset_tag call is removed from slab_alloc_node, as it's added into maybe_wipe_obj_freeptr.) Link: https://linux-review.googlesource.com/id/I50dd32838a666e173fe06c3c5c766f2c36aae901 Fixes: aa1ef4d7b3f67 ("kasan, mm: reset tags when accessing metadata") Reported-by: Dmitry Vyukov Acked-by: Vlastimil Babka Signed-off-by: Andrey Konovalov --- mm/slub.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index dc5b42e700b8..75fb097d990d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2791,7 +2791,8 @@ static __always_inline void maybe_wipe_obj_freeptr(struct kmem_cache *s, void *obj) { if (unlikely(slab_want_init_on_free(s)) && obj) - memset((void *)((char *)obj + s->offset), 0, sizeof(void *)); + memset((void *)((char *)kasan_reset_tag(obj) + s->offset), + 0, sizeof(void *)); } /* @@ -2883,7 +2884,7 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, stat(s, ALLOC_FASTPATH); } - maybe_wipe_obj_freeptr(s, kasan_reset_tag(object)); + maybe_wipe_obj_freeptr(s, object); if (unlikely(slab_want_init_on_alloc(gfpflags, s)) && object) memset(kasan_reset_tag(object), 0, s->object_size); @@ -3329,7 +3330,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, int j; for (j = 0; j < i; j++) - memset(p[j], 0, s->object_size); + memset(kasan_reset_tag(p[j]), 0, s->object_size); } /* memcg and kmem_cache debug support */ -- 2.30.0.284.gd98b1dd5eaa7-goog