Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp7643781pxb; Thu, 18 Feb 2021 16:14:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJwCdw6Flp7Nt4GC3iAjEtvA3ZiAGvBLFU6ys9NficVy9DPXN0G9h1wwdjXeMLic1VcXvDEa X-Received: by 2002:a17:906:6096:: with SMTP id t22mr6589178ejj.34.1613693649124; Thu, 18 Feb 2021 16:14:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613693649; cv=none; d=google.com; s=arc-20160816; b=tZasMn95665C2KvHYOZOspUAT/SPIAb0Dvl46z+k60ddJ9R1m8X3UPHasBKJOaL3yh i9zRTS4UGksDX7edbLqCu1Zu9bTxDSWRw5NlxJLYtFqboNFHhlGKJDHzR/xELMoCkuGi R0hb4OQYubCBJKstvsUaW/R6XvXwlboIVjH1i0vEn0fxS5tF3Vd7Ghjtv73L3UehBHyW YMoICN/5fMn/HKJe2FajtOhgmRe7WOuBdULsKbM6Es5DhYKYBX6qRXnEaUYcF9pcUD15 wBLcWhDzz3IGNCT0vDn7lqhjTrkx8iAbIe5zVeHjULUymp6UHZa/6vPpkHo6hI1zJHIb MtRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7mNeKDWUCPWRjksxHsm0Sl4Ar+FMbcH9wO3bpUG9+dU=; b=tRqUYbBYlYlpd8BVctlIftpdZV4p7phEKCVVf+XM9MGcGk4l7kE22S1x8ZCKv+m9CS A/Dg5eTj2EFg6j/e4qCwJr3QQ6+cVl5f3h+lt5u+igMF1cX9FMJVjjbfVd8FgMSXu+7N pZEUtnNXhXcyYFRHgwBZDXC9hTqJUTRZ5pfu3vbe/jp0hs6hAeCIopgySo/+ni3A8usH E3Vc4BeRVVjhrKcLO9UTDitjlx512WITcKGLxXMdcjwVClrC4RNIcnLAKeKG6H5HZhVl tTwcYsAnbdc96TawEDIZ4uVdFH2BPLSayRYrijmlIP0IWu4W9U6V1MCSGKit2D2kkzxd bxXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BC6tuzv2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d17si5063645edv.53.2021.02.18.16.13.45; Thu, 18 Feb 2021 16:14:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=BC6tuzv2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229840AbhBSAKp (ORCPT + 99 others); Thu, 18 Feb 2021 19:10:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229656AbhBSAKl (ORCPT ); Thu, 18 Feb 2021 19:10:41 -0500 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F50AC061574 for ; Thu, 18 Feb 2021 16:10:01 -0800 (PST) Received: by mail-pf1-x435.google.com with SMTP id q20so2616019pfu.8 for ; Thu, 18 Feb 2021 16:10:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7mNeKDWUCPWRjksxHsm0Sl4Ar+FMbcH9wO3bpUG9+dU=; b=BC6tuzv20jq0nQ0piEbqyLgRX7rhaCxUkZrHw37Vmfz/7XgquLlxAHC/1EohAiv3Rb fcb9rMYbpw48pogIU8JjxT55d1pYGBnmAnG7gQxNn/iMBEPtPCmTje74BGwi1zKsRzg9 KpIkMLTiypUKUGiP+kFemDmsIhQPV/cv1vkfKC5otpQ9WG646Y6RnI7vok74axJFpJuD CY4yJXp9tVBiUZHmuTBt9v6tHNhKTqSSm1KXcDWbUSRtkvSv4ygeYzD4jaaf4NorfdD7 jowW5zj0AzpS1zbka09mozIdiyO7yP1MUfgSIutoXIUCSEqrkXrI2WzWRAV+F41StTg+ mL8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7mNeKDWUCPWRjksxHsm0Sl4Ar+FMbcH9wO3bpUG9+dU=; b=MMQDegmgIr1hIOfVSNtjqCTpqKFXs9DZBZmitScnUA2xMKRVBtHDgKboEKHEcLi/d7 1zuBhORN97zjBuX3U+VvRmjAhMu6gR5sCw8d+wNsiVLXM0sfx6GYYiIAdA3a/fWvx+8O m+dOVd7UOFB2q/B9nXV/PiM4CyJEGzeCgxW7SiVTEoLeX4LSwXytkjtuyeUjftpQyJVq wLklVxzSIPSLmGeqKiEpIkbb/tkVz/oS5kbuVasxNybVnlPK8hXLnHUEtocQLjlRvdDo y8SJ9JqUzEUCR9SlHv7IrTGNj5s5IM3xbFzF7WZKz3Z6Mu17FGB3hT2REkPCrOV7skxm iKDA== X-Gm-Message-State: AOAM533JJuc75fo6WqG8YXLZr0+o6n07r7gE0r87piUBv4cS9dL9mb37 6k2S/jdTKs5wU6W5fp2y5OsRIUVPQn2M6u7BQWqbfg== X-Received: by 2002:a62:7c55:0:b029:1dd:8c65:1ed8 with SMTP id x82-20020a627c550000b02901dd8c651ed8mr6639950pfc.24.1613693400570; Thu, 18 Feb 2021 16:10:00 -0800 (PST) MIME-Version: 1.0 References: <487751e1ccec8fcd32e25a06ce000617e96d7ae1.1613595269.git.andreyknvl@google.com> In-Reply-To: From: Andrey Konovalov Date: Fri, 19 Feb 2021 01:09:49 +0100 Message-ID: Subject: Re: [PATCH] mm, kasan: don't poison boot memory To: George Kennedy Cc: David Hildenbrand , Andrew Morton , Catalin Marinas , Vincenzo Frascino , Dmitry Vyukov , Konrad Rzeszutek Wilk , Will Deacon , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Peter Collingbourne , Evgenii Stepanov , Branislav Rankov , Kevin Brodsky , Christoph Hellwig , kasan-dev , Linux ARM , Linux Memory Management List , LKML , Dhaval Giani Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 19, 2021 at 1:06 AM George Kennedy wrote: > > > > On 2/18/2021 3:55 AM, David Hildenbrand wrote: > > On 17.02.21 21:56, Andrey Konovalov wrote: > >> During boot, all non-reserved memblock memory is exposed to the buddy > >> allocator. Poisoning all that memory with KASAN lengthens boot time, > >> especially on systems with large amount of RAM. This patch makes > >> page_alloc to not call kasan_free_pages() on all new memory. > >> > >> __free_pages_core() is used when exposing fresh memory during system > >> boot and when onlining memory during hotplug. This patch adds a new > >> FPI_SKIP_KASAN_POISON flag and passes it to __free_pages_ok() through > >> free_pages_prepare() from __free_pages_core(). > >> > >> This has little impact on KASAN memory tracking. > >> > >> Assuming that there are no references to newly exposed pages before they > >> are ever allocated, there won't be any intended (but buggy) accesses to > >> that memory that KASAN would normally detect. > >> > >> However, with this patch, KASAN stops detecting wild and large > >> out-of-bounds accesses that happen to land on a fresh memory page that > >> was never allocated. This is taken as an acceptable trade-off. > >> > >> All memory allocated normally when the boot is over keeps getting > >> poisoned as usual. > >> > >> Signed-off-by: Andrey Konovalov > >> Change-Id: Iae6b1e4bb8216955ffc14af255a7eaaa6f35324d > > > > Not sure this is the right thing to do, see > > > > https://lkml.kernel.org/r/bcf8925d-0949-3fe1-baa8-cc536c529860@oracle.com > > > > Reversing the order in which memory gets allocated + used during boot > > (in a patch by me) might have revealed an invalid memory access during > > boot. > > > > I suspect that that issue would no longer get detected with your > > patch, as the invalid memory access would simply not get detected. > > Now, I cannot prove that :) > > Since David's patch we're having trouble with the iBFT ACPI table, which > is mapped in via kmap() - see acpi_map() in "drivers/acpi/osl.c". KASAN > detects that it is being used after free when ibft_init() accesses the > iBFT table, but as of yet we can't find where it get's freed (we've > instrumented calls to kunmap()). Maybe it doesn't get freed, but what you see is a wild or a large out-of-bounds access. Since KASAN marks all memory as freed during the memblock->page_alloc transition, such bugs can manifest as use-after-frees.