Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1865675pxf; Sat, 3 Apr 2021 03:05:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy31PrKb9MOmakUefSJZ50x8xbA+RblT6t2+Mvu4juBkBDlV6PzUVniWtLTG34cXWvK36GY X-Received: by 2002:a05:6402:1109:: with SMTP id u9mr5768101edv.174.1617444334143; Sat, 03 Apr 2021 03:05:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617444334; cv=none; d=google.com; s=arc-20160816; b=Kh8FXfzmsZd73Sum50pVjNcqfhsG9lL9Zv06HeC+5Ykn5IrqIwteoCCOsIFtHDn2mE DFG56YbrYvGJHM83Oz8yyAoRPYQphWrRVX+eLTkQmukHA6WDVO2a/18svfij0oD+JhNc lfHSq3Vr+fIk96Jpvpq4VC2DcVZ2n2J9B6gTDDagvtr8gsHO1fQuRF0qAQYg3hhH7dZV zCjNu6hF0LJRD4HxPv0KJQcOuEY8hnVRUUQb/vHsAB7BMgz1oXAunei3xAQy33swy8n3 yUJhGCruJ0HGH5grL+k1MHQlZz96jb2eoDzJHSFYeVrMzKqwOAMZ/NQccNCGQQmmh4xo gtOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=lzznQH22yWtsRp0zpmbNBDOhjWliTmLsMaUUCDRZqWU=; b=MUPU1meAydIqp1QJKZQ5VH8NZuO5EvpTQH1hfPR4AIHlrQT/2VZ2JM7RHPzELFmCET rE5t3sDSjaw0Y6kGFIOfUmIPxLqWo2MSBjM897u7iJiR+jw9ssTtceLVovtwBliEAm5G fHPTgGNWl7DP1ndDSkgKARSDHPv4ea2I4OWRnX1XJQxqu1lSadpRXgvZ7iSY3qIk8FMj 2hoPAXQ3l/YqNq1Qbdmryr3dz/PBr7dIq2CJaBBoD3K7o4gOh8kttYzpPOoQjeK5eb17 yB2/KtuQagCk03W5XnKG8WED4UHGDvNYHcLZI3K9X+3ZMMyxAKdzL4g6fvNv3OTR/Hgs irbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WsTuNkJi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l26si7959050ejc.536.2021.04.03.03.04.49; Sat, 03 Apr 2021 03:05:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WsTuNkJi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236035AbhDCKDg (ORCPT + 99 others); Sat, 3 Apr 2021 06:03:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232178AbhDCKDg (ORCPT ); Sat, 3 Apr 2021 06:03:36 -0400 Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C901C0613E6 for ; Sat, 3 Apr 2021 03:03:32 -0700 (PDT) Received: by mail-ot1-x32c.google.com with SMTP id w21-20020a9d63950000b02901ce7b8c45b4so6982362otk.5 for ; Sat, 03 Apr 2021 03:03:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lzznQH22yWtsRp0zpmbNBDOhjWliTmLsMaUUCDRZqWU=; b=WsTuNkJiHYcunUHGy+BKwjRs4cQUzngNneyv1SE4xitILHumSeFd48R4Bz7uuG7kFz DqxlJADmyBJBgt1ShL1HFTGJVotJm5LG/VeDlNbJbuPAolpb3XPPNjhF477Rrcet7S6W Ve8YVhoPyX6JIEuoGQUyQVlhiz4UVrM7FpS8poNuuMexsAKOdQ6jzJFwypHag/eSLTtI A7Mtmt3H+Lu5yWU6HtGNUIqFd40t1GiJG6VhPJUGEEOPo0TQQZpaHGPJUwkvO3wN9U0i 50dmzUNDoH2rIoTRkfZkV0AkY/rVcZvDY4a8iUQPvA14oapHOytndQHkUKqXCLvxhmP9 DSoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lzznQH22yWtsRp0zpmbNBDOhjWliTmLsMaUUCDRZqWU=; b=BupH8aqxS1gbToRKzPK2Q8Le98/P9A3dPHyY4D7Bur/bWukj/K1L/ddOU/XEhRfN/v im5HwtulUsMLPTlf69+7wJNpJalUaVineXzSPbSmz5Oi1e0VJ5N6iGzNSiDpfBZuxKER 0kusWhdBee+j5dWdVgpaX/4we2tbCzZLLLHRoHAIrOJltc7dg5qtqmZ+7o+cDqhC6FFV Dg83sbzI+2nIpq2I3ehTtoi+JNSxsWCzt/P1xQSS2PQvtn7t3UaaeFg2MAWUJ5UEEscB JcALAy+15km42F06k2tcMxhDiaXBwBB+3vCHU2XSoXv3kocL3hPQqmzsQDm3Fd06MKPH 4eDw== X-Gm-Message-State: AOAM533RH/1yd3P5zp10/+VtJEYIdu9+IRpw/It9pHeaLd2YalqDgl0x YgS9V1VrX+oIvIf5tnwXBXiTNUtF4FJ8PAKosWOExQ== X-Received: by 2002:a05:6830:148c:: with SMTP id s12mr15142475otq.251.1617444211171; Sat, 03 Apr 2021 03:03:31 -0700 (PDT) MIME-Version: 1.0 References: <20210403051325.683071-1-pcc@google.com> In-Reply-To: <20210403051325.683071-1-pcc@google.com> From: Marco Elver Date: Sat, 3 Apr 2021 12:03:19 +0200 Message-ID: Subject: Re: [PATCH] kfence: unpoison pool region before use To: Peter Collingbourne Cc: Dmitry Vyukov , Alexander Potapenko , Evgenii Stepanov , Andrey Konovalov , Linux Memory Management List , LKML , Andrew Morton Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 3 Apr 2021 at 07:13, Peter Collingbourne wrote: > If the memory region allocated by KFENCE had previously been poisoned, > any validity checks done using kasan_byte_accessible() will fail. Fix > it by unpoisoning the memory before using it as the pool region. > > Link: https://linux-review.googlesource.com/id/I0af99e9f1c25eaf7e1ec295836b5d148d76940c5 > Signed-off-by: Peter Collingbourne Thanks, at a high level this seems reasonable, because we always want to ensure that KFENCE memory remains unpoisoned with KASAN on. FWIW I subjected a config with KFENCE+KASAN (generic, SW_TAGS, and HW_TAGS) to syzkaller testing and ran kfence_test: Tested-by: Marco Elver However, it is unclear to me under which circumstances we actually need this, i.e. something would grab some memblock memory, somehow poison it, and then release the memory back during early boot (note, kfence_alloc_pool() is called before slab setup). If we can somehow understand what actually did this, perhaps it'd help tell us if this actually needs fixing in KFENCE or it's the other thing that needs a fix. Given all this is happening during really early boot, I'd expect no or very few calls to kasan_poison() until kfence_alloc_pool() is called. We can probably debug it more by having kasan_poison() do a "if (!__kfence_pool) dump_stack();" somewhere. Can you try this on the system where you can repro the problem? I tried this just now on the latest mainline kernel, and saw 0 calls until kfence_alloc_pool(). Thanks, -- Marco > --- > mm/kfence/core.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/mm/kfence/core.c b/mm/kfence/core.c > index d53c91f881a4..bb22b0cf77aa 100644 > --- a/mm/kfence/core.c > +++ b/mm/kfence/core.c > @@ -633,13 +633,19 @@ static DECLARE_DELAYED_WORK(kfence_timer, toggle_allocation_gate); > > void __init kfence_alloc_pool(void) > { > + void *pool; > + > if (!kfence_sample_interval) > return; > > - __kfence_pool = memblock_alloc(KFENCE_POOL_SIZE, PAGE_SIZE); > - > - if (!__kfence_pool) > + pool = memblock_alloc(KFENCE_POOL_SIZE, PAGE_SIZE); > + if (!pool) { > pr_err("failed to allocate pool\n"); > + return; > + } > + > + kasan_unpoison_range(pool, KFENCE_POOL_SIZE); > + __kfence_pool = pool; > } > > void __init kfence_init(void) > -- > 2.31.0.208.g409f899ff0-goog >