Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1232153pxb;
        Fri, 21 Jan 2022 12:56:08 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxTT6Uce7IjeQ/58adgTjSc2CTGzkc04BZEp1b8EyT7oJM8tVeT/KQXp8flUkmp7tCqfMSk
X-Received: by 2002:a17:902:a616:b0:14a:c625:6a7a with SMTP id u22-20020a170902a61600b0014ac6256a7amr5574798plq.108.1642798568119;
        Fri, 21 Jan 2022 12:56:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642798568; cv=none;
        d=google.com; s=arc-20160816;
        b=xBrDM64qtUjdq48bsrrGhYm4cfyEyN++a3Lrb9WlWKxo/e0znJrASgLVelp1J2yHEc
         Ks6H9R2p8SLUapEqBnNNtv+HbcocHNRSM+Hjtal8eSPinJM5isktnmNENSYvEp8GJkDC
         YFyDyxQkO/MPT9RSz2Y6BubMrHKLvAZVqfe74kzAELV3AT4mIgMyWJIbB/Hg32pzBaMR
         DKUXt0J7wg+kAo7xH5kp4+z0PO4pBmGP+aQv96KV6Y4r1u14sVBEWtJT33EG/0ol1vgZ
         Z2KIyHXclUdGyEpngjc+rCzKdufSbRLNw2wqF3GIUG8yv7Dm89fQIE/CSzaJdIDiQ+HL
         dksg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date
         :dkim-signature;
        bh=xdUwiaSDktWd6qoicdCm7OxjVqH7uixhadYKrHDPc0M=;
        b=k52HSCHk3HeoXCpG760QsIdvhlRLbNSyCFVHI2zmxqZ3pBb3d+I0XATGSRmx3JgyV5
         at/IIcSRFzssrqzrNF8c8ak9K1V4a77w4asAiVAMvZIIy+eKK4K407s65EBJhqtMs7ME
         ejU7vm/GeXqmynLuUDNMuhOEKmmDdxcXoSbpxeWHiAlSXGQm6hX/SsiHK0nGtzHwGjsf
         PMC+BLUlUA8CmY8m5VLUqHC6ypHDLe/GlHDEAIDIDRi2Ylte9QqzsC/VtZuujwt7AfsD
         NW33t9ygltAc7u3hRuvi7WkrMVniaY73YfDB5XDDcY75951/KGEQ7h2t7vtjIQpRjuv2
         JZMw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=CB2aleUs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y6si9610678plg.343.2022.01.21.12.55.56;
        Fri, 21 Jan 2022 12:56:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=CB2aleUs;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1358154AbiATCCD (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Wed, 19 Jan 2022 21:02:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32908 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1358149AbiATCCD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Jan 2022 21:02:03 -0500
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0732C061574
        for <linux-kernel@vger.kernel.org>; Wed, 19 Jan 2022 18:02:02 -0800 (PST)
Received: by mail-yb1-xb4a.google.com with SMTP id f12-20020a056902038c00b006116df1190aso8611367ybs.20
        for <linux-kernel@vger.kernel.org>; Wed, 19 Jan 2022 18:02:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:message-id:mime-version:subject:from:to:cc;
        bh=xdUwiaSDktWd6qoicdCm7OxjVqH7uixhadYKrHDPc0M=;
        b=CB2aleUsk+i4qlNsdDxRBtAYQXwwyLAJicGUOKZQrShQKriQmd9u6zCneI/B61xl27
         weBPN7jWK8BTv/dFYfOLwAwzLCkg5DG3IpzAFv8BuI0AidPDiuNWkUvI9KG3wTi9b2Ol
         Sfsv6tu3VH82Apjf/9g46UshMZxDq741k/fJABlhN/OXvjoHvl4YKg0fyUIotqCfxPbc
         qJGkz9sN6NaYWitGwy7DWtrqR7oPuWpi2ga9UW8NsJG+tDMsWNLaKDUgcSz6v4PZcNOL
         DeDA0OYcHAOkSN3SX6zvJSXoUlU1Vn34WyT/9l8oHrKE2QfE+7zI/6ERzuVVa+kJMytY
         YKCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
        bh=xdUwiaSDktWd6qoicdCm7OxjVqH7uixhadYKrHDPc0M=;
        b=PPjfzUcvTyArPUUNOM9XbiY4Ltt4Q2z4P1Pn/p6eaB3F24yzYgPtxBdxrwB9N2Vih6
         AeZsXnzy+b+2ybTlv4cCXuElY5xJJ/rw+GrVWc0/W+6LuBIUWSWVvdVLPvwpLMJS5IXr
         5wRlk19CKNtLBJqNzCM7PR7lP+tL+RJpxGL/hulmylkou7oLE7pzQ4d/+cVZEuin/Vm+
         zu/ODsC6+LQy0VieyUTihuPQiZEP+M96Ll6GvujlKgxdfuuhmcpDNhPLS/jAaxrAjn/z
         cQbgGFLRWiv2VQlFme2kL73/8fS8JAXqJ8OSqIBtmUXp09H2fP73Wtl+B2zrZrDKSKhP
         RZ1Q==
X-Gm-Message-State: AOAM531cc+hksT+/N79tARzW3QDfi4p7loIuOU7qiLbxFufY3dPrSoTD
        IZCohkbyGdLRBnLEIAmsBe+v4j8=
X-Received: from pcc-desktop.svl.corp.google.com ([2620:15c:2ce:200:7641:d112:dd90:7ea1])
 (user=pcc job=sendgmr) by 2002:a05:6902:154f:: with SMTP id
 r15mr15749472ybu.242.1642644121821; Wed, 19 Jan 2022 18:02:01 -0800 (PST)
Date:   Wed, 19 Jan 2022 18:01:48 -0800
Message-Id: <20220120020148.1632253-1-pcc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.34.1.703.g22d0c6ccf7-goog
Subject: [PATCH v3] mm: use compare-exchange operation to set KASAN page tag
From:   Peter Collingbourne <pcc@google.com>
To:     Andrey Konovalov <andreyknvl@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>
Cc:     Peter Collingbourne <pcc@google.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org,
        Peter Zijlstra <peterz@infradead.org>, stable@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

It has been reported that the tag setting operation on newly-allocated
pages can cause the page flags to be corrupted when performed
concurrently with other flag updates as a result of the use of
non-atomic operations. Fix the problem by using a compare-exchange
loop to update the tag.

Signed-off-by: Peter Collingbourne <pcc@google.com>
Link: https://linux-review.googlesource.com/id/I456b24a2b9067d93968d43b4bb3351c0cec63101
Fixes: 2813b9c02962 ("kasan, mm, arm64: tag non slab memory allocated via pagealloc")
Cc: stable@vger.kernel.org
---
v3:
- use try_cmpxchg() as suggested by Peter Zijlstra on another
  patch

v2:
- use READ_ONCE()

 include/linux/mm.h | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index c768a7c81b0b..87473fe52c3f 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1531,11 +1531,18 @@ static inline u8 page_kasan_tag(const struct page *page)
 
 static inline void page_kasan_tag_set(struct page *page, u8 tag)
 {
-	if (kasan_enabled()) {
-		tag ^= 0xff;
-		page->flags &= ~(KASAN_TAG_MASK << KASAN_TAG_PGSHIFT);
-		page->flags |= (tag & KASAN_TAG_MASK) << KASAN_TAG_PGSHIFT;
-	}
+	unsigned long old_flags, flags;
+
+	if (!kasan_enabled())
+		return;
+
+	tag ^= 0xff;
+	old_flags = READ_ONCE(page->flags);
+	do {
+		flags = old_flags;
+		flags &= ~(KASAN_TAG_MASK << KASAN_TAG_PGSHIFT);
+		flags |= (tag & KASAN_TAG_MASK) << KASAN_TAG_PGSHIFT;
+	} while (unlikely(!try_cmpxchg(&page->flags, &old_flags, flags)));
 }
 
 static inline void page_kasan_tag_reset(struct page *page)
-- 
2.34.1.703.g22d0c6ccf7-goog