Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp2855577rwe;
        Mon, 29 Aug 2022 01:07:47 -0700 (PDT)
X-Google-Smtp-Source: AA6agR7BVr532dJYp4kb3M4Z5q+iDPDH1kfQ1bHxzSgA/U8nFsMYpMCP1QmyVlX/CR0tmlQKC/aS
X-Received: by 2002:a05:6402:4515:b0:443:7833:3d7b with SMTP id ez21-20020a056402451500b0044378333d7bmr15194193edb.151.1661760467328;
        Mon, 29 Aug 2022 01:07:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661760467; cv=none;
        d=google.com; s=arc-20160816;
        b=JVr41/1I+VBcavNnkOgNO97uBWzO/xJvhCtdUa07nxe5gcLLF1nnxRmRQl8B5cPslI
         hcYd4hVryIBA6YMhbT5GkqWUoh4kRysSQa4DN1/wdrhhzEyH3kyNd/bibqd0pXcc0gOh
         B6toqzMcrak0dCt6FqHzitYzUSnnjn7btPuL4ZXzvQbqAnjrbVRbHeLwKloAsEik/G2O
         zZCXsY+hPKbp3Pyn2igTMx5ElvCgyXhO9Mc4RAH1sgYU/MwblSjNaLVjckppYz/8WltU
         O6V1RywPO+1xFSM48CKaDa7z/RYEn5x0LmQWZhTZeswXypYxemeA7wPUR4zGAyBeFOYY
         09uQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=J64Rhb1TYG6oR5L91PBe0TU5EH464UhjIRgwvau1hKg=;
        b=kcPMPj3j03Mi60jwaFqqgH4oEBZV7bm1bLR2fAordp7B0/FNzVglaUiiOCA4ih0uE0
         FjUCzDtPlsAjlxyGvQB5MvvQ0Tc3IWvH0Ofd0jnXP9gxBWFOMqQ2bWmonXMTZvBSSo1q
         X/H9OITSlh5Th6m+acVs74TC0rVeeJn/2AbiycR+SrGmuCId5YLzVn1unpQ8kgVzPbtA
         lJNMiRpGvV4f/qnFpgzOJbJgNiKP+dIEEpXnpuadEerbEanEoYgmXynfFZkMH7peFixk
         qxPj55M5WRSysC/nMtgdj5NZauRRQYmWWC4FNHoL3euTdOI7tkXjRZ8wOtQVngczSIJL
         EEyA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=OGcIyYRb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id go37-20020a1709070da500b0073d7097ac8asi7397230ejc.538.2022.08.29.01.07.22;
        Mon, 29 Aug 2022 01:07:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=OGcIyYRb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229737AbiH2H4F (ORCPT
        <rfc822;andriy.druk.mailinglists@gmail.com> + 99 others);
        Mon, 29 Aug 2022 03:56:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56136 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229725AbiH2Hz4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Aug 2022 03:55:56 -0400
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B63F82715A
        for <linux-kernel@vger.kernel.org>; Mon, 29 Aug 2022 00:55:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1661759755; x=1693295755;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=jcnnNskazsBc3DHIiMPQsDf7lUlURK3M021eCeUP7pM=;
  b=OGcIyYRbXBOQQejgaaDTfoCuJJSngme/mry8Wzwg/caju5n9W3z8SguK
   X7zDPFtNKj+wftSQH3It4wQagJD3WbIAQwNvz40prKQo7eSiZ/oKxD8/D
   L96PWpwjYsISi3JsHbfpdYWKkD461oAO/Wps+oCtOm/YHPan+3miV/r6p
   GJGkOOhqO9lKqtzm0GnO2GTu7pllHRZFui8GS0+BcqhLiqjh8y/E/ZvT0
   AiEPqvIC8iQo6nvQYxCxfZxLI3b7iD+BUIuhS0hxj7WFmDFAuaokTiugp
   8UpXqz6mMl+KrKndQ6P2eNkHb+uxmGeEWGVBD1I5IX0V1pXLWFeSSe5fp
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10453"; a="381140133"
X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; 
   d="scan'208";a="381140133"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Aug 2022 00:55:55 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.93,272,1654585200"; 
   d="scan'208";a="672283586"
Received: from shbuild999.sh.intel.com ([10.239.147.181])
  by fmsmga008.fm.intel.com with ESMTP; 29 Aug 2022 00:55:52 -0700
From:   Feng Tang <feng.tang@intel.com>
To:     Andrew Morton <akpm@linux-foundation.org>,
        Vlastimil Babka <vbabka@suse.cz>,
        Christoph Lameter <cl@linux.com>,
        Pekka Enberg <penberg@kernel.org>,
        David Rientjes <rientjes@google.com>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Roman Gushchin <roman.gushchin@linux.dev>,
        Hyeonggon Yoo <42.hyeyoo@gmail.com>,
        Dmitry Vyukov <dvyukov@google.com>
Cc:     Dave Hansen <dave.hansen@intel.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org, Feng Tang <feng.tang@intel.com>,
        kernel test robot <oliver.sang@intel.com>
Subject: [PATCH v4 3/4] mm: kasan: Add free_meta size info in struct kasan_cache
Date:   Mon, 29 Aug 2022 15:56:17 +0800
Message-Id: <20220829075618.69069-4-feng.tang@intel.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20220829075618.69069-1-feng.tang@intel.com>
References: <20220829075618.69069-1-feng.tang@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When kasan is enabled for slab/slub, it may save kasan' free_meta
data in the former part of slab object data area in slab object
free path, which works fine.

There is ongoing effort to extend slub's debug function which will
redzone the latter part of kmalloc object area, and when both of
the debug are enabled, there is possible conflict, especially when
the kmalloc object has small size, as caught by 0Day bot [1]

For better information for slab/slub, add free_meta's data size
info 'kasan_cache', so that its users can take right action to
avoid data conflict.

[1]. https://lore.kernel.org/lkml/YuYm3dWwpZwH58Hu@xsang-OptiPlex-9020/
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Feng Tang <feng.tang@intel.com>
Acked-by: Dmitry Vyukov <dvyukov@google.com>
---
 include/linux/kasan.h | 2 ++
 mm/kasan/common.c     | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/include/linux/kasan.h b/include/linux/kasan.h
index b092277bf48d..293bdaa0ba09 100644
--- a/include/linux/kasan.h
+++ b/include/linux/kasan.h
@@ -100,6 +100,8 @@ static inline bool kasan_has_integrated_init(void)
 struct kasan_cache {
 	int alloc_meta_offset;
 	int free_meta_offset;
+	/* size of free_meta data saved in object's data area */
+	int free_meta_size_in_object;
 	bool is_kmalloc;
 };
 
diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 69f583855c8b..762ae7a7793e 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -201,6 +201,8 @@ void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size,
 			cache->kasan_info.free_meta_offset = KASAN_NO_FREE_META;
 			*size = ok_size;
 		}
+	} else {
+		cache->kasan_info.free_meta_size_in_object = sizeof(struct kasan_free_meta);
 	}
 
 	/* Calculate size with optimal redzone. */
-- 
2.34.1