Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp2416058rwi; Tue, 11 Oct 2022 08:31:08 -0700 (PDT) X-Google-Smtp-Source: AMsMyM402Pc1SNWYOqVRkNAd6e7fxraldCBNxZ/MhHwuhKsXxU5k+WQJhKa/Z8oNNIkJIZeQgLu7 X-Received: by 2002:a17:902:eecc:b0:17f:624e:8af2 with SMTP id h12-20020a170902eecc00b0017f624e8af2mr24833925plb.152.1665502268068; Tue, 11 Oct 2022 08:31:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665502268; cv=none; d=google.com; s=arc-20160816; b=zn0Zdhyh4UTiH2rj7v5L4cU7kw/kMKJE6038QkPEv6zJAMxg+OtaNkbC7VNxp0qh0t WBXc8v7hOoGaig5DsPagMo8NZ9BgwZwvZgEfLFoe51SPQxnh/CMu23r5nrhQjPLp6elA d9g+kTBl3Y9uWYuVgloHUR4arDK1ME92plb+8wUsq9+AciELgPaZEyEWDatXv2dfz4ux oYW+ie27QJIN340R9730UFSMvwS56DOdyKFDIdu2Y1f+GWVyx//8RUQ+62OC0FuHmMyz Sj3VEG9stoTpDiwEnSVSOGLdMLMzNPxhipA1PUpMpHHdttz/S0h//plCE42w2xdZJV0+ LTBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=B4G7M8JKZn6dY9zXOIh+E6Zcjzi8GQVa+pilD8KJgvQ=; b=kBMsvHxrUULTRtCaaLQZ4Dlv1hwX7HAAz7/WQyvONNBABA5MtRyJ9okOwwdal8W11y MWLZExeLOIOX52dYPvDIsoWL/H6fq7zlygswLoseK7iPelEC1lLps1O/Gj8z6PO515jh 7qiZQS38ehrIU4E7IXo9X2NsarB9rSCIYShAAvgFGs7lCmlV/GUhLhwPqgBhX+A49ol5 3b6/Tr3EmYoFdQRanj+ldHSGLFrL8JWLIjZxocSU4//9XEMWMLmv40EAIkfeAOvEuPMT vzKVHv5dZo9exKDDEbK7oBDkw5P5I4uzvuk8jwzcmaHBwSNxx+1JOzzGWkU91FJ34Xst ZnCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CEEXdkcc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pb3-20020a17090b3c0300b0020aeb242b95si14552847pjb.177.2022.10.11.08.30.44; Tue, 11 Oct 2022 08:31:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CEEXdkcc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230465AbiJKOzE (ORCPT + 99 others); Tue, 11 Oct 2022 10:55:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35922 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230196AbiJKOxl (ORCPT ); Tue, 11 Oct 2022 10:53:41 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2124E9B87F; Tue, 11 Oct 2022 07:51:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9A771B815A6; Tue, 11 Oct 2022 14:51:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46352C433C1; Tue, 11 Oct 2022 14:51:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1665499887; bh=zx+NsFJM2HlrPk63IXXZIbC844ngJf0rvo8h74tKeLo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CEEXdkccXbWuMU1O4+agxLyKOLtdYWhy1rrkE7F9vNB/6+scPbBIMsf7zPgBGeCTO xNxzaSrXMqUhcX3MVm7Hc8anDQbQ6dD5GZuV6+3enGBrvK8kWfr9/xGJK7ae3eCaJS RK24yvNQsqFU22yU2LArdsGYYl6KKBjmPCq38aaLMvVyTpfeTLK40/inIqeXKsD0zw SuAbxVBzw49H5r4EyH6c+/Qld9hc5POdLt4HENgyuIqFCCll1C8ExrXoLaS+gXTDOv LLYcjHuScfTYYdUzlCBT1DW1Cx2HmFe8I8Hn+0bM1lxLMdzJdY69CCAET7aoOg06G4 dy7i1ok5yG3dA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Alex Sverdlin , Linus Walleij , Russell King , Sasha Levin , aryabinin@virtuozzo.com, linux@armlinux.org.uk, kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org Subject: [PATCH AUTOSEL 6.0 45/46] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n Date: Tue, 11 Oct 2022 10:50:13 -0400 Message-Id: <20221011145015.1622882-45-sashal@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221011145015.1622882-1-sashal@kernel.org> References: <20221011145015.1622882-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alex Sverdlin [ Upstream commit 823f606ab6b4759a1faf0388abcf4fb0776710d2 ] In case CONFIG_KASAN_VMALLOC=y kasan_populate_vmalloc() allocates the shadow pages dynamically. But even worse is that kasan_release_vmalloc() releases them, which is not compatible with create_mapping() of MODULES_VADDR..MODULES_END range: BUG: Bad page state in process kworker/9:1 pfn:2068b page:e5e06160 refcount:0 mapcount:0 mapping:00000000 index:0x0 flags: 0x1000(reserved) raw: 00001000 e5e06164 e5e06164 00000000 00000000 00000000 ffffffff 00000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(reserved) Modules linked in: ip_tables CPU: 9 PID: 154 Comm: kworker/9:1 Not tainted 5.4.188-... #1 Hardware name: LSI Axxia AXM55XX Workqueue: events do_free_init unwind_backtrace show_stack dump_stack bad_page free_pcp_prepare free_unref_page kasan_depopulate_vmalloc_pte __apply_to_page_range apply_to_existing_page_range kasan_release_vmalloc __purge_vmap_area_lazy _vm_unmap_aliases.part.0 __vunmap do_free_init process_one_work worker_thread kthread Reviewed-by: Linus Walleij Signed-off-by: Alexander Sverdlin Signed-off-by: Russell King (Oracle) Signed-off-by: Sasha Levin --- arch/arm/mm/kasan_init.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/arm/mm/kasan_init.c b/arch/arm/mm/kasan_init.c index 29caee9c79ce..46d9f4a622cb 100644 --- a/arch/arm/mm/kasan_init.c +++ b/arch/arm/mm/kasan_init.c @@ -268,12 +268,17 @@ void __init kasan_init(void) /* * 1. The module global variables are in MODULES_VADDR ~ MODULES_END, - * so we need to map this area. + * so we need to map this area if CONFIG_KASAN_VMALLOC=n. With + * VMALLOC support KASAN will manage this region dynamically, + * refer to kasan_populate_vmalloc() and ARM's implementation of + * module_alloc(). * 2. PKMAP_BASE ~ PKMAP_BASE+PMD_SIZE's shadow and MODULES_VADDR * ~ MODULES_END's shadow is in the same PMD_SIZE, so we can't * use kasan_populate_zero_shadow. */ - create_mapping((void *)MODULES_VADDR, (void *)(PKMAP_BASE + PMD_SIZE)); + if (!IS_ENABLED(CONFIG_KASAN_VMALLOC) && IS_ENABLED(CONFIG_MODULES)) + create_mapping((void *)MODULES_VADDR, (void *)(MODULES_END)); + create_mapping((void *)PKMAP_BASE, (void *)(PKMAP_BASE + PMD_SIZE)); /* * KAsan may reuse the contents of kasan_early_shadow_pte directly, so -- 2.35.1