Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp4868865rdb; Tue, 12 Dec 2023 11:29:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IFZKuNVVJ03WM0AeiGQaV91dFDxTqc9eLPF9hpZIVwUY/bdlHCPEySm/SVujBwVFH+UPqz5 X-Received: by 2002:a05:6a20:9147:b0:18f:ea5b:6844 with SMTP id x7-20020a056a20914700b0018fea5b6844mr8967617pzc.76.1702409370554; Tue, 12 Dec 2023 11:29:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702409370; cv=none; d=google.com; s=arc-20160816; b=iovgyFsjNvlnWkIe2Gsr+cEha8aQ2Ymii7bKkPXbWuRmaQfgQ82wlANuqfjIoaT1tH ugXXKejfXjtLeBOm0owE5l4KPXqohgAIkv+ceLrcFqmrIA44gROg5YFFdEO5BuNifHYb 6+wr0Md/nVIfzRQK8avQANTNKkNDHHC/y+9vF6db+3jI/R0ucc6wWVxYxnbd7oaI8J4/ ZXhLuVKRPYrOVz5gdmIxrhfbsHwcY1b0o0CEooGGkwthaMj9f4lUZsoFUqCtb2+A+moH 3Nb/u3zuXSLYCSc3Gj1fW23cWF8ET4vQvTWGfRI/cXyEEwy+x+MDYRosoCtmVLYd3i/F 16kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=+rCbqARyeZId11kuEaXWxOwQK5N8S8sXeciQALfHIFM=; fh=2SMY3Ygb4gA67Fm9yk5IPAJMxRWhdsxd8qEuh3AIfK8=; b=Rk3ExNhWktNL8N/EwZm/frHZZfcACcMBZZ7EcpBD7VbHCFuE2IciT14RMTqAv39Ox4 6kOgth5qqhPI8mok4cIUV2QEZgC7c9+TLMMrqpKO+G2CnXCPl2BqSrMI6HSy4+/Noc4W pNYN8VfRglhKsIrZe87aPjtVxROH6Tki/MMzdJawJ32XDpW6HGXZSEfCmbeFMvJD72n/ X8e1fzFAtN7BwNofdNOK2V5xhuNjYcHPGWpcTftIwqKXeO7CnJA51CfWohHKAeNCrAma tuazdoKi607hUcQb4sMdStWnI8reIe6Lg5x/SpGULl1YTKiVLW3y8VIajxmbedd9tTXq dlug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=rK64VIrR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id v18-20020a631512000000b005c672f5f9e9si8122597pgl.602.2023.12.12.11.29.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Dec 2023 11:29:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=rK64VIrR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 00F0B804C49B; Tue, 12 Dec 2023 11:29:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232488AbjLLT3M (ORCPT + 99 others); Tue, 12 Dec 2023 14:29:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229949AbjLLT3L (ORCPT ); Tue, 12 Dec 2023 14:29:11 -0500 Received: from mail-ua1-x92f.google.com (mail-ua1-x92f.google.com [IPv6:2607:f8b0:4864:20::92f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2796C9F for ; Tue, 12 Dec 2023 11:29:17 -0800 (PST) Received: by mail-ua1-x92f.google.com with SMTP id a1e0cc1a2514c-7c47dd348f2so1418134241.2 for ; Tue, 12 Dec 2023 11:29:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1702409356; x=1703014156; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+rCbqARyeZId11kuEaXWxOwQK5N8S8sXeciQALfHIFM=; b=rK64VIrRYw/aNuCoY/RiVwJEVO96rUFzRdWCHXJ16kvyoYxbSxKV+upsIWD4rmAKUa 8NzzHJNP4p5st29P15N0L2jECX0xuoH3k3vyGzQKf/W+VuF6aLB5zAyFdbnsobjU9WXQ PDjeWTGlVG9ii0cjbfcRnKB0//5K3RYbSV4XS7o1cuyLOSkZ7+9TwCdDyrPZrTvRgRet IjIoj0iVu8irZ14C6iEjQyab9WMJ4mJoqpECxfhdqYOUb6JhckMEaUC4zzJ4kaUTUful LP1YeOqDkwx5ZAGxx/2lmvZhCNr8E11gBp4qjbQ8Iyi8UohVy/v7+QMJpf7DpiTEpvvo oagg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702409356; x=1703014156; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+rCbqARyeZId11kuEaXWxOwQK5N8S8sXeciQALfHIFM=; b=FNvE8NNUmTYl8W49xhXJvJfmX5xUXn0vDL/FFQonjiCVlraQOnG3YvnzCtfCQYviJD nWddBPLu0ZVpbI4dTo6J6T1f18XCO1ykINTosZxyQZbOLuE0NHD6YN9XdDITdpN/pF5d 2wevAg5mh6OrWBUIg6TBlVDmgH3Iiv0srzz6dTc607c+cIT/s5n7m9aMr8PvwVWFKzdK qOlsfbgdo3BO2NRuJ2rhhK+CvxP2w5hKshuUKHw+g30SyTRuPbEPVPRdjfNtyjenSoFs LgUmDOTYTqRJAstZToX7aVb7N/V25uRY7wzsc94q0n3uP+71LSF4AGRm/A1nhEzuTIyn y9+A== X-Gm-Message-State: AOJu0Yzk2rsKCBjKNHmgQFCs7inJmyo7BNdhYnu9Xp6YwB4odvwAijqK HS/n4Rgwia816sAjGZH3c4SfpGXW8T0mHvJw5YKOEw== X-Received: by 2002:a05:6102:3752:b0:464:3cdb:856c with SMTP id u18-20020a056102375200b004643cdb856cmr5344796vst.9.1702409356064; Tue, 12 Dec 2023 11:29:16 -0800 (PST) MIME-Version: 1.0 References: <432a89fafce11244287c8af757e73a2eb22a5354.1702339432.git.andreyknvl@google.com> In-Reply-To: <432a89fafce11244287c8af757e73a2eb22a5354.1702339432.git.andreyknvl@google.com> From: Marco Elver Date: Tue, 12 Dec 2023 20:28:37 +0100 Message-ID: Subject: Re: [PATCH mm 2/4] kasan: handle concurrent kasan_record_aux_stack calls To: andrey.konovalov@linux.dev Cc: Andrew Morton , Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Vlastimil Babka , kasan-dev@googlegroups.com, Evgenii Stepanov , Tetsuo Handa , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov , syzbot+186b55175d8360728234@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 12 Dec 2023 11:29:28 -0800 (PST) On Tue, 12 Dec 2023 at 01:14, wrote: > > From: Andrey Konovalov > > kasan_record_aux_stack can be called concurrently on the same object. > This might lead to a race condition when rotating the saved aux stack > trace handles. > > Fix by introducing a spinlock to protect the aux stack trace handles > in kasan_record_aux_stack. > > Reported-by: Tetsuo Handa > Reported-by: syzbot+186b55175d8360728234@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/000000000000784b1c060b0074a2@google.com/ > Signed-off-by: Andrey Konovalov > > --- > > This can be squashed into "kasan: use stack_depot_put for Generic mode" > or left standalone. > --- > mm/kasan/generic.c | 15 +++++++++++++-- > 1 file changed, 13 insertions(+), 2 deletions(-) > > diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c > index 54e20b2bc3e1..ca5c75a1866c 100644 > --- a/mm/kasan/generic.c > +++ b/mm/kasan/generic.c > @@ -25,6 +25,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -35,6 +36,8 @@ > #include "kasan.h" > #include "../slab.h" > > +DEFINE_SPINLOCK(aux_lock); No, please don't. > /* > * All functions below always inlined so compiler could > * perform better optimizations in each of __asan_loadX/__assn_storeX > @@ -502,6 +505,8 @@ static void __kasan_record_aux_stack(void *addr, depot_flags_t depot_flags) > struct kmem_cache *cache; > struct kasan_alloc_meta *alloc_meta; > void *object; > + depot_stack_handle_t new_handle, old_handle; > + unsigned long flags; > > if (is_kfence_address(addr) || !slab) > return; > @@ -512,9 +517,15 @@ static void __kasan_record_aux_stack(void *addr, depot_flags_t depot_flags) > if (!alloc_meta) > return; > > - stack_depot_put(alloc_meta->aux_stack[1]); > + new_handle = kasan_save_stack(0, depot_flags); > + > + spin_lock_irqsave(&aux_lock, flags); This is a unnecessary global lock. What's the problem here? As far as I can understand a race is possible where we may end up with duplicated or lost stack handles. Since storing this information is best effort anyway, and bugs are rare, a global lock protecting this is overkill. I'd just accept the racyness and use READ_ONCE() / WRITE_ONCE() just to make sure we don't tear any reads/writes and the depot handles are valid. There are other more complex schemes [1], but I think they are overkill as well. [1]: Since a depot stack handle is just an u32, we can have a union { depot_stack_handle_t handles[2]; atomic64_t atomic_handle; } aux_stack; (BUILD_BUG_ON somewhere if sizeof handles and atomic_handle mismatch.) Then in the code here create the same union and load atomic_handle. Swap handle[1] into handle[0] and write the new one in handles[1]. Then do a cmpxchg loop to store the new atomic_handle. > + old_handle = alloc_meta->aux_stack[1]; > alloc_meta->aux_stack[1] = alloc_meta->aux_stack[0]; > - alloc_meta->aux_stack[0] = kasan_save_stack(0, depot_flags); > + alloc_meta->aux_stack[0] = new_handle; > + spin_unlock_irqrestore(&aux_lock, flags); > + > + stack_depot_put(old_handle); > } > > void kasan_record_aux_stack(void *addr) > -- > 2.25.1 >