Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp621709rdd; Tue, 9 Jan 2024 14:36:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IFpb7yxSe/yKWjfCsl+YoMqqatjpPH+RZGV82HnQkIu6yfJxctmxwrpuMBEq7Gt5BHd5ayj X-Received: by 2002:a17:902:d4d1:b0:1d3:7368:663 with SMTP id o17-20020a170902d4d100b001d373680663mr286914plg.7.1704839810468; Tue, 09 Jan 2024 14:36:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704839810; cv=none; d=google.com; s=arc-20160816; b=WSWGjNt8kzGRqFqFaL8NGXHOfGQ9a0Dpnh6B6/zQ/Isy740WISSpplFpNnjNxgiQv1 nDhTkTXZ5mzOc8Bdpdl0oyUb3RF2h29jZfeD9UUKtzsst5T3NuVS9kA1K/kLfVCcaTOj 6TMrFxldG3KyYObZ8rdItRj3L838aamXA9Ee2357ml6ZJA8rBTG9rE/PLe2+jntSJG37 ZLLyWPsNcUp3F0VV8uSQmJXUU0oJA6TEe4BL8cDCi6OfBY4oS6j+bSBkNljUHC0068Vl ja52xMMmkd+0jTtSqCMeLCXTahqBujopWuQFHIcGVzanCTjdepD3jFhwu9ZhxC5Mcy+j Lejg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=wkqH0kvhJZgtpeoRvV3BZL+94wcGjMIJhbLOpqO3e68=; fh=dj7fNEPdqON0Sr19FDcKDNkJeoUSfJOtq7qs7EdA858=; b=tsWVB062gB225TUfrwnFNa/xC50DaPigtuKJmRUHaIr6kmV3BUBIi4v3gygEXdUBJ2 Y/i2lWsCEtoJ9sypeeH5nVsxF4KMhmZEa6LZ4m9s3tT0DUgX+JwScfdm1gsw8W/ahe/2 bUOKW2GFV7AXHcHYjhipSBpy1+byikcmhCFmR0lsKif60NifyKTrA//fApwK/udRFl7Y RLmdpGygCDAdO1xs1tmNWfTRgGY/b+5ZJy2Dlf2eBI4jojg7dV3iX4qb4Q6bJSJFPFBT JH8q8QbUkw5JsEPT4p5P0yJzdmWRcKcO6GCheoOv7iO/aqjHmK31d7O2DnTLKd0Lq6gO DxHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=S26wdiHr; spf=pass (google.com: domain of linux-kernel+bounces-21481-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id o9-20020a170902778900b001d3f8c97b09si2240098pll.43.2024.01.09.14.36.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 14:36:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-21481-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=S26wdiHr; spf=pass (google.com: domain of linux-kernel+bounces-21481-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-21481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 2833C286378 for ; Tue, 9 Jan 2024 22:36:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0A1533DBB5; Tue, 9 Jan 2024 22:36:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="S26wdiHr" Received: from mail-vk1-f175.google.com (mail-vk1-f175.google.com [209.85.221.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D23723B789 for ; Tue, 9 Jan 2024 22:36:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-vk1-f175.google.com with SMTP id 71dfb90a1353d-4b7480a80ceso2547340e0c.0 for ; Tue, 09 Jan 2024 14:36:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1704839800; x=1705444600; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=wkqH0kvhJZgtpeoRvV3BZL+94wcGjMIJhbLOpqO3e68=; b=S26wdiHr3gll1lQYzMZvgU6aOqfge4fxGoo3F1c86bHV6q0zdJhLUrzgGvPtPacEcp db4wks8x8jyA8WLtRugTf/xpTGC/5GoJWJtKnib7NVrjEMOoOAirxaLX39Hd/ydUsKLI Yfp2pldFb1oyXMG621s0PxNtBc6vijdnJB3+uJxai+SAmvQxemGfHNq0wrLLqiUZqVHN nWZAfpSpoGs4wQNhDC37+ZqJ7RIBKJWIm7hNK6P5ysz4X03vlrc/FMBMW/nutWRls4RH ViSWbp5gHnpJBvkUQDSFF+uuFAXRoKbBVfE6krWJ/f4nZlzH8Lfiu36wy/CdR5HZbfen sZVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704839800; x=1705444600; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wkqH0kvhJZgtpeoRvV3BZL+94wcGjMIJhbLOpqO3e68=; b=CuH4gABplGojSyMDpgZcaaAbB+cKyVwalU2mlPEA1jWrmePSiLRuE0mX2ZOMTO1vzu NQfOQQCyTvP+SPC/RIfNpQXIDYBq225t9lT9HJvvtS/wY+waBUf6jtHZVie724CzENHH WwqNzfZ/R3SF+rISHZBhW8UapEfZMPy9arODmE4YwwjXaWpnMvNjajJXFUnwCKxVOfDD Nfx3UubppBYRtzqkmLcmqwn/OyomTUYh4oum60db7SkmLk02xIIHRHy7DHfY8egXMVHf eIsQ7UVTGDyBHvMjDoVejMxxlMuW/u6jVwXa0LVbQ+y3AbRtYGjpPsI6CPhpsJdd8XDR 3sbA== X-Gm-Message-State: AOJu0YwYpFOeTIfSr73cFQNAAwmYLKHNWpdfSg0R6pdJlZ0ZorRhZ3u9 vXPZqsSejZQme8k/mch0EUrv2QiJa2imfEGqK6st2ZNQ4CVz X-Received: by 2002:a05:6122:2a0e:b0:4b2:c554:ccfe with SMTP id fw14-20020a0561222a0e00b004b2c554ccfemr156571vkb.10.1704839800511; Tue, 09 Jan 2024 14:36:40 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240109221234.90929-1-andrey.konovalov@linux.dev> In-Reply-To: <20240109221234.90929-1-andrey.konovalov@linux.dev> From: Marco Elver Date: Tue, 9 Jan 2024 23:36:01 +0100 Message-ID: Subject: Re: [PATCH mm] kasan: avoid resetting aux_lock To: andrey.konovalov@linux.dev Cc: Andrew Morton , Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, linux-mm@kvack.org, "Paul E . McKenney" , Liam.Howlett@oracle.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" On Tue, 9 Jan 2024 at 23:12, wrote: > > From: Andrey Konovalov > > With commit 63b85ac56a64 ("kasan: stop leaking stack trace handles"), > KASAN zeroes out alloc meta when an object is freed. The zeroed out data > purposefully includes alloc and auxiliary stack traces but also > accidentally includes aux_lock. > > As aux_lock is only initialized for each object slot during slab > creation, when the freed slot is reallocated, saving auxiliary stack > traces for the new object leads to lockdep reports when taking the > zeroed out aux_lock. > > Arguably, we could reinitialize aux_lock when the object is reallocated, > but a simpler solution is to avoid zeroing out aux_lock when an object > gets freed. > > Reported-by: Paul E. McKenney > Closes: https://lore.kernel.org/linux-next/5cc0f83c-e1d6-45c5-be89-9b86746fe731@paulmck-laptop/ > Fixes: 63b85ac56a64 ("kasan: stop leaking stack trace handles") > Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver > --- > mm/kasan/generic.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c > index 24c13dfb1e94..df6627f62402 100644 > --- a/mm/kasan/generic.c > +++ b/mm/kasan/generic.c > @@ -487,6 +487,7 @@ void kasan_init_object_meta(struct kmem_cache *cache, const void *object) > __memset(alloc_meta, 0, sizeof(*alloc_meta)); > > /* > + * Prepare the lock for saving auxiliary stack traces. > * Temporarily disable KASAN bug reporting to allow instrumented > * raw_spin_lock_init to access aux_lock, which resides inside > * of a redzone. > @@ -510,8 +511,13 @@ static void release_alloc_meta(struct kasan_alloc_meta *meta) > stack_depot_put(meta->aux_stack[0]); > stack_depot_put(meta->aux_stack[1]); > > - /* Zero out alloc meta to mark it as invalid. */ > - __memset(meta, 0, sizeof(*meta)); > + /* > + * Zero out alloc meta to mark it as invalid but keep aux_lock > + * initialized to avoid having to reinitialize it when another object > + * is allocated in the same slot. > + */ > + __memset(&meta->alloc_track, 0, sizeof(meta->alloc_track)); > + __memset(meta->aux_stack, 0, sizeof(meta->aux_stack)); > } > > static void release_free_meta(const void *object, struct kasan_free_meta *meta) > -- > 2.25.1 >