[v4,0/3] Fix KASAN crash when using KASAN_VMALLOC

Message ID	20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> From: Linus Walleij <linus.walleij@linaro.org> Subject: [PATCH v4 0/3] Fix KASAN crash when using KASAN_VMALLOC Date: Mon, 21 Oct 2024 15:02:57 +0200 Message-Id: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: Clement LE GOFFIC <clement.legoffic@foss.st.com>, Russell King <linux@armlinux.org.uk>, Melon Liu <melon1335@163.com>, Kees Cook <kees@kernel.org>, AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>, Mark Brown <broonie@kernel.org>, Mark Rutland <mark.rutland@arm.com>, Ard Biesheuvel <ardb@kernel.org> Cc: Antonio Borneo <antonio.borneo@foss.st.com>, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, Linus Walleij <linus.walleij@linaro.org>, stable@vger.kernel.org Precedence: list Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	Fix KASAN crash when using KASAN_VMALLOC \| expand [v4,0/3] Fix KASAN crash when using KASAN_VMALLOC [v4,1/3] ARM: ioremap: Sync PGDs for VMALLOC shadow [v4,2/3] ARM: entry: Do a dummy read from VMAP shadow [v4,3/3] mm: Pair atomic_set_release() with _read_acquire()

Message ID

20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org (mailing list archive)

Headers

From: Linus Walleij <linus.walleij@linaro.org>
Subject: [PATCH v4 0/3] Fix KASAN crash when using KASAN_VMALLOC
Date: Mon, 21 Oct 2024 15:02:57 +0200
Message-Id: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: Clement LE GOFFIC <clement.legoffic@foss.st.com>,
 Russell King <linux@armlinux.org.uk>, Melon Liu <melon1335@163.com>,
 Kees Cook <kees@kernel.org>,
 AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>,
 Mark Brown <broonie@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
 Ard Biesheuvel <ardb@kernel.org>
Cc: Antonio Borneo <antonio.borneo@foss.st.com>,
 linux-stm32@st-md-mailman.stormreply.com,
 linux-arm-kernel@lists.infradead.org,
 Linus Walleij <linus.walleij@linaro.org>, stable@vger.kernel.org
Precedence: list
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

Fix KASAN crash when using KASAN_VMALLOC | expand

Message

Linus Walleij Oct. 21, 2024, 1:02 p.m. UTC

This problem reported by Clement LE GOFFIC manifest when
using CONFIG_KASAN_IN_VMALLOC and VMAP_STACK:
https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/

After some analysis it seems we are missing to sync the
VMALLOC shadow memory in top level PGD to all CPUs.

Add some code to perform this sync, and the bug appears
to go away.

As suggested by Ard, also perform a dummy read from the
shadow memory of the new VMAP_STACK in the low level
assembly.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
Changes in v4:
- Since Kasan is not using header stubs, it is necessary to avoid
  kasan_*() calls using ifdef when compiling without KASAN.
- Lift a line aligning the end of vmalloc from Melon Liu's
  very similar patch so we have feature parity, credit Melon
  as co-developer.
- Include the atomic_read_acquire() patch in the series due
  to context requirements.
- Verify that the after the patch the kernel still builds and boots
  without Kasan.
- Link to v3: https://lore.kernel.org/r/20241017-arm-kasan-vmalloc-crash-v3-0-d2a34cd5b663@linaro.org

Changes in v3:
- Collect Mark Rutlands ACK on patch 1
- Change the simplified assembly add r2, ip, lsr #n to the canonical
  add r2, r2, ip, lsr #n in patch 2.
- Link to v2: https://lore.kernel.org/r/20241016-arm-kasan-vmalloc-crash-v2-0-0a52fd086eef@linaro.org

Changes in v2:
- Implement the two helper functions suggested by Russell
  making the KASAN PGD copying less messy.
- Link to v1: https://lore.kernel.org/r/20241015-arm-kasan-vmalloc-crash-v1-0-dbb23592ca83@linaro.org

---
Linus Walleij (3):
      ARM: ioremap: Sync PGDs for VMALLOC shadow
      ARM: entry: Do a dummy read from VMAP shadow
      mm: Pair atomic_set_release() with _read_acquire()

 arch/arm/kernel/entry-armv.S |  8 ++++++++
 arch/arm/mm/ioremap.c        | 35 ++++++++++++++++++++++++++++++-----
 2 files changed, 38 insertions(+), 5 deletions(-)
---
base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc
change-id: 20241015-arm-kasan-vmalloc-crash-fcbd51416457

Best regards,

Comments

Linus Walleij Oct. 23, 2024, noon UTC | #1

On Mon, Oct 21, 2024 at 3:03 PM Linus Walleij <linus.walleij@linaro.org> wrote:

> This problem reported by Clement LE GOFFIC manifest when
> using CONFIG_KASAN_IN_VMALLOC and VMAP_STACK:
> https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/
>
> After some analysis it seems we are missing to sync the
> VMALLOC shadow memory in top level PGD to all CPUs.
>
> Add some code to perform this sync, and the bug appears
> to go away.
>
> As suggested by Ard, also perform a dummy read from the
> shadow memory of the new VMAP_STACK in the low level
> assembly.
>
> Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

As these are regressions that need to go in as fixes I'm putting
them into Russell's patch tracker now.

The 9427/1 patch:
https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=9427/1

Need to be avoided as it causes build regressions. Patch 1/3
supersedes it.

Yours,
Linus Walleij