From patchwork Tue Jan 9 22:12:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13515426 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0A21C4706C for ; Tue, 9 Jan 2024 22:12:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 69B188D001D; Tue, 9 Jan 2024 17:12:46 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 64A878D0017; Tue, 9 Jan 2024 17:12:46 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4EBBB8D001D; Tue, 9 Jan 2024 17:12:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 3BF0B8D0017 for ; Tue, 9 Jan 2024 17:12:46 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 16F2E1C12C4 for ; Tue, 9 Jan 2024 22:12:46 +0000 (UTC) X-FDA: 81661173132.12.41465F5 Received: from out-186.mta0.migadu.com (out-186.mta0.migadu.com [91.218.175.186]) by imf14.hostedemail.com (Postfix) with ESMTP id 3E8E210000F for ; Tue, 9 Jan 2024 22:12:43 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=FeUfEWH8; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf14.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1704838364; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=+MEfEwS7YBgABTVs4pBpb90gb7WYrZTDLj1svt0+kOQ=; b=qqFmPGcPi3MnxZ1td9yvXXhfdh7vy8HoxP9JxTiL9d2G1OTNU2vJjEIhs5OSSmEi1kad/9 KkauQBII2TzGDq/eX0NSomhjktcvY1CtCjntSIKLogbUrDoEbpLqwO0MUqxcVjWpY3ZWXT SuKfl3V8U11mTX+5jL7GobfhDvD9j1M= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=FeUfEWH8; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf14.hostedemail.com: domain of andrey.konovalov@linux.dev designates 91.218.175.186 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1704838364; a=rsa-sha256; cv=none; b=N2aIrqwKerAs5AWCj33qa/WgdedrKrrfLSaDzncx0tlPBGoFabPNgStrVQ9WtMFurk93PD s5rasww2AKsJ7fLVWfQaVmUE9eNgOFdMjivtswNRyqwr+Z8eHUm4eVJj5JJUIAhFSGLHhp WnPdjZ7yTX8/YxPDlP0YT8rwgebWi/I= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1704838361; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=+MEfEwS7YBgABTVs4pBpb90gb7WYrZTDLj1svt0+kOQ=; b=FeUfEWH8NQXFDwxIrMCopRuDErF2CX8T2lyAKILhtxo9p7YHypWHSErr2cSpZ7NUXuCRj4 T99H0foXMcRpFqGJbZ1VYyl9mF0EBh3+tvcP+Jqmi7D0ItBLHKMSuoNecWKmCENC7avZ/F xwbCI/whlohiv7GmWiheHgh8pnDt628= From: andrey.konovalov@linux.dev To: Andrew Morton Cc: Andrey Konovalov , Marco Elver , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, linux-mm@kvack.org, "Paul E . McKenney" , Liam.Howlett@oracle.com, linux-kernel@vger.kernel.org Subject: [PATCH mm] kasan: avoid resetting aux_lock Date: Tue, 9 Jan 2024 23:12:34 +0100 Message-Id: <20240109221234.90929-1-andrey.konovalov@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Stat-Signature: 171mqyewjhyriwo9e4qo6oaopk86b35o X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 3E8E210000F X-HE-Tag: 1704838363-849338 X-HE-Meta: U2FsdGVkX1/SVHZH4FMD3MMAmlbVLT8F4lx1MyLfSxDc7frOyfGtOQ0hwfCR6b3zjK2Xe897dmvf8QPG8Tn5rD59qayOFvZx9H9yCmGm0GqmukhhcwspTgybRduCo2n8K+o55ZEo8/8Ts9LFtEtyOZ3Z32rcdSM8e9eD0YSlLxcQ6IslsuZIoGTvFMJejrAITebfchTNYhh6llgd0lw/lC/uZPYyJSMylVDyONeddDadT+zD8J1aWG2eQ02kd93lzeQXfUftwIVgQQTGD/WDF+kgmUWD5DcOQo/BrFOYDdOlu8qscI1CHLWbkQeD47aodJddjf3iz511SpvIrNSC+KHVO7Fm72AOGEcvo63NY84MOhqSNwpj+4Yfwg0jd7TeKALw3vEwJoY7lFd5JA70g6/0B7GCBV+p7KgNig9LCBnsM+UWEcE1ZLTAis7aMH0f1pU7BDdsj2sc1M/3Udo3tariNODYrTBQKD+qYxSM+UThpb8G0lZOFlxlR2VAx7INHOKp3dbvoO1rXmnqTqJwmusj7jJzAa4+or6MGYLNCjy37ZPPBjxQhMBG6IVlv1WstE0YgaZdOAUCXMR2PANTqlNAxY0rGycqgiaXJkTzwq+MizDZw76mEf3Y6BtrArJMqOonyt/SUYe73eQuDlN4Arna1Cou91mjOZcZFhGGhwOp9D13Yhd+gJ6UMyo4qQdtnUbavg3zhmlymx1+LbyPtk9+PnFfWwfW7obRLDASjwTD6n+vFiYiWGfGr0itVlWUZ/K8gr6gLBYDPrCWmOC4Ytw4kJ7RLnz1NVcP7+SbyXAWa9hQloMLrNNBkrMWX2nAGAAqAy1fMNpmrqKR/ZAH9eRNeTSSpb+INYzvPjMXSWqDbfz3sbGPAVJL01i/X0yr4HnSAT20rNJFb5JRmw5+eIYCFnKk/y77bBS3dYh1yWp2IcjVGlOFUbd1ltrx7jMhAKUo8gju/+I921PUiLF YZGPNzcu y/aq2CJ7ax/tApygizJ+yW+9EvS02piFgRmc6AXKeFTx6Io/9/oaILm4+pdv1dmnDEbDrZEePrwNDnLCU2+itP9q1Fw2QkD7MzmWix9s+tj+h2/tmZsF/wrq/iFQUgoDaAWxBxr1jfAvEn4VunMpyAIFiqgZqImmA48tBAjkdsXHrh9iERl+AZYziFIYn1yTwKTD0pFMYlkcQX/SNYQZrMhKzU/ykGY0Z+MHNFnqY4Vw7AOcw2+8fWMW8r+tZmRzOXA8mnuhmZAGJh/ZpwuRzNxvfOg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov With commit 63b85ac56a64 ("kasan: stop leaking stack trace handles"), KASAN zeroes out alloc meta when an object is freed. The zeroed out data purposefully includes alloc and auxiliary stack traces but also accidentally includes aux_lock. As aux_lock is only initialized for each object slot during slab creation, when the freed slot is reallocated, saving auxiliary stack traces for the new object leads to lockdep reports when taking the zeroed out aux_lock. Arguably, we could reinitialize aux_lock when the object is reallocated, but a simpler solution is to avoid zeroing out aux_lock when an object gets freed. Reported-by: Paul E. McKenney Closes: https://lore.kernel.org/linux-next/5cc0f83c-e1d6-45c5-be89-9b86746fe731@paulmck-laptop/ Fixes: 63b85ac56a64 ("kasan: stop leaking stack trace handles") Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver Tested-by: Paul E. McKenney --- mm/kasan/generic.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 24c13dfb1e94..df6627f62402 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -487,6 +487,7 @@ void kasan_init_object_meta(struct kmem_cache *cache, const void *object) __memset(alloc_meta, 0, sizeof(*alloc_meta)); /* + * Prepare the lock for saving auxiliary stack traces. * Temporarily disable KASAN bug reporting to allow instrumented * raw_spin_lock_init to access aux_lock, which resides inside * of a redzone. @@ -510,8 +511,13 @@ static void release_alloc_meta(struct kasan_alloc_meta *meta) stack_depot_put(meta->aux_stack[0]); stack_depot_put(meta->aux_stack[1]); - /* Zero out alloc meta to mark it as invalid. */ - __memset(meta, 0, sizeof(*meta)); + /* + * Zero out alloc meta to mark it as invalid but keep aux_lock + * initialized to avoid having to reinitialize it when another object + * is allocated in the same slot. + */ + __memset(&meta->alloc_track, 0, sizeof(meta->alloc_track)); + __memset(meta->aux_stack, 0, sizeof(meta->aux_stack)); } static void release_free_meta(const void *object, struct kasan_free_meta *meta)