From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 183EBC27C4F for ; Tue, 18 Jun 2024 06:40:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9F9336B02F0; Tue, 18 Jun 2024 02:40:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9A8946B02F1; Tue, 18 Jun 2024 02:40:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 849616B02F2; Tue, 18 Jun 2024 02:40:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 65CE56B02F0 for ; Tue, 18 Jun 2024 02:40:47 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 0CB17404EA for ; Tue, 18 Jun 2024 06:40:47 +0000 (UTC) X-FDA: 82243061334.24.64F94D3 Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191]) by imf11.hostedemail.com (Postfix) with ESMTP id 7D11940002 for ; Tue, 18 Jun 2024 06:40:43 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.191 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1718692837; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=5I8whTwiIFSJuGcU2vYQdIaMkNCL86sWL59+VsEuFrE=; b=Ta9gS8J7sePfDpQouiTIHG61RL0IeL2C9SSS0cvBNSNKCG61RBE+/DN4fys8XKz48TsFYw t2q5tRQTtfjLdwxpALjnXqICHTwvDpR3TSboHHIPDMQWa6CwKMxmDP4qvpMxxM7i2QpI1p N44SYRiT+Iu44Wipz5KD9d4z17YE6vE= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718692837; a=rsa-sha256; cv=none; b=TV7pe3UBWCp5aE/R7oX2fR1tPscXQTMNJMoGVr1XIhXb2MSYq+BokniXcJchTbNWwwMJZV p8NKh1SRM/N9G/B+16p7i66N69dCPVPLmcsBl67nQaYSwVYr/eBv2FXtNl2z+9DwgGtHQd rw03gPkEgPISGji3TsV31NvBnqVKSX4= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.191 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com Received: from mail.maildlp.com (unknown [172.19.162.112]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4W3HBw2GjPz1HDW6; Tue, 18 Jun 2024 14:38:32 +0800 (CST) Received: from dggpemd200001.china.huawei.com (unknown [7.185.36.224]) by mail.maildlp.com (Postfix) with ESMTPS id BD7A2140123; Tue, 18 Jun 2024 14:40:33 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by dggpemd200001.china.huawei.com (7.185.36.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Tue, 18 Jun 2024 14:40:33 +0800 From: Wupeng Ma To: , , , , , CC: , , , Subject: [Question] race during kasan_populate_vmalloc_pte Date: Tue, 18 Jun 2024 14:40:22 +0800 Message-ID: <20240618064022.1990814-1-mawupeng1@huawei.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To dggpemd200001.china.huawei.com (7.185.36.224) X-Stat-Signature: pafwaw55usojz1rhp15epuis7ppfdtty X-Rspamd-Queue-Id: 7D11940002 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1718692843-420184 X-HE-Meta: U2FsdGVkX18G0T6teps4LxAt4baPVgczCmauMihTm5zUf3Vg2/m4KhtxAHifFFEdggCEtE7oTvBP7q33b+B73p9PxDbAfQiit2QYcu9DMGXe63kgkc6CK+NJ2zUtew11pp+icTMgYK7S59NC5FH1RpscRgjNDoVDHZjyzuUjcVNINTlw0KrzBRK0FEN4ybU1wqGK38rMjL8dfWYA517Tdia74qEb97SGlVWqPARiDTDnN7UVJkLBdapfyItxbIFwRqfbnNrcXHpttWe4DVvdpoMD3XhqXzzgR262p8sUVw72ca9CKAbLtOe0XNpDAVZ//RnF9M/B+OZffhEE5Wyz7towNWMTgPoQRaqUsHBF0Eo1N5ecUex77upbmEPUTmF9IigxqSveK2IS+8dcHupcz4ocbu6mEKKqrr3/+9XmchxYWrVx7i5q4dl24U9h4OVMZXMaqwglsHSbH9tOn96pyGufp7eMBy+afCoYfac/nssH105qanBq+/4rmlmV2pELBNQSqqQfAc8+MWXwUtyD+hEF3A9kk/1zsPko9lhyo48id0C0FhadZtb/ZD4rZaEhPk4vfXEsOdfnCRY/elyBDenhRu18dWlQmKgRK6zEL3gE2atowjkK2L2dVe4+vzL23ygK4Rx9wXRc8zAjG8buDsVE1lpG41ETV+D9SvEInUVPl6pUp4LgV8WwH8IC0tj6c+aUWiPGXULV2bkZBr17R3V5Ro6UUZun3u4nYXjsLMJckgEHIWBGcXQeGJ5tv0SAYgSyn5Sb5JuJcQdBX+A8xqk7YYckl/ug2Nso8r3/9x+K37XmImcNvD8FQ8/2Rt4BhoN5832vv/OtvZ9tWRBqKbB7g2I1dmcP3W9/Wzz/iJKu+3xxlCOubNMjRfovfiOO+GHV64bXD2/GqrQYRig6EqWDqNQj3RN2fMQ7kGritCZIyuvfMseIpaUi8ocmxpjQtysAJB4JFEMF2CQxGLg kPMF8gwW ldmopiPAxd7C9dMFuO2NkCSCuqJrDWrw2N+XB1/T/mu09/5rlisZMEmB3ssrQI9ObDUNOafoQwUQxCZ13N/7Fupy0devZsoqaDDb5LfdcvZ8NEot+PjYOcGApHOwfjsJ4sTgGaF9m46H0eK29mV9tlxJpVuf0aLAwPZM9DIR5kO42aDinzA8L3Yq/86zZnHnsq1C/bxUBOLv9TNEsyP0rFL0s8V2NSfvm357+/ODYK6ySQ4U= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi maintainers, During our testing, we discovered that kasan vmalloc may trigger a false vmalloc-out-of-bounds warning due to a race between kasan_populate_vmalloc_pte and kasan_depopulate_vmalloc_pte. cpu0 cpu1 cpu2 kasan_populate_vmalloc_pte kasan_populate_vmalloc_pte kasan_depopulate_vmalloc_pte spin_unlock(&init_mm.page_table_lock); pte_none(ptep_get(ptep)) // pte is valid here, return here pte_clear(&init_mm, addr, ptep); pte_none(ptep_get(ptep)) // pte is none here try alloc new pages spin_lock(&init_mm.page_table_lock); kasan_poison // memset kasan shadow region to 0 page = __get_free_page(GFP_KERNEL); __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); spin_lock(&init_mm.page_table_lock); set_pte_at(&init_mm, addr, ptep, pte); spin_unlock(&init_mm.page_table_lock); Since kasan shadow memory in cpu0 is set to 0xf0 which means it is not initialized after the race in cpu1. Consequently, a false vmalloc-out-of-bounds warning is triggered when a user attempts to access this memory region. The root cause of this problem is the pte valid check at the start of kasan_populate_vmalloc_pte should be removed since it is not protected by page_table_lock. However, this may result in severe performance degradation since pages will be frequently allocated and freed. Is there have any thoughts on how to solve this issue? Thank you.