From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=oIdf=GR=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 98156C433E0
	for <linux-mm@archiver.kernel.org>; Thu, 14 Jan 2021 19:34:10 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 293A323B6B
	for <linux-mm@archiver.kernel.org>; Thu, 14 Jan 2021 19:34:10 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 293A323B6B
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id B14C18D0115; Thu, 14 Jan 2021 14:34:09 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id AEA5E8D0114; Thu, 14 Jan 2021 14:34:09 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A01378D0115; Thu, 14 Jan 2021 14:34:09 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0164.hostedemail.com [216.40.44.164])
	by kanga.kvack.org (Postfix) with ESMTP id 8831F8D0114
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 14:34:09 -0500 (EST)
Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 4F0BD3636
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 19:34:09 +0000 (UTC)
X-FDA: 77705381418.01.wax84_451295127529
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin01.hostedemail.com (Postfix) with ESMTP id 2719310053320
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 19:34:09 +0000 (UTC)
X-HE-Tag: wax84_451295127529
X-Filterd-Recvd-Size: 5324
Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74])
	by imf06.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 19:34:08 +0000 (UTC)
Received: by mail-ed1-f74.google.com with SMTP id n18so2803083eds.2
        for <linux-mm@kvack.org>; Thu, 14 Jan 2021 11:34:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=sender:date:in-reply-to:message-id:mime-version:references:subject
         :from:to:cc;
        bh=K3THHtce7/ygl6Gpfs3Di2sEUO2VBikWbOhVCkSY9ac=;
        b=vGVmZqHj/AbJ1AfEndnv5qhN+kxXpODExe7oS5E1yEmi9WEhI0SfOrlYPGX55Bl5S5
         IAj/+Mw7dd5aBsSYNH5jX2rqXbsXhFP6e6PPixAuxk0wrqZ8unG4KH7Cw/eVhGJTGviN
         lPkgslaukDbGTN/Gv7djiu445f3483hEM3Ad6vdiOVFB6a05Sit/uI9otkaqdljywR+C
         v6tF/BLbualYuwQqKuaZJ6I8BIhCsGVVmIFVwUEHBeIG26BFXuW0fwgIBrX43LYTrGWH
         yeDapqJs1tPTHyAjsYyRfn5TLAJLj6+r7IU3blDikAT/jQG8jRfHtzStwmTf/yeR+4iE
         mdVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=K3THHtce7/ygl6Gpfs3Di2sEUO2VBikWbOhVCkSY9ac=;
        b=UnzUcb2XpYdzZ1yc9xR7RmP2k/pt6lYvHCQolZSGlCkurHdvGyYBVr7aSJSi6UiF4C
         gWpM+S1f/DzWNeS+WdbLTsiMU3AawUySzOpfCwcPh+IsK0RAMhB6FZj904IK8Huyej85
         Fc+smg94v2Bybw5CQYkFkLWViuSHUoEgZnEKjAbZfLuuJ4hkarOCkhL72rCAc+jtKHaA
         Nr+EEWTHcysWZCgzMXDlNli7Y8XogKzpD4pzv4/9dvbjq32CgVjgGKJqY8/P6bkvImvL
         JUV/CuqFTfahGwh0OLVS+RviI2qLoFfZMmU0wfbSGiZ0CyEAeNfXZ2XlgvG5mHXTdlgy
         eLNQ==
X-Gm-Message-State: AOAM530/EdKoXbf8E3d9GMs2j29j5tbQbb+ZdJu8gDGTYe4UazAPOgec
	8UYzWyWpYW5rSBPWeAYfKxzNplbRJWHNwrOe
X-Google-Smtp-Source: ABdhPJyemLAvJCZ5NV1PNi6ia9mIG5BPvNuaojX/Vqve5Fg8GAq9MsC5vRUJBJF4bO4tLtErmJICS+Uki60iFkJH
X-Received: from andreyknvl3.muc.corp.google.com ([2a00:79e0:15:13:7220:84ff:fe09:7e9d])
 (user=andreyknvl job=sendgmr) by 2002:a17:906:578e:: with SMTP id
 k14mr6448146ejq.90.1610652846821; Thu, 14 Jan 2021 11:34:06 -0800 (PST)
Date: Thu, 14 Jan 2021 20:33:56 +0100
In-Reply-To: <cover.1610652791.git.andreyknvl@google.com>
Message-Id: <89cd4db80c3ee8c1975eb9171e99fcbc894eb1dd.1610652791.git.andreyknvl@google.com>
Mime-Version: 1.0
References: <cover.1610652791.git.andreyknvl@google.com>
X-Mailer: git-send-email 2.30.0.284.gd98b1dd5eaa7-goog
Subject: [PATCH v2 1/2] kasan, mm: fix conflicts with init_on_alloc/free
From: Andrey Konovalov <andreyknvl@google.com>
To: Andrew Morton <akpm@linux-foundation.org>, Catalin Marinas <catalin.marinas@arm.com>, 
	Vincenzo Frascino <vincenzo.frascino@arm.com>, Dmitry Vyukov <dvyukov@google.com>, 
	Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>
Cc: Will Deacon <will.deacon@arm.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, 
	Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com>, 
	Branislav Rankov <Branislav.Rankov@arm.com>, Kevin Brodsky <kevin.brodsky@arm.com>, 
	kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org, 
	linux-mm@kvack.org, linux-kernel@vger.kernel.org, 
	Andrey Konovalov <andreyknvl@google.com>, Vlastimil Babka <vbabka@suse.cz>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

A few places where SLUB accesses object's data or metadata were missed in
a previous patch. This leads to false positives with hardware tag-based
KASAN when bulk allocations are used with init_on_alloc/free.

Fix the false-positives by resetting pointer tags during these accesses.

(The kasan_reset_tag call is removed from slab_alloc_node, as it's added
 into maybe_wipe_obj_freeptr.)

Link: https://linux-review.googlesource.com/id/I50dd32838a666e173fe06c3c5c766f2c36aae901
Fixes: aa1ef4d7b3f67 ("kasan, mm: reset tags when accessing metadata")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 mm/slub.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/mm/slub.c b/mm/slub.c
index dc5b42e700b8..75fb097d990d 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2791,7 +2791,8 @@ static __always_inline void maybe_wipe_obj_freeptr(struct kmem_cache *s,
 						   void *obj)
 {
 	if (unlikely(slab_want_init_on_free(s)) && obj)
-		memset((void *)((char *)obj + s->offset), 0, sizeof(void *));
+		memset((void *)((char *)kasan_reset_tag(obj) + s->offset),
+			0, sizeof(void *));
 }
 
 /*
@@ -2883,7 +2884,7 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s,
 		stat(s, ALLOC_FASTPATH);
 	}
 
-	maybe_wipe_obj_freeptr(s, kasan_reset_tag(object));
+	maybe_wipe_obj_freeptr(s, object);
 
 	if (unlikely(slab_want_init_on_alloc(gfpflags, s)) && object)
 		memset(kasan_reset_tag(object), 0, s->object_size);
@@ -3329,7 +3330,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
 		int j;
 
 		for (j = 0; j < i; j++)
-			memset(p[j], 0, s->object_size);
+			memset(kasan_reset_tag(p[j]), 0, s->object_size);
 	}
 
 	/* memcg and kmem_cache debug support */
-- 
2.30.0.284.gd98b1dd5eaa7-goog