From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=oIdf=GR=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-23.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 53465C433E0
	for <linux-mm@archiver.kernel.org>; Thu, 14 Jan 2021 15:32:07 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D7D0823A7E
	for <linux-mm@archiver.kernel.org>; Thu, 14 Jan 2021 15:32:06 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D7D0823A7E
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id E12348D00E9; Thu, 14 Jan 2021 10:32:05 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D9AD68D008E; Thu, 14 Jan 2021 10:32:05 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C63888D00E9; Thu, 14 Jan 2021 10:32:05 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0178.hostedemail.com [216.40.44.178])
	by kanga.kvack.org (Postfix) with ESMTP id ADB378D008E
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 10:32:05 -0500 (EST)
Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 730CD283D
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 15:32:05 +0000 (UTC)
X-FDA: 77704771410.27.veil71_5301edb27527
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin27.hostedemail.com (Postfix) with ESMTP id 2B69B3D668
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 15:32:05 +0000 (UTC)
X-HE-Tag: veil71_5301edb27527
X-Filterd-Recvd-Size: 5251
Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176])
	by imf02.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 14 Jan 2021 15:32:04 +0000 (UTC)
Received: by mail-pg1-f176.google.com with SMTP id i5so4026896pgo.1
        for <linux-mm@kvack.org>; Thu, 14 Jan 2021 07:32:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=b1a4WcSAwlYzo0UVF2lRgmzbjdobg4wJJNHBjscc+aU=;
        b=Tkj04O8NIGP7QDG5QTP6bp8Db1EvdW4IPCh4lJItQRb5f79KL8pGxUw0gaJnz4QYr9
         A/mUAUJhro+oeSHfysLYmNo/wUWCKeg/NRlS7SYxV+C97fjHSwr0/IR/xBJ0DzYVV3k8
         mwdnEe6hoxje/KVyNShsUXEtt/C//jkQFvZSG+0Z7rz/aT/s106uCI+G6qp4yuXBEJfn
         e+Bbhc5pQLWmt0dJauY7eJWtsDVC5y1fRCPPw3FQ5gXsKSLUZz0efQ9Q8sfGta7UeR0z
         L+cLxO9D5jsYwYZDw8oprrz5C3K4xhNVy7K55IwDwnewfIbAz0LSD3V/uXz4tucEBClg
         VR7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=b1a4WcSAwlYzo0UVF2lRgmzbjdobg4wJJNHBjscc+aU=;
        b=mXZViZQORkgGcVzJGwbH/IXI5RhwSy7l3qDk5fXTC/dwXAUYTSMmjD4+XezuX3YkYd
         YMuCLKeHmRYhozE5mqUs9k96bzVwPVbgOz5xcuoZpIzXu29bM+PAnoOCtlwU6iTfV8Xm
         kJKTc3gKfrAHqztsC9MFfk+e6yNSvdUBoPsjb9d7AJ1kxcGVw58ePldA6HC/0klGpXX2
         1KXRT762LmOqol12HbBCAjdTCEQColMLhWFB+f0eeclwVTXHTfLAGHT62m9VuuGgz7jd
         OIPQRJ6TqDO6G+1YgC7o7+j/sisM8Gu0gBtPSUR6rSlB3G/x/evRFpmwsNkQ4SfkyEPG
         GRyg==
X-Gm-Message-State: AOAM5335LZnmk/owLDWpekMB+19YYJAvAXXLYV4hDZsRHPFOexVk1p7O
	2FB64wdGko9w1MNUByb1Y/E+hVnluriEA7/sV3qwdQ==
X-Google-Smtp-Source: ABdhPJy6G0GBGFULP7NhjdO3HD2T54WVV8L/v5iwDgvCd8Ty8DE+K8f7iPevGNXlqln2anKMgDYFsA8Za2uu3zNB0L8=
X-Received: by 2002:a63:4644:: with SMTP id v4mr8086639pgk.440.1610638323387;
 Thu, 14 Jan 2021 07:32:03 -0800 (PST)
MIME-Version: 1.0
References: <cover.1610553773.git.andreyknvl@google.com> <7fbac00e4d155cf529517a165a48351dcf3c3156.1610553774.git.andreyknvl@google.com>
 <25aa25d6-080c-ccfa-9367-fc60f46ff10f@suse.cz>
In-Reply-To: <25aa25d6-080c-ccfa-9367-fc60f46ff10f@suse.cz>
From: Andrey Konovalov <andreyknvl@google.com>
Date: Thu, 14 Jan 2021 16:31:52 +0100
Message-ID: <CAAeHK+xgdS+vSTN81uLzahB9BYf=+iJdckwS=v7AwRACAf0wfw@mail.gmail.com>
Subject: Re: [PATCH 1/2] kasan, mm: fix conflicts with init_on_alloc/free
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Catalin Marinas <catalin.marinas@arm.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, 
	Dmitry Vyukov <dvyukov@google.com>, Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>, 
	Andrew Morton <akpm@linux-foundation.org>, Will Deacon <will.deacon@arm.com>, 
	Andrey Ryabinin <aryabinin@virtuozzo.com>, Peter Collingbourne <pcc@google.com>, 
	Evgenii Stepanov <eugenis@google.com>, Branislav Rankov <Branislav.Rankov@arm.com>, 
	Kevin Brodsky <kevin.brodsky@arm.com>, kasan-dev <kasan-dev@googlegroups.com>, 
	Linux ARM <linux-arm-kernel@lists.infradead.org>, 
	Linux Memory Management List <linux-mm@kvack.org>, LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Jan 13, 2021 at 6:25 PM Vlastimil Babka <vbabka@suse.cz> wrote:
>
> On 1/13/21 5:03 PM, Andrey Konovalov wrote:
> > A few places where SLUB accesses object's data or metadata were missed in
> > a previous patch. This leads to false positives with hardware tag-based
> > KASAN when bulk allocations are used with init_on_alloc/free.
> >
> > Fix the false-positives by resetting pointer tags during these accesses.
> >
> > Link: https://linux-review.googlesource.com/id/I50dd32838a666e173fe06c3c5c766f2c36aae901
> > Fixes: aa1ef4d7b3f67 ("kasan, mm: reset tags when accessing metadata")
> > Reported-by: Dmitry Vyukov <dvyukov@google.com>
> > Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
>
> Acked-by: Vlastimil Babka <vbabka@suse.cz>
>
> > ---
> >  mm/slub.c | 7 ++++---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/mm/slub.c b/mm/slub.c
> > index dc5b42e700b8..75fb097d990d 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -2791,7 +2791,8 @@ static __always_inline void maybe_wipe_obj_freeptr(struct kmem_cache *s,
> >                                                  void *obj)
> >  {
> >       if (unlikely(slab_want_init_on_free(s)) && obj)
> > -             memset((void *)((char *)obj + s->offset), 0, sizeof(void *));
> > +             memset((void *)((char *)kasan_reset_tag(obj) + s->offset),
> > +                     0, sizeof(void *));
> >  }
> >
> >  /*
> > @@ -2883,7 +2884,7 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s,
> >               stat(s, ALLOC_FASTPATH);
> >       }
> >
> > -     maybe_wipe_obj_freeptr(s, kasan_reset_tag(object));
> > +     maybe_wipe_obj_freeptr(s, object);
>
> And in that case the reset was unnecessary, right. (commit log only mentions
> adding missing resets).

The reset has been moved into maybe_wipe_obj_freeptr(). I'll mention
it in the changelog in v2.

Thanks!