From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 082C6C3DA49 for ; Thu, 25 Jul 2024 10:54:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 653A06B0085; Thu, 25 Jul 2024 06:54:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 602F86B0089; Thu, 25 Jul 2024 06:54:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4CA3C6B008C; Thu, 25 Jul 2024 06:54:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2DB286B0085 for ; Thu, 25 Jul 2024 06:54:51 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id D6AC7160F79 for ; Thu, 25 Jul 2024 10:54:50 +0000 (UTC) X-FDA: 82377967140.17.6870467 Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) by imf20.hostedemail.com (Postfix) with ESMTP id 1655B1C0012 for ; Thu, 25 Jul 2024 10:54:47 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=3ForUFcV; spf=pass (imf20.hostedemail.com: domain of jannh@google.com designates 209.85.208.44 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721904823; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iA+Dy2gymI5rMbPMbetsdAXWUSOVO1pHxP5QyvQLaJ4=; b=sM/xd79B9/o8pgZ9Ua4abycUUbQvTsly0xwgNs4IFVanj0cobgwEcAI/ZHy3TgbO9H65nL 1juWv7kurLtVkDPNSMRQ/WZRhHyb6RNxb5DRyGcQsE5eBhUTYV6Sc4JAAHjAkXjLj2g1ll fWLgp1ooXz1NtgYSAXPK8QNSfcLcgcc= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=3ForUFcV; spf=pass (imf20.hostedemail.com: domain of jannh@google.com designates 209.85.208.44 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721904823; a=rsa-sha256; cv=none; b=JijN+Jqt6ff3zfEYuIR1lZK32tSftDsIkpSP6bD32DUdFGr+Ll61z/LjXT1vidmiGI4sSD jbzf+0mHEnQtaE4xrDEpfQjraWIur033k/QQuOku4o9zcxATi9wx8MehRxlItUMf5orHZU f5k3CPzVUOb37gvXw+ES309LY4SG4II= Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-5a1b073d7cdso14626a12.0 for ; Thu, 25 Jul 2024 03:54:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721904886; x=1722509686; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=iA+Dy2gymI5rMbPMbetsdAXWUSOVO1pHxP5QyvQLaJ4=; b=3ForUFcVY/IAvL72NTRm2XYhv19cwVWptkLQqHrSfjTCl8aTifFv8aZUi4SLhwF14m PU/AAlIR9Fnn/B+nFGWFQVuW4Z+v5mqfbLWmEBFiC/yZaa7n9BNbFpV137wTykFEy2D2 6ejGYBkwMayMkxR1qK3MLaQUcMZbj/bW/qfNt/amCNnqo/MsNgHYFDBWsl2FRluV7RHa Wn2TDlglxyP/U/GWB0zWygB31+mKDR9hltWph8jgfoY8WJSqVNEeRn/8ljutEoUOw718 TAk8sOyEr+wGFSzPzj3r1PlDsUb3jJS/uNwDQbTW8QnUDDJc5uyzJnQNikFXpQUt58Lh dl9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721904886; x=1722509686; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iA+Dy2gymI5rMbPMbetsdAXWUSOVO1pHxP5QyvQLaJ4=; b=HniZTHs33n02RdgMDLLEkMZ4Fp6JU1g+TCJa00kOBniMNCkMe6SwRSyqs5ATAy6jIr 0ONpzLe5rFZd7+SDpC5uCWQa/IZhSRmTeIMAbqNlwqF44Cby35nJ58NkVCgZOy4odomt IAxfawXfalNG8Y9l/Ctpxbs+EaMvus6/Ob1Y3r4JAXwKNp4CjoyV0ltFPYZCxORqipvu NQVR0NgRlYcxlN+hm/eNkdbY9LKfrlJSIXmR6G1Eu5Lo3MzGEgK40za9LjnVDuiHi65R ldd0LpXvFYAACj7akifP2RxaI9bGB2RQcGA2c9CC/4EUFwkgaiRnKe7jeWfl0MIrpsrM z6Cw== X-Forwarded-Encrypted: i=1; AJvYcCUmDfIFynXZdCy115UcKrtO73rQnFjw+kICOfPsoSwMG2nEHPjdnk2fWUCCc0JuichTbtKZGNMyc8elnl5KsKKz0l4= X-Gm-Message-State: AOJu0Yy5OK8bsEXWFWB6nPHBYG2XS2G5arxiw9QXuhjjGQI6tYUsXZva 8xuSNdlR5GUT3CBnAsyOA4d8gCNEYDZFFpIjT8nU1eGa4FquB/PtRhDG4Av+0pvkhRN1vAIdPZS GTvCKhCMkacxF1yKHUI2lEwYue5mj0ZgoWntt X-Google-Smtp-Source: AGHT+IGawKZxVugpvt+/slzYBOoHfNnulxnM7xqoBxQCACYGZ+/eH8eLBnvKwjufYc22F1Jg+2v2iomQtkj1/IKO/VA= X-Received: by 2002:a05:6402:5250:b0:59f:9f59:9b07 with SMTP id 4fb4d7f45d1cf-5ac2c3b3edemr213993a12.4.1721904885552; Thu, 25 Jul 2024 03:54:45 -0700 (PDT) MIME-Version: 1.0 References: <20240724-kasan-tsbrcu-v2-0-45f898064468@google.com> <20240724-kasan-tsbrcu-v2-1-45f898064468@google.com> <20240724141709.8350097a90d88f7d6d14c363@linux-foundation.org> In-Reply-To: <20240724141709.8350097a90d88f7d6d14c363@linux-foundation.org> From: Jann Horn Date: Thu, 25 Jul 2024 12:54:09 +0200 Message-ID: Subject: Re: [PATCH v2 1/2] kasan: catch invalid free before SLUB reinitializes the object To: Andrew Morton Cc: Andrey Ryabinin , Alexander Potapenko , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Marco Elver , kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 1655B1C0012 X-Stat-Signature: c1dznoijw7e9sf41chqihmdeitsuppe9 X-Rspam-User: X-HE-Tag: 1721904887-921529 X-HE-Meta: U2FsdGVkX18r9KgSDmA9+m7zfIN+9XjJgSYhDW0MnVBASFmaZLjwE/H7sI2yTiUwwBbDIM4IszNOzgzpQUx4aygjfGhfrdaYH3HzabQZ4DWAZhs5igTqde+WUi/RCrln6e39vhbUzgR9Lcxf1bp50oF/Js55cCh/YDy5l3F44jCUimkJ75wmRiHlRWNPqpk+1ZZ0jbQjIOMkOAIa8LAx2r9X4DMiHyXG9HXAFB/vjUaHvLg+NBq4IuYzUYCtMtM1lzhInvNzPQ3rg3U/xjnU3k5s7ut5qtmFR2/QYbU9IDlLxKu6nb6QxTrj33fUvlmNYDEiJ4IyN0E3e3UKi0edwvLoyAGfb0p62nKaZT7nwg+lOwEdx8+VX8nnLJFpQmwOOMTsnzAGPBkli5na3Afx8qGiRc9shhRp2Zw6iBEm87tyIOqBlJVBYA/ZRTxGucdnMHvdZrdbfsXtRL94Ri8l8GMOg+uPffEepaUmVd9ctnW+eOek4yD+Yu7OUeuSLo1P8p2N2+CCLRx0Tsrl7Kl6ZFWvfq25VHGHJrKWxBltIMtJL6+PoVdRtySmmyo1aEOy6jrHgvxRLIOifeN98GGJ6CMeHUv1vR9ToZtc9cwELVk+sUQIkOKlYdZKVLAzOkwqjnxK3dm61kJ7SWgaXh1V/XU02kzcuFXMvdZMasCRBEXql0GIavlOK0BRuUeP/w0UZJR+wKwan4TPHBr/BJO4KgImjR7pRaQhJ2vfcsI7QIMmroPZxx4TvQiiVlzB+LUwfzoCo+/ic/2EwCO4UHouqqsMOG0kvsLUgo/abc+ok5PA5/DaxWhFZBeZ6SCGyJv0d4WQEUIQY5CC+UtEB38CsF0co+ur2oMEQu2h2r9TSlnXbima418GyDZDEuh3CU08CUu/2VLN/uYBC9UZFV0volvwh3mrhhrSSKIdvPb7B5Br0EPlhac4OCT/RTYh+ZUdiM5TaYsArirCn1nxSKY TgJiIkli p21oIoi+iBaJJuD4+cOGv4HF0ZE01srSQj7FJSvRACxTAImWSC6LSfcG50Gl77F/r5T8uczeD4oqc3cxrcn337m8QawyxL1VOxhxMPH1d9DPxakP0+/gBvzNbGANRRK5pMsyo8wqiX0tbzygP8qROqs3EeUSvQFoVz8UcwsFLDc+pkjrZVWUedwcyHDWYmvvniYAyBXhPSD9NdimguAHeNebv4+BavQTKqoIzCHI3gRRSnRQIvkfk5qD9tDsyBqo11ReSU/ObWaODAM4Nt1HC/0ZPUlYX4Fi/NhgpyxVXCRECNVCq+OAa8IoVW2wm376bW06A X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jul 24, 2024 at 11:17=E2=80=AFPM Andrew Morton wrote: > On Wed, 24 Jul 2024 18:34:12 +0200 Jann Horn wrote: > > > Currently, when KASAN is combined with init-on-free behavior, the > > initialization happens before KASAN's "invalid free" checks. > > > > More importantly, a subsequent commit will want to use the object metad= ata > > region to store an rcu_head, and we should let KASAN check that the obj= ect > > pointer is valid before that. (Otherwise that change will make the exis= ting > > testcase kmem_cache_invalid_free fail.) > > > > So add a new KASAN hook that allows KASAN to pre-validate a > > kmem_cache_free() operation before SLUB actually starts modifying the > > object or its metadata. > > I added this, to fix the CONFIG_KASAN=3Dn build Whoops, thanks for fixing that up.