From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7038C3DA4B for ; Mon, 15 Jul 2024 17:20:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D873A6B0085; Mon, 15 Jul 2024 13:20:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D37F26B0088; Mon, 15 Jul 2024 13:20:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BFEAF6B008A; Mon, 15 Jul 2024 13:20:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 9B7D26B0085 for ; Mon, 15 Jul 2024 13:20:33 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 2B04A1C0180 for ; Mon, 15 Jul 2024 17:20:33 +0000 (UTC) X-FDA: 82342651146.03.065DDCE Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50]) by imf24.hostedemail.com (Postfix) with ESMTP id 66664180027 for ; Mon, 15 Jul 2024 17:20:31 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Ja61zGBt; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of glider@google.com designates 209.85.219.50 as permitted sender) smtp.mailfrom=glider@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721064003; a=rsa-sha256; cv=none; b=uKxKGYYfqbF8YSdpIYZEEsHEBvsHFIF/nroUrmSddObp2r67qjkblvOfRPE1M7ntkikBhc NsbKbx5OIZCkvyztrFtRHnAh85g95s3GDBzHJV4L1YzrEmzagR8kP24WhPjH16LzhElFiT xSxwFTBY+Y7CAlfN04UzvMnmIETaQQw= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Ja61zGBt; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of glider@google.com designates 209.85.219.50 as permitted sender) smtp.mailfrom=glider@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721064003; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VqLbFBSLY2VQJjycHe2xsMNFC1xNLCGi7MCyaLlxLMo=; b=xyuGTIeuinnYzNLWaVgqX2WfD4Da8QjZYuckps//CHRFqMswkspBIN12T8uh8GIUV8Mjuh xDSFSJhAZj2W4GkzhTm3m4cKZcDKb4qXoxMbZmzB5G0cKWEwf68obpz+ssto/W/NTY5EgU /aio1cpW4+EQkOsNmvQ/tPo0tbCX1oM= Received: by mail-qv1-f50.google.com with SMTP id 6a1803df08f44-6b6176e59e7so28465146d6.1 for ; Mon, 15 Jul 2024 10:20:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721064030; x=1721668830; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=VqLbFBSLY2VQJjycHe2xsMNFC1xNLCGi7MCyaLlxLMo=; b=Ja61zGBtcSFwyeRl60gXvTDAGI+591Ckp58sYLZb0ekFJN0ZVa7tvGQHJng+0Y5Iqc c6LnOPY5Jg3jx3hpJn4wC32CyB1hXjVoitFUH7SNhMxN6FtBsxg3CSp7AtDdJ1kvZ5iA M5YV4KRCF0f9jgdVWyITYbD33njH1ibexp3AOwl7RrDLY2Yj/sHxetQPbiM7r4HKzGCX 6DgQciUO16bvtSotOdEbqGlvF0r826hB+SPw/iOZkb8iGAIx/ukLc0irRnSeXLs0wEkf ooTuii4JtCAQAk+iyf+tYhnpE3qqDpSl0lJeSuSUd49dMs1siNpzYEGPbjQrlEHs5hMM fGvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721064030; x=1721668830; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VqLbFBSLY2VQJjycHe2xsMNFC1xNLCGi7MCyaLlxLMo=; b=MdO+gqGeY0IX9Cj5G9CNheY7QvhbmPGMrPjDV9aHShLjtJBMp7jRotUX/aDioSUyJb QFzGP0SEYjUP+nSV2tRDHZ3cTfUl7y3NWJy0oeT8exK51hiXerzrnkA/FxRlp1cOHAFj 2hFnQxnvAKMe3PL3fgu+fDzlUQAyM6H3CyXL+hKGq9r+B8HA250r+l0dVV5epUMxqi2G 21QWXYMBOu9nyUdFtf0aLZTZn4Hm0+kR0pnTyp/Nz9cPS2Ie8DFh+2Im4GyoLYb3gmY1 EnGCIiksBj1n2POgarfDvdSEAyzGbK4nJCOKnRD9D6zRC/7jgyARDg6lyVT7kYxuXBkh lW7A== X-Forwarded-Encrypted: i=1; AJvYcCVC/7fMERM2GY7AWHAoQbPnLXoydE2AECA1MryMgChC2oscdHY+/6rAB+Kub61vrcsK7SpbBhG+SBUFWOIboLTNbIg= X-Gm-Message-State: AOJu0YwiMtnWtP/ZQmxcF1lXI+8pDNjTdXu6hpJi+LUvWbsVP8+h/1R2 vrymZvVRc9EOV07XuN40zDvElbMMjzSbs3FWQl1MJMNX0Hm1ndcYPpKxxg7IFtMMPFXZYRcis/p sXCZJftMn1WUkpmzMZ3Iwv9JQKRXPO20jK6XV X-Google-Smtp-Source: AGHT+IHTL0CXYXz0R6B63tCFKInlhWG5kzr9gfPZtY0JfeIevUCVC2psZutIfFKbaLuOJK1+tAWwhk6VI17vNBiTaSA= X-Received: by 2002:ad4:5aaa:0:b0:6b0:77a8:f416 with SMTP id 6a1803df08f44-6b77df284b1mr3820816d6.47.1721064030333; Mon, 15 Jul 2024 10:20:30 -0700 (PDT) MIME-Version: 1.0 References: <20240618064022.1990814-1-mawupeng1@huawei.com> In-Reply-To: From: Alexander Potapenko Date: Mon, 15 Jul 2024 19:19:49 +0200 Message-ID: Subject: Re: [Question] race during kasan_populate_vmalloc_pte To: mawupeng Cc: akpm@linux-foundation.org, ryabinin.a.a@gmail.com, andreyknvl@gmail.com, dvyukov@google.com, vincenzo.frascino@arm.com, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 66664180027 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 1rhtpgzysspz15ryy4r8gof5q3s7nn67 X-HE-Tag: 1721064031-870301 X-HE-Meta: U2FsdGVkX1/QeoTunorsGA7b3l1U0Xao7m3ww7py+TWZ1Jfx0RdYyf4Q2bBriZ0GQvTnEI2UxVbOESR5V3WzaLv4RGylXF9a+ZCtTjoRoZ5LK0fsFnmoAOewldIyMNFiS1a+gXdTN5y3UwU31eQ0oUg5vUlf5W/u5fVFVSLzhc++GzbTZbsPHT7yqxgzADcntP52ExOcGcuhJkI0vaTpfphYtt8E3ILuvTyN084upsq2ra0I+LNDBDIJ95Vk6fNMvjPT+FCQujsXt7C6vbcVD4WEn35JCr8oW3iYY6A0RDvfy+m+/FLMp5GxfMD36LRrSIFNJgk2UcAssIcv400agA0C6OXuLoJ0Vdl9rgG9RwG6vCguX7RfI2YGnzbxEyim2uRk7F+OTk6IapefibMVwT+I/soG4OEWfJ7HadPmEHMJv+vYaImRmr+ubMHjWI1eCws7B/nSxDYechRPwnCjOi/JxG7GLUCwvRFaSrE8naDAbRJesGLzhWekFexLMAYUDp03+Kf10SijVJv46USbNWoX2wSFEe7QQ4/wwMH/BdxCqHZy+xWEGEKwHDfGgTsrt2YRn2/kFEstWMGnJ8E8srhOSla0B6yyY11558IFa0J07NMAiPpCVg3T10SqSTLtbchwqKJzmPSD9nWp9Clwpj7xNqHqokyaR2YMAQiv4y8twZmqQNPeKwIYPiYxtvHuUSvO3fEcnGQdvH3qOrwfZqfHROkvp8YUh280sC/mm5eRte+5KtoA8A4LGxx9bb7+cN/cMIYMTq43w9X4vhh1rUZCXoJ+gZ7NBvOjTUJueUqCBsOXjzkYqcIhGft1mt4YEwk7j6kzwmWasxP/2kgShkoGOhZTqjZHydbrONqfZIZ0PsY0ekq6nyigkpnQRB9W0x6zACMd3Mv8F7+Fe6wDRjxZnhg5VsXIaaSf8BC24q0WRIjMnDoc1Mlyg4t4eezFkyWI/otezh3HypVPYuA Z7hkhl7z +0pz9lG5Qm3l0RIo6ptzgqijflE2Qrx66O/VPz+hrJ4h0ioEFwRtUWq12yizLh4bLRHAvKNo4TqTr+1UIPO5H3YopqTzjD4BE6IXmVFlqIhgVNqkEqK0TR9Np7hVlw2oTHtnjH7ZJEElsZhCB1oXOdUsnqy6kaXQZHFBexj3HFRTMvQuHJoemSd5lk2cKaNEqPeaYf3tZM8FDNzajg6xBQnwmuw7e3/4fzfHWSw3aWm/adw43Wf/JrEk8fWCTaTFVUR/yl4zi3yPLSKLNufLeu9UwtwNWxnS7GiHynzLmU8ryMDUqteDdJjZCDg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000011, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jul 12, 2024 at 4:08=E2=80=AFAM mawupeng wro= te: > > Hi maintainers, > > kingly ping. > > On 2024/6/18 14:40, Wupeng Ma wrote: > > Hi maintainers, > > > > During our testing, we discovered that kasan vmalloc may trigger a fals= e > > vmalloc-out-of-bounds warning due to a race between kasan_populate_vmal= loc_pte > > and kasan_depopulate_vmalloc_pte. > > > > cpu0 cpu1 cpu2 > > kasan_populate_vmalloc_pte kasan_populate_vmalloc_pte kasan_dep= opulate_vmalloc_pte > > spin_unlo= ck(&init_mm.page_table_lock); > > pte_none(ptep_get(ptep)) > > // pte is valid here, return here > > pte_clear= (&init_mm, addr, ptep); > > pte_none(ptep_get(ptep)) > > // pte is none here try alloc new pages > > spin_lock= (&init_mm.page_table_lock); > > kasan_poison > > // memset kasan shadow region to 0 > > page =3D __get_free_page(GFP_KERNEL); > > __memset((void *)page, KASAN_VMALLOC_INVA= LID, PAGE_SIZE); > > pte =3D pfn_pte(PFN_DOWN(__pa(page)), PAG= E_KERNEL); > > spin_lock(&init_mm.page_table_lock); > > set_pte_at(&init_mm, addr, ptep, pte); > > spin_unlock(&init_mm.page_table_lock); > > > > > > Since kasan shadow memory in cpu0 is set to 0xf0 which means it is not > > initialized after the race in cpu1. Consequently, a false vmalloc-out-o= f-bounds > > warning is triggered when a user attempts to access this memory region. > > > > The root cause of this problem is the pte valid check at the start of > > kasan_populate_vmalloc_pte should be removed since it is not protected = by > > page_table_lock. However, this may result in severe performance degrada= tion > > since pages will be frequently allocated and freed. > > > > Is there have any thoughts on how to solve this issue? > > > > Thank you. I am going to take a closer look at this issue. Any chance you have a reproducer for it?