From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C3CFEC43217
	for <linux-mm@archiver.kernel.org>; Fri, 18 Nov 2022 17:16:10 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 612516B0072; Fri, 18 Nov 2022 12:16:10 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5C2E28E0002; Fri, 18 Nov 2022 12:16:10 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4B1898E0001; Fri, 18 Nov 2022 12:16:10 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 3CD196B0072
	for <linux-mm@kvack.org>; Fri, 18 Nov 2022 12:16:10 -0500 (EST)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id C940A120A69
	for <linux-mm@kvack.org>; Fri, 18 Nov 2022 17:16:09 +0000 (UTC)
X-FDA: 80147216058.03.3DD5D60
Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42])
	by imf22.hostedemail.com (Postfix) with ESMTP id 23738C001B
	for <linux-mm@kvack.org>; Fri, 18 Nov 2022 17:16:08 +0000 (UTC)
Received: by mail-ot1-f42.google.com with SMTP id a13-20020a9d6e8d000000b00668d65fc44fso3445405otr.9
        for <linux-mm@kvack.org>; Fri, 18 Nov 2022 09:16:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=HxawSV9BNIQZeeJx9upRwMR/8ffnB4z3mTZ1jlasJ1Y=;
        b=PGKf9/dcXfX1N4sRMaAOg0Y/6kgMFM8YYpQ2Oic/F+fA+0NVI9gcEKJezmxM0UHXcn
         19NJpWDiz6wA4UC0anWP/nZfjP22rWRBAdJyXm3DXkP7+I2y0Wbe47rKxeVz+z7CcyQu
         FxOjjv4aH6Ede5md+SnUa1ozhhbUbZDax8q4FTWQ0fQegKqb+i1TRNHYJPPX9xLYoSIa
         mg4tIa9URx5kxG9Y/aqxar33pAhbXwrOXi2f1zQ0+gJYpOPsa7zYc6Y1sylAHz/xR2Q5
         7ExEqnAJT7GNHjej/u8707uahPQqGa6VJSoah9Xq9A9QP+nr1h4O0BGH+ja36jS+jGQu
         MW6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=HxawSV9BNIQZeeJx9upRwMR/8ffnB4z3mTZ1jlasJ1Y=;
        b=Hr8oOIREsKXt6H2WxjVlxm8yazlt5O5x/DTj8fvyOYquaYKY5kBODW/0Veb2ZfNShu
         p9eDCAR+kPTg7H+ftbeHjX0czmQPW2KVMjjOJg6HGhmCezZeWOq5AKNpLTA6eSxrJB2y
         O5WbwTU3buA4mx5X2srLOC+OYJxI8VV+a4dUwz+SaXgq6O3Lpeu2AyaLx6zKjc7JB1Bg
         Zezk3ElGhSo45IZfjwTa6Dxyo/yHyVLFnKXBeeptjydqDx0XCTRNPy1B1sR2QyJuQIfp
         ri6NKGHU7kOuKumexK6K6P1k/Zad7QMHaeE1PSwj6t059enMWh8cq47y+3koYJTDuCnJ
         C8jA==
X-Gm-Message-State: ANoB5pm7HztDGcJ8genRc6/JaVvXQ2UakKyCjU5mfKu1YDnNfOJusXTA
	+hW+bwOlujm8wHaGYJPlkNcbOePWmZlEvWlx5DMYAIcNdSU=
X-Google-Smtp-Source: AA0mqf4FHxUUR1YkxODcprEfAmZBUfUyZIs7c1ZVUFPUr7P1AN28uDhWD0aZn8wNr+5LiUEG0bTKV9kF/+kEiaIXBtg=
X-Received: by 2002:a81:dd05:0:b0:36e:8228:a127 with SMTP id
 e5-20020a81dd05000000b0036e8228a127mr7429659ywn.299.1668791395464; Fri, 18
 Nov 2022 09:09:55 -0800 (PST)
MIME-Version: 1.0
References: <20221118152216.3914899-1-elver@google.com>
In-Reply-To: <20221118152216.3914899-1-elver@google.com>
From: Alexander Potapenko <glider@google.com>
Date: Fri, 18 Nov 2022 18:09:19 +0100
Message-ID: <CAG_fn=XGY6npNhVwK76zSZzYC61=7-8ag3Jcey4PXa46E1ee-A@mail.gmail.com>
Subject: Re: [PATCH] kfence: fix stack trace pruning
To: Marco Elver <elver@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, Dmitry Vyukov <dvyukov@google.com>, 
	kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, 
	Hyeonggon Yoo <42.hyeyoo@gmail.com>, Feng Tang <feng.tang@intel.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1668791769; a=rsa-sha256;
	cv=none;
	b=UvzDVYiw63p6KMpF45gT5rfxvqPNnVEJ7sg5n1cF2XqhxH9WHQ6n3gdvkLIpWSrlyfObok
	C5dgD1wUf8OJ6Ffmg3kRsltONkxbwVTcz3VcjqCvT84bQ4JCESr3DWGbn8GSl5zq7qohM2
	IGe/Iqq091Tbny9/EGVvRNcxE/GpZp8=
ARC-Authentication-Results: i=1;
	imf22.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b="PGKf9/dc";
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf22.hostedemail.com: domain of glider@google.com designates 209.85.210.42 as permitted sender) smtp.mailfrom=glider@google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1668791769;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=HxawSV9BNIQZeeJx9upRwMR/8ffnB4z3mTZ1jlasJ1Y=;
	b=OchVtOvekQOxR5WfEjWCsbszUDrFwYZhoUzlzpuuFtFhJUl+cKoFwyKEFojQ7ljfjKiaRt
	XHU3lq9PZQ1qsoho6zdEKgSRFA0vwVfO/BbrlZIwU0O34is+BQyzGA//cc1MyHbyqniyl5
	ZDYK9yXSP9vn+/nGsF8Par5YEXH28rE=
X-Stat-Signature: cnp4b5pfqgaiqbm8wjypdwcgkt59j8fn
X-Rspamd-Queue-Id: 23738C001B
X-Rspam-User: 
Authentication-Results: imf22.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b="PGKf9/dc";
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf22.hostedemail.com: domain of glider@google.com designates 209.85.210.42 as permitted sender) smtp.mailfrom=glider@google.com
X-Rspamd-Server: rspam09
X-HE-Tag: 1668791768-27573
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Nov 18, 2022 at 4:22 PM Marco Elver <elver@google.com> wrote:
>
> Commit b14051352465 ("mm/sl[au]b: generalize kmalloc subsystem")
> refactored large parts of the kmalloc subsystem, resulting in the stack
> trace pruning logic done by KFENCE to no longer work.
>
> While b14051352465 attempted to fix the situation by including
> '__kmem_cache_free' in the list of functions KFENCE should skip through,
> this only works when the compiler actually optimized the tail call from
> kfree() to __kmem_cache_free() into a jump (and thus kfree() _not_
> appearing in the full stack trace to begin with).
>
> In some configurations, the compiler no longer optimizes the tail call
> into a jump, and __kmem_cache_free() appears in the stack trace. This
> means that the pruned stack trace shown by KFENCE would include kfree()
> which is not intended - for example:
>
>  | BUG: KFENCE: invalid free in kfree+0x7c/0x120
>  |
>  | Invalid free of 0xffff8883ed8fefe0 (in kfence-#126):
>  |  kfree+0x7c/0x120
>  |  test_double_free+0x116/0x1a9
>  |  kunit_try_run_case+0x90/0xd0
>  | [...]
>
> Fix it by moving __kmem_cache_free() to the list of functions that may
> be tail called by an allocator entry function, making the pruning logic
> work in both the optimized and unoptimized tail call cases.
>
> Fixes: b14051352465 ("mm/sl[au]b: generalize kmalloc subsystem")
> Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
> Cc: Feng Tang <feng.tang@intel.com>
> Signed-off-by: Marco Elver <elver@google.com>
Reviewed-by: Alexander Potapenko <glider@google.com>

> ---
>  mm/kfence/report.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/mm/kfence/report.c b/mm/kfence/report.c
> index 7e496856c2eb..46ecea18c4ca 100644
> --- a/mm/kfence/report.c
> +++ b/mm/kfence/report.c
> @@ -75,18 +75,23 @@ static int get_stack_skipnr(const unsigned long stack=
_entries[], int num_entries
>
>                 if (str_has_prefix(buf, ARCH_FUNC_PREFIX "kfence_") ||
>                     str_has_prefix(buf, ARCH_FUNC_PREFIX "__kfence_") ||
> +                   str_has_prefix(buf, ARCH_FUNC_PREFIX "__kmem_cache_fr=
ee") ||
>                     !strncmp(buf, ARCH_FUNC_PREFIX "__slab_free", len)) {
>                         /*
> -                        * In case of tail calls from any of the below
> -                        * to any of the above.
> +                        * In case of tail calls from any of the below to=
 any of
> +                        * the above, optimized by the compiler such that=
 the
> +                        * stack trace would omit the initial entry point=
 below.
>                          */
>                         fallback =3D skipnr + 1;
>                 }
>
> -               /* Also the *_bulk() variants by only checking prefixes. =
*/
> +               /*
> +                * The below list should only include the initial entry p=
oints
> +                * into the slab allocators. Includes the *_bulk() varian=
ts by
> +                * checking prefixes.
> +                */
>                 if (str_has_prefix(buf, ARCH_FUNC_PREFIX "kfree") ||
>                     str_has_prefix(buf, ARCH_FUNC_PREFIX "kmem_cache_free=
") ||
> -                   str_has_prefix(buf, ARCH_FUNC_PREFIX "__kmem_cache_fr=
ee") ||
>                     str_has_prefix(buf, ARCH_FUNC_PREFIX "__kmalloc") ||
>                     str_has_prefix(buf, ARCH_FUNC_PREFIX "kmem_cache_allo=
c"))
>                         goto found;
> --
> 2.38.1.584.g0f3c55d4c2-goog
>


--=20
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Stra=C3=9Fe, 33
80636 M=C3=BCnchen

Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg