From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E31DFE7717D for ; Wed, 11 Dec 2024 16:32:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5B9096B0098; Wed, 11 Dec 2024 11:32:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 53EDC6B0099; Wed, 11 Dec 2024 11:32:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3E0216B009A; Wed, 11 Dec 2024 11:32:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 1B71E6B0098 for ; Wed, 11 Dec 2024 11:32:44 -0500 (EST) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id C6B39C1348 for ; Wed, 11 Dec 2024 16:32:43 +0000 (UTC) X-FDA: 82883221554.28.4555DD0 Received: from mail-qt1-f175.google.com (mail-qt1-f175.google.com [209.85.160.175]) by imf16.hostedemail.com (Postfix) with ESMTP id 2C1A4180003 for ; Wed, 11 Dec 2024 16:32:18 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=IaYLs5VF; spf=pass (imf16.hostedemail.com: domain of surenb@google.com designates 209.85.160.175 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733934750; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ml6c82hnapuA+FlWUgURNaQU+aCa9IDu8DuMEMV2rro=; b=jC5TGHAgRcI7UAcMOoQCSoeYXRLQnAcc5ccSdNwQuVTOrezYLCCcuCoVJ5d8z+S6t8e955 f2X0xgKJ2eigifwyJ9n6WM2cP5h2mU2R8ONsOFMcEX8yNFs7wMOBIFR8lu1ndrrIFbB+UG SI6wlS3n2ErAeoQhDha1Kt2BAX+e2MY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733934750; a=rsa-sha256; cv=none; b=YqmpBtI9nTheIZc/5oBwVdZU5cCmRSAjxT8BKZF63S0LIIM6csa1wzvN1Uwg0SFPkdG3G3 uJw1UKgdT3fX5VX0wTp71YPH06X2I2P5/zodi1saPtQ4nts8Grt+s9bHm1es/UEnbUFyZb ZARie7sLbJemx/s5trXYiNQiuowGido= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=IaYLs5VF; spf=pass (imf16.hostedemail.com: domain of surenb@google.com designates 209.85.160.175 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-qt1-f175.google.com with SMTP id d75a77b69052e-467896541e1so257071cf.0 for ; Wed, 11 Dec 2024 08:32:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1733934761; x=1734539561; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Ml6c82hnapuA+FlWUgURNaQU+aCa9IDu8DuMEMV2rro=; b=IaYLs5VFDfpzYXALKDT61eWEVcRTDRjHq4dimspCTCVi4ZqervqkPXwQCigsBjop9A qUHdbuq+K2rTSvu5kYGdkuGqARC2seEnU0eBxBMjJWV11p35NE87es7AIqjykDR7mFkn wKo2C8SL5FHIbUQ1YOGt5qbsmQLBJpD2htE2HCk0fSTKwseKb369iVhow0PFuhnYVe4C +GIiEFCuOldfbcIdusnChS44LQDNXphN+HGnc/9Gp1CFhVQO4AFB2uZP6Qy4t4ufNyYz q96IBg+1AcjyOF+6ow5CXOkzgigyYYyI6a94tGwcUaU6YEN7DCnI5BfH/8/cl+1mPPkM T7jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733934761; x=1734539561; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ml6c82hnapuA+FlWUgURNaQU+aCa9IDu8DuMEMV2rro=; b=ICWzKGh1d8QN/EvOFTvmOi98mbucA29vKbqNtNQBN+w7DwbH43NOjMst2HCmmtQxkU awTaXGN78kUw3aVJkZaFmVeJUF9Gk+Rp6rCqjXpbJ+fU1hfO9RbVh2snbcjS/qXRKW1Q rB+7/3bNG1rurgOdczF8Y1wMxRbp3UFnUUEAeA8Gbe7N63SkU6YAEdRInhOV9qJp1slW MoEabAPTT3CvK8h50FPRymFAPUhVcqLHeCrLIyK80xI6G4s8rIVkWhmDSsJ5hSLvGiX3 +mHpiKLS9GDrfe4IBo6LN0gd77c5MKNbg8ZfwFbfIO1JFBq1DOZPAZ5sC8uWwttPFQ9F UYrA== X-Forwarded-Encrypted: i=1; AJvYcCX5vAiKgmfrq+bRFAdRDcDyA1/0Gf7GfwJsGME4JXmgwQ9ZtMoCl390jwYYQNn5qEu3gBCwh/pERg==@kvack.org X-Gm-Message-State: AOJu0YytnQbxBp4dKp/9ukklsTk/3QKsGK4KbJ/Fq/3UR0kNaVev+WmV OY9r15sLosoz1M9/gsg9OD318rOK1zx1UCSDM3AhMWzn1Pjewalj6KT0XC/IXUU8lYc5XQ4wYC3 WWm2OjwqOK/KjmNN0wuph0wHfIf20BqB1EmiQ X-Gm-Gg: ASbGncvpptXfCFh/LwV6G0T3ZZFTLifw+y2NuIunRUQKxjQfm/U81G+Co9UhjH+kCAb Vee89Iy7nNS8cJDQzzzuEbhTPoGkrI1REyZmZA0TsajRdai2Ek1JXn1492ybcutqs4Q== X-Google-Smtp-Source: AGHT+IG/Bo0WZPK2yem/oCa5/xhzIAMwwDl2pun/pEjFZiHLTCAyGI9JZYsM4/SZlBYdT3OANGJXfrVKXRiwc+RnFGs= X-Received: by 2002:a05:622a:5919:b0:461:4150:b835 with SMTP id d75a77b69052e-46795c6e739mr152441cf.6.1733934760680; Wed, 11 Dec 2024 08:32:40 -0800 (PST) MIME-Version: 1.0 References: <43a827f1-44ce-1338-9b5c-456d20fa4cf9@linux.dev> <20241211025755.56173-1-hao.ge@linux.dev> In-Reply-To: <20241211025755.56173-1-hao.ge@linux.dev> From: Suren Baghdasaryan Date: Wed, 11 Dec 2024 08:32:29 -0800 Message-ID: Subject: Re: [PATCH v3] mm/alloc_tag: Fix panic when CONFIG_KASAN enabled and CONFIG_KASAN_VMALLOC not enabled To: Hao Ge Cc: kent.overstreet@linux.dev, akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Hao Ge , Ben Greear Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 2C1A4180003 X-Stat-Signature: ijeubr3nzjohswrt3to5ox9ytx84id6m X-Rspam-User: X-HE-Tag: 1733934738-476321 X-HE-Meta: U2FsdGVkX1+3I5P2JEL4QQagqQRzi7I1M03wxnIxc87T5fUWFdhZB052HfSjoXz3hgw3RBRAyPecMR2mjhjh45gBNHzkb6CDsngPiX767OhFhzaS+s4ih46ZZV8OQsfitCRFn5A8K3dpOnnDxht/DwM63qXC7e4YvLjVT6whP6YCV8xC5AeX3q4fxDhqtdeQ8OAr2uguRhoRMDInK07W4KJSIv1QdX3VLb0Svo58N2nHlBncqFrwZrmKFRqpwT3TSyA/WMfxLN3YgSG6vl8iVEwwbYoEgavrFywwrQCVEPXIO1xSvpwXw/NlQ5quhbLVx6Iqs6oihnlL/Egn3pY5mZeCIid+GLtsRh5GpNtJ9xH8dtsbo6MEns1We+Debw8TP4nnfIuZIZSaa+n9InmYSqX3yY+TMNByQhVah7IpDYcUFwokZWVjSTiCi1ngQG3Cn5Pcby/nF3NrsgLgjDi8b8lNrJjEzmesyD6iQvH9/9OTc5rYPJKaN035K3bN3jIaWsXprDb1coKLrAYX4H7fVaPdeP7x9cW5fREqt0NrVSb5mRuXWn1KCcqd+H6EMXpAf4r0QTIRgrwiRJKNoRElUK4QEXxeeaeA3ejN6/SvxZx7WymaCoPpMUBTxYZtYW2xILWqq9LNhv66g3VSoNvjpspFqA263hKkrhkeeHj6W2+LW5b+CtT3ly08va4kBGSV3uheArkiOg8CTJUuCVkx1D1hgK2toZU7kBv0FGC3kovKmYjUYcZc57x3f9hYptNBwoN4GzjPBqSRiiBIOEO69vpg5biQEkksEkS2RN3TfzIlcP+Am1cqKFQzjoDpgg4QmP8+8lutq5v+b+06RqBUKMji7N0sgj59ADhX4qx8b96lYuTv3X5GJcn8qhRyHXH2FnX8l646BZn2O2r07VbMGFa+CnJri2Fe8nsv0jMqUVlP34HrKuGadxDXwkcGkqHTUnf4zoZ9jXmGAzxDLTn Va2UImSk Awl6+jr/zhuui63diO2e87IigShzXc9zB6UxzuBG+PWBGUHvsWBR4sm+bDJ4Quev9L4gBiiwij7I2lGYFZ7bzDHewrhKN4uLafNTpx4ftR1yQk8l+FJkm/Vdumg+AgZzUzmHzEvaTZn1248NXo3vYW8f8ymb020AWnqzb+7rwXwYw9RSuJoVi6WlLm+U5MntuX71zc2Nj1gURT8cSro4lbM4D19PKKquho3EPKmkUnVB7btXc6RM+WmYtgqa9lDI358Ku74VsKCgJDJPLuzWKhiZQgMui3G9HZCBDtqCLCnIDX7odNCuHnFHzxgjMWKTSJCJj+/SYosEXZBza9O1CwircXseTbS1mL4S5vDpVui0siuAcX72iRfKLFeGIrcsjYJAV X-Bogosity: Ham, tests=bogofilter, spamicity=0.000007, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Dec 10, 2024 at 6:58=E2=80=AFPM Hao Ge wrote: > > From: Hao Ge > > When CONFIG_KASAN is enabled but CONFIG_KASAN_VMALLOC > is not enabled, we may encounter a panic during system boot. > > Because we haven't allocated pages and created mappings > for the shadow memory corresponding to module_tags region, > similar to how it is done for execmem_vmalloc. > > The difference is that our module_tags are allocated on demand, > so similarly,we also need to allocate shadow memory regions on demand. > However, we still need to adhere to the MODULE_ALIGN principle. > > Here is the log for panic: > > [ 18.349421] BUG: unable to handle page fault for address: fffffbfff809= 2000 > [ 18.350016] #PF: supervisor read access in kernel mode > [ 18.350459] #PF: error_code(0x0000) - not-present page > [ 18.350904] PGD 20fe52067 P4D 219dc8067 PUD 219dc4067 PMD 102495067 PT= E 0 > [ 18.351484] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI > [ 18.351961] CPU: 5 UID: 0 PID: 1 Comm: systemd Not tainted 6.13.0-rc1+= #3 > [ 18.352533] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO= S rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 > [ 18.353494] RIP: 0010:kasan_check_range+0xba/0x1b0 > [ 18.353931] Code: 8d 5a 07 4c 0f 49 da 49 c1 fb 03 45 85 db 0f 84 dd 0= 0 00 00 45 89 db 4a 8d 14 d8 eb 0d 48 83 c0 08 48 39 c2 0f 84 c1 00 00 00 <= 48> 83 38 00 74 ed 48 8d 50 08 eb 0d 48 83 c0 01 48 39 d0 0f 84 90 > [ 18.355484] RSP: 0018:ff11000101877958 EFLAGS: 00010206 > [ 18.355937] RAX: fffffbfff8092000 RBX: fffffbfff809201e RCX: ffffffff8= 2a7ceac > [ 18.356542] RDX: fffffbfff8092018 RSI: 00000000000000f0 RDI: ffffffffc= 0490000 > [ 18.357153] RBP: fffffbfff8092000 R08: 0000000000000001 R09: fffffbfff= 809201d > [ 18.357756] R10: ffffffffc04900ef R11: 0000000000000003 R12: ffffffffc= 0490000 > [ 18.358365] R13: ff11000101877b48 R14: ffffffffc0490000 R15: 000000000= 000002c > [ 18.358968] FS: 00007f9bd13c5940(0000) GS:ff110001eb480000(0000) knlG= S:0000000000000000 > [ 18.359648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 18.360178] CR2: fffffbfff8092000 CR3: 0000000109214004 CR4: 000000000= 0771ef0 > [ 18.360790] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000000= 0000000 > [ 18.361404] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 000000000= 0000400 > [ 18.362020] PKRU: 55555554 > [ 18.362261] Call Trace: > [ 18.362481] > [ 18.362671] ? __die+0x23/0x70 > [ 18.362964] ? page_fault_oops+0xc2/0x160 > [ 18.363318] ? exc_page_fault+0xad/0xc0 > [ 18.363680] ? asm_exc_page_fault+0x26/0x30 > [ 18.364056] ? move_module+0x3cc/0x8a0 > [ 18.364398] ? kasan_check_range+0xba/0x1b0 > [ 18.364755] __asan_memcpy+0x3c/0x60 > [ 18.365074] move_module+0x3cc/0x8a0 > [ 18.365386] layout_and_allocate.constprop.0+0x3d5/0x720 > [ 18.365841] ? early_mod_check+0x3dc/0x510 > [ 18.366195] load_module+0x72/0x1850 > [ 18.366509] ? __pfx_kernel_read_file+0x10/0x10 > [ 18.366918] ? vm_mmap_pgoff+0x21c/0x2d0 > [ 18.367262] init_module_from_file+0xd1/0x130 > [ 18.367638] ? __pfx_init_module_from_file+0x10/0x10 > [ 18.368073] ? __pfx__raw_spin_lock+0x10/0x10 > [ 18.368456] ? __pfx_cred_has_capability.isra.0+0x10/0x10 > [ 18.368938] idempotent_init_module+0x22c/0x790 > [ 18.369332] ? simple_getattr+0x6f/0x120 > [ 18.369676] ? __pfx_idempotent_init_module+0x10/0x10 > [ 18.370110] ? fdget+0x58/0x3a0 > [ 18.370393] ? security_capable+0x64/0xf0 > [ 18.370745] __x64_sys_finit_module+0xc2/0x140 > [ 18.371136] do_syscall_64+0x7d/0x160 > [ 18.371459] ? fdget_pos+0x1c8/0x4c0 > [ 18.371784] ? ksys_read+0xfd/0x1d0 > [ 18.372106] ? syscall_exit_to_user_mode+0x10/0x1f0 > [ 18.372525] ? do_syscall_64+0x89/0x160 > [ 18.372860] ? do_syscall_64+0x89/0x160 > [ 18.373194] ? do_syscall_64+0x89/0x160 > [ 18.373527] ? syscall_exit_to_user_mode+0x10/0x1f0 > [ 18.373952] ? do_syscall_64+0x89/0x160 > [ 18.374283] ? syscall_exit_to_user_mode+0x10/0x1f0 > [ 18.374701] ? do_syscall_64+0x89/0x160 > [ 18.375037] ? do_user_addr_fault+0x4a8/0xa40 > [ 18.375416] ? clear_bhb_loop+0x25/0x80 > [ 18.375748] ? clear_bhb_loop+0x25/0x80 > [ 18.376119] ? clear_bhb_loop+0x25/0x80 > [ 18.376450] entry_SYSCALL_64_after_hwframe+0x76/0x7e > > Fixes: 233e89322cbe ("alloc_tag: fix module allocation tags populated are= a calculation") > Reported-by: Ben Greear > Closes: https://lore.kernel.org/all/1ba0cc57-e2ed-caa2-1241-aa5615bee01f@= candelatech.com/ > Signed-off-by: Hao Ge > --- > v3: Adjusting the title because the previous one was a bit unclear. > Suren has pointed out that our condition for determining whether > to allocate shadow memory is unreasonable.We have adjusted our method > to use every 8 pages as an index (idx), and we will make decisions ba= sed > on this idx when determining whether to allocate shadow memory. > > v2: Add comments to facilitate understanding of the code. > Add align nr << PAGE_SHIFT to MODULE_ALIGN,even though kasan_alloc_mo= dule_shadow > already handles this internally,but to make the code more readable an= d user-friendly > > commit 233e89322cbe ("alloc_tag: fix module allocation > tags populated area calculation") is currently in the > mm-hotfixes-unstable branch, so this patch is > developed based on the mm-hotfixes-unstable branch. > --- > lib/alloc_tag.c | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > > diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c > index f942408b53ef..8bf04756887d 100644 > --- a/lib/alloc_tag.c > +++ b/lib/alloc_tag.c > @@ -10,6 +10,7 @@ > #include > #include > #include > +#include > > #define ALLOCINFO_FILE_NAME "allocinfo" > #define MODULE_ALLOC_TAG_VMAP_SIZE (100000UL * sizeof(struct alloc_t= ag)) > @@ -404,6 +405,9 @@ static int vm_module_tags_populate(void) > unsigned long phys_end =3D ALIGN_DOWN(module_tags.start_addr, PAG= E_SIZE) + > (vm_module_tags->nr_pages << PAGE_SHIFT)= ; > unsigned long new_end =3D module_tags.start_addr + module_tags.si= ze; > + unsigned long phys_idx =3D (vm_module_tags->nr_pages + > + (2 << KASAN_SHADOW_SCALE_SHIFT) - 1) >> = KASAN_SHADOW_SCALE_SHIFT; > + unsigned long new_idx =3D 0; > > if (phys_end < new_end) { > struct page **next_page =3D vm_module_tags->pages + vm_mo= dule_tags->nr_pages; > @@ -421,7 +425,26 @@ static int vm_module_tags_populate(void) > __free_page(next_page[i]); > return -ENOMEM; > } > + > vm_module_tags->nr_pages +=3D nr; > + > + new_idx =3D (vm_module_tags->nr_pages + > + (2 << KASAN_SHADOW_SCALE_SHIFT) - 1) >> KASAN_S= HADOW_SCALE_SHIFT; > + > + /* > + * Kasan allocates 1 byte of shadow for every 8 bytes of = data. > + * When kasan_alloc_module_shadow allocates shadow memory= , > + * its unit of allocation is a page. > + * Therefore, here we need to align to MODULE_ALIGN. > + * > + * For every KASAN_SHADOW_SCALE_SHIFT, a shadow page is a= llocated. > + * So, we determine whether to allocate based on whether = the > + * number of pages falls within the scope of the same KAS= AN_SHADOW_SCALE_SHIFT. > + */ > + if (phys_idx !=3D new_idx) > + kasan_alloc_module_shadow((void *)round_up(phys_e= nd, MODULE_ALIGN), > + (new_idx - phys_idx) * = MODULE_ALIGN, > + GFP_KERNEL); > } This seems overly-complicated. I was thinking something like this would wor= k: static int vm_module_tags_populate(void) { unsigned long phys_end =3D ALIGN_DOWN(module_tags.start_addr, PAGE_= SIZE) + (vm_module_tags->nr_pages << PAGE_SHIFT); unsigned long new_end =3D module_tags.start_addr + module_tags.size= ; if (phys_end < new_end) { struct page **next_page =3D vm_module_tags->pages + vm_module_tags->nr_pages; + unsigned long old_shadow_end =3D ALIGN(phys_end, MODULE_AL= IGN); + unsigned long new_shadow_end =3D ALIGN(new_end, MODULE_ALI= GN); unsigned long more_pages; unsigned long nr; more_pages =3D ALIGN(new_end - phys_end, PAGE_SIZE) >> PAGE= _SHIFT; nr =3D alloc_pages_bulk_array_node(GFP_KERNEL | __GFP_NOWAR= N, NUMA_NO_NODE, more_pages, next_page); if (nr < more_pages || vmap_pages_range(phys_end, phys_end + (nr << PAGE_SHIFT), PAGE_KERNEL, next_page, PAGE_SHIFT) < 0) { /* Clean up and error out */ for (int i =3D 0; i < nr; i++) __free_page(next_page[i]); return -ENOMEM; } vm_module_tags->nr_pages +=3D nr; + if (old_shadow_end < new_shadow_end) + kasan_alloc_module_shadow((void *)old_shadow_end, + new_shadow_end - old_shadow_= end + GFP_KERNEL); } WDYT? > > /* > -- > 2.25.1 >