From nobody Tue Jun 30 16:36:01 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 562F5C4332F
	for <linux-kernel@archiver.kernel.org>; Thu, 13 Jan 2022 03:14:47 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231925AbiAMDOq (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 12 Jan 2022 22:14:46 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52496 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231894AbiAMDOo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Jan 2022 22:14:44 -0500
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48AFEC06173F
        for <linux-kernel@vger.kernel.org>;
 Wed, 12 Jan 2022 19:14:44 -0800 (PST)
Received: by mail-yb1-xb49.google.com with SMTP id
 s89-20020a25aa62000000b00611afc92630so4486812ybi.17
        for <linux-kernel@vger.kernel.org>;
 Wed, 12 Jan 2022 19:14:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:message-id:mime-version:subject:from:to:cc;
        bh=Vn5oKbnGZSK29/TeD2jdsTWSsU6BDg6nOy220ST8fyE=;
        b=ZAVJQmK76ka/sB9vdoEgbpDzHHvQ9eaRaksI3ggjA9gVsDwXmYzobW1WITyq+eXbJ7
         d0EPMyljiyJTxGq4RZ4LdlWDk5U/f27wU+O+CI+bpJrKu6DWTwONrF4XF/dI+5spLRJJ
         FMJOwro7nKdAhO0EPrCEagaEgRODbulo/AfI8Ip2y+/40eZyHd3uS8EaKOxk8dtDUxAT
         EdYGdxK08jPgIaXE8gb2qJwaJnY8ZcAPgbA8nqk43dlGBVnXfgXaKu/nuTKvwyqMv0+e
         r72JnMbrVNDCxFAdcNs+NJGc4m0I5192QGjfFQAX4xji6GWCU1dSEzfNXjyE5IsgG45s
         KBXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
        bh=Vn5oKbnGZSK29/TeD2jdsTWSsU6BDg6nOy220ST8fyE=;
        b=Smio80Bx60HE1EDCgjARd5ctMTs/AcfIA6UUFSeRs9O26xLI5SiDm95yOfz3+lp3nM
         zfmp7+b2QhV0dCZ0b22S5Cib6MWuVN18e0OcWNzzMcqYPnai9iatXAK5+psgibS4gYXk
         nW0UGtoty5uihFuvEgYRA4EGLWAoPOGHPQ2aSnO85tawrZIrdtz/qUr7Cy9QG6jDv1iW
         jgmJ98Bxlt8mVZl8HwMlGGN3QWOopZm/AcbuVTpopw6Hl78BQWuambyNdqVMT9wBnJSb
         5XrA388lLQk5jEGttYCzCrB5Ji6wf6hLYCrKyvZ2ZgJTwzWdAZwWfJdnIExy9iVYO9Nl
         E1jQ==
X-Gm-Message-State: AOAM530N3Z40j0jigtj+7oL+xwoX/OPxx40KyFRpBQzerDZe+d3z5WLn
        iQlF586DqvE8AUA9x95gQdm5bbM=
X-Google-Smtp-Source: 
 ABdhPJwo+5zEuBBP9DSC2b29Tuo0F0jw0Ox/T3uvpDRiQLRasor571HDpoxgJoDoibMecszhSTXgi4E=
X-Received: from pcc-desktop.svl.corp.google.com
 ([2620:15c:2ce:200:55e2:d4be:752f:9807])
 (user=pcc job=sendgmr) by 2002:a05:6902:725:: with SMTP id
 l5mr3323683ybt.575.1642043683429; Wed, 12 Jan 2022 19:14:43 -0800 (PST)
Date: Wed, 12 Jan 2022 19:14:34 -0800
Message-Id: <20220113031434.464992-1-pcc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.34.1.575.g55b058a8bb-goog
Subject: [PATCH] mm: use compare-exchange operation to set KASAN page tag
From: Peter Collingbourne <pcc@google.com>
To: Andrey Konovalov <andreyknvl@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Collingbourne <pcc@google.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org, stable@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

It has been reported that the tag setting operation on newly-allocated
pages can cause the page flags to be corrupted when performed
concurrently with other flag updates as a result of the use of
non-atomic operations. Fix the problem by using a compare-exchange
loop to update the tag.

Signed-off-by: Peter Collingbourne <pcc@google.com>
Link: https://linux-review.googlesource.com/id/I456b24a2b9067d93968d43b4bb3=
351c0cec63101
Fixes: 2813b9c02962 ("kasan, mm, arm64: tag non slab memory allocated via p=
agealloc")
Cc: stable@vger.kernel.org
---
 include/linux/mm.h | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index c768a7c81b0b..b544b0a9f537 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1531,11 +1531,17 @@ static inline u8 page_kasan_tag(const struct page *=
page)
=20
 static inline void page_kasan_tag_set(struct page *page, u8 tag)
 {
-	if (kasan_enabled()) {
-		tag ^=3D 0xff;
-		page->flags &=3D ~(KASAN_TAG_MASK << KASAN_TAG_PGSHIFT);
-		page->flags |=3D (tag & KASAN_TAG_MASK) << KASAN_TAG_PGSHIFT;
-	}
+	unsigned long old_flags, flags;
+
+	if (!kasan_enabled())
+		return;
+
+	tag ^=3D 0xff;
+	do {
+		old_flags =3D flags =3D page->flags;
+		flags &=3D ~(KASAN_TAG_MASK << KASAN_TAG_PGSHIFT);
+		flags |=3D (tag & KASAN_TAG_MASK) << KASAN_TAG_PGSHIFT;
+	} while (unlikely(cmpxchg(&page->flags, old_flags, flags) !=3D old_flags)=
);
 }
=20
 static inline void page_kasan_tag_reset(struct page *page)
--=20
2.34.1.575.g55b058a8bb-goog