From nobody Sun Feb 8 20:23:21 2026 Received: from out28-136.mail.aliyun.com (out28-136.mail.aliyun.com [115.124.28.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E24433BBBC for ; Mon, 12 Jan 2026 08:02:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.28.136 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768204937; cv=none; b=HjpaaJ3JJyvVTiaErkvNe/pMROuH1NeZxyckfTrUyP3MJa1aSj4HGjGghNHDSMgsIfu8k2ClJNN74Nk7ZB+E03KEDPWaVIQjHd8zKD6p5pb7JyM9zCx46u5PH3qK+DncnVKBdphfw3n0mdRyY5r+DLX0RoIDeYTwnPl4PbhBfUI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768204937; c=relaxed/simple; bh=5EpoOiaFISut4Ik3FdMcyMEciOIVgzYexQo4XaKLw7Y=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type; b=QxSR40eKbfihQaAGfke6QzhPHolTZQj/N1IdfOXPjCMmMT9GZbLYoTWlgVtJ4uP7TTgJNn2r4wCfsthZRZz6bz5h1+30F9wdsHHNCSXKOmu2B9rt8w8Mq0Z8Ukh+tG6+mgsIBDKPss+nU2NvYBvSNJ8df9YH0N0W4XN3XX+k//A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=bosc.ac.cn; spf=pass smtp.mailfrom=bosc.ac.cn; arc=none smtp.client-ip=115.124.28.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=bosc.ac.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=bosc.ac.cn Received: from guoyaxing.localdomain(mailfrom:guoyaxing@bosc.ac.cn fp:SMTPD_---.g4Lkj9W_1768204605 cluster:ay29) by smtp.aliyun-inc.com; Mon, 12 Jan 2026 15:56:48 +0800 From: Yaxing Guo To: pjw@kernel.org, palmer@dabbelt.com, aou@eecs.berkeley.edu, alex@ghiti.fr, ryabinin.a.a@gmail.com, glider@google.com, andreyknvl@gmail.com, dvyukov@google.com, vincenzo.frascino@arm.com Cc: guoyaxing@bosc.ac.cn, majiuyue@bosc.ac.cn, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Zhizun Wang Subject: [PATCH v1] riscv/kasan: include KASAN shadow range in flush_cache_vmap() Date: Mon, 12 Jan 2026 15:56:43 +0800 Message-Id: <20260112075643.124570-1-guoyaxing@bosc.ac.cn> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On RISC-V, when vmalloc() allocates memory for the KASAN shadow region, the page table entries are set up without ensuring the store operations are globally visible before subsequent accesses. The flush logic in handle_exception relies on the 'new_vmalloc' bit to trigger a fence, but this bit is only set for vmalloc/module addresses =E2=80=94 not for KAS= AN shadow addresses. As a result, accesses to the newly mapped KASAN shadow memory can trigger spurious page faults due to stale TLB or instruction cache entries. Fix this by extending flush_cache_vmap() to also cover the KASAN shadow address range, ensuring proper cache maintenance and memory ordering for KASAN shadow mappings just like regular vmalloc areas. Reported-by: Zhizun Wang Reported-by: Jiuyue Ma Signed-off-by: Yaxing Guo --- arch/riscv/include/asm/cacheflush.h | 4 +++- arch/riscv/include/asm/kasan.h | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/riscv/include/asm/cacheflush.h b/arch/riscv/include/asm/c= acheflush.h index 0092513c3376..b27480d5a205 100644 --- a/arch/riscv/include/asm/cacheflush.h +++ b/arch/riscv/include/asm/cacheflush.h @@ -7,6 +7,7 @@ #define _ASM_RISCV_CACHEFLUSH_H =20 #include +#include =20 static inline void local_flush_icache_all(void) { @@ -46,7 +47,8 @@ extern char _end[]; #define flush_cache_vmap flush_cache_vmap static inline void flush_cache_vmap(unsigned long start, unsigned long end) { - if (is_vmalloc_or_module_addr((void *)start)) { + if (is_vmalloc_or_module_addr((void *)start) || + is_kasan_addr(start)) { int i; =20 /* diff --git a/arch/riscv/include/asm/kasan.h b/arch/riscv/include/asm/kasan.h index 60af6691f903..224ba86fbd15 100644 --- a/arch/riscv/include/asm/kasan.h +++ b/arch/riscv/include/asm/kasan.h @@ -36,10 +36,14 @@ #ifdef CONFIG_KASAN #define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL) =20 +#define is_kasan_addr(addr) (addr >=3D KASAN_SHADOW_START && addr < KASAN_= SHADOW_END) + void kasan_init(void); asmlinkage void kasan_early_init(void); void kasan_swapper_init(void); - +#else +#define is_kasan_addr(addr) (0) #endif + #endif #endif /* __ASM_KASAN_H */ --=20 2.34.1