From nobody Fri Apr 3 11:10:08 2026 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 547C734D909 for ; Fri, 20 Feb 2026 14:49:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771598988; cv=none; b=tXSyW8Y3H3qIOiS5tVVmziQYniealscJTidEhvmEjykRYRTE+ubslK00ZyE8IfXKJ+XLjf+Yk5o4RFx6Ld4oZ4tDKuA3V9EmOFIWOBDiyJPKECEogJqTAMaav0VHJVtQW1KVcK7hnvgUP51uacdmba9qkfjMNMarnGzdxY9sKUk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771598988; c=relaxed/simple; bh=9Nh27rPFeHNCWr8MUFQIUbZtfDXJvCeFJWUeTB2DOls=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=Brwx6NxL1lhGS3OxINkWQ1wzXP8YsYCQakA0WFNGDjOCKTF10rBDzrg8Y2EfpbGOuTJY7/rsatbPIfNnYparv860mR2uJwPN3GI5Fa/nzUjC0cy9HxJJxvDxlV84w7btZUZqkZYiZDgaI/GzhkVPmEaZc9jO2c9hrIP0JnRRdm8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--glider.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ar1+mShr; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--glider.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ar1+mShr" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-48079ae1001so15250475e9.0 for ; Fri, 20 Feb 2026 06:49:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771598985; x=1772203785; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=7l0Rk7sxPzClSemlodKxJT0xAUIi4Uh2P1WbS8uB91M=; b=ar1+mShrdv9DPJx5gewY9qZdbnDvM1FEjtgc17sXBl8hhRg5XwZjsBSW+QbHHOBsi3 TMxnwop17evdlMJRE3sJmevLMUuaFiIPR4SEcGhnW934ZvuW4lH6dRzGUX6aGnWg3rN0 pySHeWEZjfphqdVIvkND3fYmi/AHN6/ZbiJ85uU0r1X1Gc/6CNcXPD5ZRK0JQs0UXV4k 4x3BC22NIDrHoXufmBjmpblQEh/5Zhej5RTO/Wby7jXt3EmoPB+awguTQ1oLliZpHCsh 000zDLmNKA8ZZBoHoAPuyTBTskf220ZUx7KvpmLXBNfunhA7Oot2paEs1peaeHEiOJFz JXcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771598985; x=1772203785; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=7l0Rk7sxPzClSemlodKxJT0xAUIi4Uh2P1WbS8uB91M=; b=p05KqJpJDezXrkIN4gRbdPM9C7pMl53qyfGSPQe9gfMcjmJ/Nnz93zBjs7bCBm6spQ ib+2FtMawPPw8IRlTBvwclrx/Keabzyf+JncSO9UdImIRbCx8e9Uct7dXMQqyKzNGG+C 7ALKusr4h7jNfXsv64q2XZQ8OlnExZCXdfYt9/EMgXXqxCoiChcyz7ZMStrmSFc2hKdS IybqhG5aNO+I41wadNbed2KamNJBX04GmJFeLI9wI63eb4OWQsJEBk4JM6pcnkM6hAcK 0PX2xxQIKsRgUJFDKWmdkK8tnkVwqjeVbzxdPagVNkqROlHuhJj3pj09zUXdZgpUKtUm xMYw== X-Forwarded-Encrypted: i=1; AJvYcCWzfGJGRgvGj8ZwubAzN3SeY9cBxPJcED+uAIhF7mF8Yyu6cnCPam3QstCkZxbTB8JIx4ZOATlkEwQIZOo=@vger.kernel.org X-Gm-Message-State: AOJu0YyVr8attZ16rPyzl86o0WXwq01USI8pFM4NPRra2OEtQK2JUXD1 GExOxlkdo29aB8g35MXaZ0i6cfHMfT7J4nnQsV3Ln34U0Ri+FGtmIcCIouG3UdwvK6iLleOXZFO Gyy2KSQ== X-Received: from wmhn21.prod.google.com ([2002:a05:600c:3055:b0:483:6e28:c16f]) (user=glider job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8b2f:b0:47d:885d:d2ff with SMTP id 5b1f17b1804b1-48379c1faccmr309919275e9.29.1771598984385; Fri, 20 Feb 2026 06:49:44 -0800 (PST) Date: Fri, 20 Feb 2026 15:49:40 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260220144940.2779209-1-glider@google.com> Subject: [PATCH v1] mm/kfence: fix KASAN hardware tag faults during late enablement From: Alexander Potapenko To: glider@google.com Cc: akpm@linux-foundation.org, mark.rutland@arm.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, pimyn@google.com, Andrey Konovalov , Andrey Ryabinin , Dmitry Vyukov , Greg KH , Kees Cook , Marco Elver , stable@vger.kernel.org, Ernesto Martinez Garcia Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When KASAN hardware tags are enabled, re-enabling KFENCE late (via /sys/module/kfence/parameters/sample_interval) causes KASAN faults. This happens because the KFENCE pool and metadata are allocated via the page allocator, which tags the memory, while KFENCE continues to access it using untagged pointers during initialization. Use __GFP_SKIP_KASAN for late KFENCE pool and metadata allocations to ensure the memory remains untagged, consistent with early allocations from memblock. To support this, add __GFP_SKIP_KASAN to the allowlist in __alloc_contig_verify_gfp_mask(). Cc: Andrew Morton Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Greg KH Cc: Kees Cook Cc: Marco Elver Cc: Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure") Suggested-by: Ernesto Martinez Garcia Signed-off-by: Alexander Potapenko --- This is a follow-up for "mm/kfence: disable KFENCE upon KASAN HW tags enablement" that is currently in mm-hotfixes-unstable --- mm/kfence/core.c | 14 ++++++++------ mm/page_alloc.c | 3 ++- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 71f87072baf9b..30959c97b881d 100644 --- a/mm/kfence/core.c +++ b/mm/kfence/core.c @@ -999,14 +999,14 @@ static int kfence_init_late(void) #ifdef CONFIG_CONTIG_ALLOC struct page *pages; =20 - pages =3D alloc_contig_pages(nr_pages_pool, GFP_KERNEL, first_online_node, - NULL); + pages =3D alloc_contig_pages(nr_pages_pool, GFP_KERNEL | __GFP_SKIP_KASAN, + first_online_node, NULL); if (!pages) return -ENOMEM; =20 __kfence_pool =3D page_to_virt(pages); - pages =3D alloc_contig_pages(nr_pages_meta, GFP_KERNEL, first_online_node, - NULL); + pages =3D alloc_contig_pages(nr_pages_meta, GFP_KERNEL | __GFP_SKIP_KASAN, + first_online_node, NULL); if (pages) kfence_metadata_init =3D page_to_virt(pages); #else @@ -1016,11 +1016,13 @@ static int kfence_init_late(void) return -EINVAL; } =20 - __kfence_pool =3D alloc_pages_exact(KFENCE_POOL_SIZE, GFP_KERNEL); + __kfence_pool =3D alloc_pages_exact(KFENCE_POOL_SIZE, + GFP_KERNEL | __GFP_SKIP_KASAN); if (!__kfence_pool) return -ENOMEM; =20 - kfence_metadata_init =3D alloc_pages_exact(KFENCE_METADATA_SIZE, GFP_KERN= EL); + kfence_metadata_init =3D alloc_pages_exact(KFENCE_METADATA_SIZE, + GFP_KERNEL | __GFP_SKIP_KASAN); #endif =20 if (!kfence_metadata_init) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index cbf758e27aa2c..9d1887e3d4074 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -6921,7 +6921,8 @@ static int __alloc_contig_verify_gfp_mask(gfp_t gfp_m= ask, gfp_t *gfp_cc_mask) { const gfp_t reclaim_mask =3D __GFP_IO | __GFP_FS | __GFP_RECLAIM; const gfp_t action_mask =3D __GFP_COMP | __GFP_RETRY_MAYFAIL | __GFP_NOWA= RN | - __GFP_ZERO | __GFP_ZEROTAGS | __GFP_SKIP_ZERO; + __GFP_ZERO | __GFP_ZEROTAGS | __GFP_SKIP_ZERO | + __GFP_SKIP_KASAN; const gfp_t cc_action_mask =3D __GFP_RETRY_MAYFAIL | __GFP_NOWARN; =20 /* --=20 2.53.0.345.g96ddfc5eaa-goog