From nobody Mon May 25 01:15:57 2026
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C85EC1C84A0
	for <linux-kernel@vger.kernel.org>; Wed, 20 May 2026 04:32:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=10.30.226.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779251530; cv=none;
 b=GdG99PGOKBZgkE+Ohg8mFBaTdfMU4MYEhBikGkqZ7ge6cP5CB4PMCDnwCA/0V7zkp7a3ya5CP2pK/uU/Z1ZVsUbdBNeSRD+TtV31m0io7fCO8k03FiH18tNWzHJAuGGXd9q5HzYxy7djs3clLvmAm8jcAZWzAGlbjRsidtop5vU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779251530; c=relaxed/simple;
	bh=Wjty/wduvl+Pn1BhKceunURL0fJv0U/D5IHxoAv4Rt0=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc;
 b=ICdjy+3qzERTTWChi9UPt6SAmNQFP3xlClvC55glqsLNxu2Hd1EFOI42UxS63eitfeAavHOUAePDQlqkX1u3VMaDZKfe1bvXuZcs+OJSV9FAtgre62S+fvRE9nfvdF27o0lIAU7QkEVyWsbe3LaKqPvT12m0EBEE5vbwAlUtUto=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b=A/RBw962; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="A/RBw962"
Received: by smtp.kernel.org (Postfix) with ESMTPS id 9FDE4C2BCB0;
	Wed, 20 May 2026 04:32:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1779251530;
	bh=Wjty/wduvl+Pn1BhKceunURL0fJv0U/D5IHxoAv4Rt0=;
	h=From:Date:Subject:To:Cc:Reply-To:From;
	b=A/RBw962Jj2myKHrueoXlYdEa9WDZDlmr/h0rk+Lsx3ZSWoBaRkPkMS3yaKYnf16u
	 G4hFe7T4bI8jGdF63H5tfDXX1TjBCXrk5qIdzLzfuCt7KWf1op8ES4LE34li1uX9ac
	 WIC4YydmL8NDvcm6Z4+Jed6dA8inrKex6/HI/QzdKoVi2KAP6w6woUMaVvmF+uP60X
	 XHbnSnQdlFU8FC5ccS5GK1tj1FF98jJ+zw1j0TGhQXbO9fIAjTlE9IJa02/Pf4LdsH
	 Cnyin0BoS8XhSjnokKak4CbAkUlAVMXXS8BraPWjf0rPt+ud1e6qDdSqz4jll58dzz
	 FTksN55K48AHQ==
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 94771CD4F5E;
	Wed, 20 May 2026 04:32:10 +0000 (UTC)
From: Chia-I Wu via B4 Relay <devnull+olvaffe.gmail.com@kernel.org>
Date: Tue, 19 May 2026 21:31:46 -0700
Subject: [PATCH RFC v2] mm/shmem: set __GFP_SKIP_KASAN for
 swap_cluster_readahead
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <20260519-panthor-kasan-v2-1-b7384458f076@gmail.com>
X-B4-Tracking: v=1; b=H4sIADE5DWoC/3WNwQ6CMBBEf4Xs2Rq2iFVPJiZ+gFfDodAVVqUlL
 RIN6b8LePY4kzdvRgjkmQIckhE8DRzY2SnIVQJVo21Ngs2UQaZym+YoRadt3zgvHjpoKzDdKCW
 zfakNwrTpPN34vfiucDmfoPiV4VXeqepn04w1HHrnP8vrgAv852BAgcLsTEZS5UZheaxbzc915
 VooYoxfOcyRsMEAAAA=
X-Change-ID: 20260512-panthor-kasan-10477239bad1
To: Andrey Ryabinin <ryabinin.a.a@gmail.com>,
 Alexander Potapenko <glider@google.com>,
 Andrey Konovalov <andreyknvl@gmail.com>, Dmitry Vyukov <dvyukov@google.com>,
 Vincenzo Frascino <vincenzo.frascino@arm.com>,
 Andrew Morton <akpm@linux-foundation.org>, Hugh Dickins <hughd@google.com>,
 Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: kasan-dev@googlegroups.com, linux-mm@kvack.org,
 linux-kernel@vger.kernel.org,
 Boris Brezillon <boris.brezillon@collabora.com>,
 Chia-I Wu <olvaffe@gmail.com>
X-Mailer: b4 0.15.2
X-Developer-Signature: v=1; a=openpgp-sha256; l=1682; i=olvaffe@gmail.com;
 h=from:subject:message-id;
 bh=BTF9Nk+Dq+n2u4+GJl/PHmatAgLww9uk/603AjD4oqQ=;
 b=owGbwMvMwCV2uuv6dHcvAWnG02pJDFm8lp4vXjMX63DYH6zfsNFHOsppbc8JFS9DxY9Le/sfM
 L7/lvKmo5SFQYyLQVZMkWWn0uevgRmFl+8IN66DmcPKBDKEgYtTACYSVs3I8CN5rcGd7Bo1GbMP
 j3PDu149qa8q4PfaPDvyv3hNoNv3DEaG128X/zofue3/qnvlgc4pdk+3TCn7nRI0YelNKaaP7Mk
 3mQA=
X-Developer-Key: i=olvaffe@gmail.com; a=openpgp;
 fpr=8C8F791802BBB330399230F27CB6CD58BE1B6831
X-Endpoint-Received: by B4 Relay for olvaffe@gmail.com/default with
 auth_id=776
X-Original-From: Chia-I Wu <olvaffe@gmail.com>
Reply-To: olvaffe@gmail.com

From: Chia-I Wu <olvaffe@gmail.com>

swap_cluster_readahead can allocate folios for other mappings. If the
gfp flags do not have __GFP_SKIP_KASAN, but the other mappings have
PROT_MTE, we can end up with false KASAN errors such as

  BUG: KASAN: invalid-access in swap_writepage+0xb0/0x21c
  Read at addr f5ffff81aa71dff8 by task WM.task-4/6956
  Pointer tag: [f5], memory tag: [f9]

In the above example, because __GFP_SKIP_KASAN was missing, KASAN set
both pointer tag and memory tag to 0xf5 when swap_cluster_readahead
allocated the folio. But the userspace had already set the memory tag to
0xf9 before swapped out. arch_swap_restore restored the memory tag back
to 0xf9, leading to the mismatch.

Signed-off-by: Chia-I Wu <olvaffe@gmail.com>
---
Changes in v2:
- set __GFP_SKIP_KASAN for shmem instead of drm/panthor
- Link to v1: https://patch.msgid.link/20260512-panthor-kasan-v1-1-d8d3e275=
d71b@gmail.com
---
 mm/shmem.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mm/shmem.c b/mm/shmem.c
index 3b5dc21b323c2..db9130a8c5b76 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1784,6 +1784,11 @@ static struct folio *shmem_swapin_cluster(swp_entry_=
t swap, gfp_t gfp,
 	pgoff_t ilx;
 	struct folio *folio;
=20
+	/* swap_cluster_readahead might cross the mapping boundary and
+	 * allocate pages for other mappings. We have to skip KASAN.
+	 */
+	gfp |=3D __GFP_SKIP_KASAN;
+
 	mpol =3D shmem_get_pgoff_policy(info, index, 0, &ilx);
 	folio =3D swap_cluster_readahead(swap, gfp, mpol, ilx);
 	mpol_cond_put(mpol);

---
base-commit: 5200f5f493f79f14bbdc349e402a40dfb32f23c8
change-id: 20260512-panthor-kasan-10477239bad1

Best regards,
-- =20
Chia-I Wu <olvaffe@gmail.com>