From nobody Wed Dec 17 06:26:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9D86C10F13 for ; Tue, 12 Dec 2023 00:14:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345429AbjLLAOG (ORCPT ); Mon, 11 Dec 2023 19:14:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48008 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345394AbjLLAOE (ORCPT ); Mon, 11 Dec 2023 19:14:04 -0500 Received: from out-179.mta1.migadu.com (out-179.mta1.migadu.com [95.215.58.179]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF517B8 for ; Mon, 11 Dec 2023 16:14:10 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1702340049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vOaXJmSZ4mgcOuCRTmHs9viCNJ5mspLX8zhenk2W1qY=; b=ZFY0MXvUwTln62U1tHBt6KK8Dqg+6tfH+i/GfcUa4eujPC2CC53JaDXpaZhT1eWOt98GO5 rQ36NXtwX/bnZpsUbbyhXz3bTvVFqA6FvpYHeqX+qP0YEUP3BL6KN8k/7Q6TNtfpTILzXF HbnIpR5duzaXmjUbV13x2oH9iQ3NxmE= From: andrey.konovalov@linux.dev To: Andrew Morton Cc: Andrey Konovalov , Marco Elver , Alexander Potapenko , Dmitry Vyukov , Vlastimil Babka , kasan-dev@googlegroups.com, Evgenii Stepanov , Tetsuo Handa , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 1/4] lib/stackdepot: add printk_deferred_enter/exit guards Date: Tue, 12 Dec 2023 01:14:00 +0100 Message-Id: <6c38c31e304a55449f76f60b6f72e35f992cad99.1702339432.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Stack depot functions can be called from various contexts that do allocations, including with console locks taken. At the same time, stack depot functions might print WARNING's or refcount-related failures. This can cause a deadlock on console locks. Add printk_deferred_enter/exit guards to stack depot to avoid this. Reported-by: Tetsuo Handa Closes: https://lore.kernel.org/all/000000000000f56750060b9ad216@google.com/ Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- lib/stackdepot.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lib/stackdepot.c b/lib/stackdepot.c index 870cce2f4cbd..a0be5d05c7f0 100644 --- a/lib/stackdepot.c +++ b/lib/stackdepot.c @@ -506,12 +506,14 @@ depot_stack_handle_t stack_depot_save_flags(unsigned = long *entries, bucket =3D &stack_table[hash & stack_hash_mask]; =20 read_lock_irqsave(&pool_rwlock, flags); + printk_deferred_enter(); =20 /* Fast path: look the stack trace up without full locking. */ found =3D find_stack(bucket, entries, nr_entries, hash); if (found) { if (depot_flags & STACK_DEPOT_FLAG_GET) refcount_inc(&found->count); + printk_deferred_exit(); read_unlock_irqrestore(&pool_rwlock, flags); goto exit; } @@ -520,6 +522,7 @@ depot_stack_handle_t stack_depot_save_flags(unsigned lo= ng *entries, if (new_pool_required) need_alloc =3D true; =20 + printk_deferred_exit(); read_unlock_irqrestore(&pool_rwlock, flags); =20 /* @@ -541,6 +544,7 @@ depot_stack_handle_t stack_depot_save_flags(unsigned lo= ng *entries, } =20 write_lock_irqsave(&pool_rwlock, flags); + printk_deferred_enter(); =20 found =3D find_stack(bucket, entries, nr_entries, hash); if (!found) { @@ -562,6 +566,7 @@ depot_stack_handle_t stack_depot_save_flags(unsigned lo= ng *entries, depot_keep_new_pool(&prealloc); } =20 + printk_deferred_exit(); write_unlock_irqrestore(&pool_rwlock, flags); exit: if (prealloc) { @@ -600,9 +605,11 @@ unsigned int stack_depot_fetch(depot_stack_handle_t ha= ndle, return 0; =20 read_lock_irqsave(&pool_rwlock, flags); + printk_deferred_enter(); =20 stack =3D depot_fetch_stack(handle); =20 + printk_deferred_exit(); read_unlock_irqrestore(&pool_rwlock, flags); =20 *entries =3D stack->entries; @@ -619,6 +626,7 @@ void stack_depot_put(depot_stack_handle_t handle) return; =20 write_lock_irqsave(&pool_rwlock, flags); + printk_deferred_enter(); =20 stack =3D depot_fetch_stack(handle); if (WARN_ON(!stack)) @@ -633,6 +641,7 @@ void stack_depot_put(depot_stack_handle_t handle) } =20 out: + printk_deferred_exit(); write_unlock_irqrestore(&pool_rwlock, flags); } EXPORT_SYMBOL_GPL(stack_depot_put); --=20 2.25.1 From nobody Wed Dec 17 06:26:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AE37C41535 for ; Tue, 12 Dec 2023 00:14:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345454AbjLLAOI (ORCPT ); Mon, 11 Dec 2023 19:14:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345415AbjLLAOF (ORCPT ); Mon, 11 Dec 2023 19:14:05 -0500 Received: from out-174.mta1.migadu.com (out-174.mta1.migadu.com [IPv6:2001:41d0:203:375::ae]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98EFCAD for ; Mon, 11 Dec 2023 16:14:11 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1702340049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=x4Cn8Rdft153TNfaMCqmpUoRbUij/xgpu9Ka1HxHDYI=; b=UvkDjF/5ctTo0nGnQabktnmBPXGfus3/X3idORYN6B4D44rXq0KJToDsQKy9BeHFX8qw7b qQCY+W0sZZweOoacCTj/1cWItkpd82s9p4KPKbjHROXaD7+UwOj6FNmJAKaJ2G1O+XKX3R d6piyZ++vR5FIz/37yANY5B0lerp6zk= From: andrey.konovalov@linux.dev To: Andrew Morton Cc: Andrey Konovalov , Marco Elver , Alexander Potapenko , Dmitry Vyukov , Vlastimil Babka , kasan-dev@googlegroups.com, Evgenii Stepanov , Tetsuo Handa , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov , syzbot+186b55175d8360728234@syzkaller.appspotmail.com Subject: [PATCH mm 2/4] kasan: handle concurrent kasan_record_aux_stack calls Date: Tue, 12 Dec 2023 01:14:01 +0100 Message-Id: <432a89fafce11244287c8af757e73a2eb22a5354.1702339432.git.andreyknvl@google.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov kasan_record_aux_stack can be called concurrently on the same object. This might lead to a race condition when rotating the saved aux stack trace handles. Fix by introducing a spinlock to protect the aux stack trace handles in kasan_record_aux_stack. Reported-by: Tetsuo Handa Reported-by: syzbot+186b55175d8360728234@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000784b1c060b0074a2@google.com/ Signed-off-by: Andrey Konovalov --- This can be squashed into "kasan: use stack_depot_put for Generic mode" or left standalone. --- mm/kasan/generic.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 54e20b2bc3e1..ca5c75a1866c 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -35,6 +36,8 @@ #include "kasan.h" #include "../slab.h" =20 +DEFINE_SPINLOCK(aux_lock); + /* * All functions below always inlined so compiler could * perform better optimizations in each of __asan_loadX/__assn_storeX @@ -502,6 +505,8 @@ static void __kasan_record_aux_stack(void *addr, depot_= flags_t depot_flags) struct kmem_cache *cache; struct kasan_alloc_meta *alloc_meta; void *object; + depot_stack_handle_t new_handle, old_handle; + unsigned long flags; =20 if (is_kfence_address(addr) || !slab) return; @@ -512,9 +517,15 @@ static void __kasan_record_aux_stack(void *addr, depot= _flags_t depot_flags) if (!alloc_meta) return; =20 - stack_depot_put(alloc_meta->aux_stack[1]); + new_handle =3D kasan_save_stack(0, depot_flags); + + spin_lock_irqsave(&aux_lock, flags); + old_handle =3D alloc_meta->aux_stack[1]; alloc_meta->aux_stack[1] =3D alloc_meta->aux_stack[0]; - alloc_meta->aux_stack[0] =3D kasan_save_stack(0, depot_flags); + alloc_meta->aux_stack[0] =3D new_handle; + spin_unlock_irqrestore(&aux_lock, flags); + + stack_depot_put(old_handle); } =20 void kasan_record_aux_stack(void *addr) --=20 2.25.1 From nobody Wed Dec 17 06:26:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D2F8C4167D for ; Tue, 12 Dec 2023 00:14:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345470AbjLLAOK (ORCPT ); Mon, 11 Dec 2023 19:14:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345418AbjLLAOF (ORCPT ); Mon, 11 Dec 2023 19:14:05 -0500 Received: from out-176.mta1.migadu.com (out-176.mta1.migadu.com [IPv6:2001:41d0:203:375::b0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 170FBB5 for ; Mon, 11 Dec 2023 16:14:12 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1702340050; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OwbAGppKL3WPs8Dt+2mYc7aec7Z15bPqx/lY8lY4n/4=; b=AhuNEvWc+xId+ebmaR6PLfGdXFqw+Wg1SNRrPQ1ZlK1Sc1etaByaW4J7PAGKThBVnj447n j8TePKCfHAMCJ1KwilljkT2LUfiq2L5u0pH0HA7XJfeRd1JbF++UGx/w+zfsttHD227a+f IZQYQmT7JGekNhMS5pIy488rlfoaazI= From: andrey.konovalov@linux.dev To: Andrew Morton Cc: Andrey Konovalov , Marco Elver , Alexander Potapenko , Dmitry Vyukov , Vlastimil Babka , kasan-dev@googlegroups.com, Evgenii Stepanov , Tetsuo Handa , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 3/4] kasan: memset free track in qlink_free Date: Tue, 12 Dec 2023 01:14:02 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Instead of only zeroing out the stack depot handle when evicting the free stack trace in qlink_free, zero out the whole track. Do this just to produce a similar effect for alloc and free meta. The other fields of the free track besides the stack trace handle are considered invalid at this point anyway, so no harm in zeroing them out. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- This can be squashed into "kasan: use stack_depot_put for Generic mode" or left standalone. --- mm/kasan/quarantine.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c index 265ca2bbe2dd..782e045da911 100644 --- a/mm/kasan/quarantine.c +++ b/mm/kasan/quarantine.c @@ -157,7 +157,7 @@ static void qlink_free(struct qlist_node *qlink, struct= kmem_cache *cache) if (free_meta && *(u8 *)kasan_mem_to_shadow(object) =3D=3D KASAN_SLAB_FREETRACK) { stack_depot_put(free_meta->free_track.stack); - free_meta->free_track.stack =3D 0; + __memset(&free_meta->free_track, 0, sizeof(free_meta->free_track)); } =20 /* --=20 2.25.1 From nobody Wed Dec 17 06:26:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CED4C4167B for ; Tue, 12 Dec 2023 00:14:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345481AbjLLAOL (ORCPT ); Mon, 11 Dec 2023 19:14:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345426AbjLLAOG (ORCPT ); Mon, 11 Dec 2023 19:14:06 -0500 Received: from out-180.mta1.migadu.com (out-180.mta1.migadu.com [95.215.58.180]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9946EB8 for ; Mon, 11 Dec 2023 16:14:12 -0800 (PST) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1702340051; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4v2xeqlY3bmUQ3FXCYD1mACtOfLEO5nvek1y1ZiQa0s=; b=pkglrqnIvLL1i2TrN6B8oPzonG4Tx1w7mQXL6y13N9tGc5e12sY7eb+AJFYGp9qNNRA6C8 fsFj5WhSBPxuf9OzL/2ucnnjhPh0g/dy12UZ2lGf3lPYNFaJYLPQY3wu39tWi6RGT9VYZk uDz7QstHoOYA5j+8ntWl6s9I7C6+Dv4= From: andrey.konovalov@linux.dev To: Andrew Morton Cc: Andrey Konovalov , Marco Elver , Alexander Potapenko , Dmitry Vyukov , Vlastimil Babka , kasan-dev@googlegroups.com, Evgenii Stepanov , Tetsuo Handa , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 4/4] lib/stackdepot: fix comment in include/linux/stackdepot.h Date: Tue, 12 Dec 2023 01:14:03 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov As stack traces can now be evicted from the stack depot, remove the comment saying that they are never removed. Signed-off-by: Andrey Konovalov Reviewed-by: Marco Elver --- Can be squashed into "lib/stackdepot: allow users to evict stack traces" or left standalone. --- include/linux/stackdepot.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/linux/stackdepot.h b/include/linux/stackdepot.h index a6796f178913..adcbb8f23600 100644 --- a/include/linux/stackdepot.h +++ b/include/linux/stackdepot.h @@ -11,8 +11,6 @@ * SLUB_DEBUG needs 256 bytes per object for that). Since allocation and f= ree * stack traces often repeat, using stack depot allows to save about 100x = space. * - * Stack traces are never removed from the stack depot. - * * Author: Alexander Potapenko * Copyright (C) 2016 Google, Inc. * --=20 2.25.1