From nobody Fri Dec 19 15:38:36 2025 Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com [95.215.58.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42C9373191 for ; Thu, 21 Dec 2023 20:05:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="ca6Xr6Os" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+hJyqXb/2fG9kaa/Bl39ZO/TtJVAZ8OgDJUIBMdnwuM=; b=ca6Xr6Os/Z3oFun+6KyDxiIacA2tRaVxTTFDHDXDXQXtiQWsYC5+HPech6L4MV3aDTlI07 j3QG0NjRC9B+YgnnxEmb3EgpisveCkpCHQQWA6eNmn+8rbL4RjMp1UGbU7g5fyeyc5HMZ8 qEqcpGuZ87c1j2vSIZxFI6Ddhg+Wa5s= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 01/11] kasan/arm64: improve comments for KASAN_SHADOW_START/END Date: Thu, 21 Dec 2023 21:04:43 +0100 Message-Id: <140108ca0b164648c395a41fbeecb0601b1ae9e1.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Unify and improve the comments for KASAN_SHADOW_START/END definitions from include/asm/kasan.h and include/asm/memory.h. Also put both definitions together in include/asm/memory.h. Also clarify the related BUILD_BUG_ON checks in mm/kasan_init.c. Signed-off-by: Andrey Konovalov --- arch/arm64/include/asm/kasan.h | 22 +------------------ arch/arm64/include/asm/memory.h | 38 +++++++++++++++++++++++++++------ arch/arm64/mm/kasan_init.c | 5 +++++ 3 files changed, 38 insertions(+), 27 deletions(-) diff --git a/arch/arm64/include/asm/kasan.h b/arch/arm64/include/asm/kasan.h index 12d5f47f7dbe..7eefc525a9df 100644 --- a/arch/arm64/include/asm/kasan.h +++ b/arch/arm64/include/asm/kasan.h @@ -15,29 +15,9 @@ =20 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) =20 +asmlinkage void kasan_early_init(void); void kasan_init(void); - -/* - * KASAN_SHADOW_START: beginning of the kernel virtual addresses. - * KASAN_SHADOW_END: KASAN_SHADOW_START + 1/N of kernel virtual addresses, - * where N =3D (1 << KASAN_SHADOW_SCALE_SHIFT). - * - * KASAN_SHADOW_OFFSET: - * This value is used to map an address to the corresponding shadow - * address by the following formula: - * shadow_addr =3D (address >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADO= W_OFFSET - * - * (1 << (64 - KASAN_SHADOW_SCALE_SHIFT)) shadow addresses that lie in ran= ge - * [KASAN_SHADOW_OFFSET, KASAN_SHADOW_END) cover all 64-bits of virtual - * addresses. So KASAN_SHADOW_OFFSET should satisfy the following equation: - * KASAN_SHADOW_OFFSET =3D KASAN_SHADOW_END - - * (1ULL << (64 - KASAN_SHADOW_SCALE_SHIFT)) - */ -#define _KASAN_SHADOW_START(va) (KASAN_SHADOW_END - (1UL << ((va) - KASAN_= SHADOW_SCALE_SHIFT))) -#define KASAN_SHADOW_START _KASAN_SHADOW_START(vabits_actual) - void kasan_copy_shadow(pgd_t *pgdir); -asmlinkage void kasan_early_init(void); =20 #else static inline void kasan_init(void) { } diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memor= y.h index fde4186cc387..0f139cb4467b 100644 --- a/arch/arm64/include/asm/memory.h +++ b/arch/arm64/include/asm/memory.h @@ -65,15 +65,41 @@ #define KERNEL_END _end =20 /* - * Generic and tag-based KASAN require 1/8th and 1/16th of the kernel virt= ual - * address space for the shadow region respectively. They can bloat the st= ack - * significantly, so double the (minimum) stack size when they are in use. + * Generic and Software Tag-Based KASAN modes require 1/8th and 1/16th of = the + * kernel virtual address space for storing the shadow memory respectively. + * + * The mapping between a virtual memory address and its corresponding shad= ow + * memory address is defined based on the formula: + * + * shadow_addr =3D (addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_O= FFSET + * + * where KASAN_SHADOW_SCALE_SHIFT is the order of the number of bits that = map + * to a single shadow byte and KASAN_SHADOW_OFFSET is a constant that offs= ets + * the mapping. Note that KASAN_SHADOW_OFFSET does not point to the start = of + * the shadow memory region. + * + * Based on this mapping, we define two constants: + * + * KASAN_SHADOW_START: the start of the shadow memory region; + * KASAN_SHADOW_END: the end of the shadow memory region. + * + * KASAN_SHADOW_END is defined first as the shadow address that correspond= s to + * the upper bound of possible virtual kernel memory addresses UL(1) << 64 + * according to the mapping formula. + * + * KASAN_SHADOW_START is defined second based on KASAN_SHADOW_END. The sha= dow + * memory start must map to the lowest possible kernel virtual memory addr= ess + * and thus it depends on the actual bitness of the address space. + * + * As KASAN inserts redzones between stack variables, this increases the s= tack + * memory usage significantly. Thus, we double the (minimum) stack size. */ #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) #define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL) -#define KASAN_SHADOW_END ((UL(1) << (64 - KASAN_SHADOW_SCALE_SHIFT)) \ - + KASAN_SHADOW_OFFSET) -#define PAGE_END (KASAN_SHADOW_END - (1UL << (vabits_actual - KASAN_SHADO= W_SCALE_SHIFT))) +#define KASAN_SHADOW_END ((UL(1) << (64 - KASAN_SHADOW_SCALE_SHIFT)) + KAS= AN_SHADOW_OFFSET) +#define _KASAN_SHADOW_START(va) (KASAN_SHADOW_END - (UL(1) << ((va) - KASA= N_SHADOW_SCALE_SHIFT))) +#define KASAN_SHADOW_START _KASAN_SHADOW_START(vabits_actual) +#define PAGE_END KASAN_SHADOW_START #define KASAN_THREAD_SHIFT 1 #else #define KASAN_THREAD_SHIFT 0 diff --git a/arch/arm64/mm/kasan_init.c b/arch/arm64/mm/kasan_init.c index 555285ebd5af..4c7ad574b946 100644 --- a/arch/arm64/mm/kasan_init.c +++ b/arch/arm64/mm/kasan_init.c @@ -170,6 +170,11 @@ asmlinkage void __init kasan_early_init(void) { BUILD_BUG_ON(KASAN_SHADOW_OFFSET !=3D KASAN_SHADOW_END - (1UL << (64 - KASAN_SHADOW_SCALE_SHIFT))); + /* + * We cannot check the actual value of KASAN_SHADOW_START during build, + * as it depends on vabits_actual. As a best-effort approach, check + * potential values calculated based on VA_BITS and VA_BITS_MIN. + */ BUILD_BUG_ON(!IS_ALIGNED(_KASAN_SHADOW_START(VA_BITS), PGDIR_SIZE)); BUILD_BUG_ON(!IS_ALIGNED(_KASAN_SHADOW_START(VA_BITS_MIN), PGDIR_SIZE)); BUILD_BUG_ON(!IS_ALIGNED(KASAN_SHADOW_END, PGDIR_SIZE)); --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-189.mta1.migadu.com (out-189.mta1.migadu.com [95.215.58.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BDEF973197 for ; Thu, 21 Dec 2023 20:05:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="oUd4oho2" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=25+JPAVVR93qloIeZBPh87TvRbXcdeZ++9g3nzTCJ2g=; b=oUd4oho2PQFVBsMx441Y1BJ9xZLJRj3/NEa+HI+PvsMu+h8/Evf4eJR6JIIS7+fS93FGb7 Ih/Fyn0cbQWAZzwK+nS3P7ZRUaf95dp2MAee2vmD/jR6DwOerV5e/55LchsDaXoVGmFMIn 0QPWF12bI5PU1x2N2e+NkASW14dnAIM= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 02/11] mm, kasan: use KASAN_TAG_KERNEL instead of 0xff Date: Thu, 21 Dec 2023 21:04:44 +0100 Message-Id: <71db9087b0aebb6c4dccbc609cc0cd50621533c7.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Use the KASAN_TAG_KERNEL marco instead of open-coding 0xff in the mm code. This macro is provided by include/linux/kasan-tags.h, which does not include any other headers, so it's safe to include it into mm.h without causing circular include dependencies. Signed-off-by: Andrey Konovalov --- include/linux/kasan.h | 1 + include/linux/mm.h | 4 ++-- mm/page_alloc.c | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/linux/kasan.h b/include/linux/kasan.h index d49e3d4c099e..dbb06d789e74 100644 --- a/include/linux/kasan.h +++ b/include/linux/kasan.h @@ -4,6 +4,7 @@ =20 #include #include +#include #include #include #include diff --git a/include/linux/mm.h b/include/linux/mm.h index a422cc123a2d..8b2e4841e817 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1815,7 +1815,7 @@ static inline void vma_set_access_pid_bit(struct vm_a= rea_struct *vma) =20 static inline u8 page_kasan_tag(const struct page *page) { - u8 tag =3D 0xff; + u8 tag =3D KASAN_TAG_KERNEL; =20 if (kasan_enabled()) { tag =3D (page->flags >> KASAN_TAG_PGSHIFT) & KASAN_TAG_MASK; @@ -1844,7 +1844,7 @@ static inline void page_kasan_tag_set(struct page *pa= ge, u8 tag) static inline void page_kasan_tag_reset(struct page *page) { if (kasan_enabled()) - page_kasan_tag_set(page, 0xff); + page_kasan_tag_set(page, KASAN_TAG_KERNEL); } =20 #else /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */ diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 7ea9c33320bf..51e85760877a 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -1059,7 +1059,7 @@ static inline bool should_skip_kasan_poison(struct pa= ge *page, fpi_t fpi_flags) if (IS_ENABLED(CONFIG_KASAN_GENERIC)) return deferred_pages_enabled(); =20 - return page_kasan_tag(page) =3D=3D 0xff; + return page_kasan_tag(page) =3D=3D KASAN_TAG_KERNEL; } =20 static void kernel_init_pages(struct page *page, int numpages) --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-180.mta1.migadu.com (out-180.mta1.migadu.com [95.215.58.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B6A17319B for ; Thu, 21 Dec 2023 20:05:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="Gsy7nZlb" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KWohJbv99PLbGcicyqYuN0s/R1C+lxZK4GlvmO4roNU=; b=Gsy7nZlbu3H2IDnesAWQe9qDJ7nAP2p+eXRNRSe4j32CC4JwsP4uLzkQ4/jEEkvX8mdv6F CcL25sh8fWcrq+2FBZ5UvJ9asZqD0ZHeEOOP3+qLu1cMEpc6sPWjqhJ9qWg89a+PRbHrc2 K5hSrC+2HrBEnLQVSDx5tp5XvH3drbU= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 03/11] kasan: improve kasan_non_canonical_hook Date: Thu, 21 Dec 2023 21:04:45 +0100 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Make kasan_non_canonical_hook to be more sure in its report (i.e. say "probably" instead of "maybe") if the address belongs to the shadow memory region for kernel addresses. Also use the kasan_shadow_to_mem helper to calculate the original address. Also improve the comments in kasan_non_canonical_hook. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 6 ++++++ mm/kasan/report.c | 34 ++++++++++++++++++++-------------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 69e4f5e58e33..0e209b823b2c 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -307,6 +307,12 @@ struct kasan_stack_ring { =20 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) =20 +static __always_inline bool addr_in_shadow(const void *addr) +{ + return addr >=3D (void *)KASAN_SHADOW_START && + addr < (void *)KASAN_SHADOW_END; +} + #ifndef kasan_shadow_to_mem static inline const void *kasan_shadow_to_mem(const void *shadow_addr) { diff --git a/mm/kasan/report.c b/mm/kasan/report.c index a938237f6882..4bc7ac9fb37d 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -635,37 +635,43 @@ void kasan_report_async(void) =20 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) /* - * With CONFIG_KASAN_INLINE, accesses to bogus pointers (outside the high - * canonical half of the address space) cause out-of-bounds shadow memory = reads - * before the actual access. For addresses in the low canonical half of the - * address space, as well as most non-canonical addresses, that out-of-bou= nds - * shadow memory access lands in the non-canonical part of the address spa= ce. - * Help the user figure out what the original bogus pointer was. + * With compiler-based KASAN modes, accesses to bogus pointers (outside of= the + * mapped kernel address space regions) cause faults when KASAN tries to c= heck + * the shadow memory before the actual memory access. This results in cryp= tic + * GPF reports, which are hard for users to interpret. This hook helps use= rs to + * figure out what the original bogus pointer was. */ void kasan_non_canonical_hook(unsigned long addr) { unsigned long orig_addr; const char *bug_type; =20 + /* + * All addresses that came as a result of the memory-to-shadow mapping + * (even for bogus pointers) must be >=3D KASAN_SHADOW_OFFSET. + */ if (addr < KASAN_SHADOW_OFFSET) return; =20 - orig_addr =3D (addr - KASAN_SHADOW_OFFSET) << KASAN_SHADOW_SCALE_SHIFT; + orig_addr =3D (unsigned long)kasan_shadow_to_mem((void *)addr); + /* * For faults near the shadow address for NULL, we can be fairly certain * that this is a KASAN shadow memory access. - * For faults that correspond to shadow for low canonical addresses, we - * can still be pretty sure - that shadow region is a fairly narrow - * chunk of the non-canonical address space. - * But faults that look like shadow for non-canonical addresses are a - * really large chunk of the address space. In that case, we still - * print the decoded address, but make it clear that this is not - * necessarily what's actually going on. + * For faults that correspond to the shadow for low or high canonical + * addresses, we can still be pretty sure: these shadow regions are a + * fairly narrow chunk of the address space. + * But the shadow for non-canonical addresses is a really large chunk + * of the address space. For this case, we still print the decoded + * address, but make it clear that this is not necessarily what's + * actually going on. */ if (orig_addr < PAGE_SIZE) bug_type =3D "null-ptr-deref"; else if (orig_addr < TASK_SIZE) bug_type =3D "probably user-memory-access"; + else if (addr_in_shadow((void *)addr)) + bug_type =3D "probably wild-memory-access"; else bug_type =3D "maybe wild-memory-access"; pr_alert("KASAN: %s in range [0x%016lx-0x%016lx]\n", bug_type, --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-185.mta1.migadu.com (out-185.mta1.migadu.com [95.215.58.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E565355E6C for ; Thu, 21 Dec 2023 20:05:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="T3Q2NIda" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=02IeghrfT0ytg5MuYoXhCbr9XM7hY33pPyxRWGvQP4Y=; b=T3Q2NIdanun939NScwaTG7WLvoYmfTTFiLEYJ3J+HNG2IsD+W9B/KY5/3GWHlronvX+HVx UO/qV9RzLo7I2y0mo6AY2SLB81+1FFxAYBxngYWc6AIhArd5EEHVGN3+RLEDZyXA+UgF4y 2f6iUwmX7QGqhFZ2rrVU/A585fQMbwc= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 04/11] kasan: clean up kasan_requires_meta Date: Thu, 21 Dec 2023 21:04:46 +0100 Message-Id: <8086623407095ac1c82377a2107dcc5845f99cfa.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Currently, for Generic KASAN mode, kasan_requires_meta is defined to return kasan_stack_collection_enabled. Even though the Generic mode does not support disabling stack trace collection, kasan_requires_meta was implemented in this way to make it easier to implement the disabling for the Generic mode in the future. However, for the Generic mode, the per-object metadata also stores the quarantine link. So even if disabling stack collection is implemented, the per-object metadata will still be required. Fix kasan_requires_meta to return true for the Generic mode and update the related comments. This change does not fix any observable bugs but rather just brings the code to a cleaner state. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 0e209b823b2c..38af25b9c89c 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -101,21 +101,21 @@ static inline bool kasan_sample_page_alloc(unsigned i= nt order) =20 #ifdef CONFIG_KASAN_GENERIC =20 -/* Generic KASAN uses per-object metadata to store stack traces. */ +/* + * Generic KASAN uses per-object metadata to store alloc and free stack tr= aces + * and the quarantine link. + */ static inline bool kasan_requires_meta(void) { - /* - * Technically, Generic KASAN always collects stack traces right now. - * However, let's use kasan_stack_collection_enabled() in case the - * kasan.stacktrace command-line argument is changed to affect - * Generic KASAN. - */ - return kasan_stack_collection_enabled(); + return true; } =20 #else /* CONFIG_KASAN_GENERIC */ =20 -/* Tag-based KASAN modes do not use per-object metadata. */ +/* + * Tag-based KASAN modes do not use per-object metadata: they use the stack + * ring to store alloc and free stack traces and do not use qurantine. + */ static inline bool kasan_requires_meta(void) { return false; --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-188.mta1.migadu.com (out-188.mta1.migadu.com [95.215.58.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D1D56EB77 for ; Thu, 21 Dec 2023 20:05:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="D1d+7ZX8" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yJpT5npX9+Mi4/2vKIXBMX5Zb3QcQCwOWJP1qz8pE0M=; b=D1d+7ZX8K/5XJRivQkOs08EDlsgfMyw9smPDLE+z0+/A5XJO1xiUqRuZmE0KKjzXfCVjOl B9Re2Z/G6jvedBYwergcLq/h7gQe6/xiCIpFFxCDZnzStwThLFWfJDZzzYMVmxbBjsmc1F kpPC6wGFc7aq4172XBiDkq6JKDgFx/0= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 05/11] kasan: update kasan_poison documentation comment Date: Thu, 21 Dec 2023 21:04:47 +0100 Message-Id: <992a302542059fc40d86ea560eac413ecb31b6a1.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov The comment for kasan_poison says that the size argument gets aligned by the function to KASAN_GRANULE_SIZE, which is wrong: the argument must be already aligned when it is passed to the function. Remove the invalid part of the comment. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 38af25b9c89c..1c34511090d7 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -513,8 +513,6 @@ static inline bool kasan_byte_accessible(const void *ad= dr) * @size - range size, must be aligned to KASAN_GRANULE_SIZE * @value - value that's written to metadata for the range * @init - whether to initialize the memory range (only for hardware tag-b= ased) - * - * The size gets aligned to KASAN_GRANULE_SIZE before marking the range. */ void kasan_poison(const void *addr, size_t size, u8 value, bool init); =20 --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-180.mta0.migadu.com (out-180.mta0.migadu.com [91.218.175.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F678745CC for ; Thu, 21 Dec 2023 20:06:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="b9Brp+Gw" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189164; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gSZaD965ObbhfRb2wl16gx9k0NFu/9CcW8O4J7mEceM=; b=b9Brp+GwaAs8486L9eFNPsKBa+ZcAtwpfYQSQNwgNbwsobfM5YdIdTv7QlTk+BZjKdK9i+ vM+1DvB2mrXJOSHWT8Ex00o2C9qkxJuCHnbWABmaNBRFH42VhSFNwm8VJ/Zi/RdPA/9XKa vQ9svxQBNSQqoxiVPrTTZhhN4tftlRM= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 06/11] kasan: clean up is_kfence_address checks Date: Thu, 21 Dec 2023 21:04:48 +0100 Message-Id: <1065732315ef4e141b6177d8f612232d4d5bc0ab.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov 1. Do not untag addresses that are passed to is_kfence_address: it tolerates tagged addresses. 2. Move is_kfence_address checks from internal KASAN functions (kasan_poison/unpoison, etc.) to external-facing ones. Note that kasan_poison/unpoison are never called outside of KASAN/slab code anymore; the comment is wrong, so drop it. 3. Simplify/reorganize the code around the updated checks. Signed-off-by: Andrey Konovalov --- mm/kasan/common.c | 26 +++++++++++++++++--------- mm/kasan/kasan.h | 16 ++-------------- mm/kasan/shadow.c | 12 ------------ 3 files changed, 19 insertions(+), 35 deletions(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index f4255e807b74..86adf80cc11a 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -79,6 +79,9 @@ EXPORT_SYMBOL(kasan_disable_current); =20 void __kasan_unpoison_range(const void *address, size_t size) { + if (is_kfence_address(address)) + return; + kasan_unpoison(address, size, false); } =20 @@ -218,9 +221,6 @@ static inline bool poison_slab_object(struct kmem_cache= *cache, void *object, tagged_object =3D object; object =3D kasan_reset_tag(object); =20 - if (is_kfence_address(object)) - return false; - if (unlikely(nearest_obj(cache, virt_to_slab(object), object) !=3D object= )) { kasan_report_invalid_free(tagged_object, ip, KASAN_REPORT_INVALID_FREE); return true; @@ -247,7 +247,12 @@ static inline bool poison_slab_object(struct kmem_cach= e *cache, void *object, bool __kasan_slab_free(struct kmem_cache *cache, void *object, unsigned long ip, bool init) { - bool buggy_object =3D poison_slab_object(cache, object, ip, init); + bool buggy_object; + + if (is_kfence_address(object)) + return false; + + buggy_object =3D poison_slab_object(cache, object, ip, init); =20 return buggy_object ? true : kasan_quarantine_put(cache, object); } @@ -359,7 +364,7 @@ void * __must_check __kasan_kmalloc(struct kmem_cache *= cache, const void *object if (unlikely(object =3D=3D NULL)) return NULL; =20 - if (is_kfence_address(kasan_reset_tag(object))) + if (is_kfence_address(object)) return (void *)object; =20 /* The object has already been unpoisoned by kasan_slab_alloc(). */ @@ -417,7 +422,7 @@ void * __must_check __kasan_krealloc(const void *object= , size_t size, gfp_t flag if (unlikely(object =3D=3D ZERO_SIZE_PTR)) return (void *)object; =20 - if (is_kfence_address(kasan_reset_tag(object))) + if (is_kfence_address(object)) return (void *)object; =20 /* @@ -483,6 +488,9 @@ bool __kasan_mempool_poison_object(void *ptr, unsigned = long ip) return true; } =20 + if (is_kfence_address(ptr)) + return false; + slab =3D folio_slab(folio); return !poison_slab_object(slab->slab_cache, ptr, ip, false); } @@ -492,9 +500,6 @@ void __kasan_mempool_unpoison_object(void *ptr, size_t = size, unsigned long ip) struct slab *slab; gfp_t flags =3D 0; /* Might be executing under a lock. */ =20 - if (is_kfence_address(kasan_reset_tag(ptr))) - return; - slab =3D virt_to_slab(ptr); =20 /* @@ -507,6 +512,9 @@ void __kasan_mempool_unpoison_object(void *ptr, size_t = size, unsigned long ip) return; } =20 + if (is_kfence_address(ptr)) + return; + /* Unpoison the object and save alloc info for non-kmalloc() allocations.= */ unpoison_slab_object(slab->slab_cache, ptr, size, flags); =20 diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 1c34511090d7..5fbcc1b805bc 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -466,35 +466,23 @@ static inline u8 kasan_random_tag(void) { return 0; } =20 static inline void kasan_poison(const void *addr, size_t size, u8 value, b= ool init) { - addr =3D kasan_reset_tag(addr); - - /* Skip KFENCE memory if called explicitly outside of sl*b. */ - if (is_kfence_address(addr)) - return; - if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK)) return; if (WARN_ON(size & KASAN_GRANULE_MASK)) return; =20 - hw_set_mem_tag_range((void *)addr, size, value, init); + hw_set_mem_tag_range(kasan_reset_tag(addr), size, value, init); } =20 static inline void kasan_unpoison(const void *addr, size_t size, bool init) { u8 tag =3D get_tag(addr); =20 - addr =3D kasan_reset_tag(addr); - - /* Skip KFENCE memory if called explicitly outside of sl*b. */ - if (is_kfence_address(addr)) - return; - if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK)) return; size =3D round_up(size, KASAN_GRANULE_SIZE); =20 - hw_set_mem_tag_range((void *)addr, size, tag, init); + hw_set_mem_tag_range(kasan_reset_tag(addr), size, tag, init); } =20 static inline bool kasan_byte_accessible(const void *addr) diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 0154d200be40..30625303d01a 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -135,10 +135,6 @@ void kasan_poison(const void *addr, size_t size, u8 va= lue, bool init) */ addr =3D kasan_reset_tag(addr); =20 - /* Skip KFENCE memory if called explicitly outside of sl*b. */ - if (is_kfence_address(addr)) - return; - if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK)) return; if (WARN_ON(size & KASAN_GRANULE_MASK)) @@ -175,14 +171,6 @@ void kasan_unpoison(const void *addr, size_t size, boo= l init) */ addr =3D kasan_reset_tag(addr); =20 - /* - * Skip KFENCE memory if called explicitly outside of sl*b. Also note - * that calls to ksize(), where size is not a multiple of machine-word - * size, would otherwise poison the invalid portion of the word. - */ - if (is_kfence_address(addr)) - return; - if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK)) return; =20 --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-182.mta0.migadu.com (out-182.mta0.migadu.com [91.218.175.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E833745CE for ; Thu, 21 Dec 2023 20:06:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="UQy5FdaO" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189165; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FJl4ImE4TRrDXvrAPN+dS4cgTUzwQEr6h+ILfia+IPo=; b=UQy5FdaOJP3WHcVUkGmBl3aQkcqo5p6PbagnBT8wp0ljLIpod/Ojsrg7YfgnIjF56yHZRq Hho7BHFtctI8tiFKBQkJ21sW2wiU4BcM7mHrjBDpphYej6wGMhj1TMy2nV0GXg97lpUgq8 tU7rBZD5CJd5flB9JqJlXxWqDy6GX1E= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 07/11] kasan: respect CONFIG_KASAN_VMALLOC for kasan_flag_vmalloc Date: Thu, 21 Dec 2023 21:04:49 +0100 Message-Id: <3e5c933c8f6b59bd587efb05c407964be951772c.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Never enable the kasan_flag_vmalloc static branch unless CONFIG_KASAN_VMALLOC is enabled. This does not fix any observable bugs (vmalloc annotations for the HW_TAGS mode are no-op with CONFIG_KASAN_VMALLOC disabled) but rather just cleans up the code. Signed-off-by: Andrey Konovalov --- mm/kasan/hw_tags.c | 7 +++++++ mm/kasan/kasan.h | 1 + 2 files changed, 8 insertions(+) diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 06141bbc1e51..80f11a3eccd5 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -57,7 +57,11 @@ enum kasan_mode kasan_mode __ro_after_init; EXPORT_SYMBOL_GPL(kasan_mode); =20 /* Whether to enable vmalloc tagging. */ +#ifdef CONFIG_KASAN_VMALLOC DEFINE_STATIC_KEY_TRUE(kasan_flag_vmalloc); +#else +DEFINE_STATIC_KEY_FALSE(kasan_flag_vmalloc); +#endif =20 #define PAGE_ALLOC_SAMPLE_DEFAULT 1 #define PAGE_ALLOC_SAMPLE_ORDER_DEFAULT 3 @@ -119,6 +123,9 @@ static int __init early_kasan_flag_vmalloc(char *arg) if (!arg) return -EINVAL; =20 + if (!IS_ENABLED(CONFIG_KASAN_VMALLOC)) + return 0; + if (!strcmp(arg, "off")) kasan_arg_vmalloc =3D KASAN_ARG_VMALLOC_OFF; else if (!strcmp(arg, "on")) diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index 5fbcc1b805bc..dee105ba32dd 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -49,6 +49,7 @@ DECLARE_PER_CPU(long, kasan_page_alloc_skip); =20 static inline bool kasan_vmalloc_enabled(void) { + /* Static branch is never enabled with CONFIG_KASAN_VMALLOC disabled. */ return static_branch_likely(&kasan_flag_vmalloc); } =20 --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-174.mta0.migadu.com (out-174.mta0.migadu.com [91.218.175.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AD73745D7 for ; Thu, 21 Dec 2023 20:06:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="USMsmCfc" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189165; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ColijDwhDovJxdnzDPHxNzx5OycMVFqUSNs1GHs5mVk=; b=USMsmCfcfZYE03AC87Gmpyp9gmlr/kMJv0pWBUPw9nx0sHm6vrJx9MiJnMGDlRy1Np+vvg xVnk34bog6bJEXPpd1W0ZhX/6rrSohpzazwxYlJ0CsIiIqPW+tM023kd9Pj1/tI00TxpVr 7puIg/6gNeTx8rsKTuL0nS4IqNynK+s= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 08/11] kasan: check kasan_vmalloc_enabled in vmalloc tests Date: Thu, 21 Dec 2023 21:04:50 +0100 Message-Id: <954456e50ac98519910c3e24a479a18eae62f8dd.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Check that vmalloc poisoning is not disabled via command line when running the vmalloc-related KASAN tests. Skip the tests otherwise. Signed-off-by: Andrey Konovalov --- mm/kasan/hw_tags.c | 1 + mm/kasan/kasan.h | 5 +++++ mm/kasan/kasan_test.c | 11 ++++++++++- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index 80f11a3eccd5..2b994092a2d4 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -62,6 +62,7 @@ DEFINE_STATIC_KEY_TRUE(kasan_flag_vmalloc); #else DEFINE_STATIC_KEY_FALSE(kasan_flag_vmalloc); #endif +EXPORT_SYMBOL_GPL(kasan_flag_vmalloc); =20 #define PAGE_ALLOC_SAMPLE_DEFAULT 1 #define PAGE_ALLOC_SAMPLE_ORDER_DEFAULT 3 diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h index dee105ba32dd..acc1a9410f0d 100644 --- a/mm/kasan/kasan.h +++ b/mm/kasan/kasan.h @@ -83,6 +83,11 @@ static inline bool kasan_sample_page_alloc(unsigned int = order) =20 #else /* CONFIG_KASAN_HW_TAGS */ =20 +static inline bool kasan_vmalloc_enabled(void) +{ + return IS_ENABLED(CONFIG_KASAN_VMALLOC); +} + static inline bool kasan_async_fault_possible(void) { return false; diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 1c77c73ff287..496154e38965 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -1540,6 +1540,9 @@ static void vmalloc_helpers_tags(struct kunit *test) =20 KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_VMALLOC); =20 + if (!kasan_vmalloc_enabled()) + kunit_skip(test, "Test requires kasan.vmalloc=3Don"); + ptr =3D vmalloc(PAGE_SIZE); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); =20 @@ -1574,6 +1577,9 @@ static void vmalloc_oob(struct kunit *test) =20 KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_VMALLOC); =20 + if (!kasan_vmalloc_enabled()) + kunit_skip(test, "Test requires kasan.vmalloc=3Don"); + v_ptr =3D vmalloc(size); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, v_ptr); =20 @@ -1627,6 +1633,9 @@ static void vmap_tags(struct kunit *test) =20 KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_VMALLOC); =20 + if (!kasan_vmalloc_enabled()) + kunit_skip(test, "Test requires kasan.vmalloc=3Don"); + p_page =3D alloc_pages(GFP_KERNEL, 1); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, p_page); p_ptr =3D page_address(p_page); @@ -1745,7 +1754,7 @@ static void match_all_not_assigned(struct kunit *test) free_pages((unsigned long)ptr, order); } =20 - if (!IS_ENABLED(CONFIG_KASAN_VMALLOC)) + if (!kasan_vmalloc_enabled()) return; =20 for (i =3D 0; i < 256; i++) { --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-176.mta0.migadu.com (out-176.mta0.migadu.com [91.218.175.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CE5F7319B for ; Thu, 21 Dec 2023 20:06:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="eN0oFbJi" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=a/6/sI3HKZf6Tm/zhA/G4IhIpYOeRmpfsNisTtqnMzE=; b=eN0oFbJiwT3zUnq2cxeXoUm44eMoYM8NmUuh4m/ta8P8IRSzUOmK1w4vpgo38zt4d8LCrA exyl7aMfq6fUaijIp7KICaNRhlJzWlDY/wAMTLTJJ2IRzzSfwwE40tPn7y2fMMvcsd7cRE +bxk8A7+0pKfZWEiGw/4jcKK7Qx1fWE= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 09/11] kasan: export kasan_poison as GPL Date: Thu, 21 Dec 2023 21:04:51 +0100 Message-Id: <171d0b8b2e807d04cca74f973830f9b169e06fb8.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov KASAN uses EXPORT_SYMBOL_GPL for symbols whose exporting is only required for KASAN tests when they are built as a module. kasan_poison is one on those symbols, so export it as GPL. Signed-off-by: Andrey Konovalov --- mm/kasan/shadow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c index 30625303d01a..9ef84f31833f 100644 --- a/mm/kasan/shadow.c +++ b/mm/kasan/shadow.c @@ -145,7 +145,7 @@ void kasan_poison(const void *addr, size_t size, u8 val= ue, bool init) =20 __memset(shadow_start, value, shadow_end - shadow_start); } -EXPORT_SYMBOL(kasan_poison); +EXPORT_SYMBOL_GPL(kasan_poison); =20 #ifdef CONFIG_KASAN_GENERIC void kasan_poison_last_granule(const void *addr, size_t size) --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-184.mta0.migadu.com (out-184.mta0.migadu.com [91.218.175.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D79C2745E9 for ; Thu, 21 Dec 2023 20:06:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="KmqU694Z" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189167; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=itOhYdVtqZdvAR7o0Q16gEQdZUJ+zDuxto8wg6YMX5U=; b=KmqU694Zt6wu9nrYTkctmmkfBJq7NuWGLfuL6LQc4yRHrVvgSk9TrEaIkENsIsxAhzy0iD M5jyxL69O1qWaiZjFMO8J3Kk4OIyyumpmCcqjeJvbednSEB0sn4BUCn5787rVS16/+WTWn vHxsZcIZaRd0Vg3+r7Go8wBuNHm2nL0= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 10/11] kasan: remove SLUB checks for page_alloc fallbacks in tests Date: Thu, 21 Dec 2023 21:04:52 +0100 Message-Id: In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov A number of KASAN tests rely on the fact that calling kmalloc with a size larger than an order-1 page falls back onto page_alloc. This fallback was originally only implemented for SLUB, but since commit d6a71648dbc0 ("mm/slab: kmalloc: pass requests larger than order-1 page to page allocator"), it is also implemented for SLAB. Thus, drop the SLUB checks from the tests. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 496154e38965..798df4983858 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -215,7 +215,7 @@ static void kmalloc_node_oob_right(struct kunit *test) =20 /* * Check that KASAN detects an out-of-bounds access for a big object alloc= ated - * via kmalloc(). But not as big as to trigger the page_alloc fallback for= SLUB. + * via kmalloc(). But not as big as to trigger the page_alloc fallback. */ static void kmalloc_big_oob_right(struct kunit *test) { @@ -233,8 +233,7 @@ static void kmalloc_big_oob_right(struct kunit *test) /* * The kmalloc_large_* tests below use kmalloc() to allocate a memory chunk * that does not fit into the largest slab cache and therefore is allocate= d via - * the page_alloc fallback for SLUB. SLAB has no such fallback, and thus t= hese - * tests are not supported for it. + * the page_alloc fallback. */ =20 static void kmalloc_large_oob_right(struct kunit *test) @@ -242,8 +241,6 @@ static void kmalloc_large_oob_right(struct kunit *test) char *ptr; size_t size =3D KMALLOC_MAX_CACHE_SIZE + 10; =20 - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - ptr =3D kmalloc(size, GFP_KERNEL); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); =20 @@ -258,8 +255,6 @@ static void kmalloc_large_uaf(struct kunit *test) char *ptr; size_t size =3D KMALLOC_MAX_CACHE_SIZE + 10; =20 - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - ptr =3D kmalloc(size, GFP_KERNEL); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); kfree(ptr); @@ -272,8 +267,6 @@ static void kmalloc_large_invalid_free(struct kunit *te= st) char *ptr; size_t size =3D KMALLOC_MAX_CACHE_SIZE + 10; =20 - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - ptr =3D kmalloc(size, GFP_KERNEL); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr); =20 @@ -407,18 +400,12 @@ static void krealloc_less_oob(struct kunit *test) =20 static void krealloc_large_more_oob(struct kunit *test) { - /* page_alloc fallback is only implemented for SLUB. */ - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - krealloc_more_oob_helper(test, KMALLOC_MAX_CACHE_SIZE + 201, KMALLOC_MAX_CACHE_SIZE + 235); } =20 static void krealloc_large_less_oob(struct kunit *test) { - /* page_alloc fallback is only implemented for SLUB. */ - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - krealloc_less_oob_helper(test, KMALLOC_MAX_CACHE_SIZE + 235, KMALLOC_MAX_CACHE_SIZE + 201); } @@ -1144,9 +1131,6 @@ static void mempool_kmalloc_large_uaf(struct kunit *t= est) size_t size =3D KMALLOC_MAX_CACHE_SIZE + 1; void *extra_elem; =20 - /* page_alloc fallback is only implemented for SLUB. */ - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - extra_elem =3D mempool_prepare_kmalloc(test, &pool, size); =20 mempool_uaf_helper(test, &pool, false); @@ -1215,9 +1199,6 @@ static void mempool_kmalloc_large_double_free(struct = kunit *test) size_t size =3D KMALLOC_MAX_CACHE_SIZE + 1; char *extra_elem; =20 - /* page_alloc fallback is only implemented for SLUB. */ - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - extra_elem =3D mempool_prepare_kmalloc(test, &pool, size); =20 mempool_double_free_helper(test, &pool); @@ -1272,9 +1253,6 @@ static void mempool_kmalloc_large_invalid_free(struct= kunit *test) size_t size =3D KMALLOC_MAX_CACHE_SIZE + 1; char *extra_elem; =20 - /* page_alloc fallback is only implemented for SLUB. */ - KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_SLUB); - extra_elem =3D mempool_prepare_kmalloc(test, &pool, size); =20 mempool_kmalloc_invalid_free_helper(test, &pool); --=20 2.25.1 From nobody Fri Dec 19 15:38:36 2025 Received: from out-188.mta0.migadu.com (out-188.mta0.migadu.com [91.218.175.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56F8D745FC for ; Thu, 21 Dec 2023 20:06:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="UstQbyfW" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1703189167; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jLiJLNrkVOviOAnhN8fsOfgjq7KcvOUpOIZZlqspNbg=; b=UstQbyfWlazleiIZsd06p6GGsiGbF7Mk+SEC7V7KErkAUJltuZuqjmSUhenEEKoFJe2Ldb 4tUiUzH6Uvv0RFu+cj+WbPn+gOqF8clgrSf7LbqyBVZlfKgonrRaUwbKKmHlfEcXGpHP7+ mC3opDKQo6UxTJoeylICS86c/ZXC9RI= From: andrey.konovalov@linux.dev To: Marco Elver Cc: Andrey Konovalov , Alexander Potapenko , Dmitry Vyukov , Andrey Ryabinin , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Subject: [PATCH mm 11/11] kasan: speed up match_all_mem_tag test for SW_TAGS Date: Thu, 21 Dec 2023 21:04:53 +0100 Message-Id: <6fe51262defd80cdc1150c42404977aafd1b6167.1703188911.git.andreyknvl@google.com> In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Andrey Konovalov Checking all 256 possible tag values in the match_all_mem_tag KASAN test is slow and produces 256 reports. Instead, just check the first 8 and the last 8. Signed-off-by: Andrey Konovalov --- mm/kasan/kasan_test.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c index 798df4983858..9c3a1aaab21b 100644 --- a/mm/kasan/kasan_test.c +++ b/mm/kasan/kasan_test.c @@ -1785,6 +1785,14 @@ static void match_all_mem_tag(struct kunit *test) =20 /* For each possible tag value not matching the pointer tag. */ for (tag =3D KASAN_TAG_MIN; tag <=3D KASAN_TAG_KERNEL; tag++) { + /* + * For Software Tag-Based KASAN, skip the majority of tag + * values to avoid the test printing too many reports. + */ + if (IS_ENABLED(CONFIG_KASAN_SW_TAGS) && + tag >=3D KASAN_TAG_MIN + 8 && tag <=3D KASAN_TAG_KERNEL - 8) + continue; + if (tag =3D=3D get_tag(ptr)) continue; =20 --=20 2.25.1