Skip to content

Commit

Permalink
kasan: avoid resetting aux_lock
Browse files Browse the repository at this point in the history 
With commit 63b85ac ("kasan: stop leaking stack trace handles"),
KASAN zeroes out alloc meta when an object is freed.  The zeroed out data
purposefully includes alloc and auxiliary stack traces but also
accidentally includes aux_lock.

As aux_lock is only initialized for each object slot during slab creation,
when the freed slot is reallocated, saving auxiliary stack traces for the
new object leads to lockdep reports when taking the zeroed out aux_lock.

Arguably, we could reinitialize aux_lock when the object is reallocated,
but a simpler solution is to avoid zeroing out aux_lock when an object
gets freed.

Link: https://lkml.kernel.org/r/[email protected]
Fixes: 63b85ac ("kasan: stop leaking stack trace handles")
Signed-off-by: Andrey Konovalov <[email protected]>
Reported-by: Paul E. McKenney <[email protected]>
Closes: https://lore.kernel.org/linux-next/5cc0f83c-e1d6-45c5-be89-9b86746fe731@paulmck-laptop/
Reviewed-by: Marco Elver <[email protected]>
Tested-by: Paul E. McKenney <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Dmitry Vyukov <[email protected]>
Cc: Liam R. Howlett <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
  • Loading branch information
@xairy @akpm00
xairy authored and akpm00 committed Jan 12, 2024
1 parent aaa2c9a commit cc478e0
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions mm/kasan/generic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,6 +487,7 @@ void kasan_init_object_meta(struct kmem_cache *cache, const void *object)
__memset(alloc_meta, 0, sizeof(*alloc_meta));

/*
* Prepare the lock for saving auxiliary stack traces.
* Temporarily disable KASAN bug reporting to allow instrumented
* raw_spin_lock_init to access aux_lock, which resides inside
* of a redzone.
Expand All @@ -510,8 +511,13 @@ static void release_alloc_meta(struct kasan_alloc_meta *meta)
stack_depot_put(meta->aux_stack[0]);
stack_depot_put(meta->aux_stack[1]);

/* Zero out alloc meta to mark it as invalid. */
__memset(meta, 0, sizeof(*meta));
/*
* Zero out alloc meta to mark it as invalid but keep aux_lock
* initialized to avoid having to reinitialize it when another object
* is allocated in the same slot.
*/
__memset(&meta->alloc_track, 0, sizeof(meta->alloc_track));
__memset(meta->aux_stack, 0, sizeof(meta->aux_stack));
}

static void release_free_meta(const void *object, struct kasan_free_meta *meta)
Expand Down

0 comments on commit cc478e0

Please sign in to comment.