From patchwork Fri Aug 7 16:06:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marco Elver X-Patchwork-Id: 11705837 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EDCA114B7 for ; Fri, 7 Aug 2020 16:07:22 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BA23822C9F for ; Fri, 7 Aug 2020 16:07:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Pv653W5Z" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BA23822C9F Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id BD0018D0002; Fri, 7 Aug 2020 12:07:21 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id B57448D0001; Fri, 7 Aug 2020 12:07:21 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9F9568D0002; Fri, 7 Aug 2020 12:07:21 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0227.hostedemail.com [216.40.44.227]) by kanga.kvack.org (Postfix) with ESMTP id 8646D8D0001 for ; Fri, 7 Aug 2020 12:07:21 -0400 (EDT) Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 35196173087A for ; Fri, 7 Aug 2020 16:07:21 +0000 (UTC) X-FDA: 77124252282.14.pain59_3e010e126fc1 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin14.hostedemail.com (Postfix) with ESMTP id 4C6E318021E9E for ; Fri, 7 Aug 2020 16:06:36 +0000 (UTC) X-Spam-Summary: 1,0,0,43b1efa5c30c3fcc,d41d8cd98f00b204,elver@google.com,,RULES_HIT:41:355:379:960:966:973:988:989:1260:1277:1312:1313:1314:1345:1437:1516:1518:1519:1535:1542:1593:1594:1595:1596:1711:1730:1747:1777:1792:2196:2199:2393:2538:2559:2562:2897:3138:3139:3140:3141:3142:3152:3353:3865:3870:3874:4184:4321:4362:4385:5007:6119:6238:6261:6653:7809:7875:7903:8660:9163:10004:10400:11026:11232:11658:11914:12043:12295:12296:12297:12438:12517:12519:12555:12740:12895:12986:13071:13148:13230:13439:13870:13895:13904:14096:14097:14180:14721:21060:21080:21444:21451:21622:21939:30003:30012:30029:30054:30056,0,RBL:209.85.221.68:@google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04ygcanhrh75rnzz46j7jkc3cxz1nyp7hxnxdurczepczf47o65g8r1dzo9iqup.wqz4od8s98nxm4ergjhs1iy66aoqjj7bcyxs1wfu8tbe35un1b8qfttceczdaeq.r-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:23,LUA_S UMMARY:n X-HE-Tag: pain59_3e010e126fc1 X-Filterd-Recvd-Size: 5499 Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by imf36.hostedemail.com (Postfix) with ESMTP for ; Fri, 7 Aug 2020 16:06:35 +0000 (UTC) Received: by mail-wr1-f68.google.com with SMTP id p20so2165795wrf.0 for ; Fri, 07 Aug 2020 09:06:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=lB0exDTiK20r9BbG9hUJ8sI2xKN99bAKX09J/wOfYgY=; b=Pv653W5ZVisEcxtjFyenjeunZsKN18fv2BdrcqLuWJdEKDMrK3E7NldrgIxtjnt76U pKMzLl0Koi0AUXJGkB72nWNx3/8cWHlJBm8Jxwe86GvGOJJOFho9lsjr+Sv1MTzSTvCy YLoOciWt4h35aAMUWnFQoy1WbSUvSMKU9pJJSXZHwyDEdOqLZ+Qx5Dz+KuSrzZWZVSO0 KGnagkQM+nvvc5ENVebzTYBM08suFVzJJyvZ5kUgnOKNQq50QQbeTv+xKEIre9QfkJL8 KJf42QB1a/qnnybMNPlwuUhn0zaU7VbzYstm9y8o2qH7Bw3E8TmriS/JCalTYPienORB Qr6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=lB0exDTiK20r9BbG9hUJ8sI2xKN99bAKX09J/wOfYgY=; b=cq3EWV6gn7BhN+5iXVQ95IzPZQb07VSP+vv9M9Ymr921g9yDbDHy26ZpqCbSm377CG fZQn3aAiIUckl9L5dldbsvPciJDqt/zTXXrEVrWFEMESWYJHMhJHDh/dbxzS+S0OWQHh CgtLlmH2ULTDIjrqQy0M01Mfq8h35DqQeTF/aUdexM4qxbylbCTMM+xuVwvOSzO+RmGg Y4ocxvlx3OHsI9XjjFUvR6G3Rhu0pP2t/jT5YX180F4Il3hPUcJd4chjPuKuiNxC7wfw 7HVUSkZ/rwtQsbC2VeDl6zZZ8fuld0LEH6qaTwicKbN5NpiHSp3QDDil0BAXQ8Q8a0Pq nR/Q== X-Gm-Message-State: AOAM530kw54n3dZvw+T3nWYLY4EHWqC8YnshejQIRImoZqy1uhfyWaqo xcoX0oss3kCds8/4jsQtY3oAsg== X-Google-Smtp-Source: ABdhPJxjL3jMt5Wy5ksVlEbm66TfAanj9ABaYa2JHKO7ZQb/rdeyfGvNWXktkJkneOL02RrIDNvgRw== X-Received: by 2002:a5d:4a41:: with SMTP id v1mr13852053wrs.371.1596816394436; Fri, 07 Aug 2020 09:06:34 -0700 (PDT) Received: from elver.google.com ([100.105.32.75]) by smtp.gmail.com with ESMTPSA id t133sm18135689wmf.0.2020.08.07.09.06.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Aug 2020 09:06:33 -0700 (PDT) Date: Fri, 7 Aug 2020 18:06:27 +0200 From: Marco Elver To: elver@google.com Cc: Alexander Potapenko , Andrew Morton , David Rientjes , Joonsoo Kim , Pekka Enberg , Christoph Lameter , Kees Cook , kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Odd-sized kmem_cache_alloc and slub_debug=Z Message-ID: <20200807160627.GA1420741@elver.google.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.14.4 (2020-06-18) X-Rspamd-Queue-Id: 4C6E318021E9E X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam01 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi, I found that the below debug-code using kmem_cache_alloc(), when using slub_debug=Z, results in the following crash: general protection fault, probably for non-canonical address 0xcccccca41caea170: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.8.0+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1 04/01/2014 RIP: 0010:freelist_dereference mm/slub.c:272 [inline] RIP: 0010:get_freepointer mm/slub.c:278 [inline] RIP: 0010:deactivate_slab+0x54/0x460 mm/slub.c:2111 Code: 8b bc c7 e0 00 00 00 48 85 d2 0f 84 00 01 00 00 49 89 d5 31 c0 48 89 44 24 08 66 66 2e 0f 1f 84 00 00 00 00 00 90 44 8b 43 20 <4b> 8b 44 05 00 48 85 c0 0f 84 1e 01 00 00 4c 89 ed 49 89 c5 8b 43 RSP: 0000:ffffffffa7e03e18 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffffa3a41c972340 RCX: 0000000000000000 RDX: cccccca41caea160 RSI: ffffe7c6a072ba80 RDI: ffffa3a41c972340 RBP: ffffa3a41caea008 R08: 0000000000000010 R09: ffffa3a41caea01d R10: ffffffffa7f8dc50 R11: ffffffffa68f44c0 R12: ffffa3a41c972340 R13: cccccca41caea160 R14: ffffe7c6a072ba80 R15: ffffa3a41c96d540 FS: 0000000000000000(0000) GS:ffffa3a41fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffa3a051c01000 CR3: 000000045140a001 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 00000000 Call Trace: ___slab_alloc+0x336/0x340 mm/slub.c:2690 __slab_alloc mm/slub.c:2714 [inline] slab_alloc_node mm/slub.c:2788 [inline] slab_alloc mm/slub.c:2832 [inline] kmem_cache_alloc+0x135/0x200 mm/slub.c:2837 start_kernel+0x3d6/0x44e init/main.c:1049 secondary_startup_64+0xb6/0xc0 arch/x86/kernel/head_64.S:243 Any ideas what might be wrong? This does not crash when redzones are not enabled. Thanks, -- Marco ------ >8 ------ diff --git a/init/main.c b/init/main.c index 15bd0efff3df..f4aa5bb3f2ec 100644 --- a/init/main.c +++ b/init/main.c @@ -1041,6 +1041,16 @@ asmlinkage __visible void __init start_kernel(void) sfi_init_late(); kcsan_init(); + /* DEBUG CODE */ + { + struct kmem_cache *c = kmem_cache_create("test", 21, 1, 0, NULL); + char *buf; + BUG_ON(!c); + buf = kmem_cache_alloc(c, GFP_KERNEL); + kmem_cache_free(c, buf); + kmem_cache_destroy(c); + } + /* Do the rest non-__init'ed, we're now alive */ arch_call_rest_init();