From patchwork Fri Oct 25 08:58:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?UXVuLXdlaSBMaW4gKOael+e+pOW0tCk=?= X-Patchwork-Id: 13850236 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2F2BD0C5E6 for ; Fri, 25 Oct 2024 08:58:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 83E396B0095; Fri, 25 Oct 2024 04:58:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7EE646B0096; Fri, 25 Oct 2024 04:58:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6B63D6B0098; Fri, 25 Oct 2024 04:58:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 4A1AC6B0095 for ; Fri, 25 Oct 2024 04:58:52 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D9EE01C4C2F for ; Fri, 25 Oct 2024 08:58:29 +0000 (UTC) X-FDA: 82711524126.11.4A0CAA4 Received: from mailgw02.mediatek.com (mailgw02.mediatek.com [216.200.240.185]) by imf02.hostedemail.com (Postfix) with ESMTP id 6B79C80006 for ; Fri, 25 Oct 2024 08:58:11 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=mediatek.com header.s=dk header.b="uKZ/SyOT"; dmarc=pass (policy=quarantine) header.from=mediatek.com; spf=pass (imf02.hostedemail.com: domain of qun-wei.lin@mediatek.com designates 216.200.240.185 as permitted sender) smtp.mailfrom=qun-wei.lin@mediatek.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729846677; a=rsa-sha256; cv=none; b=6s4b500MAmOzsNJ08sTw4BccJPgqGz01WNO53QVsQD2VJWIgBtnJ2AeDHrGcAPsWBVHxMM YtyN8T+1dvqZ4sry/2bgt8LEEXMHTHrI9H9SZUZj6PQvX6YMlUuo0yg8Pk7/NeFYCvf2Wd y6Y2+TW0uUcBxEauXIbyT/XN64GdQ7g= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=mediatek.com header.s=dk header.b="uKZ/SyOT"; dmarc=pass (policy=quarantine) header.from=mediatek.com; spf=pass (imf02.hostedemail.com: domain of qun-wei.lin@mediatek.com designates 216.200.240.185 as permitted sender) smtp.mailfrom=qun-wei.lin@mediatek.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729846677; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=2jONHGUQN65Wp/s13oZofhKzQ9O+ThI0+K9VkaZNt+A=; b=b4o+DakP8GSErXWbCawOsc6hqvIEja7eR7deaH+v1CSRvzJfjx3HUecbbFLjA68+rpWgyV 04URxU8IWGxqPu1b2fuU0CmNcAI3iX05QJ/vh3EBMYixWmIWQXfg8XWCLCqE2yfgBGkxaV 3jcQZH1UG4KCo43FS8REqcH9uOLiSXc= X-UUID: 545fc44a92af11ef9048ed6ed365623b-20241025 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=2jONHGUQN65Wp/s13oZofhKzQ9O+ThI0+K9VkaZNt+A=; b=uKZ/SyOT3Mm9rRM83JQ/Iw08q6PU9rhMrxEew2p+XiUtQqWkzv7kjE5TagpjzwiTuQBOBCdPTGIWGDCiODcIjjZ5egMadNpE3bDio0pOFLn4nsD+g58XQiuV+UJtBrVToHQU/DYNot9nRxn1wytfTkd0BpcrZhOpIIPTyw0ebJ8=; X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.42,REQID:3bf7653f-342f-4ed7-9734-880022faa6f9,IP:0,U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION: release,TS:0 X-CID-META: VersionHash:b0fcdc3,CLOUDID:93051a2e-a7a0-4b06-8464-80be82133975,B ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:1,EDM:-3,IP:nil,U RL:0,File:nil,RT:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1, SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0,ARC:0 X-CID-BVR: 0 X-CID-BAS: 0,_,0,_ X-CID-FACTOR: TF_CID_SPAM_SNR X-UUID: 545fc44a92af11ef9048ed6ed365623b-20241025 Received: from mtkmbs11n2.mediatek.inc [(172.21.101.187)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 910621834; Fri, 25 Oct 2024 01:58:40 -0700 Received: from mtkmbs11n1.mediatek.inc (172.21.101.185) by mtkmbs13n1.mediatek.inc (172.21.101.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Fri, 25 Oct 2024 16:58:37 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkmbs11n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.1118.26 via Frontend Transport; Fri, 25 Oct 2024 16:58:37 +0800 From: Qun-Wei Lin To: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Matthias Brugger , AngeloGioacchino Del Regno , Danilo Krummrich CC: , , , , , , , Casper Li , Chinwen Chang , Andrew Yang , John Hsu , , Qun-Wei Lin Subject: [PATCH] mm: krealloc: Fix MTE false alarm in __do_krealloc Date: Fri, 25 Oct 2024 16:58:11 +0800 Message-ID: <20241025085811.31310-1-qun-wei.lin@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N X-Rspam-User: X-Rspamd-Queue-Id: 6B79C80006 X-Rspamd-Server: rspam01 X-Stat-Signature: gnue6e4q71hy3h7hwrkaiurxb74mk4bm X-HE-Tag: 1729846691-851055 X-HE-Meta: U2FsdGVkX1/XZ9uj2PxDlpby7GiHybcExBUY4e7d/YUbmWOpgd+DbcXz21W46qFExwqN7o0QyrLQTO1nIGAF2fLQc+il1bS7wF+iVsBoINv/A/n05Jzz8dYjo4T1BkwETH966vooHLjOOu6O6BBhIOSrJ2Vs9pQ6qGCV9O8XKkbBtEOkq7hUwYx5uKWISsA4vLKxgZHxLIlQe+8gR3ikhCO6Zsaq7PoocPMXAGeHMxvMRvpt8XeCNODwWxvGFgBV88qLQFiA0r7mRZw6Nq5x1Ga8dC6f1mUJrwQxI54H0JjWJRYj2KL7lxEBgEnvQvtAQYt/tchAEIBRDG74KuDF+xF8vZxm3PTj+BPoks93sGt7fp8AucLHdhItuuIXGOR+so3X7Enl60i5kTIj2ckz84CAb05bbsbu1cKX72y75Bj2p0Mc1msn7wUzOSjQ8t31DMrOI1qq3LQ8LeevK4D3olALG46eQIGW6NTmBNfvg+psevlq1a6XzM79s0yUS5YI7+3plCUD/mBsvCI1wfS7saSm1+fj/q6bEsHzKypEybmRGSm3xC5fm3Hg/YVmapxvDQNihUK/XJADL2ZZiFIDofwBSumYZSiQgeRhZZV0rfG67usBS1cWZstXodkx5Lz1bS8IvIGUNVq7acU51KC22GlTnRwXN3JcZCntuFXQoN98sar9/w2pRbO0g/o+IeXZIE7m1D/goptop2ESbfnx9ZgV2ch6Nv3xnb+95016zN9H5ATUc28Wnal7CmpxyWOSlCYZaJ722ofJVLcACNtk+RR3UbH2gj5e6WyJMpROHSqMpZFIIrj8QlOQ4WAmJ0v/3Zi1cqB97myn1xvKJRIe0M8sbBKTlWZX6Cv6Pe3sT3qTZq8XhjCDllzlktmmB7MmvYhm4asBC3b+S2MVeI/9UKGu5QVaKG9EroA4DMYZR/8xZSiVJoT2Qb/NRpRtMEQ9ajTqXtncffY/F6ttX9k NLDXQxf1 FN2WdqFYZrtA4707RZ6iGNXLPXLN3W3SApkmN/m0SC/i+wzoUF8Rliy2fvjGFvZtou7674eApd4Wbz/I4OIJnqMZkJ2BtzDzwNZ7/xGBpdYygKGOlrYskzxhNWFKs2TOne2m7eqh9U8LltpAmE/S7ahr08IR0lZoVy+Ux+2dt/2oBglyY8Tm3O+DGm7yKkDo1gI9QB3xemNXhCE9BPkdTtv0xl2Y9A72nFB9Rd1sJsCxCBdo5Eb2Uxxfz7lGlpl5Do2KyhSj2jtB3lr6n9Hic1OFKXA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO") which causes MTE (Memory Tagging Extension) to falsely report a slab-out-of-bounds error. The problem occurs when zeroing out spare memory in __do_krealloc. The original code only considered software-based KASAN and did not account for MTE. It does not reset the KASAN tag before calling memset, leading to a mismatch between the pointer tag and the memory tag, resulting in a false positive. Example of the error: ================================================================== swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188 swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1 swapper/0: Pointer tag: [f4], memory tag: [fe] swapper/0: swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12. swapper/0: Hardware name: MT6991(ENG) (DT) swapper/0: Call trace: swapper/0: dump_backtrace+0xfc/0x17c swapper/0: show_stack+0x18/0x28 swapper/0: dump_stack_lvl+0x40/0xa0 swapper/0: print_report+0x1b8/0x71c swapper/0: kasan_report+0xec/0x14c swapper/0: __do_kernel_fault+0x60/0x29c swapper/0: do_bad_area+0x30/0xdc swapper/0: do_tag_check_fault+0x20/0x34 swapper/0: do_mem_abort+0x58/0x104 swapper/0: el1_abort+0x3c/0x5c swapper/0: el1h_64_sync_handler+0x80/0xcc swapper/0: el1h_64_sync+0x68/0x6c swapper/0: __memset+0x84/0x188 swapper/0: btf_populate_kfunc_set+0x280/0x3d8 swapper/0: __register_btf_kfunc_id_set+0x43c/0x468 swapper/0: register_btf_kfunc_id_set+0x48/0x60 swapper/0: register_nf_nat_bpf+0x1c/0x40 swapper/0: nf_nat_init+0xc0/0x128 swapper/0: do_one_initcall+0x184/0x464 swapper/0: do_initcall_level+0xdc/0x1b0 swapper/0: do_initcalls+0x70/0xc0 swapper/0: do_basic_setup+0x1c/0x28 swapper/0: kernel_init_freeable+0x144/0x1b8 swapper/0: kernel_init+0x20/0x1a8 swapper/0: ret_from_fork+0x10/0x20 ================================================================== Fixes: 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO") Signed-off-by: Qun-Wei Lin Acked-by: David Rientjes --- mm/slab_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/slab_common.c b/mm/slab_common.c index 3d26c257ed8b..3445f4500b54 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -1209,7 +1209,7 @@ __do_krealloc(const void *p, size_t new_size, gfp_t flags) /* Zero out spare memory. */ if (want_init_on_alloc(flags)) { kasan_disable_current(); - memset((void *)p + new_size, 0, ks - new_size); + memset(kasan_reset_tag((void *)p + new_size), 0, ks - new_size); kasan_enable_current(); }