From patchwork Wed Dec 11 02:57:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Ge X-Patchwork-Id: 13902779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3848E77180 for ; Wed, 11 Dec 2024 02:58:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3F0408D0027; Tue, 10 Dec 2024 21:58:53 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 378A08D0017; Tue, 10 Dec 2024 21:58:53 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1F3478D0027; Tue, 10 Dec 2024 21:58:53 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id F28C88D0017 for ; Tue, 10 Dec 2024 21:58:52 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B2ADF16031B for ; Wed, 11 Dec 2024 02:58:52 +0000 (UTC) X-FDA: 82881170064.07.00C46D0 Received: from out-181.mta1.migadu.com (out-181.mta1.migadu.com [95.215.58.181]) by imf03.hostedemail.com (Postfix) with ESMTP id 9EBA22000F for ; Wed, 11 Dec 2024 02:58:40 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=PISyuryt; spf=pass (imf03.hostedemail.com: domain of hao.ge@linux.dev designates 95.215.58.181 as permitted sender) smtp.mailfrom=hao.ge@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733885915; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Mda3ZyXyJH5OFHXOUsDfTKBVwU64MhwhuqW/orcZpbg=; b=8D1bDNVi19t9If7fjx67+HESYiezC2ewJPlKALWKhV/G2qg844DhkWtcS0eecUnjaFrK5c awVd+G/Gr6TlWqe1Ei5jfOE7XEFThclNbAIPU2tS7HrWu5K/DOwEMzYh58KTNtv40ZTJrb NJtntI4gJe8BTpxQw1qH6FEpd/Dr1N4= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=PISyuryt; spf=pass (imf03.hostedemail.com: domain of hao.ge@linux.dev designates 95.215.58.181 as permitted sender) smtp.mailfrom=hao.ge@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733885915; a=rsa-sha256; cv=none; b=sOwRXvuUo4+IX0uXUK0Vz6kJW2mIiXLw/VMLudvEvMbRBGyDlQ8oKTjAnwy1zQK19oLBp/ L5t08MItHo6od/jBRiT9SPklM0ggG/37G199KG3gDPSvMEGG1A65hQRxTUu6oEtLvL07kz ONMbwd86BAW3cH+ZH/YnqKLlxENZHyM= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1733885928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Mda3ZyXyJH5OFHXOUsDfTKBVwU64MhwhuqW/orcZpbg=; b=PISyurytjn7nzqFpOIeot6Dm75hOfeOTiAcYbo2eK95x0dyO9usercVO7QSNbqom5iKK6o 57JNNk7Sh06MF0rVxtgHEtdjsz0quFzl6RusMWclMx5+ZMBIMopQcjIOhqjNHfD1w9JyKT 3IiQqnUWX8lmLd+pDfeaQi2dkSOSp7U= From: Hao Ge To: surenb@google.com, kent.overstreet@linux.dev, akpm@linux-foundation.org Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, hao.ge@linux.dev, Hao Ge , Ben Greear Subject: [PATCH v3] mm/alloc_tag: Fix panic when CONFIG_KASAN enabled and CONFIG_KASAN_VMALLOC not enabled Date: Wed, 11 Dec 2024 10:57:55 +0800 Message-Id: <20241211025755.56173-1-hao.ge@linux.dev> In-Reply-To: <43a827f1-44ce-1338-9b5c-456d20fa4cf9@linux.dev> References: <43a827f1-44ce-1338-9b5c-456d20fa4cf9@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam05 X-Stat-Signature: 7dc6monpyz1imbtpmkreuky1ugf1yqof X-Rspamd-Queue-Id: 9EBA22000F X-Rspam-User: X-HE-Tag: 1733885920-847256 X-HE-Meta: U2FsdGVkX19VdxVexzjn9YaYXC5mNvRubWw2ywx4JKeLZPql8+eGkVMhIJIHOVwMsNlK5++HiDaK9xuyKaPO3Pye7hf9OBMJo0EnWJhIeoqZam8QsgTAzw+owDCgEYoMvt/XEqJSbv/1nZcvt66TpYxACSiDz9MvjoaN9nln7nbK+HT9jbh6S4frsNjHqu1tbEd1CFB1D1zjwHD56VRjDOgGDmNK0ud5VbYusTynaDgBDUYzIN+O8IfJlQ9ISzBL/Q57Je9wQ2HGYknK1lN3MLyCwJSWTHmbOKRhEqHjdzRD5h5nC9daQ77p0SsG2CKv+YPJVn7Sg3sTadZah0TjCWeGBGuGxkAqGN94LSHZen6xL+oUYNJ5Qgox6/PDJp6MfOqdCEKZ2sAP49aog+xqv39ynYRgiyWUkb+oUEOYwtFTAdlng71qpKclI+zsAa7CFwkx9bAgV+cafXZ50zrtEU/F2lOwgH6ftZmcQn0pb0iWi8JGiXd/RysIisjXuPr2c7fjc9SjkTg0zV+gLQb+6793qrZJOqnAClRLQLqUKMXDMNGDUqsLLKW41BFjscjdIsfU5S4maXzmJ314IWps/L94+f98Uf/5754q5M1zyhQGzJPrkoI8sW4rIE7/PLIubUqTXsSs196RbVPjI43tGnSdn1H17qb/TfhKSUXLLWu2ns9TPufl4MY+Lhn/0FGslK2+gfdJIiRE6rx3t+5SL6ZaeB370iPomOIJdyLu/ygl7bsBStn8Kc+uGoXe+NWwThDx1WEKPAxkX6EnWQ/kqBtrpSpV5mxgDnVsTjJvod7C3spXUV6QTiC2ZAEjwaFcWDDIsh20+wpjqt8r/fyyjhF6hhM06mZPaKJQ1qwrQ8RN3B3LOxix0bJyJVxbyUJzcxQL8mD2zunbiwxueeANXEYldIcGEcsnITopS1HmEsus12IUVg5tKN+7jGoIXnowmLfa829ftlPQ+Dv8t87 oCt7QhQT T3058s14dZrpM5lA4AWyFq6zfmyHJ7VBJVOCTS2zMJaGBJQS/5+IWsveQj/PSabH9BXM3yk3amat62aO6zHX39aYJ0QVHJdkR5qlmF1PAcnJL+s4qr29IS+yWrDuPyQnSgY2MUHarR3CROdu2ApqULcnLCMYK5TTmEpVQSnZzF8FiO+/IpGL0svgh5B4YCrvZ+LRq3mv825gZ/cZq9TlCl38k3Fn8ZQ7qDVjo8FXi2G1NO1oD090V6n6P+iTiIVZZpkKt4Sj6zBldW0iqr4WNIPZfXKTn0w69Y96XLk54I+ClpMEKAvy/enhvjZ55WSN2n9p32qtwJlZZka0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Hao Ge When CONFIG_KASAN is enabled but CONFIG_KASAN_VMALLOC is not enabled, we may encounter a panic during system boot. Because we haven't allocated pages and created mappings for the shadow memory corresponding to module_tags region, similar to how it is done for execmem_vmalloc. The difference is that our module_tags are allocated on demand, so similarly,we also need to allocate shadow memory regions on demand. However, we still need to adhere to the MODULE_ALIGN principle. Here is the log for panic: [ 18.349421] BUG: unable to handle page fault for address: fffffbfff8092000 [ 18.350016] #PF: supervisor read access in kernel mode [ 18.350459] #PF: error_code(0x0000) - not-present page [ 18.350904] PGD 20fe52067 P4D 219dc8067 PUD 219dc4067 PMD 102495067 PTE 0 [ 18.351484] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 18.351961] CPU: 5 UID: 0 PID: 1 Comm: systemd Not tainted 6.13.0-rc1+ #3 [ 18.352533] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 18.353494] RIP: 0010:kasan_check_range+0xba/0x1b0 [ 18.353931] Code: 8d 5a 07 4c 0f 49 da 49 c1 fb 03 45 85 db 0f 84 dd 00 00 00 45 89 db 4a 8d 14 d8 eb 0d 48 83 c0 08 48 39 c2 0f 84 c1 00 00 00 <48> 83 38 00 74 ed 48 8d 50 08 eb 0d 48 83 c0 01 48 39 d0 0f 84 90 [ 18.355484] RSP: 0018:ff11000101877958 EFLAGS: 00010206 [ 18.355937] RAX: fffffbfff8092000 RBX: fffffbfff809201e RCX: ffffffff82a7ceac [ 18.356542] RDX: fffffbfff8092018 RSI: 00000000000000f0 RDI: ffffffffc0490000 [ 18.357153] RBP: fffffbfff8092000 R08: 0000000000000001 R09: fffffbfff809201d [ 18.357756] R10: ffffffffc04900ef R11: 0000000000000003 R12: ffffffffc0490000 [ 18.358365] R13: ff11000101877b48 R14: ffffffffc0490000 R15: 000000000000002c [ 18.358968] FS: 00007f9bd13c5940(0000) GS:ff110001eb480000(0000) knlGS:0000000000000000 [ 18.359648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 18.360178] CR2: fffffbfff8092000 CR3: 0000000109214004 CR4: 0000000000771ef0 [ 18.360790] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 18.361404] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 18.362020] PKRU: 55555554 [ 18.362261] Call Trace: [ 18.362481] [ 18.362671] ? __die+0x23/0x70 [ 18.362964] ? page_fault_oops+0xc2/0x160 [ 18.363318] ? exc_page_fault+0xad/0xc0 [ 18.363680] ? asm_exc_page_fault+0x26/0x30 [ 18.364056] ? move_module+0x3cc/0x8a0 [ 18.364398] ? kasan_check_range+0xba/0x1b0 [ 18.364755] __asan_memcpy+0x3c/0x60 [ 18.365074] move_module+0x3cc/0x8a0 [ 18.365386] layout_and_allocate.constprop.0+0x3d5/0x720 [ 18.365841] ? early_mod_check+0x3dc/0x510 [ 18.366195] load_module+0x72/0x1850 [ 18.366509] ? __pfx_kernel_read_file+0x10/0x10 [ 18.366918] ? vm_mmap_pgoff+0x21c/0x2d0 [ 18.367262] init_module_from_file+0xd1/0x130 [ 18.367638] ? __pfx_init_module_from_file+0x10/0x10 [ 18.368073] ? __pfx__raw_spin_lock+0x10/0x10 [ 18.368456] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 18.368938] idempotent_init_module+0x22c/0x790 [ 18.369332] ? simple_getattr+0x6f/0x120 [ 18.369676] ? __pfx_idempotent_init_module+0x10/0x10 [ 18.370110] ? fdget+0x58/0x3a0 [ 18.370393] ? security_capable+0x64/0xf0 [ 18.370745] __x64_sys_finit_module+0xc2/0x140 [ 18.371136] do_syscall_64+0x7d/0x160 [ 18.371459] ? fdget_pos+0x1c8/0x4c0 [ 18.371784] ? ksys_read+0xfd/0x1d0 [ 18.372106] ? syscall_exit_to_user_mode+0x10/0x1f0 [ 18.372525] ? do_syscall_64+0x89/0x160 [ 18.372860] ? do_syscall_64+0x89/0x160 [ 18.373194] ? do_syscall_64+0x89/0x160 [ 18.373527] ? syscall_exit_to_user_mode+0x10/0x1f0 [ 18.373952] ? do_syscall_64+0x89/0x160 [ 18.374283] ? syscall_exit_to_user_mode+0x10/0x1f0 [ 18.374701] ? do_syscall_64+0x89/0x160 [ 18.375037] ? do_user_addr_fault+0x4a8/0xa40 [ 18.375416] ? clear_bhb_loop+0x25/0x80 [ 18.375748] ? clear_bhb_loop+0x25/0x80 [ 18.376119] ? clear_bhb_loop+0x25/0x80 [ 18.376450] entry_SYSCALL_64_after_hwframe+0x76/0x7e Fixes: 233e89322cbe ("alloc_tag: fix module allocation tags populated area calculation") Reported-by: Ben Greear Closes: https://lore.kernel.org/all/1ba0cc57-e2ed-caa2-1241-aa5615bee01f@candelatech.com/ Signed-off-by: Hao Ge --- v3: Adjusting the title because the previous one was a bit unclear. Suren has pointed out that our condition for determining whether to allocate shadow memory is unreasonable.We have adjusted our method to use every 8 pages as an index (idx), and we will make decisions based on this idx when determining whether to allocate shadow memory. v2: Add comments to facilitate understanding of the code. Add align nr << PAGE_SHIFT to MODULE_ALIGN,even though kasan_alloc_module_shadow already handles this internally,but to make the code more readable and user-friendly commit 233e89322cbe ("alloc_tag: fix module allocation tags populated area calculation") is currently in the mm-hotfixes-unstable branch, so this patch is developed based on the mm-hotfixes-unstable branch. --- lib/alloc_tag.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c index f942408b53ef..8bf04756887d 100644 --- a/lib/alloc_tag.c +++ b/lib/alloc_tag.c @@ -10,6 +10,7 @@ #include #include #include +#include #define ALLOCINFO_FILE_NAME "allocinfo" #define MODULE_ALLOC_TAG_VMAP_SIZE (100000UL * sizeof(struct alloc_tag)) @@ -404,6 +405,9 @@ static int vm_module_tags_populate(void) unsigned long phys_end = ALIGN_DOWN(module_tags.start_addr, PAGE_SIZE) + (vm_module_tags->nr_pages << PAGE_SHIFT); unsigned long new_end = module_tags.start_addr + module_tags.size; + unsigned long phys_idx = (vm_module_tags->nr_pages + + (2 << KASAN_SHADOW_SCALE_SHIFT) - 1) >> KASAN_SHADOW_SCALE_SHIFT; + unsigned long new_idx = 0; if (phys_end < new_end) { struct page **next_page = vm_module_tags->pages + vm_module_tags->nr_pages; @@ -421,7 +425,26 @@ static int vm_module_tags_populate(void) __free_page(next_page[i]); return -ENOMEM; } + vm_module_tags->nr_pages += nr; + + new_idx = (vm_module_tags->nr_pages + + (2 << KASAN_SHADOW_SCALE_SHIFT) - 1) >> KASAN_SHADOW_SCALE_SHIFT; + + /* + * Kasan allocates 1 byte of shadow for every 8 bytes of data. + * When kasan_alloc_module_shadow allocates shadow memory, + * its unit of allocation is a page. + * Therefore, here we need to align to MODULE_ALIGN. + * + * For every KASAN_SHADOW_SCALE_SHIFT, a shadow page is allocated. + * So, we determine whether to allocate based on whether the + * number of pages falls within the scope of the same KASAN_SHADOW_SCALE_SHIFT. + */ + if (phys_idx != new_idx) + kasan_alloc_module_shadow((void *)round_up(phys_end, MODULE_ALIGN), + (new_idx - phys_idx) * MODULE_ALIGN, + GFP_KERNEL); } /*