From: Catalin Marinas <catalin.marinas@arm.com>
To: Marco Elver <elver@google.com>
Cc: Luis Henriques <lhenriques@suse.de>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
kasan-dev@googlegroups.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: Issue with kfence and kmemleak
Date: Tue, 16 Mar 2021 19:22:40 +0000 [thread overview]
Message-ID: <20210316192240.GC28565@arm.com> (raw)
In-Reply-To: <YFD9JEdQNI1TqSuL@elver.google.com>
On Tue, Mar 16, 2021 at 07:47:00PM +0100, Marco Elver wrote:
> One thing I've just run into: "BUG: KFENCE: out-of-bounds read in
> scan_block+0x6b/0x170 mm/kmemleak.c:1244"
>
> Probably because kmemleak is passed the rounded size for the size-class,
> and not the real allocation size. Can this be fixed with
> kmemleak_ignore() only called on the KFENCE guard pages?
If it's only on the occasional object, you can do a
kmemleak_scan_area() but some care needed as this in turn allocates
memory for kmemleak internal metadata.
> I'd like kmemleak to scan the valid portion of an object allocated
> through KFENCE, but no further than that.
>
> Or do we need to fix the size if it's a kfence object:
>
> diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> index c0014d3b91c1..fe6e3ae8e8c6 100644
> --- a/mm/kmemleak.c
> +++ b/mm/kmemleak.c
> @@ -97,6 +97,7 @@
> #include <linux/atomic.h>
>
> #include <linux/kasan.h>
> +#include <linux/kfence.h>
> #include <linux/kmemleak.h>
> #include <linux/memory_hotplug.h>
>
> @@ -589,7 +590,7 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
> atomic_set(&object->use_count, 1);
> object->flags = OBJECT_ALLOCATED;
> object->pointer = ptr;
> - object->size = size;
> + object->size = kfence_ksize((void *)ptr) ?: size;
> object->excess_ref = 0;
> object->min_count = min_count;
> object->count = 0; /* white color initially */
>
> The alternative is to call kfence_ksize() in slab_post_alloc_hook() when
> calling kmemleak_alloc.
One of these is probably the easiest. If kfence only works on slab
objects, better to pass the right size from slab_post_alloc_hook(). If
you plan to expand it later to vmalloc(), just fix the size in
create_object().
--
Catalin
next prev parent reply other threads:[~2021-03-16 19:22 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-16 16:42 Issue with kfence and kmemleak Luis Henriques
2021-03-16 17:30 ` Marco Elver
2021-03-16 17:42 ` Luis Henriques
2021-03-16 18:19 ` Catalin Marinas
2021-03-16 18:47 ` Marco Elver
2021-03-16 19:22 ` Catalin Marinas [this message]
2021-03-17 8:41 ` Luis Henriques
2021-03-17 8:48 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210316192240.GC28565@arm.com \
--to=catalin.marinas@arm.com \
--cc=akpm@linux-foundation.org \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=lhenriques@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.