From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alex Sverdlin <alexander.sverdlin@nokia.com>,
Linus Walleij <linus.walleij@linaro.org>,
Russell King <rmk+kernel@armlinux.org.uk>,
Sasha Levin <sashal@kernel.org>,
aryabinin@virtuozzo.com, linux@armlinux.org.uk,
kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org
Subject: [PATCH AUTOSEL 6.0 45/46] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
Date: Tue, 11 Oct 2022 10:50:13 -0400 [thread overview]
Message-ID: <20221011145015.1622882-45-sashal@kernel.org> (raw)
In-Reply-To: <20221011145015.1622882-1-sashal@kernel.org>
From: Alex Sverdlin <alexander.sverdlin@nokia.com>
[ Upstream commit 823f606ab6b4759a1faf0388abcf4fb0776710d2 ]
In case CONFIG_KASAN_VMALLOC=y kasan_populate_vmalloc() allocates the
shadow pages dynamically. But even worse is that kasan_release_vmalloc()
releases them, which is not compatible with create_mapping() of
MODULES_VADDR..MODULES_END range:
BUG: Bad page state in process kworker/9:1 pfn:2068b
page:e5e06160 refcount:0 mapcount:0 mapping:00000000 index:0x0
flags: 0x1000(reserved)
raw: 00001000 e5e06164 e5e06164 00000000 00000000 00000000 ffffffff 00000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
bad because of flags: 0x1000(reserved)
Modules linked in: ip_tables
CPU: 9 PID: 154 Comm: kworker/9:1 Not tainted 5.4.188-... #1
Hardware name: LSI Axxia AXM55XX
Workqueue: events do_free_init
unwind_backtrace
show_stack
dump_stack
bad_page
free_pcp_prepare
free_unref_page
kasan_depopulate_vmalloc_pte
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
do_free_init
process_one_work
worker_thread
kthread
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/kasan_init.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mm/kasan_init.c b/arch/arm/mm/kasan_init.c
index 29caee9c79ce..46d9f4a622cb 100644
--- a/arch/arm/mm/kasan_init.c
+++ b/arch/arm/mm/kasan_init.c
@@ -268,12 +268,17 @@ void __init kasan_init(void)
/*
* 1. The module global variables are in MODULES_VADDR ~ MODULES_END,
- * so we need to map this area.
+ * so we need to map this area if CONFIG_KASAN_VMALLOC=n. With
+ * VMALLOC support KASAN will manage this region dynamically,
+ * refer to kasan_populate_vmalloc() and ARM's implementation of
+ * module_alloc().
* 2. PKMAP_BASE ~ PKMAP_BASE+PMD_SIZE's shadow and MODULES_VADDR
* ~ MODULES_END's shadow is in the same PMD_SIZE, so we can't
* use kasan_populate_zero_shadow.
*/
- create_mapping((void *)MODULES_VADDR, (void *)(PKMAP_BASE + PMD_SIZE));
+ if (!IS_ENABLED(CONFIG_KASAN_VMALLOC) && IS_ENABLED(CONFIG_MODULES))
+ create_mapping((void *)MODULES_VADDR, (void *)(MODULES_END));
+ create_mapping((void *)PKMAP_BASE, (void *)(PKMAP_BASE + PMD_SIZE));
/*
* KAsan may reuse the contents of kasan_early_shadow_pte directly, so
--
2.35.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alex Sverdlin <alexander.sverdlin@nokia.com>,
Linus Walleij <linus.walleij@linaro.org>,
Russell King <rmk+kernel@armlinux.org.uk>,
Sasha Levin <sashal@kernel.org>,
aryabinin@virtuozzo.com, linux@armlinux.org.uk,
kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org
Subject: [PATCH AUTOSEL 6.0 45/46] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
Date: Tue, 11 Oct 2022 10:50:13 -0400 [thread overview]
Message-ID: <20221011145015.1622882-45-sashal@kernel.org> (raw)
In-Reply-To: <20221011145015.1622882-1-sashal@kernel.org>
From: Alex Sverdlin <alexander.sverdlin@nokia.com>
[ Upstream commit 823f606ab6b4759a1faf0388abcf4fb0776710d2 ]
In case CONFIG_KASAN_VMALLOC=y kasan_populate_vmalloc() allocates the
shadow pages dynamically. But even worse is that kasan_release_vmalloc()
releases them, which is not compatible with create_mapping() of
MODULES_VADDR..MODULES_END range:
BUG: Bad page state in process kworker/9:1 pfn:2068b
page:e5e06160 refcount:0 mapcount:0 mapping:00000000 index:0x0
flags: 0x1000(reserved)
raw: 00001000 e5e06164 e5e06164 00000000 00000000 00000000 ffffffff 00000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
bad because of flags: 0x1000(reserved)
Modules linked in: ip_tables
CPU: 9 PID: 154 Comm: kworker/9:1 Not tainted 5.4.188-... #1
Hardware name: LSI Axxia AXM55XX
Workqueue: events do_free_init
unwind_backtrace
show_stack
dump_stack
bad_page
free_pcp_prepare
free_unref_page
kasan_depopulate_vmalloc_pte
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
do_free_init
process_one_work
worker_thread
kthread
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/kasan_init.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/arm/mm/kasan_init.c b/arch/arm/mm/kasan_init.c
index 29caee9c79ce..46d9f4a622cb 100644
--- a/arch/arm/mm/kasan_init.c
+++ b/arch/arm/mm/kasan_init.c
@@ -268,12 +268,17 @@ void __init kasan_init(void)
/*
* 1. The module global variables are in MODULES_VADDR ~ MODULES_END,
- * so we need to map this area.
+ * so we need to map this area if CONFIG_KASAN_VMALLOC=n. With
+ * VMALLOC support KASAN will manage this region dynamically,
+ * refer to kasan_populate_vmalloc() and ARM's implementation of
+ * module_alloc().
* 2. PKMAP_BASE ~ PKMAP_BASE+PMD_SIZE's shadow and MODULES_VADDR
* ~ MODULES_END's shadow is in the same PMD_SIZE, so we can't
* use kasan_populate_zero_shadow.
*/
- create_mapping((void *)MODULES_VADDR, (void *)(PKMAP_BASE + PMD_SIZE));
+ if (!IS_ENABLED(CONFIG_KASAN_VMALLOC) && IS_ENABLED(CONFIG_MODULES))
+ create_mapping((void *)MODULES_VADDR, (void *)(MODULES_END));
+ create_mapping((void *)PKMAP_BASE, (void *)(PKMAP_BASE + PMD_SIZE));
/*
* KAsan may reuse the contents of kasan_early_shadow_pte directly, so
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-10-11 14:54 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-11 14:49 [PATCH AUTOSEL 6.0 01/46] arm64: dts: qcom: sdm845: narrow LLCC address space Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 02/46] ARM: dts: imx6: delete interrupts property if interrupts-extended is set Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 03/46] ARM: dts: imx7d-sdb: config the max pressure for tsc2046 Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 04/46] soc: mediatek: Let PMIC Wrapper and SCPSYS depend on OF Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 22:49 ` Jean Delvare
2022-10-11 22:49 ` Jean Delvare
2022-10-16 14:46 ` Sasha Levin
2022-10-16 14:46 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 05/46] arm64: dts: qcom: sc7280-idp: correct ADC channel node name and unit address Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 06/46] ARM: dts: imx6q: add missing properties for sram Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 07/46] ARM: dts: imx6dl: " Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 08/46] ARM: dts: imx6qp: " Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 09/46] ARM: dts: imx6sl: " Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 10/46] ARM: dts: imx6sll: " Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 11/46] ARM: dts: imx6sx: " Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 12/46] ARM: dts: imx6sl: use tabs for code indent Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 13/46] ARM: dts: imx6sx-udoo-neo: don't use multiple blank lines Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 14/46] kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 15/46] kselftest/arm64: Allow larger buffers in get_signal_context() Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 15:04 ` Mark Brown
2022-10-11 15:04 ` Mark Brown
2022-10-13 17:58 ` Sasha Levin
2022-10-13 17:58 ` Sasha Levin
2022-10-13 18:02 ` Mark Brown
2022-10-13 18:02 ` Mark Brown
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 16/46] sparc: Fix the generic IO helpers Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 17/46] arm64: atomics: remove LL/SC trampolines Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-12 8:55 ` Catalin Marinas
2022-10-12 8:55 ` Catalin Marinas
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 18/46] arm64: run softirqs on the per-CPU IRQ stack Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 19/46] arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 20/46] arm64: dts: imx8ulp: no executable source file permission Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 21/46] arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 22/46] ARM: orion: fix include path Sasha Levin
2022-10-11 14:49 ` Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 23/46] btrfs: dump extra info if one free space cache has more bitmaps than it should Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 24/46] btrfs: add macros for annotating wait events with lockdep Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 25/46] btrfs: add lockdep annotations for num_writers wait event Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 26/46] btrfs: add lockdep annotations for num_extwriters " Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 27/46] btrfs: add lockdep annotations for transaction states wait events Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 28/46] btrfs: add lockdep annotations for pending_ordered wait event Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 29/46] btrfs: change the lockdep class of free space inode's invalidate_lock Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 30/46] btrfs: add lockdep annotations for the ordered extents wait event Sasha Levin
2022-10-11 14:49 ` [PATCH AUTOSEL 6.0 31/46] btrfs: scrub: properly report super block errors in system log Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 32/46] btrfs: scrub: try to fix super block errors Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 33/46] btrfs: get rid of block group caching progress logic Sasha Levin
2022-10-11 23:46 ` Omar Sandoval
2022-10-13 17:55 ` Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 34/46] btrfs: don't print information about space cache or tree every remount Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 35/46] btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 36/46] btrfs: check superblock to ensure the fs was not modified at thaw time Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 37/46] btrfs: remove the unnecessary result variables Sasha Levin
2022-10-12 11:54 ` David Sterba
2022-10-13 17:56 ` Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 38/46] btrfs: introduce BTRFS_QGROUP_RUNTIME_FLAG_CANCEL_RESCAN Sasha Levin
2022-10-12 12:56 ` David Sterba
2022-10-12 23:12 ` Qu Wenruo
2022-10-13 17:56 ` Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 39/46] btrfs: add KCSAN annotations for unlocked access to block_rsv->full Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 40/46] btrfs: separate out the eb and extent state leak helpers Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 41/46] btrfs: relax block-group-tree feature dependency checks Sasha Levin
2022-10-12 13:01 ` David Sterba
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 42/46] arm64: dts: uniphier: Add USB-device support for PXs3 reference board Sasha Levin
2022-10-11 14:50 ` Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 43/46] ARM: 9233/1: stacktrace: Skip frame pointer boundary check for call_with_stack() Sasha Levin
2022-10-11 14:50 ` Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 44/46] ARM: 9234/1: stacktrace: Avoid duplicate saving of exception PC value Sasha Levin
2022-10-11 14:50 ` Sasha Levin
2022-10-11 14:50 ` Sasha Levin [this message]
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 45/46] ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n Sasha Levin
2022-10-11 14:50 ` [PATCH AUTOSEL 6.0 46/46] selftests/cpu-hotplug: Use return instead of exit Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221011145015.1622882-45-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=alexander.sverdlin@nokia.com \
--cc=aryabinin@virtuozzo.com \
--cc=kasan-dev@googlegroups.com \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.