From: sashiko-bot@kernel.org
To: "Alexander Gordeev" <agordeev@linux.ibm.com>
Cc: "Heiko Carstens" <hca@linux.ibm.com>,
"Vasily Gorbik" <gor@linux.ibm.com>,
linux-s390@vger.kernel.org
Subject: Re: [PATCH -next v4 3/4] mm/kasan: Introduce helpers for lazy MMU mode sanitizer
Date: Thu, 18 Jun 2026 15:00:48 +0000 [thread overview]
Message-ID: <20260618150048.F396A1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <0d76139923a280617a21839b7e3f3e7735b58fdf.1781789772.git.agordeev@linux.ibm.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] The new KASAN_LAZY_MMU_PTE shadow value is not mapped to a bug type in the KASAN reporting logic, resulting in uninformative "unknown-crash" reports.
--
commit 7d8731323b7762279e28d0aef3b1b3c457449b81
Author: Alexander Gordeev <agordeev@linux.ibm.com>
mm/kasan: Introduce helpers for lazy MMU mode sanitizer
This commit provides helpers to allow architectures to poison and unpoison
PTEs during lazy MMU mode. It introduces a new KASAN shadow tag to track
and catch direct PTE manipulations that improperly bypass the correct
accessors.
> diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
> index fc9169a547662..8ba0fbabd75b2 100644
> --- a/mm/kasan/kasan.h
> +++ b/mm/kasan/kasan.h
[ ... ]
> @@ -144,12 +144,14 @@ static inline bool kasan_requires_meta(void)
> #define KASAN_PAGE_REDZONE 0xFE /* redzone for kmalloc_large allocation */
> #define KASAN_SLAB_REDZONE 0xFC /* redzone for slab object */
> #define KASAN_SLAB_FREE 0xFB /* freed slab object */
> +#define KASAN_LAZY_MMU_PTE 0xFD
[Severity: Medium]
Since this adds a new shadow tag value, does get_shadow_bug_type() in
mm/kasan/report_generic.c also need to be updated to handle it?
Currently, if KASAN catches a direct PTE access and reads this shadow
value, it looks like it will fall through the switch statement in
get_shadow_bug_type() and default to reporting an "unknown-crash".
Would adding KASAN_LAZY_MMU_PTE to the switch cases ensure we get a
more descriptive bug type instead?
--
Sashiko AI review · https://sashiko.dev/#/patchset/cover.1781789772.git.agordeev@linux.ibm.com?part=3
next prev parent reply other threads:[~2026-06-18 15:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-18 14:47 [PATCH -next v4 0/4] s390/mm: Batch PTE updates in lazy MMU mode Alexander Gordeev
2026-06-18 14:47 ` [PATCH -next v4 1/4] mm: Make lazy MMU mode context-aware Alexander Gordeev
2026-06-18 14:47 ` [PATCH -next v4 2/4] s390/mm: Batch PTE updates in lazy MMU mode Alexander Gordeev
2026-06-18 15:10 ` sashiko-bot
2026-06-18 14:47 ` [PATCH -next v4 3/4] mm/kasan: Introduce helpers for lazy MMU mode sanitizer Alexander Gordeev
2026-06-18 15:00 ` sashiko-bot [this message]
2026-06-18 14:47 ` [PATCH -next v4 4/4] s390/mm: Lazy " Alexander Gordeev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260618150048.F396A1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.