From: Feng Tang <feng.tang@intel.com>
To: lkp@lists.01.org
Subject: Re: [mm/slub] 3616799128: BUG_kmalloc-#(Not_tainted):kmalloc_Redzone_overwritten
Date: Tue, 16 Aug 2022 22:12:15 +0800 [thread overview]
Message-ID: <Yvulv68VmqCJFVJq@feng-clx> (raw)
In-Reply-To: <YvubS48W0dE7uA4E@xsang-OptiPlex-9020>
[-- Attachment #1: Type: text/plain, Size: 3388 bytes --]
On Tue, Aug 16, 2022 at 09:27:39PM +0800, Sang, Oliver wrote:
> Hi Feng,
>
> On Mon, Aug 15, 2022 at 03:27:43PM +0800, Feng Tang wrote:
> > Hi Oliver,
> >
> > Could you help to check if the below combined patch fix the problem
> > you reported? thanks!
>
> I applied below patch upon 3616799128:
> 28b34693c816e9 (linux-devel/fixup-3616799128) fix for 3616799128: BUG_kmalloc-#(Not_tainted):kmalloc_Redzone_overwritten
> 3616799128612e (linux-review/Feng-Tang/mm-slub-some-debug-enhancements/20220727-151318) mm/slub: extend redzone check to cover extra allocated kmalloc space than requested
> acc77d62f91ccc mm/slub: only zero the requested size of buffer for kzalloc
>
>
> confirmed the issue gone:
Many thanks for helping testing!
- Feng
> =========================================================================================
> compiler/kconfig/rootfs/sleep/tbox_group/testcase:
> gcc-11/x86_64-randconfig-a005-20220117/debian-11.1-x86_64-20220510.cgz/300/vm-snb/boot
>
>
> acc77d62f91ccca2 3616799128612e04ed919579e2c 28b34693c816e9fcbe42bdd341e
> ---------------- --------------------------- ---------------------------
> fail:runs %reproduction fail:runs %reproduction fail:runs
> | | | | |
> :20 95% 19:20 0% :22 dmesg.BUG_kmalloc-#(Not_tainted):kmalloc_Redzone_overwritten
> :20 95% 19:20 0% :22 dmesg.BUG_kmalloc-#(Tainted:G_B):kmalloc_Redzone_overwritten
>
>
>
> >
> > - Feng
> >
> > ---
> >
> > diff --git a/include/linux/kasan.h b/include/linux/kasan.h
> > index b092277bf48d6..293bdaa0ba09c 100644
> > --- a/include/linux/kasan.h
> > +++ b/include/linux/kasan.h
> > @@ -100,6 +100,8 @@ static inline bool kasan_has_integrated_init(void)
> > struct kasan_cache {
> > int alloc_meta_offset;
> > int free_meta_offset;
> > + /* size of free_meta data saved in object's data area */
> > + int free_meta_size_in_object;
> > bool is_kmalloc;
> > };
> >
> > diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> > index c40c0e7b3b5f1..9d2994dbe4e7a 100644
> > --- a/mm/kasan/common.c
> > +++ b/mm/kasan/common.c
> > @@ -200,6 +200,8 @@ void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size,
> > cache->kasan_info.free_meta_offset = KASAN_NO_FREE_META;
> > *size = ok_size;
> > }
> > + } else {
> > + cache->kasan_info.free_meta_size_in_object = sizeof(struct kasan_free_meta);
> > }
> >
> > /* Calculate size with optimal redzone. */
> > diff --git a/mm/slub.c b/mm/slub.c
> > index added2653bb03..272dcdbaaa03b 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -830,6 +830,16 @@ static inline void set_orig_size(struct kmem_cache *s,
> > if (!slub_debug_orig_size(s))
> > return;
> >
> > +#ifdef CONFIG_KASAN_GENERIC
> > + /*
> > + * kasn could save its free meta data in the start part of object
> > + * area, so skip the redzone check if kasan's meta data size is
> > + * bigger enough to possibly overlap with kmalloc redzone
> > + */
> > + if (s->kasan_info.free_meta_size_in_object * 2 > s->object_size)
> > + orig_size = s->object_size;
> > +#endif
> > +
> > p += get_info_end(s);
> > p += sizeof(struct track) * 2;
> >
WARNING: multiple messages have this Message-ID (diff)
From: Feng Tang <feng.tang@intel.com>
To: "Sang, Oliver" <oliver.sang@intel.com>
Cc: Dmitry Vyukov <dvyukov@google.com>,
Vlastimil Babka <vbabka@suse.cz>, lkp <lkp@intel.com>,
LKML <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"lkp@lists.01.org" <lkp@lists.01.org>,
Andrew Morton <akpm@linux-foundation.org>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
Robin Murphy <robin.murphy@arm.com>,
John Garry <john.garry@huawei.com>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
"Alexander Potapenko" <glider@google.com>,
"kasan-dev@googlegroups.com" <kasan-dev@googlegroups.com>
Subject: Re: [mm/slub] 3616799128: BUG_kmalloc-#(Not_tainted):kmalloc_Redzone_overwritten
Date: Tue, 16 Aug 2022 22:12:15 +0800 [thread overview]
Message-ID: <Yvulv68VmqCJFVJq@feng-clx> (raw)
In-Reply-To: <YvubS48W0dE7uA4E@xsang-OptiPlex-9020>
On Tue, Aug 16, 2022 at 09:27:39PM +0800, Sang, Oliver wrote:
> Hi Feng,
>
> On Mon, Aug 15, 2022 at 03:27:43PM +0800, Feng Tang wrote:
> > Hi Oliver,
> >
> > Could you help to check if the below combined patch fix the problem
> > you reported? thanks!
>
> I applied below patch upon 3616799128:
> 28b34693c816e9 (linux-devel/fixup-3616799128) fix for 3616799128: BUG_kmalloc-#(Not_tainted):kmalloc_Redzone_overwritten
> 3616799128612e (linux-review/Feng-Tang/mm-slub-some-debug-enhancements/20220727-151318) mm/slub: extend redzone check to cover extra allocated kmalloc space than requested
> acc77d62f91ccc mm/slub: only zero the requested size of buffer for kzalloc
>
>
> confirmed the issue gone:
Many thanks for helping testing!
- Feng
> =========================================================================================
> compiler/kconfig/rootfs/sleep/tbox_group/testcase:
> gcc-11/x86_64-randconfig-a005-20220117/debian-11.1-x86_64-20220510.cgz/300/vm-snb/boot
>
>
> acc77d62f91ccca2 3616799128612e04ed919579e2c 28b34693c816e9fcbe42bdd341e
> ---------------- --------------------------- ---------------------------
> fail:runs %reproduction fail:runs %reproduction fail:runs
> | | | | |
> :20 95% 19:20 0% :22 dmesg.BUG_kmalloc-#(Not_tainted):kmalloc_Redzone_overwritten
> :20 95% 19:20 0% :22 dmesg.BUG_kmalloc-#(Tainted:G_B):kmalloc_Redzone_overwritten
>
>
>
> >
> > - Feng
> >
> > ---
> >
> > diff --git a/include/linux/kasan.h b/include/linux/kasan.h
> > index b092277bf48d6..293bdaa0ba09c 100644
> > --- a/include/linux/kasan.h
> > +++ b/include/linux/kasan.h
> > @@ -100,6 +100,8 @@ static inline bool kasan_has_integrated_init(void)
> > struct kasan_cache {
> > int alloc_meta_offset;
> > int free_meta_offset;
> > + /* size of free_meta data saved in object's data area */
> > + int free_meta_size_in_object;
> > bool is_kmalloc;
> > };
> >
> > diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> > index c40c0e7b3b5f1..9d2994dbe4e7a 100644
> > --- a/mm/kasan/common.c
> > +++ b/mm/kasan/common.c
> > @@ -200,6 +200,8 @@ void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size,
> > cache->kasan_info.free_meta_offset = KASAN_NO_FREE_META;
> > *size = ok_size;
> > }
> > + } else {
> > + cache->kasan_info.free_meta_size_in_object = sizeof(struct kasan_free_meta);
> > }
> >
> > /* Calculate size with optimal redzone. */
> > diff --git a/mm/slub.c b/mm/slub.c
> > index added2653bb03..272dcdbaaa03b 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -830,6 +830,16 @@ static inline void set_orig_size(struct kmem_cache *s,
> > if (!slub_debug_orig_size(s))
> > return;
> >
> > +#ifdef CONFIG_KASAN_GENERIC
> > + /*
> > + * kasn could save its free meta data in the start part of object
> > + * area, so skip the redzone check if kasan's meta data size is
> > + * bigger enough to possibly overlap with kmalloc redzone
> > + */
> > + if (s->kasan_info.free_meta_size_in_object * 2 > s->object_size)
> > + orig_size = s->object_size;
> > +#endif
> > +
> > p += get_info_end(s);
> > p += sizeof(struct track) * 2;
> >
next prev parent reply other threads:[~2022-08-16 14:12 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-27 7:10 [PATCH v3 0/3] mm/slub: some debug enhancements Feng Tang
2022-07-27 7:10 ` [PATCH v3 1/3] mm/slub: enable debugging memory wasting of kmalloc Feng Tang
2022-07-27 10:20 ` Christoph Lameter
2022-07-27 12:59 ` Feng Tang
2022-07-27 14:12 ` Vlastimil Babka
2022-07-27 7:10 ` [PATCH v3 2/3] mm/slub: only zero the requested size of buffer for kzalloc Feng Tang
2022-07-27 7:10 ` [PATCH v3 3/3] mm/slub: extend redzone check to cover extra allocated kmalloc space than requested Feng Tang
2022-07-31 6:53 ` [mm/slub] 3616799128: BUG_kmalloc-#(Not_tainted):kmalloc_Redzone_overwritten kernel test robot
2022-07-31 6:53 ` kernel test robot
2022-07-31 8:16 ` Feng Tang
2022-07-31 8:16 ` Feng Tang
2022-08-01 6:21 ` Feng Tang
2022-08-01 6:21 ` Feng Tang
2022-08-01 7:26 ` Dmitry Vyukov
2022-08-01 7:26 ` Dmitry Vyukov
2022-08-01 7:48 ` Feng Tang
2022-08-01 7:48 ` Feng Tang
2022-08-01 8:13 ` Christoph Lameter
2022-08-01 8:13 ` Christoph Lameter
2022-08-01 14:23 ` Vlastimil Babka
2022-08-01 14:23 ` Vlastimil Babka
2022-08-02 6:54 ` Feng Tang
2022-08-02 6:54 ` Feng Tang
2022-08-02 7:06 ` Dmitry Vyukov
2022-08-02 7:06 ` Dmitry Vyukov
2022-08-02 7:46 ` Feng Tang
2022-08-02 7:46 ` Feng Tang
2022-08-02 7:59 ` Dmitry Vyukov
2022-08-02 7:59 ` Dmitry Vyukov
2022-08-02 8:44 ` Feng Tang
2022-08-02 8:44 ` Feng Tang
2022-08-02 9:43 ` Vlastimil Babka
2022-08-02 9:43 ` Vlastimil Babka
2022-08-02 10:30 ` Dmitry Vyukov
2022-08-02 10:30 ` Dmitry Vyukov
2022-08-02 13:36 ` Feng Tang
2022-08-02 13:36 ` Feng Tang
2022-08-02 14:38 ` Dmitry Vyukov
2022-08-02 14:38 ` Dmitry Vyukov
2022-08-04 6:28 ` Feng Tang
2022-08-04 6:28 ` Feng Tang
2022-08-04 10:47 ` Dmitry Vyukov
2022-08-04 10:47 ` Dmitry Vyukov
2022-08-04 12:22 ` Feng Tang
2022-08-04 12:22 ` Feng Tang
2022-08-15 7:27 ` Feng Tang
2022-08-15 7:27 ` Feng Tang
2022-08-16 13:27 ` Oliver Sang
2022-08-16 13:27 ` Oliver Sang
2022-08-16 14:12 ` Feng Tang [this message]
2022-08-16 14:12 ` Feng Tang
2022-08-02 10:31 ` Dmitry Vyukov
2022-08-02 10:31 ` Dmitry Vyukov
2022-08-02 6:59 ` Dmitry Vyukov
2022-08-02 6:59 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yvulv68VmqCJFVJq@feng-clx \
--to=feng.tang@intel.com \
--cc=lkp@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.