Re: [PATCH] mm/slab: ensure all metadata in slab object are word-aligned

[Harry Yoo <harry.yoo@oracle.com>]

On Fri, Oct 24, 2025 at 03:56:29AM +0200, Andrey Konovalov wrote:
> On Fri, Oct 24, 2025 at 3:19 AM Andrey Konovalov <andreyknvl@gmail.com> wrote:
> >
> > On Fri, Oct 24, 2025 at 2:41 AM Harry Yoo <harry.yoo@oracle.com> wrote:
> > >
> > > Adding more details on how I discovered this and why I care:
> > >
> > > I was developing a feature that uses unused bytes in s->size as the
> > > slabobj_ext metadata. Unlike other metadata where slab disables KASAN
> > > when accessing it, this should be unpoisoned to avoid adding complexity
> > > and overhead when accessing it.
> >
> > Generally, unpoisoining parts of slabs that should not be accessed by
> > non-slab code is undesirable - this would prevent KASAN from detecting
> > OOB accesses into that memory.
> >
> > An alternative to unpoisoning or disabling KASAN could be to add
> > helper functions annotated with __no_sanitize_address that do the
> > required accesses. And make them inlined when KASAN is disabled to
> > avoid the performance hit.
> >
> > On a side note, you might also need to check whether SW_TAGS KASAN and
> > KMSAN would be unhappy with your changes:
> >
> > - When we do kasan_disable_current() or metadata_access_enable(), we
> > also do kasan_reset_tag();
> > - In metadata_access_enable(), we disable KMSAN as well.
> >
> > > This warning is from kasan_unpoison():
> > >         if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK))
> > >                 return;
> > >
> > > on x86_64, the address passed to kasan_{poison,unpoison}() should be at
> > > least aligned with 8 bytes.
> > >
> > > After manual investigation it turns out when the SLAB_STORE_USER flag is
> > > specified, any metadata after the original kmalloc request size is
> > > misaligned.
> > >
> > > Questions:
> > > - Could it cause any issues other than the one described above?
> > > - Does KASAN even support architectures that have issues with unaligned
> > >   accesses?
> >
> > Unaligned accesses are handled just fine. It's just that the start of
> > any unpoisoned/accessible memory region must be aligned to 8 (or 16
> > for SW_TAGS) bytes due to how KASAN encodes shadow memory values.
> 
> Misread your question: my response was about whether unaligned
> accesses are instrumented/checked correctly on architectures that do
> support them.

Haha, I was a bit confused while reading the reply, turns out we were
talking about different things.

And yes, I was asking about the case where the architecture doesn't
support it.

> For architectures that do not: there might indeed be an issue.
> Though there's KASAN support for xtensa and I suppose it works
> (does xtensa support unaligned accesses?).

Looks like 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS
are assumed to require 64 bit accesses to be 64 bit aligned [1]?

[1] https://lore.kernel.org/all/20201214112629.3cf6f240@gandalf.local.home

But yeah, the combination of

(architectures that do not support unaligned accesses) x
(enabling KASAN) x
(enabling slab_debug=U)

should be pretty rare... ;)

> > > - How come we haven't seen any issues regarding this so far? :/
> >
> > As you pointed out, we don't unpoison the memory that stores KASAN
> > metadata and instead just disable KASAN error reporting. This is done
> > deliberately to allow KASAN catching accesses into that memory that
> > happen outside of the slab/KASAN code.

-- 
Cheers,
Harry / Hyeonggon