From: Ihor Solodrai <ihor.solodrai@linux.dev>
To: Borislav Petkov <bp@alien8.de>
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Eduard Zingerman <eddyz87@gmail.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
bpf@vger.kernel.org, kasan-dev@googlegroups.com,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andrey Konovalov <andreyknvl@gmail.com>
Subject: Re: [PATCH v1] kasan: Fix false-positive wild-memory-access on x86 under 5-level paging
Date: Mon, 22 Jun 2026 17:35:50 -0700 [thread overview]
Message-ID: <fdefc4f4-12d5-4c16-a452-3bdecd032176@linux.dev> (raw)
In-Reply-To: <20260618170913.GBajQmOQyOiBLqopUl@fat_crate.local>
On 6/18/26 10:09 AM, Borislav Petkov wrote:
> On Wed, Jun 17, 2026 at 03:13:33PM -0700, Ihor Solodrai wrote:
>> So my question to maintainers is what approach seems best?
>
> The CPUID stuff is being rewritten currently and it should address your issue
> too. If not, then we need to rewrite it better.
>
> Can you reproduce with this set applied ontop:
>
> https://lore.kernel.org/r/20260528153923.403473-1-darwi@linutronix.de
Yes, the issue reproduces with this series.
Here is a splat:
[ 1.554117] BUG: KASAN: wild-memory-access in do_raw_spin_lock+0x121/0x270
[ 1.554117] Write of size 4 at addr ff110001000d10b8 by task swapper/0/0
[ 1.554117]
[ 1.554117] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 7.1.0-00120-g0f76bd3ff8c1 #19 PREEMPT(full)
[ 1.554117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-5.el9 11/05/2023
[ 1.554117] Call Trace:
[ 1.554117] <IRQ>
[ 1.554117] dump_stack_lvl+0x68/0xa0
[ 1.554117] ? do_raw_spin_lock+0x121/0x270
[ 1.554117] kasan_report+0xca/0x100
[ 1.554117] ? do_raw_spin_lock+0x121/0x270
[ 1.554117] kasan_check_range+0x39/0x1c0
[ 1.554117] do_raw_spin_lock+0x121/0x270
[ 1.554117] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1.554117] handle_edge_irq+0x34/0x8b0
[ 1.554117] __common_interrupt+0x6e/0x170
[ 1.554117] common_interrupt+0x77/0xa0
[ 1.554117] </IRQ>
[ 1.554117] <TASK>
[ 1.554117] asm_common_interrupt+0x26/0x40
[ 1.554117] RIP: 0010:__cpuid_reset_table+0xf7/0x7b0
[ 1.554117] Code: 49 8d 7e 0c 45 8b 46 08 48 89 f8 48 c1 e8 03 4a 8d 2c 03 48 89 6c 24 68 42 0f b6 14 38 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 <84> d2 0f 85 da 04 00 00 45 8b 4e 0c 4c 89 f0 48 c1 e8 03 49 01 d9
[ 1.554117] RSP: 0000:ffffffff84c07d98 EFLAGS: 00010202
[ 1.554117] RAX: 0000000000000007 RBX: ffffffff85a7c990 RCX: 0000000000000000
[ 1.554117] RDX: 0000000000000000 RSI: fffffbfff0b4f91c RDI: ffffffff83c2dcac
[ 1.554117] RBP: ffffffff85a7c990 R08: 0000000000000000 R09: 0000000000000001
[ 1.554117] R10: ffffffff85a7c8ec R11: 0000000000000000 R12: 000000000000ffff
[ 1.554117] R13: ffffffff85a7c990 R14: ffffffff83c2dca0 R15: dffffc0000000000
[ 1.554117] ? __pfx___cpuid_reset_table+0x10/0x10
[ 1.554117] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1.554117] cpuid_scan_cpu_early+0x5a/0xd0
[ 1.554117] identify_cpu+0x2c1/0x13e0
[ 1.554117] ? lock_release+0xc9/0x290
[ 1.554117] arch_cpu_finalize_init+0x25/0x3c0
[ 1.554117] start_kernel+0x304/0x3f0
[ 1.554117] x86_64_start_reservations+0x18/0x30
[ 1.554117] x86_64_start_kernel+0x116/0x130
[ 1.554117] common_startup_64+0x12c/0x138
[ 1.554117] </TASK>
>
> ?
>
prev parent reply other threads:[~2026-06-23 0:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-10 17:56 [PATCH v1] kasan: Fix false-positive wild-memory-access on x86 under 5-level paging Ihor Solodrai
2026-06-10 18:17 ` sashiko-bot
2026-06-10 18:28 ` Ihor Solodrai
2026-06-10 18:39 ` Andrey Konovalov
2026-06-10 21:55 ` Ihor Solodrai
2026-06-12 16:30 ` Kiryl Shutsemau
2026-06-12 19:42 ` Ihor Solodrai
2026-06-17 22:13 ` Ihor Solodrai
2026-06-18 16:55 ` Andrey Ryabinin
2026-06-18 17:09 ` Borislav Petkov
2026-06-18 18:12 ` Dave Hansen
2026-06-18 18:38 ` Borislav Petkov
2026-06-23 0:29 ` Ihor Solodrai
2026-06-23 0:35 ` Ihor Solodrai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fdefc4f4-12d5-4c16-a452-3bdecd032176@linux.dev \
--to=ihor.solodrai@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=eddyz87@gmail.com \
--cc=hpa@zytor.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=memxor@gmail.com \
--cc=mingo@redhat.com \
--cc=ryabinin.a.a@gmail.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.