From: Qian Cai <quic_qiancai@quicinc.com>
To: <andrey.konovalov@linux.dev>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Andrey Konovalov <andreyknvl@gmail.com>,
Marco Elver <elver@google.com>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
<kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
<linux-arm-kernel@lists.infradead.org>,
"Peter Collingbourne" <pcc@google.com>,
Evgenii Stepanov <eugenis@google.com>,
<linux-kernel@vger.kernel.org>,
Andrey Konovalov <andreyknvl@google.com>
Subject: Re: [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS
Date: Thu, 28 Apr 2022 10:13:56 -0400 [thread overview]
Message-ID: <20220428141356.GB71@qian> (raw)
In-Reply-To: <cover.1643047180.git.andreyknvl@google.com>
On Mon, Jan 24, 2022 at 07:02:08PM +0100, andrey.konovalov@linux.dev wrote:
> From: Andrey Konovalov <andreyknvl@google.com>
>
> Hi,
>
> This patchset adds vmalloc tagging support for SW_TAGS and HW_TAGS
> KASAN modes.
>
> The tree with patches is available here:
>
> https://github.com/xairy/linux/tree/up-kasan-vmalloc-tags-v6
>
> About half of patches are cleanups I went for along the way. None of
> them seem to be important enough to go through stable, so I decided
> not to split them out into separate patches/series.
>
> The patchset is partially based on an early version of the HW_TAGS
> patchset by Vincenzo that had vmalloc support. Thus, I added a
> Co-developed-by tag into a few patches.
>
> SW_TAGS vmalloc tagging support is straightforward. It reuses all of
> the generic KASAN machinery, but uses shadow memory to store tags
> instead of magic values. Naturally, vmalloc tagging requires adding
> a few kasan_reset_tag() annotations to the vmalloc code.
>
> HW_TAGS vmalloc tagging support stands out. HW_TAGS KASAN is based on
> Arm MTE, which can only assigns tags to physical memory. As a result,
> HW_TAGS KASAN only tags vmalloc() allocations, which are backed by
> page_alloc memory. It ignores vmap() and others.
I could use some help here. Ever since this series, our system starts to
trigger bad page state bugs from time to time. Any thoughts?
BUG: Bad page state in process systemd-udevd pfn:83ffffcd
page:fffffc20fdfff340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x83ffffcd
flags: 0xbfffc0000001000(reserved|node=0|zone=2|lastcpupid=0xffff)
raw: 0bfffc0000001000 fffffc20fdfff348 fffffc20fdfff348 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner info is not present (never set?)
CPU: 76 PID: 1873 Comm: systemd-udevd Not tainted 5.18.0-rc4-next-20220428-dirty #67
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
(inlined by) kasan_depopulate_vmalloc_pte at mm/kasan/shadow.c:361
apply_to_pte_range
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
(inlined by) kasan_release_vmalloc at mm/kasan/shadow.c:469
__purge_vmap_area_lazy
purge_vmap_area_lazy
alloc_vmap_area
__get_vm_area_node.constprop.0
__vmalloc_node_range
module_alloc
move_module
layout_and_allocate
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Disabling lock debugging due to kernel taint
BUG: Bad page state in process systemd-udevd pfn:83ffffcc
page:fffffc20fdfff300 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x83ffffcc
flags: 0xbfffc0000001000(reserved|node=0|zone=2|lastcpupid=0xffff)
raw: 0bfffc0000001000 fffffc20fdfff308 fffffc20fdfff308 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner info is not present (never set?)
CPU: 76 PID: 1873 Comm: systemd-udevd Tainted: G B 5.18.0-rc4-next-20220428-dirty #67
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
apply_to_pte_range
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
purge_vmap_area_lazy
alloc_vmap_area
__get_vm_area_node.constprop.0
__vmalloc_node_range
module_alloc
move_module
layout_and_allocate
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
next prev parent reply other threads:[~2022-04-28 14:14 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-24 18:02 [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 01/39] kasan, page_alloc: deduplicate should_skip_kasan_poison andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 02/39] kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 03/39] kasan, page_alloc: merge kasan_free_pages into free_pages_prepare andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 04/39] kasan, page_alloc: simplify kasan_poison_pages call site andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 05/39] kasan, page_alloc: init memory of skipped pages on free andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 06/39] kasan: drop skip_kasan_poison variable in free_pages_prepare andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 07/39] mm: clarify __GFP_ZEROTAGS comment andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 08/39] kasan: only apply __GFP_ZEROTAGS when memory is zeroed andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 09/39] kasan, page_alloc: refactor init checks in post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 10/39] kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 11/39] kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 12/39] kasan, page_alloc: move SetPageSkipKASanPoison " andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 13/39] kasan, page_alloc: move kernel_init_free_pages " andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 14/39] kasan, page_alloc: rework kasan_unpoison_pages call site andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 15/39] kasan: clean up metadata byte definitions andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 16/39] kasan: define KASAN_VMALLOC_INVALID for SW_TAGS andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 17/39] kasan, x86, arm64, s390: rename functions for modules shadow andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 18/39] kasan, vmalloc: drop outdated VM_KASAN comment andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 19/39] kasan: reorder vmalloc hooks andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 20/39] kasan: add wrappers for " andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 21/39] kasan, vmalloc: reset tags in vmalloc functions andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 22/39] kasan, fork: reset pointer tags of vmapped stacks andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 23/39] kasan, arm64: " andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 24/39] kasan, vmalloc: add vmalloc tagging for SW_TAGS andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 25/39] kasan, vmalloc, arm64: mark vmalloc mappings as pgprot_tagged andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 26/39] kasan, vmalloc: unpoison VM_ALLOC pages after mapping andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 27/39] kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS andrey.konovalov
2022-03-23 11:48 ` Vlastimil Babka
2022-03-23 13:02 ` Sebastian Andrzej Siewior
2022-03-23 13:19 ` Vlastimil Babka
2022-03-23 13:36 ` Andrey Konovalov
2022-03-23 13:57 ` Vlastimil Babka
2022-03-23 15:11 ` Matthew Wilcox
2022-03-25 21:13 ` Andrew Morton
2022-01-24 18:05 ` [PATCH v6 28/39] kasan, page_alloc: allow skipping unpoisoning for HW_TAGS andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 29/39] kasan, page_alloc: allow skipping memory init " andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 30/39] kasan, vmalloc: add vmalloc tagging " andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 31/39] kasan, vmalloc: only tag normal vmalloc allocations andrey.konovalov
2022-03-08 15:17 ` Vasily Gorbik
2022-03-08 15:30 ` Andrey Konovalov
2022-03-08 15:48 ` Vasily Gorbik
2022-01-24 18:05 ` [PATCH v6 32/39] kasan, arm64: don't tag executable " andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 33/39] kasan: mark kasan_arg_stacktrace as __initdata andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 34/39] kasan: clean up feature flags for HW_TAGS mode andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 35/39] kasan: add kasan.vmalloc command line flag andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 36/39] kasan: allow enabling KASAN_VMALLOC and SW/HW_TAGS andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 37/39] arm64: select KASAN_VMALLOC for SW/HW_TAGS modes andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 38/39] kasan: documentation updates andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 39/39] kasan: improve vmalloc tests andrey.konovalov
2022-01-24 18:09 ` [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS Marco Elver
2022-01-24 18:32 ` Andrey Konovalov
2022-04-28 14:13 ` Qian Cai [this message]
2022-04-28 15:28 ` Andrey Konovalov
2022-04-28 16:12 ` Qian Cai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220428141356.GB71@qian \
--to=quic_qiancai@quicinc.com \
--cc=akpm@linux-foundation.org \
--cc=andrey.konovalov@linux.dev \
--cc=andreyknvl@gmail.com \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=pcc@google.com \
--cc=ryabinin.a.a@gmail.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).