From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8F74C4332E for ; Tue, 16 Mar 2021 19:23:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C9205650D9 for ; Tue, 16 Mar 2021 19:23:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240360AbhCPTWy (ORCPT ); Tue, 16 Mar 2021 15:22:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:59836 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236324AbhCPTWo (ORCPT ); Tue, 16 Mar 2021 15:22:44 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id C7A6A6505E; Tue, 16 Mar 2021 19:22:42 +0000 (UTC) Date: Tue, 16 Mar 2021 19:22:40 +0000 From: Catalin Marinas To: Marco Elver Cc: Luis Henriques , Alexander Potapenko , Dmitry Vyukov , Andrew Morton , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: Issue with kfence and kmemleak Message-ID: <20210316192240.GC28565@arm.com> References: <20210316181938.GA28565@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 16, 2021 at 07:47:00PM +0100, Marco Elver wrote: > One thing I've just run into: "BUG: KFENCE: out-of-bounds read in > scan_block+0x6b/0x170 mm/kmemleak.c:1244" > > Probably because kmemleak is passed the rounded size for the size-class, > and not the real allocation size. Can this be fixed with > kmemleak_ignore() only called on the KFENCE guard pages? If it's only on the occasional object, you can do a kmemleak_scan_area() but some care needed as this in turn allocates memory for kmemleak internal metadata. > I'd like kmemleak to scan the valid portion of an object allocated > through KFENCE, but no further than that. > > Or do we need to fix the size if it's a kfence object: > > diff --git a/mm/kmemleak.c b/mm/kmemleak.c > index c0014d3b91c1..fe6e3ae8e8c6 100644 > --- a/mm/kmemleak.c > +++ b/mm/kmemleak.c > @@ -97,6 +97,7 @@ > #include > > #include > +#include > #include > #include > > @@ -589,7 +590,7 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size, > atomic_set(&object->use_count, 1); > object->flags = OBJECT_ALLOCATED; > object->pointer = ptr; > - object->size = size; > + object->size = kfence_ksize((void *)ptr) ?: size; > object->excess_ref = 0; > object->min_count = min_count; > object->count = 0; /* white color initially */ > > The alternative is to call kfence_ksize() in slab_post_alloc_hook() when > calling kmemleak_alloc. One of these is probably the easiest. If kfence only works on slab objects, better to pass the right size from slab_post_alloc_hook(). If you plan to expand it later to vmalloc(), just fix the size in create_object(). -- Catalin