From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5472F34D4D3 for ; Fri, 20 Feb 2026 14:49:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771598987; cv=none; b=da2CVunc+k+FZzJ0a9O68AsjRQq6TpiV0K2oYD4fJVdarnALKED8deAGiSNFN9IZ4eUVJxLAuFb9IugcsKEK++OehauYN18MJZBNGxxykMd3MCDJXcvHp9GqrodKgPUjzE0yfjADMyRAO0S9PgNu3KDcJuYF/lHddALIk/VJs90= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771598987; c=relaxed/simple; bh=9Nh27rPFeHNCWr8MUFQIUbZtfDXJvCeFJWUeTB2DOls=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=JcePVPU31GaM3m7I/+yihCSICbTu2KkiLc43Dvcdw+4pWZ95eRPIOIxafmEQwLUaqWPBejnw5eULeu7C7XhasYjzoz3taHGWG/9MalRGHvwt6vkKxQo+I6WhGlLB/umuitVLEDMJM0aBjv7Sj8WkmOjR5QF5kYYrIaaUtOBJO2g= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--glider.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ar1+mShr; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--glider.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ar1+mShr" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4837cee2e9bso17294455e9.3 for ; Fri, 20 Feb 2026 06:49:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1771598985; x=1772203785; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=7l0Rk7sxPzClSemlodKxJT0xAUIi4Uh2P1WbS8uB91M=; b=ar1+mShrdv9DPJx5gewY9qZdbnDvM1FEjtgc17sXBl8hhRg5XwZjsBSW+QbHHOBsi3 TMxnwop17evdlMJRE3sJmevLMUuaFiIPR4SEcGhnW934ZvuW4lH6dRzGUX6aGnWg3rN0 pySHeWEZjfphqdVIvkND3fYmi/AHN6/ZbiJ85uU0r1X1Gc/6CNcXPD5ZRK0JQs0UXV4k 4x3BC22NIDrHoXufmBjmpblQEh/5Zhej5RTO/Wby7jXt3EmoPB+awguTQ1oLliZpHCsh 000zDLmNKA8ZZBoHoAPuyTBTskf220ZUx7KvpmLXBNfunhA7Oot2paEs1peaeHEiOJFz JXcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771598985; x=1772203785; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=7l0Rk7sxPzClSemlodKxJT0xAUIi4Uh2P1WbS8uB91M=; b=kGwnZPmhi8LOlMzM/alyqiSgJ9aNQNFtXYSyu3htXWDGhTPyxlYud2tsR0GWVD/5GD J+qiDCtEN27U9kusrtZZFrIWAO1AB+i6kfTdWIcoteTyamTSRGmskO+bEmmWrWlS5ZKN NiqNAPW+tT3KUeguQrtpUogWYctf/tIGaQBUNEmPQ7eGw/tfFEgzMJmt7mTi9vpVsElB c+u7zkqTfMMsDDc8Pp6k6xgbW86bKpCfn0qKYJnC5sCVOfT3zsL59nNHnho5wUSKtH7r FemDeLQGwQy+6eiTFMrHVkPd2/uuW0dTJDgaMbnUohOs5bqumruma5y8z+YkDFov/J0J 3aXQ== X-Forwarded-Encrypted: i=1; AJvYcCVOBSAL0snMw0dK9r3G/4H5PJhf0nzZnfiVhdz0OO4v8jlB+N1qDi6bwdOzCiFWamrRBaeFe+Y=@vger.kernel.org X-Gm-Message-State: AOJu0YyRASKfzX04+oEcHF6ygGJxSVsBQ1bemjv7kCroeFIKlY4tsTHS 895Kx89IYQZ9k9Z7e7TYGm3O0FvhEil9MS2km61J76GIPW1Waf6k214wbm+ETfr4R8ZebVPLntO SGMONwA== X-Received: from wmhn21.prod.google.com ([2002:a05:600c:3055:b0:483:6e28:c16f]) (user=glider job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:8b2f:b0:47d:885d:d2ff with SMTP id 5b1f17b1804b1-48379c1faccmr309919275e9.29.1771598984385; Fri, 20 Feb 2026 06:49:44 -0800 (PST) Date: Fri, 20 Feb 2026 15:49:40 +0100 Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Mailer: git-send-email 2.53.0.345.g96ddfc5eaa-goog Message-ID: <20260220144940.2779209-1-glider@google.com> Subject: [PATCH v1] mm/kfence: fix KASAN hardware tag faults during late enablement From: Alexander Potapenko To: glider@google.com Cc: akpm@linux-foundation.org, mark.rutland@arm.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, pimyn@google.com, Andrey Konovalov , Andrey Ryabinin , Dmitry Vyukov , Greg KH , Kees Cook , Marco Elver , stable@vger.kernel.org, Ernesto Martinez Garcia Content-Type: text/plain; charset="UTF-8" When KASAN hardware tags are enabled, re-enabling KFENCE late (via /sys/module/kfence/parameters/sample_interval) causes KASAN faults. This happens because the KFENCE pool and metadata are allocated via the page allocator, which tags the memory, while KFENCE continues to access it using untagged pointers during initialization. Use __GFP_SKIP_KASAN for late KFENCE pool and metadata allocations to ensure the memory remains untagged, consistent with early allocations from memblock. To support this, add __GFP_SKIP_KASAN to the allowlist in __alloc_contig_verify_gfp_mask(). Cc: Andrew Morton Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Dmitry Vyukov Cc: Greg KH Cc: Kees Cook Cc: Marco Elver Cc: Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure") Suggested-by: Ernesto Martinez Garcia Signed-off-by: Alexander Potapenko --- This is a follow-up for "mm/kfence: disable KFENCE upon KASAN HW tags enablement" that is currently in mm-hotfixes-unstable --- mm/kfence/core.c | 14 ++++++++------ mm/page_alloc.c | 3 ++- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/mm/kfence/core.c b/mm/kfence/core.c index 71f87072baf9b..30959c97b881d 100644 --- a/mm/kfence/core.c +++ b/mm/kfence/core.c @@ -999,14 +999,14 @@ static int kfence_init_late(void) #ifdef CONFIG_CONTIG_ALLOC struct page *pages; - pages = alloc_contig_pages(nr_pages_pool, GFP_KERNEL, first_online_node, - NULL); + pages = alloc_contig_pages(nr_pages_pool, GFP_KERNEL | __GFP_SKIP_KASAN, + first_online_node, NULL); if (!pages) return -ENOMEM; __kfence_pool = page_to_virt(pages); - pages = alloc_contig_pages(nr_pages_meta, GFP_KERNEL, first_online_node, - NULL); + pages = alloc_contig_pages(nr_pages_meta, GFP_KERNEL | __GFP_SKIP_KASAN, + first_online_node, NULL); if (pages) kfence_metadata_init = page_to_virt(pages); #else @@ -1016,11 +1016,13 @@ static int kfence_init_late(void) return -EINVAL; } - __kfence_pool = alloc_pages_exact(KFENCE_POOL_SIZE, GFP_KERNEL); + __kfence_pool = alloc_pages_exact(KFENCE_POOL_SIZE, + GFP_KERNEL | __GFP_SKIP_KASAN); if (!__kfence_pool) return -ENOMEM; - kfence_metadata_init = alloc_pages_exact(KFENCE_METADATA_SIZE, GFP_KERNEL); + kfence_metadata_init = alloc_pages_exact(KFENCE_METADATA_SIZE, + GFP_KERNEL | __GFP_SKIP_KASAN); #endif if (!kfence_metadata_init) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index cbf758e27aa2c..9d1887e3d4074 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -6921,7 +6921,8 @@ static int __alloc_contig_verify_gfp_mask(gfp_t gfp_mask, gfp_t *gfp_cc_mask) { const gfp_t reclaim_mask = __GFP_IO | __GFP_FS | __GFP_RECLAIM; const gfp_t action_mask = __GFP_COMP | __GFP_RETRY_MAYFAIL | __GFP_NOWARN | - __GFP_ZERO | __GFP_ZEROTAGS | __GFP_SKIP_ZERO; + __GFP_ZERO | __GFP_ZEROTAGS | __GFP_SKIP_ZERO | + __GFP_SKIP_KASAN; const gfp_t cc_action_mask = __GFP_RETRY_MAYFAIL | __GFP_NOWARN; /* -- 2.53.0.345.g96ddfc5eaa-goog