On Tue, Aug 29, 2023 at 07:11PM +0200, andrey.konovalov@xxxxxxxxx wrote:
> From: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
>
> Evict stack traces from the stack depot for the tag-based KASAN modes
> once they are evicted from the stack ring.
>
> Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
> ---
> mm/kasan/tags.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/mm/kasan/tags.c b/mm/kasan/tags.c
> index 7dcfe341d48e..fa6b0f77a7dd 100644
> --- a/mm/kasan/tags.c
> +++ b/mm/kasan/tags.c
> @@ -96,7 +96,7 @@ static void save_stack_info(struct kmem_cache *cache, void *object,
> gfp_t gfp_flags, bool is_free)
> {
> unsigned long flags;
> - depot_stack_handle_t stack;
> + depot_stack_handle_t stack, old_stack;
> u64 pos;
> struct kasan_stack_ring_entry *entry;
> void *old_ptr;
> @@ -120,6 +120,8 @@ static void save_stack_info(struct kmem_cache *cache, void *object,
> if (!try_cmpxchg(&entry->ptr, &old_ptr, STACK_RING_BUSY_PTR))
> goto next; /* Busy slot. */
>
> + old_stack = READ_ONCE(entry->stack);
Why READ_ONCE? Is it possible that there is a concurrent writer once the
slot has been "locked" with STACK_RING_BUSY_PTR?
If there is no concurrency, it would be clearer to leave it unmarked and
add a comment to that effect. (I also think a comment would be good to
say what the WRITE_ONCE below pair with, because at this point I've
forgotten.)
> WRITE_ONCE(entry->size, cache->object_size);
> WRITE_ONCE(entry->pid, current->pid);
> WRITE_ONCE(entry->stack, stack);
> @@ -131,6 +133,9 @@ static void save_stack_info(struct kmem_cache *cache, void *object,
> smp_store_release(&entry->ptr, (s64)object);
>
> read_unlock_irqrestore(&stack_ring.lock, flags);
> +
> + if (old_stack)
> + stack_depot_evict(old_stack);
> }
>
> void kasan_save_alloc_info(struct kmem_cache *cache, void *object, gfp_t flags)
> --
> 2.25.1
>
