+ slub-fix-slab_consistency_checks-kasan_sw_tags.patch added to -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Mon, 11 Feb 2019 17:01:52 -0800

The patch titled
     Subject: slub: fix SLAB_CONSISTENCY_CHECKS + KASAN_SW_TAGS
has been added to the -mm tree.  Its filename is
     slub-fix-slab_consistency_checks-kasan_sw_tags.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/slub-fix-slab_consistency_checks-kasan_sw_tags.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/slub-fix-slab_consistency_checks-kasan_sw_tags.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Qian Cai <cai@xxxxxx>
Subject: slub: fix SLAB_CONSISTENCY_CHECKS + KASAN_SW_TAGS

Enabling SLUB_DEBUG's SLAB_CONSISTENCY_CHECKS with KASAN_SW_TAGS triggers
endless false positives during boot below due to check_valid_pointer()
checks tagged pointers which have no addresses that is valid within slab
pages.

[    0.000000] BUG radix_tree_node (Tainted: G    B            ): Freelist Pointer check fails
[    0.000000] -----------------------------------------------------------------------------
[    0.000000]
[    0.000000] INFO: Slab 0x(____ptrval____) objects=69 used=69 fp=0x          (null) flags=0x7ffffffc000200
[    0.000000] INFO: Object 0x(____ptrval____) @offset=15060037153926966016 fp=0x(____ptrval____)
[    0.000000]
[    0.000000] Redzone (____ptrval____): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 18 6b 06 00 08 80 ff d0  .........k......
[    0.000000] Object (____ptrval____): 18 6b 06 00 08 80 ff d0 00 00 00 00 00 00 00 00  .k..............
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[    0.000000] Redzone (____ptrval____): bb bb bb bb bb bb bb bb                          ........
[    0.000000] Padding (____ptrval____): 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
[    0.000000] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             5.0.0-rc5+ #18
[    0.000000] Call trace:
[    0.000000]  dump_backtrace+0x0/0x450
[    0.000000]  show_stack+0x20/0x2c
[    0.000000]  __dump_stack+0x20/0x28
[    0.000000]  dump_stack+0xa0/0xfc
[    0.000000]  print_trailer+0x1bc/0x1d0
[    0.000000]  object_err+0x40/0x50
[    0.000000]  alloc_debug_processing+0xf0/0x19c
[    0.000000]  ___slab_alloc+0x554/0x704
[    0.000000]  kmem_cache_alloc+0x2f8/0x440
[    0.000000]  radix_tree_node_alloc+0x90/0x2fc
[    0.000000]  idr_get_free+0x1e8/0x6d0
[    0.000000]  idr_alloc_u32+0x11c/0x2a4
[    0.000000]  idr_alloc+0x74/0xe0
[    0.000000]  worker_pool_assign_id+0x5c/0xbc
[    0.000000]  workqueue_init_early+0x49c/0xd50
[    0.000000]  start_kernel+0x52c/0xac4
[    0.000000] FIX radix_tree_node: Marking all objects used
[    0.000000]

Link: http://lkml.kernel.org/r/20190209044128.3290-1-cai@xxxxxx
Signed-off-by: Qian Cai <cai@xxxxxx>
Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
Cc: Christoph Lameter <cl@xxxxxxxxx>
Cc: Pekka Enberg <penberg@xxxxxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

--- a/mm/slub.c~slub-fix-slab_consistency_checks-kasan_sw_tags
+++ a/mm/slub.c
@@ -502,6 +502,7 @@ static inline int check_valid_pointer(st
 		return 1;
 
 	base = page_address(page);
+	object = kasan_reset_tag(object);
 	object = restore_red_left(s, object);
 	if (object < base || object >= base + page->objects * s->size ||
 		(object - base) % s->size) {
_

Patches currently in -mm which might be from cai@xxxxxx are

revert-mm-use-early_pfn_to_nid-in-page_ext_init.patch
slub-fix-slab_consistency_checks-kasan_sw_tags.patch
page_poison-play-nicely-with-kasan.patch
slab-kmemleak-no-scan-alien-caches.patch
slub-remove-an-unused-addr-argument.patch
mm-compaction-be-selective-about-what-pageblocks-to-clear-skip-hints-fix.patch
signal-allow-the-null-signal-in-rt_sigqueueinfo.patch







