From: Qian Cai <cai@xxxxxx> Subject: slub: fix SLAB_CONSISTENCY_CHECKS + KASAN_SW_TAGS Enabling SLUB_DEBUG's SLAB_CONSISTENCY_CHECKS with KASAN_SW_TAGS triggers endless false positives during boot below due to check_valid_pointer() checks tagged pointers which have no addresses that is valid within slab pages. [ 0.000000] BUG radix_tree_node (Tainted: G B ): Freelist Pointer check fails [ 0.000000] ----------------------------------------------------------------------------- [ 0.000000] [ 0.000000] INFO: Slab 0x(____ptrval____) objects=69 used=69 fp=0x (null) flags=0x7ffffffc000200 [ 0.000000] INFO: Object 0x(____ptrval____) @offset=15060037153926966016 fp=0x(____ptrval____) [ 0.000000] [ 0.000000] Redzone (____ptrval____): bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 18 6b 06 00 08 80 ff d0 .........k...... [ 0.000000] Object (____ptrval____): 18 6b 06 00 08 80 ff d0 00 00 00 00 00 00 00 00 .k.............. [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object (____ptrval____): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Redzone (____ptrval____): bb bb bb bb bb bb bb bb ........ [ 0.000000] Padding (____ptrval____): 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ [ 0.000000] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.0.0-rc5+ #18 [ 0.000000] Call trace: [ 0.000000] dump_backtrace+0x0/0x450 [ 0.000000] show_stack+0x20/0x2c [ 0.000000] __dump_stack+0x20/0x28 [ 0.000000] dump_stack+0xa0/0xfc [ 0.000000] print_trailer+0x1bc/0x1d0 [ 0.000000] object_err+0x40/0x50 [ 0.000000] alloc_debug_processing+0xf0/0x19c [ 0.000000] ___slab_alloc+0x554/0x704 [ 0.000000] kmem_cache_alloc+0x2f8/0x440 [ 0.000000] radix_tree_node_alloc+0x90/0x2fc [ 0.000000] idr_get_free+0x1e8/0x6d0 [ 0.000000] idr_alloc_u32+0x11c/0x2a4 [ 0.000000] idr_alloc+0x74/0xe0 [ 0.000000] worker_pool_assign_id+0x5c/0xbc [ 0.000000] workqueue_init_early+0x49c/0xd50 [ 0.000000] start_kernel+0x52c/0xac4 [ 0.000000] FIX radix_tree_node: Marking all objects used [ 0.000000] Link: http://lkml.kernel.org/r/20190209044128.3290-1-cai@xxxxxx Signed-off-by: Qian Cai <cai@xxxxxx> Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> Cc: Christoph Lameter <cl@xxxxxxxxx> Cc: Pekka Enberg <penberg@xxxxxxxxxx> Cc: David Rientjes <rientjes@xxxxxxxxxx> Cc: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- --- a/mm/slub.c~slub-fix-slab_consistency_checks-kasan_sw_tags +++ a/mm/slub.c @@ -513,6 +513,7 @@ static inline int check_valid_pointer(st return 1; base = page_address(page); + object = kasan_reset_tag(object); object = restore_red_left(s, object); if (object < base || object >= base + page->objects * s->size || (object - base) % s->size) { _
