lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aPsw8QJfRyNWQGIc@hyeyoo>
Date: Fri, 24 Oct 2025 16:55:29 +0900
From: Harry Yoo <harry.yoo@...cle.com>
To: Andrey Konovalov <andreyknvl@...il.com>
Cc: Vlastimil Babka <vbabka@...e.cz>, David Rientjes <rientjes@...gle.com>,
        Alexander Potapenko <glider@...gle.com>,
        Roman Gushchin <roman.gushchin@...ux.dev>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Vincenzo Frascino <vincenzo.frascino@....com>,
        Andrey Ryabinin <ryabinin.a.a@...il.com>,
        Feng Tang <feng.79.tang@...il.com>, Christoph Lameter <cl@...two.org>,
        Dmitry Vyukov <dvyukov@...gle.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com,
        stable@...r.kernel.org
Subject: Re: [PATCH] mm/slab: ensure all metadata in slab object are
 word-aligned

On Fri, Oct 24, 2025 at 03:56:29AM +0200, Andrey Konovalov wrote:
> On Fri, Oct 24, 2025 at 3:19 AM Andrey Konovalov <andreyknvl@...il.com> wrote:
> >
> > On Fri, Oct 24, 2025 at 2:41 AM Harry Yoo <harry.yoo@...cle.com> wrote:
> > >
> > > Adding more details on how I discovered this and why I care:
> > >
> > > I was developing a feature that uses unused bytes in s->size as the
> > > slabobj_ext metadata. Unlike other metadata where slab disables KASAN
> > > when accessing it, this should be unpoisoned to avoid adding complexity
> > > and overhead when accessing it.
> >
> > Generally, unpoisoining parts of slabs that should not be accessed by
> > non-slab code is undesirable - this would prevent KASAN from detecting
> > OOB accesses into that memory.
> >
> > An alternative to unpoisoning or disabling KASAN could be to add
> > helper functions annotated with __no_sanitize_address that do the
> > required accesses. And make them inlined when KASAN is disabled to
> > avoid the performance hit.
> >
> > On a side note, you might also need to check whether SW_TAGS KASAN and
> > KMSAN would be unhappy with your changes:
> >
> > - When we do kasan_disable_current() or metadata_access_enable(), we
> > also do kasan_reset_tag();
> > - In metadata_access_enable(), we disable KMSAN as well.
> >
> > > This warning is from kasan_unpoison():
> > >         if (WARN_ON((unsigned long)addr & KASAN_GRANULE_MASK))
> > >                 return;
> > >
> > > on x86_64, the address passed to kasan_{poison,unpoison}() should be at
> > > least aligned with 8 bytes.
> > >
> > > After manual investigation it turns out when the SLAB_STORE_USER flag is
> > > specified, any metadata after the original kmalloc request size is
> > > misaligned.
> > >
> > > Questions:
> > > - Could it cause any issues other than the one described above?
> > > - Does KASAN even support architectures that have issues with unaligned
> > >   accesses?
> >
> > Unaligned accesses are handled just fine. It's just that the start of
> > any unpoisoned/accessible memory region must be aligned to 8 (or 16
> > for SW_TAGS) bytes due to how KASAN encodes shadow memory values.
> 
> Misread your question: my response was about whether unaligned
> accesses are instrumented/checked correctly on architectures that do
> support them.

Haha, I was a bit confused while reading the reply, turns out we were
talking about different things.

And yes, I was asking about the case where the architecture doesn't
support it.

> For architectures that do not: there might indeed be an issue.
> Though there's KASAN support for xtensa and I suppose it works
> (does xtensa support unaligned accesses?).

Looks like 64-bit architectures without HAVE_EFFICIENT_UNALIGNED_ACCESS
are assumed to require 64 bit accesses to be 64 bit aligned [1]?

[1] https://lore.kernel.org/all/20201214112629.3cf6f240@gandalf.local.home

But yeah, the combination of

(architectures that do not support unaligned accesses) x
(enabling KASAN) x
(enabling slab_debug=U)

should be pretty rare... ;)

> > > - How come we haven't seen any issues regarding this so far? :/
> >
> > As you pointed out, we don't unpoison the memory that stores KASAN
> > metadata and instead just disable KASAN error reporting. This is done
> > deliberately to allow KASAN catching accesses into that memory that
> > happen outside of the slab/KASAN code.

-- 
Cheers,
Harry / Hyeonggon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ