lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CA+fCnZddq=S0H5qXZ_CLSB3Y1cNw7nY4AYTBsGRR5DmY5+=paA@mail.gmail.com>
Date: Tue, 20 Jan 2026 18:46:04 +0100
From: Andrey Konovalov <andreyknvl@...il.com>
To: Andrey Ryabinin <ryabinin.a.a@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, Maciej Żenczykowski <maze@...gle.com>, 
	Maciej Wieczor-Retman <m.wieczorretman@...me>, Alexander Potapenko <glider@...gle.com>, 
	Dmitry Vyukov <dvyukov@...gle.com>, Vincenzo Frascino <vincenzo.frascino@....com>, 
	kasan-dev@...glegroups.com, Uladzislau Rezki <urezki@...il.com>, linux-kernel@...r.kernel.org, 
	linux-mm@...ck.org
Subject: Re: [PATCH] mm-kasan-fix-kasan-poisoning-in-vrealloc-fix

On Mon, Jan 19, 2026 at 3:46 PM Andrey Ryabinin <ryabinin.a.a@...il.com> wrote:
>
> Move kasan_enabled() check to header function to avoid function call
> if kasan disabled via boot cmdline.
>
> Move __kasan_vrealloc() to common.c to fix CONFIG_KASAN_HW_TAGS=y
>
> Signed-off-by: Andrey Ryabinin <ryabinin.a.a@...il.com>
> ---
>  include/linux/kasan.h | 10 +++++++++-
>  mm/kasan/common.c     | 21 +++++++++++++++++++++
>  mm/kasan/shadow.c     | 24 ------------------------
>  3 files changed, 30 insertions(+), 25 deletions(-)
>
> diff --git a/include/linux/kasan.h b/include/linux/kasan.h
> index ff27712dd3c8..338a1921a50a 100644
> --- a/include/linux/kasan.h
> +++ b/include/linux/kasan.h
> @@ -641,9 +641,17 @@ kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms,
>                 __kasan_unpoison_vmap_areas(vms, nr_vms, flags);
>  }
>
> -void kasan_vrealloc(const void *start, unsigned long old_size,
> +void __kasan_vrealloc(const void *start, unsigned long old_size,
>                 unsigned long new_size);
>
> +static __always_inline void kasan_vrealloc(const void *start,
> +                                       unsigned long old_size,
> +                                       unsigned long new_size)
> +{
> +       if (kasan_enabled())
> +               __kasan_vrealloc(start, old_size, new_size);
> +}
> +
>  #else /* CONFIG_KASAN_VMALLOC */
>
>  static inline void kasan_populate_early_vm_area_shadow(void *start,
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index ed489a14dddf..b7d05c2a6d93 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -606,4 +606,25 @@ void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms,
>                         __kasan_unpoison_vmalloc(addr, size, flags | KASAN_VMALLOC_KEEP_TAG);
>         }
>  }
> +
> +void __kasan_vrealloc(const void *addr, unsigned long old_size,
> +               unsigned long new_size)
> +{
> +       if (new_size < old_size) {
> +               kasan_poison_last_granule(addr, new_size);

I wonder if doing this without a is_vmalloc_or_module_addr() check
could cause issues. I remember that removing
is_vmalloc_or_module_addr() checks from other vmalloc hooks did cause
problems, but I don't remember what kind.

> +
> +               new_size = round_up(new_size, KASAN_GRANULE_SIZE);
> +               old_size = round_up(old_size, KASAN_GRANULE_SIZE);
> +               if (new_size < old_size)
> +                       __kasan_poison_vmalloc(addr + new_size,
> +                                       old_size - new_size);
> +       } else if (new_size > old_size) {
> +               old_size = round_down(old_size, KASAN_GRANULE_SIZE);
> +               __kasan_unpoison_vmalloc(addr + old_size,
> +                                       new_size - old_size,
> +                                       KASAN_VMALLOC_PROT_NORMAL |
> +                                       KASAN_VMALLOC_VM_ALLOC |
> +                                       KASAN_VMALLOC_KEEP_TAG);
> +       }
> +}
>  #endif
> diff --git a/mm/kasan/shadow.c b/mm/kasan/shadow.c
> index e9b6b2d8e651..32fbdf759ea2 100644
> --- a/mm/kasan/shadow.c
> +++ b/mm/kasan/shadow.c
> @@ -651,30 +651,6 @@ void __kasan_poison_vmalloc(const void *start, unsigned long size)
>         kasan_poison(start, size, KASAN_VMALLOC_INVALID, false);
>  }
>
> -void kasan_vrealloc(const void *addr, unsigned long old_size,
> -               unsigned long new_size)
> -{
> -       if (!kasan_enabled())
> -               return;
> -
> -       if (new_size < old_size) {
> -               kasan_poison_last_granule(addr, new_size);
> -
> -               new_size = round_up(new_size, KASAN_GRANULE_SIZE);
> -               old_size = round_up(old_size, KASAN_GRANULE_SIZE);
> -               if (new_size < old_size)
> -                       __kasan_poison_vmalloc(addr + new_size,
> -                                       old_size - new_size);
> -       } else if (new_size > old_size) {
> -               old_size = round_down(old_size, KASAN_GRANULE_SIZE);
> -               __kasan_unpoison_vmalloc(addr + old_size,
> -                                       new_size - old_size,
> -                                       KASAN_VMALLOC_PROT_NORMAL |
> -                                       KASAN_VMALLOC_VM_ALLOC |
> -                                       KASAN_VMALLOC_KEEP_TAG);
> -       }
> -}
> -
>  #else /* CONFIG_KASAN_VMALLOC */
>
>  int kasan_alloc_module_shadow(void *addr, size_t size, gfp_t gfp_mask)
> --
> 2.52.0
>

Reviewed-by: Andrey Konovalov <andreyknvl@...il.com>

Thank you!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ