mirror of
				https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux
				synced 2025-10-27 00:45:37 +10:00 
			
		
		
		
	mm/vmalloc: unbreak kasan vmalloc support
In commit121e6f3258("mm/vmalloc: hugepage vmalloc mappings"), __vmalloc_node_range was changed such that __get_vm_area_node was no longer called with the requested/real size of the vmalloc allocation, but rather with a rounded-up size. This means that __get_vm_area_node called kasan_unpoision_vmalloc() with a rounded up size rather than the real size. This led to it allowing access to too much memory and so missing vmalloc OOBs and failing the kasan kunit tests. Pass the real size and the desired shift into __get_vm_area_node. This allows it to round up the size for the underlying allocators while still unpoisioning the correct quantity of shadow memory. Adjust the other call-sites to pass in PAGE_SHIFT for the shift value. Link: https://lkml.kernel.org/r/20210617081330.98629-1-dja@axtens.net Link: https://bugzilla.kernel.org/show_bug.cgi?id=213335 Fixes:121e6f3258("mm/vmalloc: hugepage vmalloc mappings") Signed-off-by: Daniel Axtens <dja@axtens.net> Tested-by: David Gow <davidgow@google.com> Reviewed-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki@gmail.com> Tested-by: Andrey Konovalov <andreyknvl@gmail.com> Acked-by: Andrey Konovalov <andreyknvl@gmail.com> Cc: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
		
							parent
							
								
									185cca24e9
								
							
						
					
					
						commit
						7ca3027b72
					
				
							
								
								
									
										24
									
								
								mm/vmalloc.c
									
									
									
									
									
								
							
							
						
						
									
										24
									
								
								mm/vmalloc.c
									
									
									
									
									
								
							| @ -2344,15 +2344,16 @@ static void clear_vm_uninitialized_flag(struct vm_struct *vm) | ||||
| } | ||||
| 
 | ||||
| static struct vm_struct *__get_vm_area_node(unsigned long size, | ||||
| 		unsigned long align, unsigned long flags, unsigned long start, | ||||
| 		unsigned long end, int node, gfp_t gfp_mask, const void *caller) | ||||
| 		unsigned long align, unsigned long shift, unsigned long flags, | ||||
| 		unsigned long start, unsigned long end, int node, | ||||
| 		gfp_t gfp_mask, const void *caller) | ||||
| { | ||||
| 	struct vmap_area *va; | ||||
| 	struct vm_struct *area; | ||||
| 	unsigned long requested_size = size; | ||||
| 
 | ||||
| 	BUG_ON(in_interrupt()); | ||||
| 	size = PAGE_ALIGN(size); | ||||
| 	size = ALIGN(size, 1ul << shift); | ||||
| 	if (unlikely(!size)) | ||||
| 		return NULL; | ||||
| 
 | ||||
| @ -2384,8 +2385,8 @@ struct vm_struct *__get_vm_area_caller(unsigned long size, unsigned long flags, | ||||
| 				       unsigned long start, unsigned long end, | ||||
| 				       const void *caller) | ||||
| { | ||||
| 	return __get_vm_area_node(size, 1, flags, start, end, NUMA_NO_NODE, | ||||
| 				  GFP_KERNEL, caller); | ||||
| 	return __get_vm_area_node(size, 1, PAGE_SHIFT, flags, start, end, | ||||
| 				  NUMA_NO_NODE, GFP_KERNEL, caller); | ||||
| } | ||||
| 
 | ||||
| /**
 | ||||
| @ -2401,7 +2402,8 @@ struct vm_struct *__get_vm_area_caller(unsigned long size, unsigned long flags, | ||||
|  */ | ||||
| struct vm_struct *get_vm_area(unsigned long size, unsigned long flags) | ||||
| { | ||||
| 	return __get_vm_area_node(size, 1, flags, VMALLOC_START, VMALLOC_END, | ||||
| 	return __get_vm_area_node(size, 1, PAGE_SHIFT, flags, | ||||
| 				  VMALLOC_START, VMALLOC_END, | ||||
| 				  NUMA_NO_NODE, GFP_KERNEL, | ||||
| 				  __builtin_return_address(0)); | ||||
| } | ||||
| @ -2409,7 +2411,8 @@ struct vm_struct *get_vm_area(unsigned long size, unsigned long flags) | ||||
| struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags, | ||||
| 				const void *caller) | ||||
| { | ||||
| 	return __get_vm_area_node(size, 1, flags, VMALLOC_START, VMALLOC_END, | ||||
| 	return __get_vm_area_node(size, 1, PAGE_SHIFT, flags, | ||||
| 				  VMALLOC_START, VMALLOC_END, | ||||
| 				  NUMA_NO_NODE, GFP_KERNEL, caller); | ||||
| } | ||||
| 
 | ||||
| @ -2902,9 +2905,9 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, | ||||
| 	} | ||||
| 
 | ||||
| again: | ||||
| 	size = PAGE_ALIGN(size); | ||||
| 	area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNINITIALIZED | | ||||
| 				vm_flags, start, end, node, gfp_mask, caller); | ||||
| 	area = __get_vm_area_node(real_size, align, shift, VM_ALLOC | | ||||
| 				  VM_UNINITIALIZED | vm_flags, start, end, node, | ||||
| 				  gfp_mask, caller); | ||||
| 	if (!area) { | ||||
| 		warn_alloc(gfp_mask, NULL, | ||||
| 			   "vmalloc size %lu allocation failure: " | ||||
| @ -2923,6 +2926,7 @@ again: | ||||
| 	 */ | ||||
| 	clear_vm_uninitialized_flag(area); | ||||
| 
 | ||||
| 	size = PAGE_ALIGN(size); | ||||
| 	kmemleak_vmalloc(area, size, gfp_mask); | ||||
| 
 | ||||
| 	return addr; | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user