mm: switch KASan hook calling order in page alloc/free path
When CONFIG_PAGE_POISONING is enabled, the pages are poisoned after setting free page in KASan Shadow memory and KASan reports the read after free warning. The same thing happens in the allocation path. So change the order of calling KASan_alloc/free API so that pages poisoning happens when the pages are in alloc status in KASan shadow memory. following is the KASan report for reference. ================================================================== BUG: KASan: use after free in memset+0x24/0x44 at addr ffffffc000000000 Write of size 4096 by task swapper/0 page:ffffffbac5000000 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x0() page dumped because: kasan: bad access detected CPU: 0 PID: 0 Comm: swapper Not tainted 3.18.0-g5a4a5d5-07242-g6938a8b-dirt Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2 + PMI8994 MTP (DT) Call trace: [<ffffffc000089ea4>] dump_backtrace+0x0/0x1c4 [<ffffffc00008a078>] show_stack+0x10/0x1c [<ffffffc0010ecfd8>] dump_stack+0x74/0xc8 [<ffffffc00020faec>] kasan_report_error+0x2b0/0x408 [<ffffffc00020fd20>] kasan_report+0x34/0x40 [<ffffffc00020f138>] __asan_storeN+0x15c/0x168 [<ffffffc00020f374>] memset+0x20/0x44 [<ffffffc0002086e0>] kernel_map_pages+0x238/0x2a8 [<ffffffc0001ba738>] free_pages_prepare+0x21c/0x25c [<ffffffc0001bc7e4>] __free_pages_ok+0x20/0xf0 [<ffffffc0001bd3bc>] __free_pages+0x34/0x44 [<ffffffc0001bd5d8>] __free_pages_bootmem+0xf4/0x110 [<ffffffc001ca9050>] free_all_bootmem+0x160/0x1f4 [<ffffffc001c97b30>] mem_init+0x70/0x1ec [<ffffffc001c909f8>] start_kernel+0x2b8/0x4e4 [<ffffffc001c987dc>] kasan_early_init+0x154/0x160. Change-Id: Idbd3dc629be57ed55a383b069a735ae3ee7b9f05 Signed-off-by:Se Wang (Patrick) Oh <sewango@codeaurora.org> Signed-off-by:
Loading
Please register or sign in to comment