Commit 3454104b authored Apr 23, 2019 by Patrick Daly

kasan: Zero shadow memory on memory hotplug



Vmalloc does not zero memory by default. In this instance,
CONFIG_PAGE_POISONING was enabled, so the pages were initialized
to 0xAA.

 kasan_report+0x28c/0x2f8
 check_memory_region+0x1dc/0x1e8
 memset+0x2c/0x50
 kernel_poison_pages+0x234/0x398
 __free_pages_ok+0x380/0xd50
 __free_pages+0x4c/0xd0
 online_pages_range+0x174/0x1c8
 walk_system_ram_range+0x130/0x170
 online_pages+0x298/0x458
 memory_block_change_state+0x160/0x210
 memory_subsys_online+0x68/0x90
 device_online+0x9c/0xc8
 add_memory_resource+0x18c/0x228
 add_memory+0x118/0x180

Memory state around the buggy address:
 ffffffc17fffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffc17fffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc180000000: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                   ^
 ffffffc180000080: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
 ffffffc180000100: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa

Change-Id: Id487a53d3cbe14a4ba73d43e151a51fd3162b1e0
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>

parent 3d91e789

mm/kasan/kasan.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -857,7 +857,7 @@ static int __meminit kasan_mem_notifier(struct notifier_block *nb,
		return NOTIFY_OK;

		ret = __vmalloc_node_range(shadow_size, PAGE_SIZE, shadow_start,
		shadow_end, GFP_KERNEL,
		shadow_end, GFP_KERNEL \| __GFP_ZERO,
		PAGE_KERNEL, VM_NO_GUARD,
		pfn_to_nid(mem_data->start_pfn),
		__builtin_return_address(0));