git.baikalelectronics.ru Git - kernel.git/commit

author	Marco Elver <elver@google.com>
	Fri, 18 Nov 2022 15:22:16 +0000 (16:22 +0100)
committer	Andrew Morton <akpm@linux-foundation.org>
	Wed, 23 Nov 2022 02:50:44 +0000 (18:50 -0800)
commit	e75b03e58a0f8ad2a83c237fe6aff8b8708965fb
tree	865e42f383aba09050f67e58c5e95d25e967ece6	tree \| snapshot
parent	c3b92e8ba6d9926c4c8bc1c3b37a7d94b50c4f33	commit \| diff

kfence: fix stack trace pruning

Commit 401edcb4a73c ("mm/sl[au]b: generalize kmalloc subsystem")
refactored large parts of the kmalloc subsystem, resulting in the stack
trace pruning logic done by KFENCE to no longer work.

While 401edcb4a73c attempted to fix the situation by including
'__kmem_cache_free' in the list of functions KFENCE should skip through,
this only works when the compiler actually optimized the tail call from
kfree() to __kmem_cache_free() into a jump (and thus kfree() _not_
appearing in the full stack trace to begin with).

In some configurations, the compiler no longer optimizes the tail call
into a jump, and __kmem_cache_free() appears in the stack trace.  This
means that the pruned stack trace shown by KFENCE would include kfree()
which is not intended - for example:

| BUG: KFENCE: invalid free in kfree+0x7c/0x120
|
| Invalid free of 0xffff8883ed8fefe0 (in kfence-#126):
|  kfree+0x7c/0x120
|  test_double_free+0x116/0x1a9
|  kunit_try_run_case+0x90/0xd0
| [...]

Fix it by moving __kmem_cache_free() to the list of functions that may be
tail called by an allocator entry function, making the pruning logic work
in both the optimized and unoptimized tail call cases.

Link: https://lkml.kernel.org/r/20221118152216.3914899-1-elver@google.com
Fixes: 401edcb4a73c ("mm/sl[au]b: generalize kmalloc subsystem")
Signed-off-by: Marco Elver <elver@google.com>
Reviewed-by: Alexander Potapenko <glider@google.com>
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Feng Tang <feng.tang@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>