git.baikalelectronics.ru Git - kernel.git/commit

author	Marco Elver <elver@google.com>
	Fri, 18 Nov 2022 15:22:16 +0000 (16:22 +0100)
committer	Andrew Morton <akpm@linux-foundation.org>
	Wed, 23 Nov 2022 02:50:44 +0000 (18:50 -0800)
commit	f7702c364a492a8918f00b8866816d17dd056c2a
tree	865e42f383aba09050f67e58c5e95d25e967ece6	tree \| snapshot
parent	80a1912e584a6b42590f6911a55afacb29dc9484	commit \| diff

kfence: fix stack trace pruning

Commit e0cadfb4fbc3 ("mm/sl[au]b: generalize kmalloc subsystem")
refactored large parts of the kmalloc subsystem, resulting in the stack
trace pruning logic done by KFENCE to no longer work.

While e0cadfb4fbc3 attempted to fix the situation by including
'__kmem_cache_free' in the list of functions KFENCE should skip through,
this only works when the compiler actually optimized the tail call from
kfree() to __kmem_cache_free() into a jump (and thus kfree() _not_
appearing in the full stack trace to begin with).

In some configurations, the compiler no longer optimizes the tail call
into a jump, and __kmem_cache_free() appears in the stack trace.  This
means that the pruned stack trace shown by KFENCE would include kfree()
which is not intended - for example:

| BUG: KFENCE: invalid free in kfree+0x7c/0x120
|
| Invalid free of 0xffff8883ed8fefe0 (in kfence-#126):
|  kfree+0x7c/0x120
|  test_double_free+0x116/0x1a9
|  kunit_try_run_case+0x90/0xd0
| [...]

Fix it by moving __kmem_cache_free() to the list of functions that may be
tail called by an allocator entry function, making the pruning logic work
in both the optimized and unoptimized tail call cases.

Link: https://lkml.kernel.org/r/20221118152216.3914899-1-elver@google.com
Fixes: e0cadfb4fbc3 ("mm/sl[au]b: generalize kmalloc subsystem")
Signed-off-by: Marco Elver <elver@google.com>
Reviewed-by: Alexander Potapenko <glider@google.com>
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: Feng Tang <feng.tang@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>