diff options
| author | Se Wang (Patrick) Oh <sewango@codeaurora.org> | 2015-06-25 15:15:06 -0700 |
|---|---|---|
| committer | David Keitel <dkeitel@codeaurora.org> | 2016-03-22 11:03:46 -0700 |
| commit | ab5d4ae2e4c60e9552b304331f3a05efbc7f3157 (patch) | |
| tree | 311389ca99a350f26eded3263dfec372a06c033f /mm/compaction.c | |
| parent | 917d464f8881725c3937caa07c82ac0a4ef68672 (diff) | |
mm: switch KASan hook calling order in page alloc/free path
When CONFIG_PAGE_POISONING is enabled, the pages are poisoned
after setting free page in KASan Shadow memory and KASan reports
the read after free warning. The same thing happens in the allocation
path. So change the order of calling KASan_alloc/free API so that
pages poisoning happens when the pages are in alloc status in KASan
shadow memory.
following is the KASan report for reference.
==================================================================
BUG: KASan: use after free in memset+0x24/0x44 at addr ffffffc000000000
Write of size 4096 by task swapper/0
page:ffffffbac5000000 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x0()
page dumped because: kasan: bad access detected
CPU: 0 PID: 0 Comm: swapper Not tainted 3.18.0-g5a4a5d5-07242-g6938a8b-dirty #1
Hardware name: Qualcomm Technologies, Inc. MSM 8996 v2 + PMI8994 MTP (DT)
Call trace:
[<ffffffc000089ea4>] dump_backtrace+0x0/0x1c4
[<ffffffc00008a078>] show_stack+0x10/0x1c
[<ffffffc0010ecfd8>] dump_stack+0x74/0xc8
[<ffffffc00020faec>] kasan_report_error+0x2b0/0x408
[<ffffffc00020fd20>] kasan_report+0x34/0x40
[<ffffffc00020f138>] __asan_storeN+0x15c/0x168
[<ffffffc00020f374>] memset+0x20/0x44
[<ffffffc0002086e0>] kernel_map_pages+0x238/0x2a8
[<ffffffc0001ba738>] free_pages_prepare+0x21c/0x25c
[<ffffffc0001bc7e4>] __free_pages_ok+0x20/0xf0
[<ffffffc0001bd3bc>] __free_pages+0x34/0x44
[<ffffffc0001bd5d8>] __free_pages_bootmem+0xf4/0x110
[<ffffffc001ca9050>] free_all_bootmem+0x160/0x1f4
[<ffffffc001c97b30>] mem_init+0x70/0x1ec
[<ffffffc001c909f8>] start_kernel+0x2b8/0x4e4
[<ffffffc001c987dc>] kasan_early_init+0x154/0x160
Change-Id: Idbd3dc629be57ed55a383b069a735ae3ee7b9f05
Signed-off-by: Se Wang (Patrick) Oh <sewango@codeaurora.org>
Diffstat (limited to 'mm/compaction.c')
| -rw-r--r-- | mm/compaction.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mm/compaction.c b/mm/compaction.c index de3e1e71cd9f..ad6ee6da933d 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -60,9 +60,9 @@ static void map_pages(struct list_head *list) struct page *page; list_for_each_entry(page, list, lru) { + kasan_alloc_pages(page, 0); arch_alloc_page(page, 0); kernel_map_pages(page, 1, 1); - kasan_alloc_pages(page, 0); } } |