Re: [PATCH] mm/zsmalloc: copy KMSAN metadata in zs_page_migrate()

Next message: Mohammed EL Kadiri: "[PATCH] staging: atomisp: fix spelling mistake"
Previous message: Shigeru Yoshida: "[PATCH] 9p: don't ignore fatal signals during flush"
In reply to: Andrew Morton: "Re: [PATCH] mm/zsmalloc: copy KMSAN metadata in zs_page_migrate()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Shigeru Yoshida

Date: Sun Mar 22 2026 - 07:30:09 EST

Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> writes:

> On Sat, 21 Mar 2026 22:29:11 +0900 Shigeru Yoshida <syoshida@xxxxxxxxxx> wrote:
>
>> zs_page_migrate() uses copy_page() to copy the contents of a zspage
>> page during migration. However, copy_page() is not instrumented by
>> KMSAN, so the shadow and origin metadata of the destination page are
>> not updated.
>>
>> As a result, subsequent accesses to the migrated page are reported
>> as use-after-free by KMSAN, despite the data being correctly copied.
>>
>> Add a kmsan_copy_page_meta() call after copy_page() to propagate the
>> KMSAN metadata to the new page, matching what copy_highpage() does
>> internally.
>>
>> Fixes: afb2d666d025 ("zsmalloc: use copy_page for full page copy")
>
> That's three years old. Can anyone suggest why this has only now been
> discovered?

I think it's because KMSAN is clang and x86-64-only, so very few people
run it. Also, this only triggers when compaction actually migrates a
zspage page, which needs significant memory pressure.

Shigeru