Re: [PATCH 2/3] kasan: avoid re-poisoning tag-based kmalloc redzones

Next message: Harry Yoo: "Re: [PATCH RFC 0/8] mm/slab: enable runtime sheaves tuning"
Previous message: Chia-I Wu via B4 Relay: "[PATCH RFC v2] mm/shmem: set __GFP_SKIP_KASAN for swap_cluster_readahead"
In reply to: Dev Jain: "Re: [PATCH 2/3] kasan: avoid re-poisoning tag-based kmalloc redzones"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dev Jain

Date: Wed May 20 2026 - 00:32:52 EST

>
> Problem 1:
>
> p = kzalloc(96, GFP_KERNEL); // kmalloc-128
> p = krealloc(p, 120, GFP_KERNEL | __GFP_ZERO);
>
> Before my patch, kzalloc zeroed bytes 0..127, krealloc exposes bytes 96..119
> which are already zero from kzalloc.
>
> After my patch, kzalloc zeroes only 0..95, krealloc may think old
> size is 128, so it does not zero 96..119, 96..119 may contain stale data.
>
> Why is this a problem? Surely caller of krealloc shouldn't be
> relying on a previous zeroing. krealloc documentation explicitly says that
> GFP_ZERO is ignored.

My bad for looking at a very old tree :( the documentation in the upstream
kernel does not say that.