Re: [PATCH 2/3] kasan: avoid re-poisoning tag-based kmalloc redzones

Next message: Thomas Lin: "[PATCH v4 3/3] i2c: designware: Add ACPI ID LECA0003 for LECARC SoCs"
Previous message: Viresh Kumar: "Re: [PATCH v5] cpufreq: cppc: mask Desired_Excursion when autonomous selection is enabled"
In reply to: Dev Jain: "Re: [PATCH 2/3] kasan: avoid re-poisoning tag-based kmalloc redzones"
Next in thread: Dev Jain: "Re: [PATCH 2/3] kasan: avoid re-poisoning tag-based kmalloc redzones"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dev Jain

Date: Wed May 20 2026 - 04:33:59 EST

>
> I got the problem now. The problem is that krealloc() does not know what was the
> old allocation size.
>
> So only talking about HW tags, can't we simply do the following. We can use
> HW tags integrated init to initialize only the part we want to unpoison.
>
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index b7d05c2a6d93d..c424be3cd02bb 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -474,7 +474,7 @@ void * __must_check __kasan_krealloc(const void *object, size_t size, gfp_t flag
> * Part of it might already have been unpoisoned, but it's unknown
> * how big that part is.
> */
> - kasan_unpoison(object, size, false);
> + kasan_unpoison(object, size, want_init_on_alloc(flags));
>
> slab = virt_to_slab(object);
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 0baa906f39ab8..62ee59fc389d8 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -6686,7 +6686,7 @@ __do_krealloc(const void *p, size_t new_size, unsigned long align, gfp_t flags,
> goto alloc_new;
>
> /* Zero out spare memory. */
> - if (want_init_on_alloc(flags)) {
> + if (want_init_on_alloc(flags) && !kasan_has_integrated_init()) {
> kasan_disable_current();
> if (orig_size && orig_size < new_size)
> memset(kasan_reset_tag(p) + orig_size, 0, new_size - orig_size);

Okay, this would overwrite the data which we still need.

>
>
>
>>
>