Re: [PATCH v2] kasan: remove kasan_find_vm_area() to prevent possible deadlock

From: Yeo Reum Yun
Date: Sat Jul 12 2025 - 11:47:02 EST

Next message: Masahiro Yamada: "Re: [PATCH v2 1/1] scripts: add zboot support to extract-vmlinux"
Previous message: Gao Xiang: "[GIT PULL] erofs fixes for 6.16-rc6"
In reply to: Uladzislau Rezki: "Re: [PATCH v2] kasan: remove kasan_find_vm_area() to prevent possible deadlock"
Next in thread: Byungchul Park: "Re: [PATCH v2] kasan: remove kasan_find_vm_area() to prevent possible deadlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi ByungChul,

[...]
> I checked the critical section by &vn->busy.lock in find_vm_area(). The
> time complextity looks O(log N). I don't think an irq disabled section
> of O(log N) is harmful. I still think using
> spin_lock_irqsave(&vn->busy.lock) can resolve this issue with no worry
> of significant irq delay. Am I missing something?

I don't agree for this.
since in PREEMPT_RT case, it has the same problem.

In case of PREEMPT_RT, spin_lock_irqsave() becomes rt_spin_lock() which is sleepable.
But, KASAN calls "rt_spin_lock()" holding raw_spin_lock_irqsave() which is definitely wrong.

But as Uladzislau said, without reference count manage, UAF can always happen.
IOW, If KASAN to dump vm information, I think we need:
1. manage reference for vmap_area.
2. find_vm_area() with rcu version.

Thanks.

--
Sincerely,
Yeoreum Yun

Next message: Masahiro Yamada: "Re: [PATCH v2 1/1] scripts: add zboot support to extract-vmlinux"
Previous message: Gao Xiang: "[GIT PULL] erofs fixes for 6.16-rc6"
In reply to: Uladzislau Rezki: "Re: [PATCH v2] kasan: remove kasan_find_vm_area() to prevent possible deadlock"
Next in thread: Byungchul Park: "Re: [PATCH v2] kasan: remove kasan_find_vm_area() to prevent possible deadlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]