Re: [PATCH v6 01/18] kasan: Unpoison pcpu chunks with base address tag

[Alexander Potapenko]

On Wed, Oct 29, 2025 at 8:05 PM Maciej Wieczor-Retman
<m.wieczorretman@xxxxx> wrote:
>
> From: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
>
> The problem presented here is related to NUMA systems and tag-based
> KASAN modes - software and hardware ones. It can be explained in the
> following points:
>
>         1. There can be more than one virtual memory chunk.
>         2. Chunk's base address has a tag.
>         3. The base address points at the first chunk and thus inherits
>            the tag of the first chunk.
>         4. The subsequent chunks will be accessed with the tag from the
>            first chunk.
>         5. Thus, the subsequent chunks need to have their tag set to
>            match that of the first chunk.
>
> Refactor code by moving it into a helper in preparation for the actual
> fix.

The code in the helper function:

> +void __kasan_unpoison_vmap_areas(struct vm_struct **vms, int nr_vms)
> +{
> +       int area;
> +
> +       for (area = 0 ; area < nr_vms ; area++) {
> +               kasan_poison(vms[area]->addr, vms[area]->size,
> +                            arch_kasan_get_tag(vms[area]->addr), false);
> +       }
> +}

is different from what was originally called:

> -       for (area = 0; area < nr_vms; area++)
> -               vms[area]->addr = kasan_unpoison_vmalloc(vms[area]->addr,
> -                               vms[area]->size, KASAN_VMALLOC_PROT_NORMAL);
> +       kasan_unpoison_vmap_areas(vms, nr_vms);

, so the patch description is a bit misleading.

Please also ensure you fix the errors reported by kbuild test robot.