Re: Linux 6.18-rc6

From: David Hildenbrand (Red Hat)
Date: Mon Nov 17 2025 - 14:24:54 EST

Next message: Conor Dooley: "Re: [PATCH v3 02/11] dt-bindings: display: panel: ronbo,rb070d30: panel-common ref"
Previous message: Fabio Baltieri: "[PATCH] r8169: add support for RTL8127ATF"
In reply to: David Hildenbrand (Red Hat): "Re: Linux 6.18-rc6"
Next in thread: Linus Torvalds: "Re: Linux 6.18-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 17.11.25 19:24, David Hildenbrand (Red Hat) wrote:

On 17.11.25 18:59, Linus Torvalds wrote:

On Mon, 17 Nov 2025 at 09:53, David Hildenbrand (Red Hat)
<david@xxxxxxxxxx> wrote:

I had the same in mind for a second, but then I looked at
kernel_init_pages() with the kasan_disable_current() handling and
concluded that it's clearer to just disallow tag_clear_highpage() being
abused in the first place and reduce the effective code footprint of
post_alloc_hook().

See, I had the exact opposite reaction: I think the one-liner is
better not just because it's simpler, but exactly *because* of the
mess that is kernel_init_pages().

Heh, I intuitively avoid runtime checks on the fast paths where avoidable :)

IOW, that one-liner is either correct *without* all that crud - and
it's unnecessary for the __GFP_ZEROTAGS case because that only happens
at init time - or it shows a bug in the arm64 code.

What sticks out is that we perform the tag_clear_highpage() before we do
all the KASAN poison magic. And we perform the kernel_init_pages() after
the kasan magic.

The clear_highpage() fallback in tag_clear_highpage() was just recently
added by Catalin (in the same commit we are fixing here IIRC).

I am no expert on KASAN, but I would suspect that it is important for us
to clear the pages after doing the
kasan_unpoison_pages/page_kasan_tag_reset.

I'll have to dig into the history of tag_clear_highpage() a bit to
understand how this would interact with non-hw-tag-based KASAN. IIRC,
amd64 also supports SW-tag KASAN.

So, I briefly tried on x86 with KASAN and the one-liner. I was assuming that KASAN would complain because we are clearing the page before doing the kasan_unpoison_pages() (IOW, writing to a KASAN-poisoned page).

It didn't trigger, and I assume it is because clear_highpage() on x86 will not be instrumented by KASAN (my theory).

The comment in kernel_init_pages() indicates that s390x uses memset() for that purpose and I would assume that that one would be instrumented.

So I'll give it a try on s390x with KASAN. I should be able to get my hands on a system later today.

--
Cheers

David

Next message: Conor Dooley: "Re: [PATCH v3 02/11] dt-bindings: display: panel: ronbo,rb070d30: panel-common ref"
Previous message: Fabio Baltieri: "[PATCH] r8169: add support for RTL8127ATF"
In reply to: David Hildenbrand (Red Hat): "Re: Linux 6.18-rc6"
Next in thread: Linus Torvalds: "Re: Linux 6.18-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]