Re: [PATCH] mm/kfence: randomize the freelist on initialization

Next message: Mark Brown: "Re: [PATCH v2 1/3] selftests/mm: add memory failure anonymous page test"
Previous message: Andrey Konovalov: "Re: [PATCH] mm-kasan-fix-kasan-poisoning-in-vrealloc-fix"
In reply to: Pimyn Girgis: "[PATCH] mm/kfence: randomize the freelist on initialization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Tue Jan 20 2026 - 12:46:18 EST

On Tue, 20 Jan 2026 17:15:10 +0100 Pimyn Girgis <pimyn@xxxxxxxxxx> wrote:

> Randomize the KFENCE freelist during pool initialization to make allocation
> patterns less predictable. This is achieved by shuffling the order in which
> metadata objects are added to the freelist using get_random_u32_below().
>
> Additionally, ensure the error path correctly calculates the address range
> to be reset if initialization fails, as the address increment logic has
> been moved to a separate loop.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure")

It isn't clear (to me) what was wrong with 0ce20dd84089, nor why a
-stable backport is proposed.

Can we please have a full description of the current misbehavior? What
are the worst-case userspace-visible effects of this flaw?