On Sun, 2 Feb 2025 09:44:20 +0100
Christophe Leroy <christophe.le...@csgroup.eu> wrote:
> This time the problem is a mixture of commit 465cabc97b42
> ("powerpc/code-patching: introduce patch_instructions()") and commit
> c28c15b6d28a ("powerpc/code-patching: Use temporary mm for Radix MMU")
> which is revealed by commit e4137f08816b ("mm, kasan, kmsan: instrument
> copy_from/to_kernel_nofault")
>
> Commit c28c15b6d28a is inspired by commit b3fd8e83ada0
> ("x86/alternatives: Use temporary mm for text poking") but misses the
> kasan_disable_current() / kasan_enable_current() sequence.
>
> Was not necessary because __patch_mem() is not instrumented. But commit
> 465cabc97b42 added use of copy_to_kernel_nofault() which is now
> instrumented.
>
> The problem is that commit c28c15b6d28a makes use of a special memory
> area which is not kernel memory and it doesn't have any matching KASAN
> shadow area. And because it is located below TASK_SIZE, in addition
> kasan sees it as user memory.
>
> Can you try the change below ?
>
> diff --git a/arch/powerpc/lib/code-patching.c
> b/arch/powerpc/lib/code-patching.c
> index 8a378fc19074..f84e0337cc02 100644
> --- a/arch/powerpc/lib/code-patching.c
> +++ b/arch/powerpc/lib/code-patching.c
> @@ -493,7 +493,9 @@ static int __do_patch_instructions_mm(u32 *addr, u32
> *code, size_t len, bool rep
>
> orig_mm = start_using_temp_mm(patching_mm);
>
> + kasan_disable_current();
> err = __patch_instructions(patch_addr, code, len, repeat_instr);
> + kasan_enable_current();
>
> /* context synchronisation performed by __patch_instructions */
> stop_using_temp_mm(patching_mm, orig_mm);
>
Thanks! With this patch applied the KASAN hit is gone and I got no further
KASAN hits on my Talos II during boot. Applied both patches on top of v6.13.1.
Regards,
Erhard
