From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=XWIG=MD=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 55264C07E96
	for <linux-mm@archiver.kernel.org>; Sun, 11 Jul 2021 23:57:41 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C49F461026
	for <linux-mm@archiver.kernel.org>; Sun, 11 Jul 2021 23:57:40 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C49F461026
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gentoo.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 71A246B0088; Sun, 11 Jul 2021 19:57:40 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6CA266B008A; Sun, 11 Jul 2021 19:57:40 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 591F36B008C; Sun, 11 Jul 2021 19:57:40 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0160.hostedemail.com [216.40.44.160])
	by kanga.kvack.org (Postfix) with ESMTP id 31E806B0088
	for <linux-mm@kvack.org>; Sun, 11 Jul 2021 19:57:40 -0400 (EDT)
Received: from smtpin35.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 3777522887
	for <linux-mm@kvack.org>; Sun, 11 Jul 2021 23:57:39 +0000 (UTC)
X-FDA: 78351971838.35.1763EF1
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by imf25.hostedemail.com (Postfix) with ESMTP id 7FDAFB000291
	for <linux-mm@kvack.org>; Sun, 11 Jul 2021 23:57:38 +0000 (UTC)
Date: Mon, 12 Jul 2021 00:57:32 +0100
From: Sergei Trofimovich <slyfox@gentoo.org>
To: linux-mm@kvack.org, Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>, Alexander Potapenko
 <glider@google.com>, Vlastimil Babka <vbabka@suse.cz>, Andrey Konovalov
 <andreyknvl@gmail.com>, bowsingbetee@pm.me
Subject: v5.12+ regression on page_poison=1 i_on_free=0 i_on_alloc=0
 warnings
Message-ID: <20210712005732.4f9bfa78@zn3>
X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 7FDAFB000291
X-Stat-Signature: kitxew4nsti6qt73ahixd9p6nqt5rx1i
Authentication-Results: imf25.hostedemail.com;
	dkim=none;
	spf=pass (imf25.hostedemail.com: domain of slyfox@gentoo.org designates 140.211.166.183 as permitted sender) smtp.mailfrom=slyfox@gentoo.org;
	dmarc=pass (policy=none) header.from=gentoo.org
X-HE-Tag: 1626047858-395946
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

In
  https://bugs.gentoo.org/801481
  https://bugzilla.kernel.org/show_bug.cgi?id=213697
bowsingbetee noticed that the following setup causes kernel to complain
about poisoning on memset(0) pages:

- kernel command: page_poison=1 init_on_free=0 init_on_alloc=0
- kernel config:
  * CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
  * CONFIG_INIT_ON_FREE_DEFAULT_ON=y
  * CONFIG_PAGE_POISONING=y

v5.12 works ok, boots as:
  [    0.009691][    T0] mem auto-init: stack:off, heap alloc:off, heap free:off

v5.13 warns, boots as:
  [    0.009746][    T0] mem auto-init: stack:off, heap alloc:on, heap free:on

Current 5.14-rc1 is also affected:

[    0.009233][    T0] mem auto-init: stack:off, heap alloc:on, heap free:on
[    0.009234][    T0] mem auto-init: clearing system memory may take some time...
[    0.396784][    T0] pagealloc: memory corruption
[    0.396788][    T0] ffff888100000000: 00 00 00 00 00 00 00 00 00 00 00 00 00
                                         00 00 00  ................

I attempted to bisect it and found the follwing relevant commits:

Before the following commit no warnings were present:

  commit 51cba1ebc60df9c4ce034a9f5441169c0d0956c0
  Author: Kees Cook <keescook@chromium.org>
  Date:   Thu Apr 1 16:23:43 2021 -0700
    init_on_alloc: Optimize static branches

Next after this commit kernel does not boot. Makes it harder to
bisect the poisoning warning

After the commit below kernel boots and already complains about
poisoning of zero pages:

  commit 1bb5eab30d68c1a3d9dbc822e1895e6c06dbe748
  Author: Andrey Konovalov <andreyknvl@google.com>
  Date:   Thu Apr 29 23:00:02 2021 -0700
    kasan, mm: integrate page_alloc init with HW_TAGS

It looks like a case of page_poison=1 not having enough
of a priority over init_on_free=0 init_on_alloc=0 at early boot.

-- 

  Sergei