From e4967c187ba0ed7e49621ef0d62906ff6441fbdc Mon Sep 17 00:00:00 2001
From: Andrey Konovalov <andreyknvl@google.com>
Date: Mon, 7 Mar 2022 16:08:12 +1100
Subject: [PATCH] FROMLIST: kasan, scs: support tagged vmalloc mappings

Fix up the custom KASAN instrumentation for Shadow Call Stack to support
vmalloc() mappings and pointers being tagged.

- Use the tagged pointer returned by kasan_unpoison_vmalloc() in
  __scs_alloc() when calling memset() to avoid false-positives.

- Do not return a tagged Shadow Call Stack pointer from __scs_alloc(),
  as this might lead to conflicts with the instrumentation.

Link: https://lkml.kernel.org/r/2f6605e3a358cf64d73a05710cb3da356886ad29.1646233925.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Evgenii Stepanov <eugenis@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Collingbourne <pcc@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
(cherry picked from commit bd2c296805cff9572080bf56807c16d1dd382260
 git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm)
Link: https://lore.kernel.org/all/2f6605e3a358cf64d73a05710cb3da356886ad29.1646233925.git.andreyknvl@google.com/
Bug: 217222520
Bug: 222221793
Change-Id: I9e6e4cd303e0815a5b092ba6ec28638bd1f7bc2c
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 kernel/scs.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/kernel/scs.c b/kernel/scs.c
index 1033a76a3284..b7e1b096d906 100644
--- a/kernel/scs.c
+++ b/kernel/scs.c
@@ -32,16 +32,19 @@ static void *__scs_alloc(int node)
 	for (i = 0; i < NR_CACHED_SCS; i++) {
 		s = this_cpu_xchg(scs_cache[i], NULL);
 		if (s) {
-			kasan_unpoison_vmalloc(s, SCS_SIZE,
-					       KASAN_VMALLOC_PROT_NORMAL);
+			s = kasan_unpoison_vmalloc(s, SCS_SIZE,
+						   KASAN_VMALLOC_PROT_NORMAL);
 			memset(s, 0, SCS_SIZE);
-			return s;
+			goto out;
 		}
 	}
 
-	return __vmalloc_node_range(SCS_SIZE, 1, VMALLOC_START, VMALLOC_END,
+	s = __vmalloc_node_range(SCS_SIZE, 1, VMALLOC_START, VMALLOC_END,
 				    GFP_SCS, PAGE_KERNEL, 0, node,
 				    __builtin_return_address(0));
+
+out:
+	return kasan_reset_tag(s);
 }
 
 void *scs_alloc(int node)