With the introduction of KASAN_HW_TAGS, kasan_report() dereferences the address passed as a parameter.
Add a comment to make sure that the preconditions to the function are explicitly clarified. Note: An invalid address (e.g. NULL pointer address) passed to the function when, KASAN_HW_TAGS is enabled, leads to a kernel panic. Cc: Andrey Ryabinin <aryabi...@virtuozzo.com> Cc: Alexander Potapenko <gli...@google.com> Cc: Dmitry Vyukov <dvyu...@google.com> Cc: Leon Romanovsky <leo...@mellanox.com> Cc: Andrey Konovalov <andreyk...@google.com> Signed-off-by: Vincenzo Frascino <vincenzo.frasc...@arm.com> --- mm/kasan/report.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/mm/kasan/report.c b/mm/kasan/report.c index c0fb21797550..2485b585004d 100644 --- a/mm/kasan/report.c +++ b/mm/kasan/report.c @@ -403,6 +403,17 @@ static void __kasan_report(unsigned long addr, size_t size, bool is_write, end_report(&flags); } +/** + * kasan_report - report kasan fault details + * @addr: valid address of the allocation where the tag fault was detected + * @size: size of the allocation where the tag fault was detected + * @is_write: the instruction that caused the fault was a read or write? + * @ip: pointer to the instruction that cause the fault + * + * Note: When CONFIG_KASAN_HW_TAGS is enabled kasan_report() dereferences + * the address to access the tags, hence it must be valid at this point in + * order to not cause a kernel panic. + */ bool kasan_report(unsigned long addr, size_t size, bool is_write, unsigned long ip) { -- 2.30.0