Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753096AbdDKQTL (ORCPT ); Tue, 11 Apr 2017 12:19:11 -0400 Received: from mail-io0-f180.google.com ([209.85.223.180]:33070 "EHLO mail-io0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750721AbdDKQTJ (ORCPT ); Tue, 11 Apr 2017 12:19:09 -0400 MIME-Version: 1.0 In-Reply-To: References: <20170404113022.GC15490@dhcp22.suse.cz> <20170404151600.GN15132@dhcp22.suse.cz> <20170404194220.GT15132@dhcp22.suse.cz> <20170404201334.GV15132@dhcp22.suse.cz> <20170411134618.GN6729@dhcp22.suse.cz> <20170411141956.GP6729@dhcp22.suse.cz> From: Kees Cook Date: Tue, 11 Apr 2017 09:19:07 -0700 X-Google-Sender-Auth: YgU7cvPPyVV1z66Ej-uT7rGaoMk Message-ID: Subject: Re: [PATCH] mm: Add additional consistency check To: Christoph Lameter Cc: Michal Hocko , Andrew Morton , Pekka Enberg , David Rientjes , Joonsoo Kim , Linux-MM , LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1033 Lines: 32 On Tue, Apr 11, 2017 at 9:16 AM, Christoph Lameter wrote: > On Tue, 11 Apr 2017, Michal Hocko wrote: > >> static inline void *index_to_obj(struct kmem_cache *cache, struct page *page, >> @@ -3813,14 +3818,18 @@ void kfree(const void *objp) >> { >> struct kmem_cache *c; >> unsigned long flags; >> + struct page *page; >> >> trace_kfree(_RET_IP_, objp); >> >> if (unlikely(ZERO_OR_NULL_PTR(objp))) >> return; >> + page = virt_to_head_page(obj); >> + if (CHECK_DATA_CORRUPTION(!PageSlab(page))) > > There is a flag SLAB_DEBUG_OBJECTS that is available for this check. > Consistency checks are configuraable in the slab allocator. > > Mentioned that before and got this lecture about data consistency checks. It seems that enabling the debug checks comes with a non-trivial performance impact. I'd like to see consistency checks by default so we can handle intentional heap corruption attacks better. This check isn't expensive... -Kees -- Kees Cook Pixel Security