Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751821AbdGZROD (ORCPT ); Wed, 26 Jul 2017 13:14:03 -0400 Received: from mail-it0-f43.google.com ([209.85.214.43]:35330 "EHLO mail-it0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751515AbdGZROB (ORCPT ); Wed, 26 Jul 2017 13:14:01 -0400 MIME-Version: 1.0 In-Reply-To: References: <20170706002718.GA102852@beast> From: Kees Cook Date: Wed, 26 Jul 2017 10:13:59 -0700 X-Google-Sender-Auth: cdnsm9iXlPL7l0PySX2WLae_XOw Message-ID: Subject: Re: [v3] mm: Add SLUB free list pointer obfuscation To: Christopher Lameter Cc: Alexander Popov , Andrew Morton , Pekka Enberg , David Rientjes , Joonsoo Kim , "Paul E. McKenney" , Ingo Molnar , Josh Triplett , Andy Lutomirski , Nicolas Pitre , Tejun Heo , Daniel Mack , Sebastian Andrzej Siewior , Sergey Senozhatsky , Helge Deller , Rik van Riel , Linux-MM , Tycho Andersen , LKML , "kernel-hardening@lists.openwall.com" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1023 Lines: 33 On Wed, Jul 26, 2017 at 9:55 AM, Christopher Lameter wrote: > On Wed, 26 Jul 2017, Kees Cook wrote: > >> >> What happens if, instead of BUG_ON, we do: >> >> >> >> if (unlikely(WARN_RATELIMIT(object == fp, "double-free detected")) >> >> return; >> > >> > This may work for the free fastpath but the set_freepointer function is >> > use in multiple other locations. Maybe just add this to the fastpath >> > instead of to this fucnction? >> >> Do you mean do_slab_free()? > > Yes inserting these lines into do_slab_free() would simple ignore the > double free operation in the fast path and that would be safe. > > Although in either case we are adding code to the fastpath... While I'd like it unconditionally, I think Alexander's proposal was to put it behind CONFIG_SLAB_FREELIST_HARDENED. BTW, while I've got your attention, can you Ack the other patch? I sent a v4 for the pointer obfuscation, which we really need: https://lkml.org/lkml/2017/7/26/4 Thanks! -Kees -- Kees Cook Pixel Security