Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751943AbdIUPVW (ORCPT ); Thu, 21 Sep 2017 11:21:22 -0400 Received: from resqmta-po-08v.sys.comcast.net ([96.114.154.167]:34676 "EHLO resqmta-po-08v.sys.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751709AbdIUPVT (ORCPT ); Thu, 21 Sep 2017 11:21:19 -0400 Date: Thu, 21 Sep 2017 10:21:16 -0500 (CDT) From: Christopher Lameter X-X-Sender: cl@nuc-kabylake To: Kees Cook cc: linux-kernel@vger.kernel.org, David Windsor , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , linux-mm@kvack.org, linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, netdev@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH v3 01/31] usercopy: Prepare for usercopy whitelisting In-Reply-To: <1505940337-79069-2-git-send-email-keescook@chromium.org> Message-ID: References: <1505940337-79069-1-git-send-email-keescook@chromium.org> <1505940337-79069-2-git-send-email-keescook@chromium.org> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-CMAE-Envelope: MS4wfKH8NELh7QQfD08/82e65RLw3jwm1AQoxMmTP75DSM6TPp7AO4/GUTusOeClfFTRuM5p5WW3dAY80YWzCRqNxZ5WnhTAGVNHlptouBgcooh9zqIBXGCU Wf1lnWWoI2jxBOCmC+gBYY3AIFAUeXwD7UHIikSozSiwrR9x4i3MYiDxN0plYQNL2rMzg5qHxL42LteWtWiiX3qfIls4pgTYVZy/5U3kp31THVOK6GWaYCRf Hq2C+5vIg6uZt+wcMzn7GKkJEBNxSDNi02yAlKUzaEVK/MkpJqG+FdX12qH8vRVreBOTPZADA5heWaynE5YypVmo+QDUwM7Xsi9tyNANy/GfqlDRL3MEMZ0T xWJnTYxQXkwF4D2tMNfj+Ahmc+wvhvnu75Q5q9nk5xxoSvCfCqhOJUvv6MOT+mIUGykOyZjHo7pk0kYWI0ME50e1JbqmxSwZ8YkosmCRtWMHaQRS05mnT9y7 7Myf+1bv+xfukBGKsMqshpQCK6lW8O93EYeuwPcULlYkMwJoqXhF9oJdQrPy/jxU4GaxzWNIojbP1ktoIXLVYu9Clbivpi3E5P9z7g== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2550 Lines: 89 On Wed, 20 Sep 2017, Kees Cook wrote: > diff --git a/include/linux/stddef.h b/include/linux/stddef.h > index 9c61c7cda936..f00355086fb2 100644 > --- a/include/linux/stddef.h > +++ b/include/linux/stddef.h > @@ -18,6 +18,8 @@ enum { > #define offsetof(TYPE, MEMBER) ((size_t)&((TYPE *)0)->MEMBER) > #endif > > +#define sizeof_field(structure, field) sizeof((((structure *)0)->field)) > + > /** > * offsetofend(TYPE, MEMBER) > * Hmmm.. Is that really necessary? Code knows the type of field and can use sizeof type. Also this is a non slab change hidden in the patchset. > diff --git a/mm/slab_common.c b/mm/slab_common.c > index 904a83be82de..36408f5f2a34 100644 > --- a/mm/slab_common.c > +++ b/mm/slab_common.c > @@ -272,6 +272,9 @@ int slab_unmergeable(struct kmem_cache *s) > if (s->ctor) > return 1; > > + if (s->usersize) > + return 1; > + > /* > * We may have set a slab to be unmergeable during bootstrap. > */ This will ultimately make all slabs unmergeable at the end of your patchset? Lots of space will be wasted. Is there any way to make this feature optional? #ifdef CONFIG_HARDENED around this? > @@ -491,6 +509,15 @@ kmem_cache_create(const char *name, size_t size, size_t align, > } > return s; > } > +EXPORT_SYMBOL(kmem_cache_create_usercopy); > + > +struct kmem_cache * > +kmem_cache_create(const char *name, size_t size, size_t align, > + unsigned long flags, void (*ctor)(void *)) > +{ > + return kmem_cache_create_usercopy(name, size, align, flags, 0, size, > + ctor); > +} > EXPORT_SYMBOL(kmem_cache_create); Well this makes the slab created unmergeable. > @@ -897,7 +927,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, > if (!s) > panic("Out of memory when creating slab %s\n", name); > > - create_boot_cache(s, name, size, flags); > + create_boot_cache(s, name, size, flags, 0, size); Ok this makes the kmalloc array unmergeable. > @@ -5081,6 +5081,12 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) > SLAB_ATTR_RO(cache_dma); > #endif > > +static ssize_t usersize_show(struct kmem_cache *s, char *buf) > +{ > + return sprintf(buf, "%zu\n", s->usersize); > +} > +SLAB_ATTR_RO(usersize); > + > static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf) > { > return sprintf(buf, "%d\n", !!(s->flags & SLAB_TYPESAFE_BY_RCU)); > @@ -5455,6 +5461,7 @@ static struct attribute *slab_attrs[] = { > #ifdef CONFIG_FAILSLAB > &failslab_attr.attr, > #endif > + &usersize_attr.attr, So useroffset is not exposed?