Received: by 10.213.65.68 with SMTP id h4csp302933imn; Mon, 12 Mar 2018 14:28:11 -0700 (PDT) X-Google-Smtp-Source: AG47ELuaCsyCHMqwCP2LClkl3CHwIDtd3xd4tqMaE8jLG+MfFYTavsqKgt2KHY15P1fkM4lKDmHJ X-Received: by 10.98.138.66 with SMTP id y63mr9326718pfd.12.1520890091168; Mon, 12 Mar 2018 14:28:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520890091; cv=none; d=google.com; s=arc-20160816; b=UvJfWupOT+34T4XcUN0yE8SnZ8E97mFI915E/9qNbq0rZ2zZF99YDoRXU9SglB8lJj hBijHAD6RnPwbaHMO89fXQ0eRFbfZjvVQXT+R/Uon97F0Gs3BhUOMuIhUA7Wjjw4UDJJ jVj+NdgalASaBxAX13vWbwiPaQ3JOgOA75Q7dsJxDerDW0IJAVydyhK+gQCmleLFCVYE 9VkYLVWywRtpxzY0SzT0Q77ZdIxmPG3NaKvBKPNCSm2OdxEEE9wZhqEykcArDObWDqRo 9Opn7ZI8B3W/i2oWlmUrOoueD5s9SqUB5MO7Dfh3j9KKpsbxw3JrBGtn3dYib115I/d0 UYcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=VldzJ6XKeGN+boQ7Rqy6+K/6bYTC2XPq27tA7HsH+5w=; b=Ih061RsbfNmFrEDcn+p31Tl+Z5J07VvCuv5Tyq1XjybXZaoRTUlNl4WS3fri8oNP90 +30xpcuyrr+u8QDFWUFrZ/TrhsqSzDicidLGruja89JqSuKpDrbuPrPQVFVc5coJGvKC em7aNYu0Qg29+t1dUapxxbT605b+7HHROsk15O/3R5IaZw1u1FAk688EdKHO1bKyFL2P uTQP4XIKMxA5odgSUQcMt+WLdlOdhRrwIxp63+oUsk0+xbYM/I7ehOmLsrAOYlk77A8W 4EYNJ6Rb9jkTk79icvuYGKQ+QdsKDhNCpWSB8dyy4jsRXP4pPYwhwkt6zFJMnkRzYr+I rfuQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t132si5562189pgc.238.2018.03.12.14.27.56; Mon, 12 Mar 2018 14:28:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932427AbeCLV0q (ORCPT + 99 others); Mon, 12 Mar 2018 17:26:46 -0400 Received: from lhrrgout.huawei.com ([194.213.3.17]:28972 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932242AbeCLV0o (ORCPT ); Mon, 12 Mar 2018 17:26:44 -0400 Received: from LHREML711-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 2671EDA02F4D8; Mon, 12 Mar 2018 21:26:40 +0000 (GMT) Received: from [10.122.225.51] (10.122.225.51) by smtpsuk.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.382.0; Mon, 12 Mar 2018 21:26:37 +0000 Subject: Re: [PATCH 4/7] Protectable Memory To: Matthew Wilcox CC: , , , , , , , References: <20180228200620.30026-1-igor.stoppa@huawei.com> <20180228200620.30026-5-igor.stoppa@huawei.com> <20180312191314.GA29191@bombadil.infradead.org> From: Igor Stoppa Message-ID: Date: Mon, 12 Mar 2018 23:25:54 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180312191314.GA29191@bombadil.infradead.org> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.122.225.51] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/03/18 21:13, Matthew Wilcox wrote: > On Wed, Feb 28, 2018 at 10:06:17PM +0200, Igor Stoppa wrote: >> struct gen_pool *pmalloc_create_pool(const char *name, >> int min_alloc_order); >> int is_pmalloc_object(const void *ptr, const unsigned long n); >> bool pmalloc_prealloc(struct gen_pool *pool, size_t size); >> void *pmalloc(struct gen_pool *pool, size_t size, gfp_t gfp); >> static inline void *pzalloc(struct gen_pool *pool, size_t size, gfp_t gfp) >> static inline void *pmalloc_array(struct gen_pool *pool, size_t n, >> size_t size, gfp_t flags) >> static inline void *pcalloc(struct gen_pool *pool, size_t n, >> size_t size, gfp_t flags) >> static inline char *pstrdup(struct gen_pool *pool, const char *s, gfp_t gfp) >> int pmalloc_protect_pool(struct gen_pool *pool); >> static inline void pfree(struct gen_pool *pool, const void *addr) >> int pmalloc_destroy_pool(struct gen_pool *pool); > > Do you have users for all these functions? I'm particularly sceptical of > pfree(). The typical case is when rolling back allocations, on an error path. For example, with SELinux, the userspace provides the policy, which gets processed and converted into a policyDB, where every policy maps to several structures allocated dynamically. The allocation is not transactional. In case a policy turns out to be bad/broken, while being interpreted, those structures that were initially allocated for that policy, must be freed. Since pmalloc is meant to be a drop in replacement for k/vmalloc, it needs to provide also pfree. > To my mind, a user wants to: > > pmalloc_create(); > pmalloc(); * N > pmalloc_protect(); > ... > pmalloc_destroy(); This is the simplest case, but also the error path must be supported. > I don't mind the pstrdup, pcalloc, pmalloc_array, pzalloc variations, but All those functions turned out to be necessary when converting SELinux to pmalloc. Yes, I haven't published this code yet, but I was hoping to first be done with pmalloc and then move on to SELinux, which I suspect will be harder to chew :-/ > I don't know why you need is_pmalloc_object(). Because of hardened usercopy [1]: On 23/05/17 00:38, Kees Cook wrote: [...] > I'd like hardened usercopy to grow knowledge of these > allocations so we can bounds-check objects. Right now, mm/usercopy.c > just looks at PageSlab(page) to decide if it should do slab checks. I > think adding a check for this type of object would be very important > there. [1] http://www.openwall.com/lists/kernel-hardening/2017/05/23/17 -- igor