Received: by 10.213.65.68 with SMTP id h4csp949604imn; Wed, 14 Mar 2018 05:18:18 -0700 (PDT) X-Google-Smtp-Source: AG47ELu4k71CblUCrRmUNGr8gcN+AX7ECe17QSzQDYUCA4NQ+G0VzFnJca1ThrKHbh6ePnmqIP21 X-Received: by 2002:a17:902:aa83:: with SMTP id d3-v6mr3866270plr.36.1521029898895; Wed, 14 Mar 2018 05:18:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521029898; cv=none; d=google.com; s=arc-20160816; b=DHqeC2/imD9CYRIB08nLQDyJe+aE/9b7ak1F3vxdBizgXHXiPyYIXnloWlWU5Wet4O Ep4VhU0vDDhvBntD1vMjHnbB1vqEARKWLuAkwnAIQbV5E1snodh7sYf+BSBuMeDONrMw CTrgtNjxhatfyuGXbRaK27soopqlj0C4kTAFu+9VmGkX5BtmsxKFVOFRAiJnPPsyAEc1 BLRL0noT1SoCY7YF++yZTjH13ezrrJP8Ad7D6CiS59JaEfYGtK2dY8E5BSg+4eHQnUw8 RHvcqHntRgRdv44UC1AWdsynB1l68MMZjNvqieUYMi+rWgucP10GmWCmVx4LT9bBCzNT nSmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=4RcB5opToOTjBfpwRtWY0BVmjWMZTf51PaMJtYONIJY=; b=VzwOxs+5YOWsKKPl/hLWO83TUmauX73FHqnqNJOpnrFQhS9qa9zR9EGJ3+5jze3gNC JvHwTN5E8IM1SLJbnrS+knYpg79I8Pqm9WAd+s1V1SDh9cPmkn94o4y7FUWhP7whvkdM dqJC00uTpL/ixeXqR1xsRxldB/72DP2PjitbZ+Gfzz/RGZoskht+H/a5vM7rM9r+6yzH lzEO/2W8cmtwOp5rQZpXs5nnJUEEnLQTYiBibw8NDhHN3NHATKMakQ/aQtV10lyOFhMr y3lasPQF7FeLcCTK6M1d781iXnS0Du9/nGn+iEyumsFVhWn65Onxar3n2uoN/EzfODtf 81LQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=mQfec3Dj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z7si1971213pfg.278.2018.03.14.05.18.00; Wed, 14 Mar 2018 05:18:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=mQfec3Dj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751750AbeCNMPw (ORCPT + 99 others); Wed, 14 Mar 2018 08:15:52 -0400 Received: from bombadil.infradead.org ([198.137.202.133]:41006 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751015AbeCNMPv (ORCPT ); Wed, 14 Mar 2018 08:15:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4RcB5opToOTjBfpwRtWY0BVmjWMZTf51PaMJtYONIJY=; b=mQfec3DjukGiqXnXOCfFG5GpE inDLhQ9zdsGV05twduo676SPr/GQzr1iJMF6s35L0igQoQjcaihg3UrSEXrpshKHbGNfqAfeKLITs FUIcNHXEjqT8gsw7mLaYZVszusEMrxtbJXcPks9x9JOuv2m9RY5NNmKbN7Y/e1bJYWCxx186cIMYs +7jOgC7/hiVg6qUZHdmahl81wie6qymCDAUeK7rIU8hNAZwXKGwEfdBNpPbN2dqvxFsYlVFGfxqkZ ZiuwKoJBpkinU7WlyVe5f8CXxy+XKQlGLJXE8BdqAFopE9miH4CcZvhsZ6jXBi9dTPooEccgc8SXY eNtBgW1tw==; Received: from willy by bombadil.infradead.org with local (Exim 4.90_1 #2 (Red Hat Linux)) id 1ew5Jr-0004vI-Rp; Wed, 14 Mar 2018 12:15:47 +0000 Date: Wed, 14 Mar 2018 05:15:47 -0700 From: Matthew Wilcox To: Igor Stoppa Cc: david@fromorbit.com, rppt@linux.vnet.ibm.com, keescook@chromium.org, mhocko@kernel.org, labbott@redhat.com, linux-security-module@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH 5/8] Protectable Memory Message-ID: <20180314121547.GE29631@bombadil.infradead.org> References: <20180313214554.28521-1-igor.stoppa@huawei.com> <20180313214554.28521-6-igor.stoppa@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180313214554.28521-6-igor.stoppa@huawei.com> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 13, 2018 at 11:45:51PM +0200, Igor Stoppa wrote: > +static inline void *pmalloc_array(struct gen_pool *pool, size_t n, > + size_t size, gfp_t flags) > +{ > + if (unlikely(!(pool && n && size))) > + return NULL; Why not use the same formula as kvmalloc_array here? You've failed to protect against integer overflow, which is the whole point of pmalloc_array. if (size != 0 && n > SIZE_MAX / size) return NULL; > +static inline char *pstrdup(struct gen_pool *pool, const char *s, gfp_t gfp) > +{ > + size_t len; > + char *buf; > + > + if (unlikely(pool == NULL || s == NULL)) > + return NULL; No, delete these checks. They'll mask real bugs. > +static inline void pfree(struct gen_pool *pool, const void *addr) > +{ > + gen_pool_free(pool, (unsigned long)addr, 0); > +} It's poor form to use a different subsystem's type here. It ties you to genpool, so if somebody wants to replace it, you have to go through all the users and change them. If you use your own type, it's a much easier task. struct pmalloc_pool { struct gen_pool g; } then: static inline void pfree(struct pmalloc_pool *pool, const void *addr) { gen_pool_free(&pool->g, (unsigned long)addr, 0); } Looking further down, you could (should) move the contents of pmalloc_data into pmalloc_pool; that's one fewer object to keep track of. > +struct pmalloc_data { > + struct gen_pool *pool; /* Link back to the associated pool. */ > + bool protected; /* Status of the pool: RO or RW. */ > + struct kobj_attribute attr_protected; /* Sysfs attribute. */ > + struct kobj_attribute attr_avail; /* Sysfs attribute. */ > + struct kobj_attribute attr_size; /* Sysfs attribute. */ > + struct kobj_attribute attr_chunks; /* Sysfs attribute. */ > + struct kobject *pool_kobject; > + struct list_head node; /* list of pools */ > +}; sysfs attributes aren't free, you know. I appreciate you want something to help debug / analyse, but having one file for the whole subsystem or at least one per pool would be a better idea.