Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Message-ID: <1561121745.5154.37.camel@lca.pw>
Subject: Re: [PATCH -next] slub: play init_on_free=1 well with SLAB_RED_ZONE
From:   Qian Cai <cai@lca.pw>
To:     Kees Cook <keescook@chromium.org>
Cc:     akpm@linux-foundation.org, glider@google.com, cl@linux.com,
        penberg@kernel.org, rientjes@google.com, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Date:   Fri, 21 Jun 2019 08:55:45 -0400
In-Reply-To: <201906201818.6C90BC875@keescook>
References: <1561058881-9814-1-git-send-email-cai@lca.pw>
         <201906201812.8B49A36@keescook> <201906201818.6C90BC875@keescook>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

On Thu, 2019-06-20 at 18:19 -0700, Kees Cook wrote:
> On Thu, Jun 20, 2019 at 06:14:33PM -0700, Kees Cook wrote:
> > On Thu, Jun 20, 2019 at 03:28:01PM -0400, Qian Cai wrote:
> > > diff --git a/mm/slub.c b/mm/slub.c
> > > index a384228ff6d3..787971d4fa36 100644
> > > --- a/mm/slub.c
> > > +++ b/mm/slub.c
> > > @@ -1437,7 +1437,7 @@ static inline bool slab_free_freelist_hook(struct
> > > kmem_cache *s,
> > >  		do {
> > >  			object = next;
> > >  			next = get_freepointer(s, object);
> > > -			memset(object, 0, s->size);
> > > +			memset(object, 0, s->object_size);
> > 
> > I think this should be more dynamic -- we _do_ want to wipe all
> > of object_size in the case where it's just alignment and padding
> > adjustments. If redzones are enabled, let's remove that portion only.
> 
> (Sorry, I meant: all of object's "size", not object_size.)
> 

I suppose Alexander is going to revise the series anyway, so he can probably
take care of the issue here in the new version as well. Something like this,

memset(object, 0, s->object_size);
memset(object, 0, s->size - s->inuse);