Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1772372ybh;
        Sun, 8 Mar 2020 12:35:18 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vu4HZKO9uS/xQ8V8slhB5nh8v27JrtKeJshfS2HhnvmLtFW3/X1l8GwK9fC88mZWZH5oouY
X-Received: by 2002:aca:c596:: with SMTP id v144mr1736169oif.136.1583696118225;
        Sun, 08 Mar 2020 12:35:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1583696118; cv=none;
        d=google.com; s=arc-20160816;
        b=uQF7u89Iwlw3+Yxl9OkkRPhC0SHV9q0b5w34010k9SCFtfLLtN9qxOO9cYl07PE+iX
         L1OJoTCWi/PQXeLyGHeWpyLl3QkwK1Ck9gx+Vy3RU95Hr51e9zdvQ0sJM3wLizU4QPyZ
         Wl7vLqq22RpUUM+fkPCCihUlVkZhfyNJQTWxsF8mpO73LWs0FmA5ngjMS92E8N8jJsX8
         zgPQjPweOywSFcXZFOiBR9iBMm6GwvwJTQeI3OYQ4BJUKS2ZZ89fuNEiZ/LU7fT/XXff
         4WaQMIxEZqWrk+lIciM35xk9u+h3hEbYnYKMPWGguevzuxuVaQ/DZogN9fhwZy1BRNq5
         dW8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=yO1wkbCgD6RNyzcHQt3KMaeS9WpuTIrvAgxEVhljzD4=;
        b=hbKsvXyjVbWvPhrPh0m8lso6N8TNEbr8T5Wd3IC5SJvVuIIOtctlfA9JRrksMTnQfR
         kDDGRAllkaDhdHD8MV2Px2ptxD8TcH8SNAS4rI7QHWdcleTM9rY6k0mNkj8aV26wFAe8
         x04n9sbMegIQ1N2V4fUlVVWFsEeARDnt0zDqs/M30EnKWrTkwEfmamb2u6hlqVjC7sgi
         cKFQbMSFY2WC0dI6Cjh++En9v99X2lUZJtnQ6JbAeW1MthDEjyFkn7iHJnAl6mlsETz3
         PVY4NV65JOLLjU+BPwb8o0i8Vt1zpJQWJNMXOXPX/wCuzvSbr64+AnFuia5E+ceWRJhq
         aOTA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u205si3163765oif.235.2020.03.08.12.35.06;
        Sun, 08 Mar 2020 12:35:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726346AbgCHTeZ (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Sun, 8 Mar 2020 15:34:25 -0400
Received: from gentwo.org ([3.19.106.255]:43440 "EHLO gentwo.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726322AbgCHTeZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 8 Mar 2020 15:34:25 -0400
Received: by gentwo.org (Postfix, from userid 1002)
        id 8A8C03F1C0; Sun,  8 Mar 2020 19:34:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
        by gentwo.org (Postfix) with ESMTP id 8845B3E998;
        Sun,  8 Mar 2020 19:34:24 +0000 (UTC)
Date:   Sun, 8 Mar 2020 19:34:24 +0000 (UTC)
From:   Christopher Lameter <cl@linux.com>
X-X-Sender: cl@www.lameter.com
To:     David Rientjes <rientjes@google.com>
cc:     Vlastimil Babka <vbabka@suse.cz>,
        Kees Cook <keescook@chromium.org>,
        Jann Horn <jannh@google.com>,
        Pekka Enberg <penberg@kernel.org>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linux-MM <linux-mm@kvack.org>,
        kernel list <linux-kernel@vger.kernel.org>,
        Matthew Garrett <mjg59@google.com>,
        Vijayanand Jitta <vjitta@codeaurora.org>
Subject: Re: SLUB: sysfs lets root force slab order below required minimum,
 causing memory corruption
In-Reply-To: <alpine.DEB.2.21.2003041231020.260792@chino.kir.corp.google.com>
Message-ID: <alpine.DEB.2.21.2003081929460.14266@www.lameter.com>
References: <CAG48ez31PP--h6_FzVyfJ4H86QYczAFPdxtJHUEEan+7VJETAQ@mail.gmail.com> <alpine.DEB.2.21.2003031724400.77561@chino.kir.corp.google.com> <202003031820.7A0C4FF302@keescook> <beb7abda-2648-aae7-31c5-51da6f02380a@suse.cz>
 <alpine.DEB.2.21.2003041231020.260792@chino.kir.corp.google.com>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 4 Mar 2020, David Rientjes wrote:

> I'm not sure how dependent the CONFIG_SLUB_DEBUG users are on being able
> to modify these are runtime (they've been around for 12+ years) but I
> agree that it seems particularly dangerous.

The order of each individual slab page is stored in struct page. That is
why every slub slab page can have a different order. This enabled fallback
to order 0 allocations and also allows a dynamic configuration of the
order at runtime.

> The slub_debug kernel command line options are already pretty
> comprehensive as described by Documentation/vm/slub.rst.  I *think* these
> tunables were primarily introduced for kernel debugging and not general
> purpose, perhaps with the exception of "order".

What do you mean by "general purpose? Certainly the allocator should not
blow up when forcing zero order allocations.

> So I think we may be able to fix "order" with a combination of my patch as
> well as a fix to the freelist randomization and that the others should
> likely be made read only.

Hmmm. races increases as more metadata is added that is depending on the
size of the slab page and the number of objects in it.