Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1088991pxk; Fri, 2 Oct 2020 00:11:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxIUI4IWQTUQUYdYkbd1h1P3+Cr90pypuNQB1+i7tQMa1z4jmoN0fTPDHINWLIdMoaUFD19 X-Received: by 2002:a17:906:82c5:: with SMTP id a5mr886262ejy.173.1601622681681; Fri, 02 Oct 2020 00:11:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601622681; cv=none; d=google.com; s=arc-20160816; b=nVa/DBt1KZmkq1lyL6ONFwopHFpCGayGGQEpZ+EZ4COvA+zUJ5UaxxRlkewHbfHIJ2 ZmxafXO7jIkJM/J6C9EjVr7iz/dD03ktO+kCM4n52Z96wyty5lGqQ5k9cPmifkKCYSDX GU5nqLjj+RhhETALUPFkzEGF7rE7Hp3zr42BHPT0XCn1UYTYP60UtItJsWFcHCFfIfIj fmMfhTnx1xdFiUsdlNvvNwui0CUVB4N734kS688N5xchGLe+SXScV01CC8PzL8v2i458 pfF/DDScop9KMit6VLCjMKXXup7umiZWXdLT3PwZBJPMVL3QZnvTLU+SPFugWyDo/LIQ cgJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Ye/s+D4VgMKbfo7kHtFUxt4Yo6siN0GRSwJxDl1BL+I=; b=EQDyJi3USPFMECjDEqSjy0feaWIHLvyQNF5UkebaHuYdEbi58yna//4AT4HzU/hFSN /Lq2fgEv4WOfwKcA2FI7ZbirtFblDiQMHeNdnnTtSsuJwxTD/MntQ/9Y06wy6Z1oGkoA rCl4CP6f1T3PydVfYaIHzrL+YEUD4s7qrAZeyix3s/bPcaWxxLphmjmE2GXqCDOuwmvP fDB9mXesivc4Wi/pFkXX3StXTy4l6yVHNnLZPIglb+5U8grfrtl8vnIAdenbF+A2LGJD iNUG1NtaZ+bRkGK5d/i+ApfaLcyEds8i2FpiNGUROJScMYVd+9vxupoNezRrEGn1mUWR 9HLQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lGd6dHat; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k10si445658edo.173.2020.10.02.00.10.58; Fri, 02 Oct 2020 00:11:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lGd6dHat; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726096AbgJBHHh (ORCPT + 99 others); Fri, 2 Oct 2020 03:07:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725948AbgJBHHg (ORCPT ); Fri, 2 Oct 2020 03:07:36 -0400 Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com [IPv6:2a00:1450:4864:20::544]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D6EFC0613D0 for ; Fri, 2 Oct 2020 00:07:36 -0700 (PDT) Received: by mail-ed1-x544.google.com with SMTP id c8so599359edv.5 for ; Fri, 02 Oct 2020 00:07:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ye/s+D4VgMKbfo7kHtFUxt4Yo6siN0GRSwJxDl1BL+I=; b=lGd6dHatt84jG23C4UbyRVcWWz0xn0Qrfij2A3wZfpYYjg9fPxAAd7grU5d8oUMsDT 7i3mC0uZujFHrRo5Kn7Ud1Eqj+wbu56Oi9N9sZdoAI4yvulybbON8fDDp7ueDbYsAJu8 K9HpYk48IbvvgxtQtjpQ+sDnTndH6h5h27ukC6sI3FlQpdE1xafysZbwQYl/d6AiQxhr 3cSCz3a9HVxJDlpGlxlK5xpA4oiHDi+nGtJvd+rDTIi8z5xCrPthNReLCeCZyWYox62T AKraMFe1S6O12Elu7j8RB9iXjo4zADGodhyx0ZgiTER3GmnSP48NewOSn33riX4PKmTQ 1COw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ye/s+D4VgMKbfo7kHtFUxt4Yo6siN0GRSwJxDl1BL+I=; b=PL1b/9Vfp2FXF50xKHWkZBBFPrRxRGsGZ5e7CNOeRJhIEWNevOa9Jh9LuV+rtmd1T+ IOKNKqSydPRxTiE9xNXaEPOv425qZIpIKY7SPMJ3CNj7MJ8ddxAoGO578baZu0D3yOTl ae/q0bWJLMsUxP2BteXFGY1M9qcNTLv82pLoAJfryEDlK2/oFDBfcujeX47g87fUm/uU 5SY36nhZ+CbJIR301bF7ZAi7XoBtlFdP/mElbS2sOSP6fffJX6SzDw8vO6eDvFPCO0EE XtXC2lxjH3tOpb8X6ODCv4CMxtHU07faalt8Fiv06DiBL+BWFbkZGMhpBkqh4MCkhBvU xhGA== X-Gm-Message-State: AOAM530dx+v6LwmPk766BRuO+T+3E25MQf547Sc/IVqN2jF7ugSp+5sy /Uf+TK0gpMHw2Gvg6PFVJdcArva9wffynLF+8iQodw== X-Received: by 2002:a05:6402:b0e:: with SMTP id bm14mr892264edb.259.1601622454831; Fri, 02 Oct 2020 00:07:34 -0700 (PDT) MIME-Version: 1.0 References: <20200929133814.2834621-1-elver@google.com> <20200929133814.2834621-6-elver@google.com> In-Reply-To: <20200929133814.2834621-6-elver@google.com> From: Jann Horn Date: Fri, 2 Oct 2020 09:07:08 +0200 Message-ID: Subject: Re: [PATCH v4 05/11] mm, kfence: insert KFENCE hooks for SLUB To: Marco Elver , Christoph Lameter Cc: Andrew Morton , Alexander Potapenko , "H . Peter Anvin" , "Paul E . McKenney" , Andrey Konovalov , Andrey Ryabinin , Andy Lutomirski , Borislav Petkov , Catalin Marinas , Dave Hansen , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Hillf Danton , Ingo Molnar , Jonathan.Cameron@huawei.com, Jonathan Corbet , Joonsoo Kim , Kees Cook , Mark Rutland , Pekka Enberg , Peter Zijlstra , sjpark@amazon.com, Thomas Gleixner , Vlastimil Babka , Will Deacon , "the arch/x86 maintainers" , linux-doc@vger.kernel.org, kernel list , kasan-dev , Linux ARM , Linux-MM Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 29, 2020 at 3:38 PM Marco Elver wrote: > Inserts KFENCE hooks into the SLUB allocator. [...] > diff --git a/mm/slub.c b/mm/slub.c [...] > @@ -3290,8 +3314,14 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, > c = this_cpu_ptr(s->cpu_slab); > > for (i = 0; i < size; i++) { > - void *object = c->freelist; > + void *object = kfence_alloc(s, s->object_size, flags); kfence_alloc() will invoke ->ctor() callbacks if the current slab has them. Is it fine to invoke such callbacks from here, where we're in the middle of a section that disables interrupts to protect against concurrent freelist changes? If someone decides to be extra smart and uses a kmem_cache with a ->ctor that can allocate memory from the same kmem_cache, or something along those lines, this could lead to corruption of the SLUB freelist. But I'm not sure whether that can happen in practice. Still, it might be nicer if you could code this to behave like a fastpath miss: Update c->tid, turn interrupts back on (___slab_alloc() will also do that if it has to call into the page allocator), then let kfence do the actual allocation in a more normal context, then turn interrupts back off and go on. If that's not too complicated? Maybe Christoph Lameter has opinions on whether this is necessary... it admittedly is fairly theoretical. > + if (unlikely(object)) { > + p[i] = object; > + continue; > + } > + > + object = c->freelist; > if (unlikely(!object)) { > /* > * We may have removed an object from c->freelist using