Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1648844pxk; Fri, 2 Oct 2020 15:30:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGTYaJybiyQKhgRlMm7N2y8tAMFaO13cZ5AuCMzKN85fNgjiEYSSDp85RX82FWIFq8ycJt X-Received: by 2002:a17:907:408d:: with SMTP id nt21mr4209483ejb.355.1601677820352; Fri, 02 Oct 2020 15:30:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601677820; cv=none; d=google.com; s=arc-20160816; b=pOBCoNAF8YmiHF3mpn0Mfewa8JfDr6bkrxXy0WZJZGBQTkJvgmrVIAz8E0SLv1pQRi ImUROuGVoyYQiupnmZws4M25NDdmhnBNDjK2aPsHoTlBx2Wc2nieUdM4u62Dq6cvfr1o HyLxRvD6L5PcNb3vEJk18LhCk/ou3BOxkZRCZsKPMpEXNmxYuIe5QFEfDP0MXtjr5Jjx FVg7pIarRaJnhalJ5WRfrTnGIpIbgqk1lcZ74s7fSGFoZpOEGQNcqrsksqli0gLO4DdR dRInLfID1DxMINDMRaDOkNSQjUv31+81ZIfwvi4fk2R/Gv8gkoKcc14EKRpBfWdEBK6x jquw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=WenNmI5oUkGle0L0WRFJAM5U4b70dfVnKCotDQT26ic=; b=EfNizDfvRogmnI+iqT2R15FL9VuIRGLT0xHMxhttawMhTjxhuStQOqK7IDljboWhu5 2pg36IzaL1tqyw15XTfr70PXWpC6IwdDR5tfJdnXGTqT1Rdrbv4AWX3WaDu9/Orb+QoQ Yc0HYJq6t8mfYPmayFFruPI/FtfKRZMQY9q/ska0OQoI78cq/bYS5e1/cgiLRj1rB2su 2vEexNYQatgOwVyFeVWIv80IuvbD2q4oCoG+H29T2pwFOfebT1+lMHX4mCM5/Wq+u4Wr AEx3GXs4iZ76szbkSeXmjeItUlC6I8/U5xid2ahhklNCsPPOkYztK22QZt7n5Y2qNJ19 Uarg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qpOS6AVU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ss5si1234754ejb.737.2020.10.02.15.29.57; Fri, 02 Oct 2020 15:30:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qpOS6AVU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725768AbgJBW1o (ORCPT + 99 others); Fri, 2 Oct 2020 18:27:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725283AbgJBW1o (ORCPT ); Fri, 2 Oct 2020 18:27:44 -0400 Received: from mail-ed1-x543.google.com (mail-ed1-x543.google.com [IPv6:2a00:1450:4864:20::543]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06A97C0613E2 for ; Fri, 2 Oct 2020 15:27:44 -0700 (PDT) Received: by mail-ed1-x543.google.com with SMTP id dn5so3317426edb.10 for ; Fri, 02 Oct 2020 15:27:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WenNmI5oUkGle0L0WRFJAM5U4b70dfVnKCotDQT26ic=; b=qpOS6AVUOpuYRfzrRmEmY8nFGGqKUYhiSPRrmYu88Du2AlPVrjadxaORzyWIUB+fjv xpaD/n3wkuOKLrC9HL/gQdNsnY351O+V0ZdYMLnIVW2BKM9QtUmYIvTjPSk/Zfcq3pBN xsaKuY05LuXKpImIi1CiXpmFMSJ+WoX6JllYGomKn8gKTHCaHKeMWepJgmt5iX4SYnkM hXpZng8JV1+NGujOYQZt5ix2ASa/uwXlpzl2sc7HOPP3UKX1TxAPv2X9zN37wP9VfVbR RyR9KEP4ICSJJTRkowmJI7H/md2Pjy0JEq2U1hjvc1iMjpe41ESKQ/mHcBumKoqhLD0c Uk9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WenNmI5oUkGle0L0WRFJAM5U4b70dfVnKCotDQT26ic=; b=pFdvcJ+Px2Ex367dr+FJamAE45La9zXCg7bvkpZZB31P5pNrHWNJ0FeCddnHHn6LpW VFNANZhsLVOPf/j4roBvIlXKFenHKZDJa++4FlID2g3QukbKcbI4x2z47fGQrtoifAYU uCB30GOtMIT1EujUV4ubVWXBUAtZWrsIx1assPx2iJzY0xKA6hdMKcerVVsMqMWJPRro 0PTxUlOW7xnlOf6vu4RG47ZYTavugYKlxcBTFl//xIBBIoOK/BlU3P0aWr6ieQANYwGP dxi7/9CxyKRT6jxf7lRRXOwsCnl8gL9B2HUZSXMLY/BA0awiI5V4XNU4J6XGO0uM3qbG dklQ== X-Gm-Message-State: AOAM530/7XFl+3RgP9g++GHo8rfF7+9GuCHQgAZz5ijJAuCLCuFOqjhi rGRGR0rj/3XKfqxpVvl1Sm/EzGAjkVoC6Fkp8ghoVA== X-Received: by 2002:a05:6402:b0e:: with SMTP id bm14mr5117814edb.259.1601677662551; Fri, 02 Oct 2020 15:27:42 -0700 (PDT) MIME-Version: 1.0 References: <20200929133814.2834621-1-elver@google.com> <20200929133814.2834621-2-elver@google.com> <20201002171959.GA986344@elver.google.com> In-Reply-To: From: Jann Horn Date: Sat, 3 Oct 2020 00:27:16 +0200 Message-ID: Subject: Re: [PATCH v4 01/11] mm: add Kernel Electric-Fence infrastructure To: Marco Elver Cc: Andrew Morton , Alexander Potapenko , "H . Peter Anvin" , "Paul E . McKenney" , Andrey Konovalov , Andrey Ryabinin , Andy Lutomirski , Borislav Petkov , Catalin Marinas , Christoph Lameter , Dave Hansen , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Hillf Danton , Ingo Molnar , Jonathan Cameron , Jonathan Corbet , Joonsoo Kim , Kees Cook , Mark Rutland , Pekka Enberg , Peter Zijlstra , SeongJae Park , Thomas Gleixner , Vlastimil Babka , Will Deacon , "the arch/x86 maintainers" , "open list:DOCUMENTATION" , kernel list , kasan-dev , Linux ARM , Linux-MM , SeongJae Park Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 2, 2020 at 11:28 PM Marco Elver wrote: > On Fri, 2 Oct 2020 at 21:32, Jann Horn wrote: > > > That's another check; we don't want to make this more expensive. > > > > Ah, right, I missed that this is the one piece of KFENCE that is > > actually really hot code until Dmitry pointed that out. > > > > But actually, can't you reduce how hot this is for SLUB by moving > > is_kfence_address() down into the freeing slowpath? At the moment you > > use it in slab_free_freelist_hook(), which is in the super-hot > > fastpath, but you should be able to at least move it down into > > __slab_free()... > > > > Actually, you already have hooked into __slab_free(), so can't you > > just get rid of the check in the slab_free_freelist_hook()? > > I missed this bit: the loop that follows wants the free pointer, so I > currently see how this might work. :-/ reverse call graph: __slab_free do_slab_free slab_free kmem_cache_free (frees a single non-kmalloc allocation) kmem_cache_free_bulk (frees multiple) kfree (frees a single kmalloc allocation) ___cache_free (frees a single allocation for KASAN) So the only path for which we can actually loop in __slab_free() is kmem_cache_free_bulk(); and you've already changed build_detached_freelist() (which is used by kmem_cache_free_bulk() to group objects from the same page) to consume KFENCE allocations before they can ever reach __slab_free(). So we know that if we've reached __slab_free(), then we are being called with either a single object (which may be a KFENCE object) or with a list of objects that all belong to the same page and don't contain any KFENCE allocations.