Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3156428pxk; Mon, 5 Oct 2020 02:33:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwQoG6zgtMpRtU0sCGV3/ZteVXdzD1lhtsI6qo2JZqZVHZzw/XyiJ/gi4POsna68bf+6NgW X-Received: by 2002:a17:907:ab9:: with SMTP id bz25mr6546051ejc.90.1601890396371; Mon, 05 Oct 2020 02:33:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601890396; cv=none; d=google.com; s=arc-20160816; b=mYRd3i1QRMcwzg5H45Bu43nQJhEBmZSFQyberjty8n7RoXGp5Kjnz0wGInZkRRG835 c6BIe+6hR6CpiMVAL555kAtYGovS/bNYkBRurnLbTQ9RnrsgWwsiYJJ/CrzCYBWw/rTW AQSC6IHabeZlM/swajWmn9iPSI+6xr/9xz7+3JmbrOwbMDQWH3ra46Hb8jTbRtXXELwN LYsXr0APJFHdjmYUURMqpMeHkcfcUSbb+5E/s68UIvjUl4RKE4k/8Tafs8ZG8H4zdtWN kB/bJeTT0EyscUyDp29f7FY+mu/ycSsmlCgvjKY79nKIhmPjhsXezM3CnfS64Zm9Ij5k HO0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=NkkZ0AZItfPzXXyiWUs3wdbhFkdEuozzWE5YN7fX2Ds=; b=jZcqrUX3RULhncPHJltQn75oL2KU8DL88z0j9VlPZKbs/98dzKKsF3Zirh1CW2oCYF SEmn0lDXXIP/TmO29vYjME1OX1PhS8RF+IP2HZyuV/2uTs45RBcLTr/QHqQDRKxEXalP RhOd4xvGX/eBHMkhFAe9U+4gIXEzcDmbV+LI2ShLKYpWCek0TP9ILE+HWUF+UJS92Hl0 joKQ/hqCdo3tsChFRp8L+NKfAo98yzdrpvTHmwCZXBpcE2i4vzJxyikdcY8VF8MJ6h+/ SVCJcFAjB/mDMZIkkxiNYPEliFAy4flmuwYGyOxHzF+ieqw26WKZg/wRnvxgSzFAXqQA yxCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RD6Sa7SS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qn17si3648076ejb.303.2020.10.05.02.32.53; Mon, 05 Oct 2020 02:33:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RD6Sa7SS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725940AbgJEJ3d (ORCPT + 99 others); Mon, 5 Oct 2020 05:29:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725895AbgJEJ3c (ORCPT ); Mon, 5 Oct 2020 05:29:32 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09B09C0613CE for ; Mon, 5 Oct 2020 02:29:31 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id j136so8031816wmj.2 for ; Mon, 05 Oct 2020 02:29:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NkkZ0AZItfPzXXyiWUs3wdbhFkdEuozzWE5YN7fX2Ds=; b=RD6Sa7SS02XMmSEITYc+16rUxDLnGebQGiPycqS2AHIUGt1HKXcbyFJO2j0zhLR3ZV MYcG6n/KPVssa/d74T6uHaLPmzw2YIJ1RxZv5UH86MyTQlbgSGwcY3lCojdvHOvoyLYr 3InQKiPVQXm4doK9Npsgmpq0pyMNNUx9LU9zwy/R4Ti81NIxZHdTsUYc32lFcxjUghCM zJUY/Iu5ON7FYBKZ9+lmmO5Sk7FYh54C7wOC7bqTUUXmPugywv4W1v8BMeNvxBdNZqK5 TkRXl7IBaL10uym0Pw2B4bUGB1dniXKZJs8Nz3qozzlnsaxB/V2jYceXHMtovB6Oemp3 S4+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NkkZ0AZItfPzXXyiWUs3wdbhFkdEuozzWE5YN7fX2Ds=; b=rGZxti69zpQvTx4gkV6E7uZX4a7Z8pPQoePbnCwhC9DC5pjW/KKRuOVnZwFoh4DQb+ wwAQ27uRUHBE2HHQWvX5qwv49UqCs0pY2kHdiY/UpZWGx0phzvuPTgOsUlKa1QK+PVSA gIupCVnCmRhH1l7nGIMAdRKLdF8Z+JLWpSIJjEIEo0iDyBHsOeCBBTGIeyszB+m7xd/0 j2cw5CXaW0VHzPKjR7zC3/wOXHQMCvJ9QJZ/H6sA7xbUPiNjTx3933hVLRbMAinv9jil UhxxyZfuG0OTaxfjZXagtBbHqjCViK06RnJxO0+bWrmKKqcIEqXEufZ0PMFS3zYepQ3Y wXuA== X-Gm-Message-State: AOAM530T5O/lvfquX8yhjUHOoCB6L25qJZ4qY/d0Dw8q6YRNuhWtCO2n VQDGb4ph4cAz+04l2ecaDJRF49V212ZmO4uhj1ueiw== X-Received: by 2002:a7b:cd93:: with SMTP id y19mr15306469wmj.112.1601890169505; Mon, 05 Oct 2020 02:29:29 -0700 (PDT) MIME-Version: 1.0 References: <20200929133814.2834621-1-elver@google.com> <20200929133814.2834621-6-elver@google.com> In-Reply-To: From: Alexander Potapenko Date: Mon, 5 Oct 2020 11:29:18 +0200 Message-ID: Subject: Re: [PATCH v4 05/11] mm, kfence: insert KFENCE hooks for SLUB To: Jann Horn Cc: Marco Elver , Christoph Lameter , Andrew Morton , "H . Peter Anvin" , "Paul E . McKenney" , Andrey Konovalov , Andrey Ryabinin , Andy Lutomirski , Borislav Petkov , Catalin Marinas , Dave Hansen , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Hillf Danton , Ingo Molnar , Jonathan Cameron , Jonathan Corbet , Joonsoo Kim , Kees Cook , Mark Rutland , Pekka Enberg , Peter Zijlstra , SeongJae Park , Thomas Gleixner , Vlastimil Babka , Will Deacon , "the arch/x86 maintainers" , "open list:DOCUMENTATION" , kernel list , kasan-dev , Linux ARM , Linux-MM Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 2, 2020 at 9:07 AM Jann Horn wrote: > > On Tue, Sep 29, 2020 at 3:38 PM Marco Elver wrote: > > Inserts KFENCE hooks into the SLUB allocator. > [...] > > diff --git a/mm/slub.c b/mm/slub.c > [...] > > @@ -3290,8 +3314,14 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, = gfp_t flags, size_t size, > > c =3D this_cpu_ptr(s->cpu_slab); > > > > for (i =3D 0; i < size; i++) { > > - void *object =3D c->freelist; > > + void *object =3D kfence_alloc(s, s->object_size, flags)= ; > > kfence_alloc() will invoke ->ctor() callbacks if the current slab has > them. Is it fine to invoke such callbacks from here, where we're in > the middle of a section that disables interrupts to protect against > concurrent freelist changes? If someone decides to be extra smart and > uses a kmem_cache with a ->ctor that can allocate memory from the same > kmem_cache, or something along those lines, this could lead to > corruption of the SLUB freelist. But I'm not sure whether that can > happen in practice. From cache_init_objs_debug() in mm/slab.c: /* * Constructors are not allowed to allocate memory from the= same * cache which they are a constructor for. Otherwise, dead= lock. * They must also be threaded. */ So, no, it is not allowed to allocate from the same cache in the constructo= r. > Still, it might be nicer if you could code this to behave like a > fastpath miss: Update c->tid, turn interrupts back on (___slab_alloc() > will also do that if it has to call into the page allocator), then let > kfence do the actual allocation in a more normal context, then turn > interrupts back off and go on. If that's not too complicated? > > Maybe Christoph Lameter has opinions on whether this is necessary... > it admittedly is fairly theoretical. > > > + if (unlikely(object)) { > > + p[i] =3D object; > > + continue; > > + } > > + > > + object =3D c->freelist; > > if (unlikely(!object)) { > > /* > > * We may have removed an object from c->freeli= st using -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Halimah DeLaine Prado Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg