Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp949137pxx; Thu, 29 Oct 2020 19:54:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyCi9vSbzycn41KhqF4vV+nlCVpSn1ZVO6sR4zPwuBOkFWZw79Mi7dClE7TSJopEDyohD5X X-Received: by 2002:a17:907:72c7:: with SMTP id du7mr390995ejc.506.1604026454636; Thu, 29 Oct 2020 19:54:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1604026454; cv=none; d=google.com; s=arc-20160816; b=EskFyrtZ7t8livSZiyfbQSxsuF7UFehNpGrTaS8m/VppMuHRvgOnPQtf9U+mKWcxZN Zr1snmlEkT8TFzIfA+D0EPlYZuCCzymL8cwReM+zGraFWdAIVShaPTaF3THeg53uar/K NqBJtzGDxCZ/Dp4tXH+0ugiWEJwiMzU9EVNX4eU0IT0orgCzS2FnUCVbxXk1w1B45uEa DBRhAxAtyLOgI5wrWuxJLckppYPP2FdstU2HXylc7Dmtt3AaQI45XCsx3ske7CZcpAN3 uCZqMWS/ycXBHR0d8mAct7PLLRtE7Le3rndKOB9QFxt2/4sZWGlLinrLhOJElwVBiN5q 7AIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=kiZ/FvhUKgnzktM7r0SIhiQ+o9jRSo0aasuFIIfF3Y4=; b=GExPInM8xU/9ymm3jf2+Vcfyipv9mhDKo63IeotzK+coYrmHQIkyu3vYDFfWnrk92s Vq7gXHlzcsxxFpvmJrEHcB7E2DGjsIUJ15KjG5Lsu6uBAx02dyo2YqXkt8VztP4CA+tY oWZ9znPEpALEleha9YjPFWGwCJ8rQzflImUwFZshGBQfTvm+HASlfMR4dgnp/efVBscq euDrYzvPKipvI40Sueg4Mo6LKoxzuknPjfO5qRVyzy3dTMno3QiR9+uhmOv3QSg6xZV0 fD44X9itEJ7W+yRiuB/rrH5iAGCu2DVhK76SVar7CgWTZVYb8PK3tgiky0nnLS6BTXjg Zk5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="cI/RSXbZ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e12si3567463edy.188.2020.10.29.19.53.52; Thu, 29 Oct 2020 19:54:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="cI/RSXbZ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726282AbgJ3CuL (ORCPT + 99 others); Thu, 29 Oct 2020 22:50:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39222 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725963AbgJ3CuK (ORCPT ); Thu, 29 Oct 2020 22:50:10 -0400 Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20::241]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C71BAC0613D2 for ; Thu, 29 Oct 2020 19:50:09 -0700 (PDT) Received: by mail-lj1-x241.google.com with SMTP id d25so5309178ljc.11 for ; Thu, 29 Oct 2020 19:50:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kiZ/FvhUKgnzktM7r0SIhiQ+o9jRSo0aasuFIIfF3Y4=; b=cI/RSXbZ3J08HVkL+vxrbM0y0ixEiW+UufDqi9EAkN5pqVxxegRDoJPui5zHfZ7qjJ W8J63y0QQOu8sjqOyYPK2vOVdbuWG8XtwGWniWLz3CsMmEp9olTucaQhSUiHdGohBk9s HCF02zZFCKFSvDrXYT3Jcd3/Dfg2xKE+Jo7v9WHylqDTi35IZRyIolZA3vpGaLIlo5SR 8sbesLXWXbq5qxOr76b+jAy8CSLL9RIjyZiGrFk6bz02n2Fw/atjkAG3KwkVj8bq3LkC GCP/2Oop9izxkyn5RHaKefvSPajk5eXfdHcNgyE7zZ8gG7pjo7ejTNlbjHakBsLWi3SU 8PBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kiZ/FvhUKgnzktM7r0SIhiQ+o9jRSo0aasuFIIfF3Y4=; b=PKzsZiq1HhSIflyXE8z11mjCENzLnP4bBBYC8Z3ma7vImwA5RsYoRogEp9KY9UIaWc 6fSTxNI78stdPs1Cl3s1NaC/dOaT8Kn7BMFHr2Kj5atdUB9f6RHyI7/0DUorDsT5nbYn 7rkbAwSwk8xwc34XWgm/UBhcPLkbOJlmtzte/SkMqCrjpcG8apdnPFa3BxWEZ2DR2QtP KYXr/XWEOczbWumTzUMVTShezVAAH3V+lIJTDIu4pJrbDcJkPQ8eARXuVFybvyIq+K9w 3W84uxM+nPZC36r5CJneC8U4oSA6i56KtI83IBJjhV6m9v5Qaa7XmEfX5dgKcSlmajDN mBKw== X-Gm-Message-State: AOAM531gaoThOZmXNyNQDQoIxIZfsuVCwE6t3e8XiQQ8Ezu1aLNm8L1n KeytaSCm3PBYcG25FMetsUVo/Zd1uGMY8/ZFy5SB7w== X-Received: by 2002:a2e:9c84:: with SMTP id x4mr96553lji.326.1604026208097; Thu, 29 Oct 2020 19:50:08 -0700 (PDT) MIME-Version: 1.0 References: <20201029131649.182037-1-elver@google.com> <20201029131649.182037-6-elver@google.com> In-Reply-To: <20201029131649.182037-6-elver@google.com> From: Jann Horn Date: Fri, 30 Oct 2020 03:49:41 +0100 Message-ID: Subject: Re: [PATCH v6 5/9] mm, kfence: insert KFENCE hooks for SLUB To: Marco Elver Cc: Andrew Morton , Alexander Potapenko , "H . Peter Anvin" , "Paul E . McKenney" , Andrey Konovalov , Andrey Ryabinin , Andy Lutomirski , Borislav Petkov , Catalin Marinas , Christoph Lameter , Dave Hansen , David Rientjes , Dmitry Vyukov , Eric Dumazet , Greg Kroah-Hartman , Hillf Danton , Ingo Molnar , Jonathan Cameron , Jonathan Corbet , Joonsoo Kim , joern@purestorage.com, Kees Cook , Mark Rutland , Pekka Enberg , Peter Zijlstra , SeongJae Park , Thomas Gleixner , Vlastimil Babka , Will Deacon , "the arch/x86 maintainers" , "open list:DOCUMENTATION" , kernel list , kasan-dev , Linux ARM , Linux-MM Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 29, 2020 at 2:17 PM Marco Elver wrote: > Inserts KFENCE hooks into the SLUB allocator. > > To pass the originally requested size to KFENCE, add an argument > 'orig_size' to slab_alloc*(). The additional argument is required to > preserve the requested original size for kmalloc() allocations, which > uses size classes (e.g. an allocation of 272 bytes will return an object > of size 512). Therefore, kmem_cache::size does not represent the > kmalloc-caller's requested size, and we must introduce the argument > 'orig_size' to propagate the originally requested size to KFENCE. > > Without the originally requested size, we would not be able to detect > out-of-bounds accesses for objects placed at the end of a KFENCE object > page if that object is not equal to the kmalloc-size class it was > bucketed into. > > When KFENCE is disabled, there is no additional overhead, since > slab_alloc*() functions are __always_inline. > > Reviewed-by: Dmitry Vyukov > Co-developed-by: Marco Elver > Signed-off-by: Marco Elver > Signed-off-by: Alexander Potapenko Reviewed-by: Jann Horn if you fix one nit: [...] > diff --git a/mm/slub.c b/mm/slub.c [...] > @@ -2658,7 +2664,8 @@ static inline void *get_freelist(struct kmem_cache *s, struct page *page) > * already disabled (which is the case for bulk allocation). > */ > static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, > - unsigned long addr, struct kmem_cache_cpu *c) > + unsigned long addr, struct kmem_cache_cpu *c, > + size_t orig_size) orig_size is added as a new argument, but never used. (And if you remove this argument, __slab_alloc will also not be using its orig_size argument anymore.) > { > void *freelist; > struct page *page; > @@ -2763,7 +2770,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, > * cpu changes by refetching the per cpu area pointer. > */ > static void *__slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, > - unsigned long addr, struct kmem_cache_cpu *c) > + unsigned long addr, struct kmem_cache_cpu *c, > + size_t orig_size) > { > void *p; > unsigned long flags; > @@ -2778,7 +2786,7 @@ static void *__slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, > c = this_cpu_ptr(s->cpu_slab); > #endif > > - p = ___slab_alloc(s, gfpflags, node, addr, c); > + p = ___slab_alloc(s, gfpflags, node, addr, c, orig_size); > local_irq_restore(flags); > return p; > }