Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp3220086pxm; Mon, 28 Feb 2022 14:50:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJzmApl2Q27tCY/XKDZG6gymoqrLW4oJVtjqOX4ZKuIcpcK6KSdvkgTQ9NCjkKFaQ4vLe5LC X-Received: by 2002:a17:906:1603:b0:6ce:362:c938 with SMTP id m3-20020a170906160300b006ce0362c938mr17063607ejd.253.1646088647749; Mon, 28 Feb 2022 14:50:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646088647; cv=none; d=google.com; s=arc-20160816; b=ZTndJKSWhVJy2u8GNDCIIhFFiIUnm5xaFUghkGtBTlnDErUUB6V27MvYGYKAgM5Ojt A15gzqzj48MN/CFlA+LkDvRZ1Kd3YDg+LyoOYdlf6/jJhfc2AqlnD5mg7XnEeok0S9eU nKfJCIXxkYMDgqH3NMNi/KPB6emMSGOOSir+UigrLsBYcxWnvls7Z5B+M7bw69PXdqpr ilqs9yYNLZWhJgLjx/UuOQ/3mlOj35tUa7fEkiB+LG8r7R/s2d8f79SDppiCN0+Cq/Pu ho3bG/DTAxLq1aH5O0EWL9B4LdUpwZNyalprRniGetmF4hZgtawDLiHJi0aQZ04RWJw0 +Ouw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=izAQUggyP+5/oVhiuZDs8c+/hcOxRl41iBfO6/Va0lE=; b=iyNsZ7h95gYGfEHCqS7N1wgrihKNwuY3OLU5v24dfMTbPsRLuAKhf8yIEK23wgJ8a/ hN2uMdCGG1AAJi31cLr1uuYDITZ5U+ylN6IaYs/5vnw2lw8Ojly7aod8xp4uxKRptDkb lu4Hm1c1OTD7LoxAXA2nXChzcHSmDoXbMHkDs+ZkJgdcWkFr1ouYyyJM8pLHL3yO/qT9 cfzAJdWyPqF1Equ3vjldRez54u9k2WT2rXkZT4hIXAUd91PgPYPqJX48TP+lijxQExtH wOiAES/NoeQ3ypjKtIi+mPTlr1rdBXEJck3aM629XJnRQKG8ag8WAziM8nAZB7IvbVTr m3wg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=gdhZ7E6q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k7-20020a170906578700b006d5dcacfed1si6598677ejq.297.2022.02.28.14.50.24; Mon, 28 Feb 2022 14:50:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=gdhZ7E6q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231177AbiB1WnG (ORCPT + 99 others); Mon, 28 Feb 2022 17:43:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57256 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229551AbiB1WnF (ORCPT ); Mon, 28 Feb 2022 17:43:05 -0500 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 359275F92 for ; Mon, 28 Feb 2022 14:42:26 -0800 (PST) Received: by mail-lj1-x233.google.com with SMTP id y24so452675ljh.11 for ; Mon, 28 Feb 2022 14:42:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=izAQUggyP+5/oVhiuZDs8c+/hcOxRl41iBfO6/Va0lE=; b=gdhZ7E6qyVixQYbKXVG63vM2xxb0swnRwsBzKeIqWG+fvd2iqhAyhIGljd7cmjcZk+ VR0ScDUTHEHFo886kC5m1yLaFtBCSaxGF8GxeWo+jc9QYY+zeoG6JzMqgBDKYVLOvOLh RDcjCrs31LKoUs+2CZ4lKeaBV+t9lou9IkWaXm01N/ieXDUWpXKj1+GKvYSSTn/ucwiQ xOQy2ZQ4KfSJOuJq6Dwvy59kumfzDJGCNtAzV9eaVqcqkKkDbvvh9EzYgF2XkstDB/44 6af2uolk/7inaQ8fKQLIbomP/hHrh1kyhBCozZUGBlNhuQrEEX4Z8CusUwLIcUxSxIzt 6ppg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=izAQUggyP+5/oVhiuZDs8c+/hcOxRl41iBfO6/Va0lE=; b=1FvBynG2A5hTvYeSCCKnAkRa9+ggyCChJyxJCOpweP+oMyvssjbFBcgKOvSpYBdeOM 1IDe1IPXwi2uWcqgFWaORE+KHvWLuBQTgsNksPqfMa1rkHReoRLag55D7jC0JVd+1z27 vADkqemgMXOrzrNFaDnfCNIzB/+etBOii5LGqCRUjIjIj+QFIjDgSV261WhA3iw1gncC d97GTN9SAvaQiLvqGB/VpMmXQX5qUQrtYNcz6O5ye2rjtv9cB2FJGFGLm/UkCXGc1EvM Wxd7KiE4DwYx6Wj4h70fxRM22/oGrOJAcAoWNjq2vHTqIsIT2ciyMTub42QUT/28gy9D fLxw== X-Gm-Message-State: AOAM533rjElsSyrq4jUFnUH3UNgeMilxbA+uzzWF/BXIDwcNCvOZumsr IwbcpeLJwAWTLCXIJHGuZxeqHEWZ98zovydz4axIWA== X-Received: by 2002:a2e:bf24:0:b0:246:801e:39d3 with SMTP id c36-20020a2ebf24000000b00246801e39d3mr8704495ljr.472.1646088144327; Mon, 28 Feb 2022 14:42:24 -0800 (PST) MIME-Version: 1.0 References: <20220225221625.3531852-1-keescook@chromium.org> In-Reply-To: <20220225221625.3531852-1-keescook@chromium.org> From: Nick Desaulniers Date: Mon, 28 Feb 2022 14:42:12 -0800 Message-ID: Subject: Re: [PATCH] mm: Handle ksize() vs __alloc_size by forgetting size To: Kees Cook Cc: llvm@lists.linux.dev, Marco Elver , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , linux-mm@kvack.org, stable@vger.kernel.org, Greg Kroah-Hartman , "Rafael J. Wysocki" , Christoph Lameter , Nathan Chancellor , Daniel Micay , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-18.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 25, 2022 at 2:16 PM Kees Cook wrote: > > diff --git a/include/linux/slab.h b/include/linux/slab.h > index 37bde99b74af..a14f3bfa2f44 100644 > --- a/include/linux/slab.h > +++ b/include/linux/slab.h > @@ -182,8 +182,32 @@ int kmem_cache_shrink(struct kmem_cache *s); > void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __alloc_size(2); > void kfree(const void *objp); > void kfree_sensitive(const void *objp); > + > +/** > + * ksize - get the actual amount of memory allocated for a given object > + * @objp: Pointer to the object > + * > + * kmalloc may internally round up allocations and return more memory > + * than requested. ksize() can be used to determine the actual amount of > + * memory allocated. The caller may use this additional memory, even though > + * a smaller amount of memory was initially specified with the kmalloc call. > + * The caller must guarantee that objp points to a valid object previously > + * allocated with either kmalloc() or kmem_cache_alloc(). The object > + * must not be freed during the duration of the call. > + * > + * Return: size of the actual memory used by @objp in bytes > + */ > +#define ksize(objp) ({ \ > + /* \ > + * Getting the actual allocation size means the __alloc_size \ > + * hints are no longer valid, and the compiler needs to \ > + * forget about them. \ > + */ \ > + OPTIMIZER_HIDE_VAR(objp); \ > + _ksize(objp); \ > +}) > size_t __ksize(const void *objp); > -size_t ksize(const void *objp); > +size_t _ksize(const void *objp); If you wanted to discourage others from calling _ksize, you could hide its declaration within the scope of statement expression within ksize: https://godbolt.org/z/e4sd4nE6q -- Thanks, ~Nick Desaulniers