Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2206575pxm; Fri, 4 Mar 2022 11:21:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJzoXd3q+g11R5hledJk521nC5X9aKsASIp1FWFEolVY+tqDXRh9LxdjUIEvWJIBRNJj5ATm X-Received: by 2002:a17:90b:248e:b0:1b8:e052:bb88 with SMTP id nt14-20020a17090b248e00b001b8e052bb88mr12118263pjb.181.1646421711609; Fri, 04 Mar 2022 11:21:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646421711; cv=none; d=google.com; s=arc-20160816; b=DD3cCqV3Ni4OnOHlluYYIoS538AherKc97ysNfo9c2Gor7KzcfueGXiy69EIblz0XH tT+h0Ey8lAlIuf+omtvV2LaOU6k9Y3nifJnYoK/+qhjfC+kb2cxhJl0ijjHNvGUuHl6b p55gv/yFYuFxfQTulrgOBQnYC9oEYC+jNWhAKc+0pH7SLusvNZ6qYcY3hX+pGMKHdKvW /k6P94zFXcUW/MjUm0bE5qPW+xmXV+8WIHEbMwowG49nfVJ9MQKNBDYUthfrIdGhd81a n/VdpaSbMkV/WZ3+3zdJA5axFh+04Nlq0Pk8sLE2swZSa2+W22oCnc4sFOTy6LMBTpAD ZZMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id:dkim-signature:dkim-signature; bh=h+2Itu7S1crpuZV7anehYym0zMXdq6gIiMgw+mWxVb4=; b=Nsk89HO7sJYo95ItTBD9iZGXKQ9MtlWnca0EfQcuCbVreqmw0pipWE4TOgymKPUgta i0ku9HoJ/Pk73zKy4j5997EHKpehZv7pWzE5/1fkLGnadoyuGy8T2aKKj2S4R0KVBodm kJzT7WVe9Xt4WbaSAfBuHl1MR+eDi5ToIcIgXBi2BePnlYzxgt95p2/DdAKbtIXEPh+0 20mZU36xPimKBLm+eC45gfgI3FHIKqyjpwgn7Ax2IdljIT8ox+2CiSrKuykUiGwju47f FDrHWrhklu0zHYLKPC9pyBILc9KPM082WCcHGrUDs9Nmrw0nM2K/nybxUFkffxXSdq85 lkYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=aKUeVXsA; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id y19-20020a170902b49300b0014f177c0f6csi4893413plr.557.2022.03.04.11.21.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Mar 2022 11:21:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=aKUeVXsA; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 275932017EA; Fri, 4 Mar 2022 11:08:48 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237635AbiCDQnk (ORCPT + 99 others); Fri, 4 Mar 2022 11:43:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35058 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240713AbiCDQnh (ORCPT ); Fri, 4 Mar 2022 11:43:37 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 227F86E7A2 for ; Fri, 4 Mar 2022 08:42:49 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id C720C1F38A; Fri, 4 Mar 2022 16:42:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1646412167; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h+2Itu7S1crpuZV7anehYym0zMXdq6gIiMgw+mWxVb4=; b=aKUeVXsAibm8DTcJS4p3Odp8T2pRYvkHDAatPXKAO4xM83rIJhLiCnbFNqOozShOI9w2dy 9/xHRBjevpgP3lT1A3TLp0I7srrfJuGil31hUkVvS4dW7WtHSfFOIMHpcLOtICIMb4zMfE In2ePdyWDb4C1Rsm5j/aI+8skosaPWY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1646412167; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h+2Itu7S1crpuZV7anehYym0zMXdq6gIiMgw+mWxVb4=; b=HdfV+Xl8PhkuhtYO3gxqiy4fR7yefPCrGWo/VKV5Wo4R1iooE+5j5g/z7CWSNK29C1IaaR 1ZH9rGQE/j1ptMCA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 9DF0813CE6; Fri, 4 Mar 2022 16:42:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id bLbFJYdBImIpUwAAMHmgww (envelope-from ); Fri, 04 Mar 2022 16:42:47 +0000 Message-ID: Date: Fri, 4 Mar 2022 17:42:47 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Content-Language: en-US To: Marco Elver , Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: linux-mm@kvack.org, Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Matthew WilCox , Roman Gushchin , linux-kernel@vger.kernel.org References: <20220304063427.372145-1-42.hyeyoo@gmail.com> From: Vlastimil Babka Subject: Re: [PATCH v2 0/5] slab cleanups In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/4/22 14:11, Marco Elver wrote: > On Fri, 4 Mar 2022 at 13:02, Hyeonggon Yoo <42.hyeyoo@gmail.com> wrote: >> >> On Fri, Mar 04, 2022 at 12:50:21PM +0100, Marco Elver wrote: >> > On Fri, 4 Mar 2022 at 07:34, Hyeonggon Yoo <42.hyeyoo@gmail.com> wrote: >> > > >> > > Changes from v1: >> > > Now SLAB passes requests larger than order-1 page >> > > to page allocator. >> > > >> > > Adjusted comments from Matthew, Vlastimil, Rientjes. >> > > Thank you for feedback! >> > > >> > > BTW, I have no idea what __ksize() should return when an object that >> > > is not allocated from slab is passed. both 0 and folio_size() >> > > seems wrong to me. >> > >> > Didn't we say 0 would be the safer of the two options? >> > https://lkml.kernel.org/r/0e02416f-ef43-dc8a-9e8e-50ff63dd3c61@suse.cz >> > >> >> Oh sorry, I didn't understand why 0 was safer when I was reading it. >> >> Reading again, 0 is safer because kasan does not unpoison for >> wrongly passed object, right? > > Not quite. KASAN can tell if something is wrong, i.e. invalid object. > Similarly, if you are able to tell if the passed pointer is not a > valid object some other way, you can do something better - namely, > return 0. Hmm, but how paranoid do we have to be? Patch 1 converts SLAB to use kmalloc_large(). So it's now legitimate to have objects allocated by SLAB's kmalloc() that don't have a slab folio flag set, and their size is folio_size(). It would be more common than getting a bogus pointer, so should we return 0 just because a bogus pointer is possible? If we do that, then KASAN will fail to unpoison legitimate kmalloc_large() objects, no? What I suggested earlier is we could make the checks more precise - if folio_size() is smaller or equal order-1 page, then it's bogus because we only do kmalloc_large() for >order-1. If the object pointer is not to the beginning of the folio, then it's bogus, because kmalloc_large() returns the beginning of the folio. Then in these case we return 0, but otherwise we should return folio_size()? > The intuition here is that the caller has a pointer to an > invalid object, and wants to use ksize() to determine its size, and > most likely access all those bytes. Arguably, at that point the kernel > is already in a degrading state. But we can try to not let things get > worse by having ksize() return 0, in the hopes that it will stop > corrupting more memory. It won't work in all cases, but should avoid > things like "s = ksize(obj); touch_all_bytes(obj, s)" where the size > bounds the memory accessed corrupting random memory. > > The other reason is that a caller could actually check the size, and > if 0, do something else. Few callers will do so, because nobody > expects that their code has a bug. :-)