Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp5313211imw;
        Wed, 20 Jul 2022 03:20:54 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1vc0sp9MtghooZWhisjBio0pHULeE+ZAX9g5mmIpOepPrk73v6PPeiaVZSPo7d9EolCoDKK
X-Received: by 2002:a17:907:7628:b0:72b:4d6f:ce8a with SMTP id jy8-20020a170907762800b0072b4d6fce8amr34899628ejc.59.1658312453924;
        Wed, 20 Jul 2022 03:20:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658312453; cv=none;
        d=google.com; s=arc-20160816;
        b=d8GlAUuqyciXb8TVh0fN3L6AY6ItxA+VhjnlBc/DcMOiPYzby6QY/lpYseVxwc6BuM
         hkRrSMBOqxMDjamh0HFdz7b5/y7HIMxNe1xc+k1rioeoJ9Z5oyk2aNQHy9Q3EusPsS73
         eYaGfNwAZ+ABQahVILKDZOi6ug5z0P+X6o1t4+BYBUpfALqS0Jg383vl5q0RolidKSED
         MPJOwQC+QLveYyU7NQ5QwJjV5QM+RGSnq08WvaLyXYmo7JBxjqeYqGEhHCd8mb13JaI2
         rpsjcwhYrnql6pjv87UDccjLRBYzrzVeAlM9KTpTrEmaq55K9AMOHqR3aeDs2dodNsRr
         AThQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=C6Z6JqwqSHD1Pxl7j+M9Xv/wk5TAAqbSiRlE2ihHvyk=;
        b=xiW+HI3uGRoURnaO5QhtxN52gxrzlFY+tU4DwgT0ehN1TS0hEGS4LRd9wE20rDByt6
         l19qTpfAnVmDpsSytAWTbMuecvEjOhFvLoUXDZLDi+vxxqc7Boe7TKI0VzxSXEna3U/z
         rJNSRqnfBDbhamNcbrY7yj3BWhK6CQhfFfKnsFrSZAClXjj4zXzmZzU3lZnjjbPH17ZQ
         M2nzmi9oTKbZRvJ4HtQTpqa46LOj/TozhnfqhSeMep6mmtM7tDPHfHm9nr8vPJj/7RZ3
         5RchTf3m+EM1EOpB8wiO+863qo5jC0Xw4i+qXeH2G1w5cNBfo0P/nk9NJKEhxKZQJh5c
         ruYw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=U93OjkVX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id i36-20020a0564020f2400b00439ba5b62c0si21593923eda.310.2022.07.20.03.20.28;
        Wed, 20 Jul 2022 03:20:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=U93OjkVX;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229827AbiGTKF4 (ORCPT <rfc822;alizee.penel@gmail.com>
        + 99 others); Wed, 20 Jul 2022 06:05:56 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58556 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229379AbiGTKFz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 20 Jul 2022 06:05:55 -0400
Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88CD75C9E8
        for <linux-kernel@vger.kernel.org>; Wed, 20 Jul 2022 03:05:50 -0700 (PDT)
Received: by mail-pl1-x62b.google.com with SMTP id c6so14524082pla.6
        for <linux-kernel@vger.kernel.org>; Wed, 20 Jul 2022 03:05:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=C6Z6JqwqSHD1Pxl7j+M9Xv/wk5TAAqbSiRlE2ihHvyk=;
        b=U93OjkVXci1r2RHwNOXChSOl29W1H4Aw9ze6/rLApkBNlMNjYWwh/uGvi0LxozP6D1
         buw7A48b80d75D7Zgy19O3zcN2oJHahtSiCUFvUwcvnYa4f1OmFdEKHPk+Tw++fHpHkO
         nJcwYvw5klU2ua/Fg/KSvx6R4oIGFl8JrMpq1QE1JU+tjnbuSqLcAXWEGlgkJbcJI2wa
         QT65DgTUFGOZ6iNbWIzr2cEEtZZ91eZzp7ZlqiItTguX0MP3qxrDuxX7bct5SPyavvoI
         WdBHfuJQUxq4TbLdmbklReu3rgMbjcfQpQygdILmoCpgUifHRsTbcVeroULUrVqksci+
         h/dQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=C6Z6JqwqSHD1Pxl7j+M9Xv/wk5TAAqbSiRlE2ihHvyk=;
        b=NV2T4pepyF26eBTb4wBO5yCBiIGoPMs/OdFkWpNTaJXQy+HWer3STb4pagEXnqVCIQ
         WMyi7mwOLb/wSwPFebNorYCQkD3WER+pStVyetMEHk1f09v8+Lsm6OdXfDx7/Ie8TqHP
         T5LVzF8Gp4Sc2vMT7dongECqQseqVfYvdfeDJ9G12ygCbqOO7DU2/tLhGsM/YEPxwddd
         hsu3pdWvWYrAgD7kWkHEcG+4oMCAtNfl6V5UKQUfJHTWI17DWhw6TlNsgmYUpsrl2363
         h6dilnp2dx0ZxTnla+3e3pjx1k99gP7ETDcJU0fOh0dnjhY8eX3swd2YR601IOxi7J/m
         1A4Q==
X-Gm-Message-State: AJIora+y0UbJBkim3NSA0UJK6+OBokH2buWCq/OaWxEOhQxXmMLiFUXT
        7hyKjFOznscA9Cwb66i/s3E=
X-Received: by 2002:a17:90b:1c09:b0:1ef:f82c:174b with SMTP id oc9-20020a17090b1c0900b001eff82c174bmr4411389pjb.88.1658311549965;
        Wed, 20 Jul 2022 03:05:49 -0700 (PDT)
Received: from ip-172-31-24-42.ap-northeast-1.compute.internal (ec2-35-78-228-6.ap-northeast-1.compute.amazonaws.com. [35.78.228.6])
        by smtp.gmail.com with ESMTPSA id r5-20020aa79885000000b00525442ac579sm13137201pfl.212.2022.07.20.03.05.46
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 20 Jul 2022 03:05:49 -0700 (PDT)
Date:   Wed, 20 Jul 2022 10:05:44 +0000
From:   Hyeonggon Yoo <42.hyeyoo@gmail.com>
To:     Marco Elver <elver@google.com>
Cc:     Christoph Lameter <cl@gentwo.de>,
        Pekka Enberg <penberg@kernel.org>,
        David Rientjes <rientjes@google.com>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Vlastimil Babka <vbabka@suse.cz>,
        Roman Gushchin <roman.gushchin@linux.dev>,
        Joe Perches <joe@perches.com>,
        Vasily Averin <vasily.averin@linux.dev>,
        Matthew WilCox <willy@infradead.org>,
        linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH 16/16] mm/sl[au]b: check if large object is valid in
 __ksize()
Message-ID: <YtfTeJrnViCejwC4@ip-172-31-24-42.ap-northeast-1.compute.internal>
References: <20220712133946.307181-1-42.hyeyoo@gmail.com>
 <20220712133946.307181-17-42.hyeyoo@gmail.com>
 <alpine.DEB.2.22.394.2207121701070.57893@gentwo.de>
 <Ys6Pp6ZPwJTdJvpk@ip-172-31-24-42.ap-northeast-1.compute.internal>
 <alpine.DEB.2.22.394.2207131205590.112646@gentwo.de>
 <CANpmjNPbbugrbCFADy1C7PgaU-4PMd9UK90QiHKS-Md0ocqa3w@mail.gmail.com>
 <alpine.DEB.2.22.394.2207141115050.184626@gentwo.de>
 <CANpmjNPGsqV4FYNq9Q-rUKCEZ3wOJbk3xfcfBks0O-bhFDmYcw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CANpmjNPGsqV4FYNq9Q-rUKCEZ3wOJbk3xfcfBks0O-bhFDmYcw@mail.gmail.com>
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HK_RANDOM_ENVFROM,
        HK_RANDOM_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jul 14, 2022 at 12:30:09PM +0200, Marco Elver wrote:
> On Thu, 14 Jul 2022 at 11:16, Christoph Lameter <cl@gentwo.de> wrote:
> >
> > On Wed, 13 Jul 2022, Marco Elver wrote:
> >
> > > We shouldn't crash, so it should be WARN(), but also returning
> > > PAGE_SIZE is bad. The intuition behind returning 0 is to try and make
> > > the buggy code cause less harm to the rest of the kernel.
> > >
> > > >From [1]:
> > >
> > > > Similarly, if you are able to tell if the passed pointer is not a
> > > > valid object some other way, you can do something better - namely,
> > > > return 0. The intuition here is that the caller has a pointer to an
> > > > invalid object, and wants to use ksize() to determine its size, and
> > > > most likely access all those bytes. Arguably, at that point the kernel
> > > > is already in a degrading state. But we can try to not let things get
> > > > worse by having ksize() return 0, in the hopes that it will stop
> > > > corrupting more memory. It won't work in all cases, but should avoid
> > > > things like "s = ksize(obj); touch_all_bytes(obj, s)" where the size
> > > > bounds the memory accessed corrupting random memory.
> >
> > "in the hopes that it will stop corrupting memory"!!!???
> >
> > Do a BUG() then and definitely stop all chances of memory corruption.
> 
> Fair enough.
> 
> Well, I'd also prefer to just kill the kernel. But some people don't
> like that and want the option to continue running. So a WARN() gives
> that option, and just have to boot the kernel with panic_on_warn to
> kill it. There are other warnings in the kernel where we'd better kill
> the kernel as the chances of corrupting memory are pretty damn high if
> we hit them. And I still don't quite see why the case here is any more
> or less special.
> 
> If the situation here is exceedingly rare, let's try BUG() and see what breaks?

Let's try BUG() for both conditions and replace it with WARN() later
if kernel hit those often.

I'll update this patch in next version.

And I have no strong opinion on returning 0, but if kernel hits it a
lot, I think returning 0 would be more safe as you said.

Thanks,
Hyeonggon