Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <cd094c36-f22a-0a25-d5ee-7d502c5d50aa@suse.cz>
Date:   Wed, 26 Oct 2022 12:08:18 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.3.3
Subject: Re: [PATCH v3] mempool: Do not use ksize() for poisoning
Content-Language: en-US
From:   Vlastimil Babka <vbabka@suse.cz>
To:     Kees Cook <keescook@chromium.org>,
        Andrew Morton <akpm@linux-foundation.org>
Cc:     Andrey Konovalov <andreyknvl@gmail.com>,
        David Rientjes <rientjes@google.com>,
        Marco Elver <elver@google.com>,
        Vincenzo Frascino <vincenzo.frascino@arm.com>,
        linux-mm@kvack.org, linux-kernel@vger.kernel.org,
        linux-hardening@vger.kernel.org
References: <20221025233421.you.825-kees@kernel.org>
 <a2e15c0d-dd0f-dcf1-ca53-c37333bdfe99@suse.cz>
In-Reply-To: <a2e15c0d-dd0f-dcf1-ca53-c37333bdfe99@suse.cz>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Precedence: bulk

On 10/26/22 12:02, Vlastimil Babka wrote:
> On 10/26/22 01:36, Kees Cook wrote:
>> Nothing appears to be using ksize() within the kmalloc-backed mempools
>> except the mempool poisoning logic. Use the actual pool size instead
>> of the ksize() to avoid needing any special handling of the memory as
>> needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE.
>> 
>> Suggested-by: Vlastimil Babka <vbabka@suse.cz>
>> Link: https://lore.kernel.org/lkml/f4fc52c4-7c18-1d76-0c7a-4058ea2486b9@suse.cz/
>> Cc: Andrey Konovalov <andreyknvl@gmail.com>
>> Cc: David Rientjes <rientjes@google.com>
>> Cc: Marco Elver <elver@google.com>
>> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
>> Cc: Andrew Morton <akpm@linux-foundation.org>
>> Cc: linux-mm@kvack.org
>> Signed-off-by: Kees Cook <keescook@chromium.org>
> 
> Acked-by: Vlastimil Babka <vbabka@suse.cz>

Ah and since the subject was updated too, note this is supposed to
replace/fixup the patch in mm-unstable:

mempool-use-kmalloc_size_roundup-to-match-ksize-usage.patch

>> ---
>> v3: remove ksize() calls instead of adding kmalloc_roundup_size() calls (vbabka)
>> v2: https://lore.kernel.org/lkml/20221018090323.never.897-kees@kernel.org/
>> v1: https://lore.kernel.org/lkml/20220923202822.2667581-14-keescook@chromium.org/
>> ---
>>  mm/mempool.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>> 
>> diff --git a/mm/mempool.c b/mm/mempool.c
>> index 96488b13a1ef..54204065037d 100644
>> --- a/mm/mempool.c
>> +++ b/mm/mempool.c
>> @@ -58,7 +58,7 @@ static void check_element(mempool_t *pool, void *element)
>>  {
>>  	/* Mempools backed by slab allocator */
>>  	if (pool->free == mempool_free_slab || pool->free == mempool_kfree) {
>> -		__check_element(pool, element, ksize(element));
>> +		__check_element(pool, element, (size_t)pool->pool_data);
>>  	} else if (pool->free == mempool_free_pages) {
>>  		/* Mempools backed by page allocator */
>>  		int order = (int)(long)pool->pool_data;
>> @@ -81,7 +81,7 @@ static void poison_element(mempool_t *pool, void *element)
>>  {
>>  	/* Mempools backed by slab allocator */
>>  	if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc) {
>> -		__poison_element(element, ksize(element));
>> +		__poison_element(element, (size_t)pool->pool_data);
>>  	} else if (pool->alloc == mempool_alloc_pages) {
>>  		/* Mempools backed by page allocator */
>>  		int order = (int)(long)pool->pool_data;
>> @@ -112,7 +112,7 @@ static __always_inline void kasan_poison_element(mempool_t *pool, void *element)
>>  static void kasan_unpoison_element(mempool_t *pool, void *element)
>>  {
>>  	if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc)
>> -		kasan_unpoison_range(element, __ksize(element));
>> +		kasan_unpoison_range(element, (size_t)pool->pool_data);
>>  	else if (pool->alloc == mempool_alloc_pages)
>>  		kasan_unpoison_pages(element, (unsigned long)pool->pool_data,
>>  				     false);
>