Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1846875rwb; Fri, 11 Nov 2022 00:58:42 -0800 (PST) X-Google-Smtp-Source: AA0mqf4Wcj7unuJjWxLimCMTQKzL9wMZ3nMCM/GP/Zz29Js471JB/+Wc1+dhC71DJX7dhbG7ghQu X-Received: by 2002:aa7:da1a:0:b0:454:cbef:c161 with SMTP id r26-20020aa7da1a000000b00454cbefc161mr618069eds.365.1668157122139; Fri, 11 Nov 2022 00:58:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668157122; cv=none; d=google.com; s=arc-20160816; b=0m1HSXOT9groSbL6H3mG4BM0VKUdfIW41JfXNx/ZGJG/4xrKAPfZwV8dMP1QBA6vOD GnwtDluYhALOLYL7iB8PCN79BnWrALs7SNCFd8xbAqstr/PRbOQHxlubZz6uJAKULkAY C/3nnOFSkuriH8+P+00vygfhuP5GmLgacHmseXQjsXmDkj7JhzaDqEYhhORMu3tTKkTk LxjN7T2i1RLGMb5DluY4JdtusUc00dXFfzE4WyBk7jL01nECzsJvFfipplD8r8mW9wN0 OCRSYlNPrgGt3HnWiOxwPRb6fQ0zB4lk8J5RlAju7lQW1P4UEIhmvWiNcHufXJy6ZgjU 8vYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=K3QYJ2EXLu+u4WaeAKt86AUgaddU0ZJc+TTeHOeCaKA=; b=QY3tDQx7uBrtiUtA6p3POWEubQoJlodWDdhsnJ6FHLiDX/+ghf3a5T+9wE3XIMFEwD GN3CfCpJyAFLIWnzTHvkXZ/xupQlg7O+Dr3O2M27vJw8kYgEUMjJZFfYdL0el1PzoBFl QGkHmPs1+sNQHb9lxSbz0AfJ2H89FLW5FJzw8i2+S/+D/Aqw83+/go3hlXIAhEXN2QmX FwlOItCUHl1fU25caSR7CSm8fuwJROADcqMaxww8ygtmdGGekpoUNgUcVdZ6y4r+c891 lZDPLxeBJTvNCFss7aoE2uKUkClBlY3lXBHi+2zyKXCaFtPH+cV5uxd70Q3m4oPmZl9p PWCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=fIwWWpAI; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i5-20020a1709064fc500b007316843d58bsi1624387ejw.925.2022.11.11.00.58.18; Fri, 11 Nov 2022 00:58:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=fIwWWpAI; dkim=neutral (no key) header.i=@suse.cz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233111AbiKKIQh (ORCPT + 92 others); Fri, 11 Nov 2022 03:16:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233116AbiKKIQf (ORCPT ); Fri, 11 Nov 2022 03:16:35 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 882FD70182 for ; Fri, 11 Nov 2022 00:16:34 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 3E5342206E; Fri, 11 Nov 2022 08:16:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1668154593; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K3QYJ2EXLu+u4WaeAKt86AUgaddU0ZJc+TTeHOeCaKA=; b=fIwWWpAIyj7U9UnoGnRTbdzv7YFcNdZZEZFW5YCn8mKWbZVwQwg9LKYknIjSs9Cn1HH1nl 05Y4lnKWcvcHhQbDJY1Up4AEmucMbMmecAsNmhXBlrH3tJ0/6wKYYtoHrOd+tZA/jUugS8 ClFqwgCbRg7rEFM9dIH8uiw8klANw8Y= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1668154593; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K3QYJ2EXLu+u4WaeAKt86AUgaddU0ZJc+TTeHOeCaKA=; b=eyv34fHRvuYKjWpuyugvAMN5DvJa1CvVCT4VqZT//+Dx3yu+z08RRkPj/kEWrZbfbSW8b/ RtDZ4kOrgaICtwCw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 0EC6C13357; Fri, 11 Nov 2022 08:16:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id rJP3AuEEbmOuOQAAMHmgww (envelope-from ); Fri, 11 Nov 2022 08:16:33 +0000 Message-ID: Date: Fri, 11 Nov 2022 09:16:32 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.1 Subject: Re: [PATCH v7 0/3] mm/slub: extend redzone check for kmalloc objects Content-Language: en-US To: Feng Tang , Andrew Morton , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Dmitry Vyukov , Andrey Konovalov , Kees Cook Cc: Dave Hansen , linux-mm@kvack.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com References: <20221021032405.1825078-1-feng.tang@intel.com> From: Vlastimil Babka In-Reply-To: <20221021032405.1825078-1-feng.tang@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/21/22 05:24, Feng Tang wrote: > kmalloc's API family is critical for mm, and one of its nature is that > it will round up the request size to a fixed one (mostly power of 2). > When user requests memory for '2^n + 1' bytes, actually 2^(n+1) bytes > could be allocated, so there is an extra space than what is originally > requested. > > This patchset tries to extend the redzone sanity check to the extra > kmalloced buffer than requested, to better detect un-legitimate access > to it. (dependson SLAB_STORE_USER & SLAB_RED_ZONE) > > The redzone part has been tested with code below: > > for (shift = 3; shift <= 12; shift++) { > size = 1 << shift; > buf = kmalloc(size + 4, GFP_KERNEL); > /* We have 96, 196 kmalloc size, which is not power of 2 */ > if (size == 64 || size == 128) > oob_size = 16; > else > oob_size = size - 4; > memset(buf + size + 4, 0xee, oob_size); > kfree(buf); > } Sounds like a new slub_kunit test would be useful? :) doesn't need to be that exhaustive wrt all sizes, we could just pick one and check that a write beyond requested kmalloc size is detected? Thanks!