Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp106365rwp; Wed, 12 Jul 2023 10:19:26 -0700 (PDT) X-Google-Smtp-Source: APBJJlG3hEBja3OMvTp+a0T1XrSmYfyRsLR1TZxXOBk3+K1wR2R4aI+/p8By4ylPUNeS+WcxU4uM X-Received: by 2002:a05:6a21:788b:b0:115:e834:7bc1 with SMTP id bf11-20020a056a21788b00b00115e8347bc1mr18032480pzc.30.1689182366088; Wed, 12 Jul 2023 10:19:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689182366; cv=none; d=google.com; s=arc-20160816; b=g5Fwv2KmrO+TcgFRKCk0aY13b8HDwL37nkHz/QRkYBmKhHoQD6kVtlOpkXY7b2QMeV RB1+0lCeuGbesGJBTq687nLeiTZxUPyhouN+Bwb7MtouRPmMttMnI3YtlMm8fvrLgdNX MTshtsupQjcLiC+jWB21dnzdYoAI/wZdeuZ1vzREsSM+wixgj4GodzvIy9wk8LfQEkx6 Lz1dIdkpOliWMZMZN9xafnnfj8UipWSD6YWoKrcUknSYfBoCh1gvyA/OSQJ9DWkvqKdp z9J/b0KwUpxn6f7KMQcp7o6mYq7TnvInaWIX7JN2/6MdbNfGSjWl5iCXSBKmrg2/Mi2i Z/BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=/mvKlKHSg/A3EuJ2PFCJvzfOkyyunP0cNJw9XZ1YoG4=; fh=4I9zulnuaa5TPkCKIOTNIi//wfcaTkqkdQ68aKL3xBE=; b=xMCZY4kkopYvt6arLniO/8B+A3yBvMuJlMJqc49t1HBKdYqYmTnff0M0FGaZX5S29G cf5UIjP+lMU1g5yNn6I6Gm49fxU+tSdayM2iERXLwwEdRtgQmacrbMHYg6Lr5gXmn7BT I5SuJWlycB3wRdKjVFOO0UyFeIlOr07VGlLMx+SaPU9xRcvDq0GruMLrMDESHU6J7n6n ikJFsCKYLWrSWZ63VK7xV8Diepzb9tuqpobfW9FJaLe8zXTnOZPZVKnqDvC2bFRmu80S wgsq3UF8tPhbqxhCAhi6oiLIDfwVLv/iRL+Ri8ETQsVTnVsRffy2xQctlbdzr4spfLMJ AYTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=VHnuNATv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d19-20020a056a00199300b0068254b5a932si3572363pfl.341.2023.07.12.10.19.13; Wed, 12 Jul 2023 10:19:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=VHnuNATv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232948AbjGLQYJ (ORCPT + 99 others); Wed, 12 Jul 2023 12:24:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53456 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232767AbjGLQX4 (ORCPT ); Wed, 12 Jul 2023 12:23:56 -0400 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20D752D65; Wed, 12 Jul 2023 09:23:21 -0700 (PDT) Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-262fa79e97fso3585205a91.2; Wed, 12 Jul 2023 09:23:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689179000; x=1691771000; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/mvKlKHSg/A3EuJ2PFCJvzfOkyyunP0cNJw9XZ1YoG4=; b=VHnuNATviqOgKPuyo3fuh1fXRy2OtRR/omFx+1Sa0YyCS83h8RtoeVoirEmi33KxVj g1K4O/CD8L6aR7SXF02veyJT2HS+FHZLswYIM+kpjJKG4qXi54M6HzSgrgccjBhdZM16 7dkoE6XTRFpoldjZiEjKPk2sndtlxAE3IeSKB9XknsPXks/RyD6ePGFqztpdC2CocYgR XSByCC97A4XUlkhuinayUvwLt2+JXyvZ3iH8fN7QKSbCBuUKmzt4gro0OCSm83GQHUDj kLUajaa9ldIx42KMzNTTWuIe/PA2h/G1AZULj6qVniKflEdR/S8tU49+KDbfde7ePfir EnCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689179000; x=1691771000; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/mvKlKHSg/A3EuJ2PFCJvzfOkyyunP0cNJw9XZ1YoG4=; b=fXFKqAKnSPN5qsjKFhXcAnI8995UBvQ9+vd3FxmZXgbuVryXeMibPmxVW0McPqAC0D fT/F0bUBXcaDE/24sWhqEUsOKEFCYWSpz0LNsebVxfswyRsI5dyh3ncTJG415nMfULHt zxfYML0bY5ZTW6bSkSIuCCwM+AzHszj8326eMs5krLbUWaETAPFbWPaqmZ4Fe/uu1PII ehBBtvgs9TY73DHdLofzdxJMU0lAQBS2nLaupesF+yrTG2zfspk/W3NQ8ODOhT06IRcx JihLIo3vBqE1gRbVccg075UnPmvQFyuqbKrjhHZfv83rPfaNS1JzK6zk5N+GeAjlL5XZ foRA== X-Gm-Message-State: ABy/qLYOAaa528rAYddhgUbvse0QNtKqyL6FghNtq/eomrM4Q6RKm2mr RvyzJGhb8Myq3CC0gJe/QSNSkqDsPOc8UOMfcvw= X-Received: by 2002:a17:90b:400a:b0:263:f5a5:fb98 with SMTP id ie10-20020a17090b400a00b00263f5a5fb98mr15776385pjb.28.1689178999981; Wed, 12 Jul 2023 09:23:19 -0700 (PDT) MIME-Version: 1.0 References: <20230711134623.12695-3-vbabka@suse.cz> In-Reply-To: <20230711134623.12695-3-vbabka@suse.cz> From: Andrey Konovalov Date: Wed, 12 Jul 2023 18:23:09 +0200 Message-ID: Subject: Re: [PATCH 1/2] mm/slub: remove redundant kasan_reset_tag() from freelist_ptr calculations To: Vlastimil Babka Cc: Christoph Lameter , David Rientjes , Pekka Enberg , Joonsoo Kim , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Roman Gushchin , linux-mm@kvack.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org, Matteo Rizzo , Jann Horn , Andrey Konovalov , Marco Elver , Alexander Potapenko , kasan-dev@googlegroups.com, Kees Cook , linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 11, 2023 at 3:46=E2=80=AFPM Vlastimil Babka wr= ote: > > Commit d36a63a943e3 ("kasan, slub: fix more conflicts with > CONFIG_SLAB_FREELIST_HARDENED") has introduced kasan_reset_tags() to > freelist_ptr() encoding/decoding when CONFIG_SLAB_FREELIST_HARDENED is > enabled to resolve issues when passing tagged or untagged pointers > inconsistently would lead to incorrect calculations. > > Later, commit aa1ef4d7b3f6 ("kasan, mm: reset tags when accessing > metadata") made sure all pointers have tags reset regardless of > CONFIG_SLAB_FREELIST_HARDENED, because there was no other way to access > the freepointer metadata safely with hw tag-based KASAN. > > Therefore the kasan_reset_tag() usage in freelist_ptr_encode()/decode() > is now redundant, as all callers use kasan_reset_tag() unconditionally > when constructing ptr_addr. Remove the redundant calls and simplify the > code and remove obsolete comments. > > Also in freelist_ptr_encode() introduce an 'encoded' variable to make > the lines shorter and make it similar to the _decode() one. > > Signed-off-by: Vlastimil Babka > --- > These 2 patches build on top of: > https://lore.kernel.org/all/20230704135834.3884421-1-matteorizzo@google.c= om/ > > mm/slub.c | 22 ++++++---------------- > 1 file changed, 6 insertions(+), 16 deletions(-) > > diff --git a/mm/slub.c b/mm/slub.c > index f8cc47eff742..07edad305512 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -374,22 +374,14 @@ typedef struct { unsigned long v; } freeptr_t; > static inline freeptr_t freelist_ptr_encode(const struct kmem_cache *s, > void *ptr, unsigned long ptr_= addr) > { > + unsigned long encoded; > + > #ifdef CONFIG_SLAB_FREELIST_HARDENED > - /* > - * When CONFIG_KASAN_SW/HW_TAGS is enabled, ptr_addr might be tag= ged. > - * Normally, this doesn't cause any issues, as both set_freepoint= er() > - * and get_freepointer() are called with a pointer with the same = tag. > - * However, there are some issues with CONFIG_SLUB_DEBUG code. Fo= r > - * example, when __free_slub() iterates over objects in a cache, = it > - * passes untagged pointers to check_object(). check_object() in = turns > - * calls get_freepointer() with an untagged pointer, which causes= the > - * freepointer to be restored incorrectly. > - */ > - return (freeptr_t){.v =3D (unsigned long)ptr ^ s->random ^ > - swab((unsigned long)kasan_reset_tag((void *)ptr_a= ddr))}; > + encoded =3D (unsigned long)ptr ^ s->random ^ swab(ptr_addr); > #else > - return (freeptr_t){.v =3D (unsigned long)ptr}; > + encoded =3D (unsigned long)ptr; > #endif > + return (freeptr_t){.v =3D encoded}; > } > > static inline void *freelist_ptr_decode(const struct kmem_cache *s, > @@ -398,9 +390,7 @@ static inline void *freelist_ptr_decode(const struct = kmem_cache *s, > void *decoded; > > #ifdef CONFIG_SLAB_FREELIST_HARDENED > - /* See the comment in freelist_ptr_encode */ > - decoded =3D (void *)(ptr.v ^ s->random ^ > - swab((unsigned long)kasan_reset_tag((void *)ptr_addr))); > + decoded =3D (void *)(ptr.v ^ s->random ^ swab(ptr_addr)); > #else > decoded =3D (void *)ptr.v; > #endif > -- > 2.41.0 Reviewed-by: Andrey Konovalov Thanks!