Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4978105rdb; Fri, 15 Sep 2023 20:16:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHYJZ1JgbtE8CwICCLPHZMyfmF+UO2C42vW27HRRZR6Jpp6bY60v/apgE7GioaI33ktD68Y X-Received: by 2002:a17:902:d2cd:b0:1c3:e5bf:a9f8 with SMTP id n13-20020a170902d2cd00b001c3e5bfa9f8mr4372673plc.19.1694834184792; Fri, 15 Sep 2023 20:16:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694834184; cv=none; d=google.com; s=arc-20160816; b=Etfw2LCg31rkPXtPvdK0yFsUVKs5OIFpLvZWhJYP1a7gPugxNVovlD1GEGd3ABHY6H SVEpkXypiopakoyFYtB89ktFplv1oxaLQD8KdkRreZfMvOe40YXuYo2g5xp8XeMQ+Fv/ v+5pK8+EnK2Neq8ANfQwQQ148LCyv1pzXZDxE/693hXAN90e9g87u3i5rNiswodra0U7 TVUliF9Z8OJojEXGc7DIxtRObkru948qsJ7dCN4bRCQa1y+KF8f2sDk+sg0ZyvXE+cof GskBvsSiRBMG34W5AtxlI6+nDzlXek042NOoInbjAzAMgrjqf35hyBC/W9ZrSiIgoRUJ sk0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=AZHk7vThpLpskZtqajJEmCcHKvsPyXWDUd5X6GjbEhM=; fh=d2EQQIfdQ0+CZ4eN/74dVftjEr0EIvgrnWLATEDK5kc=; b=WOJZ/xsv+I2VX4Mgw3tUIgwrWs6SL/AMavBJFhLTswfgwLdF3PP+Raxy2WNXnrtVjo Yubveq1deG2nZb3+aXeo2nzq3umg0z0+2UtQgiVtAL8g7Gi4ftSWlPACkhWCRb2bwlMa dw+VmmQOXxweE3HJxF96TL5r1QAF+4pcFTQs+PAmZdJADcnBFsbBv/uYtk/gms9KcdgY KxwUDASgUtfmti4Y5q3SRxK0roOkRvqoXVZkF/iFwtpsi6bH0F8c5OG8dFm7G2Ph+uY1 Zypa+uY7x8d+vGNHqE+XqwCIvTmi46uZHOKo7GRL6gipXqK7OCiIuHEsNm9FjV8LfJ7P aCzw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oc7I+p+6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id u10-20020a17090341ca00b001b89f653005si4607558ple.394.2023.09.15.20.16.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 20:16:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=oc7I+p+6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id C48AF83B2E6D; Fri, 15 Sep 2023 14:14:44 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237154AbjIOVOL (ORCPT + 99 others); Fri, 15 Sep 2023 17:14:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238081AbjIOVNg (ORCPT ); Fri, 15 Sep 2023 17:13:36 -0400 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F844CD0 for ; Fri, 15 Sep 2023 14:13:05 -0700 (PDT) Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-2745cd2ba68so2110767a91.0 for ; Fri, 15 Sep 2023 14:13:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1694812385; x=1695417185; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=AZHk7vThpLpskZtqajJEmCcHKvsPyXWDUd5X6GjbEhM=; b=oc7I+p+6FvfuU9el2G07pmZZeSF2QT32N24IMQTgseIYtZ+zm+hxwT+p5D7B239YdE JgNQ6SKWIt1wCWtz2CjTxBLR7cOFgHfhDt97dVKoIwWoohYv6zLWXU0Jb1UZV8uCrnMb qMRhQEU3J+aoYsqOLIesAlKpcVBPW9rqGgMRo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694812385; x=1695417185; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=AZHk7vThpLpskZtqajJEmCcHKvsPyXWDUd5X6GjbEhM=; b=WROreyZFP1Ny4XVY3li6kdSBoc17xU0HEcUqyRyyKlIeRGVxsAx1LULOfUtIlMLhHo gbJ6iGR9AGvig0sfZa3jnLwiGs+tfHDH9nLXGesnrFpler1UrgWx2di1+h+RksmUEhYZ dQKKkvIZ+327zCBdbuq/SafsQ3P+bTf4D5Tag4MWNpd9SPLEVSKhTC/1odAo5lau1FL+ XoFkKA62AS9xminDQQv/kNtNahmbAUT2kKhqvpDdR6c2pL3hK3eEFuEVDD9663JTcmeT oVNuGvpEkk6kxBKz+UqT6SlAwIckNWaIXmz6SspsQ+M9hObVGwLHtKfRwPcSqmVhfP2d Rq/g== X-Gm-Message-State: AOJu0YzMgcgM3Gl24kRUmgaG8JtEqcrw41CGekDWCUKcH7xx1fE3i/ow wSHmQh2VjJhCAngfj1agsJ3f+w== X-Received: by 2002:a17:90b:1952:b0:268:14a0:f8a with SMTP id nk18-20020a17090b195200b0026814a00f8amr2739464pjb.39.1694812384792; Fri, 15 Sep 2023 14:13:04 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id ie18-20020a17090b401200b0026971450601sm3428843pjb.7.2023.09.15.14.13.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 14:13:04 -0700 (PDT) Date: Fri, 15 Sep 2023 14:13:03 -0700 From: Kees Cook To: Matteo Rizzo Cc: cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, vbabka@suse.cz, roman.gushchin@linux.dev, 42.hyeyoo@gmail.com, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, corbet@lwn.net, luto@kernel.org, peterz@infradead.org, jannh@google.com, evn@google.com, poprdi@google.com, jordyzomer@google.com, ardb@google.com Subject: Re: [RFC PATCH 10/14] x86: Create virtual memory region for SLUB Message-ID: <202309151410.E65B8300F@keescook> References: <20230915105933.495735-1-matteorizzo@google.com> <20230915105933.495735-11-matteorizzo@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230915105933.495735-11-matteorizzo@google.com> X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Fri, 15 Sep 2023 14:14:45 -0700 (PDT) On Fri, Sep 15, 2023 at 10:59:29AM +0000, Matteo Rizzo wrote: > From: Jann Horn > > SLAB_VIRTUAL reserves 512 GiB of virtual memory and uses them for both > struct slab and the actual slab memory. The pointers returned by > kmem_cache_alloc will point to this range of memory. I think the 512 GiB limit may be worth mentioning in the Kconfig help text. And in the "640K is enough for everything" devil's advocacy, why is 512 GiB enough here? Is there any greater risk of a pathological allocation pattern breaking a system any more (or less) than is currently possible? > > Signed-off-by: Jann Horn But, yes, I'm still a fan, and I think it interacts well here with the rest of the KASLR initialization: Reviewed-by: Kees Cook Have you tried to make this work on arm64? I imagine it should be roughly as easy? -- Kees Cook