Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp651785lqp; Wed, 12 Jun 2024 11:58:06 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU469hfqwlXJSBAxr5Uv7WLQF17SLpb4YvPPV0vy7VeuLcJxPoBcm0neyYY3CFvHkhbFOkJK+PxtcUF9Ogv8aoxbMUIpTtFpGUSbLOV1A== X-Google-Smtp-Source: AGHT+IEIfaMpAq8yr1OxytqddZJt2s6maY6zvEVT/n76OBMrVNN4G0orfARy7VgpCPMHnJeYbLYu X-Received: by 2002:a17:902:db11:b0:1f7:e32f:f067 with SMTP id d9443c01a7336-1f83b6eacfemr35759315ad.50.1718218686170; Wed, 12 Jun 2024 11:58:06 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718218686; cv=pass; d=google.com; s=arc-20160816; b=ON6iowivx3bHlA1iRWWhbmoJmEsBrE5ei7NxRr4WLumermmKqEIm4O18UOzP/cBh7f 7BKS4HVME532oesLQXBiv6H84307sI44tWpZg+YyLvA9hEcQcEg7DiUXKCK3OJB951ak svi4NzAgpQdVjgspaUBdJxooni91r6axid3ekFz3tqy2NxzyNtv6VkMZXKH263N18o5O MFS/2rXA6VK9enOANCzlvVbqBNYEePRfTFKAJipixv4ToEwqPpD2+N6nBPF7YRPxO730 wLRy0xAgBqMuqo+iODosevOstY5n8D49axKjRY4rXa5dIcH9HZr7Xh/oAcPBZU/CzVyu t1EQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=PGQ86V5UBZNtwrXw5n09oNJAhyYxpBSbswgP7IxzOcw=; fh=AQZ2mMTmJfUPb02M/OBy1/6ZjmVr9vUHPsGT5KF2eBI=; b=vDQnK44amGZyWc12I0e8/KLI/GJBkESTRFLK2wuci98Imc5L60v4oblMSnwEugwlnU 6sDbVZR4opJsjciXdWCbHqmnEm0BOEZUT/E5/XS1rmAK8Yi7q6RLJF23uMbauyJEbzRF bKOxqM7f66UbKlYyU/+BI741QA6a5uUIH80bu9uGw6oTvXa4kxN5q5V64Y0KpJtQPgY4 /jnviXC3DW+YbhHLchjMC/Bxh0K0FIpEzA+QmsaPuKQ0GOiEd41Qi2cgesLmV0HzlwOq fgqSsj4ZBcz5DZp7yUQF9vUD0hKCbF4mYcV5pW831y9FPmBEcIwR7kXqcW6zw71mrmS0 QEbA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OzRr01nS; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-212098-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-212098-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f72ffdbb7csi38551765ad.42.2024.06.12.11.58.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jun 2024 11:58:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-212098-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OzRr01nS; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-212098-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-212098-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id BF00E28A9DE for ; Wed, 12 Jun 2024 18:39:52 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 837BC757E5; Wed, 12 Jun 2024 18:39:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OzRr01nS" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5CB16F073 for ; Wed, 12 Jun 2024 18:39:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718217561; cv=none; b=H2/kfv0nRK2hA+xI8dsR5s/tw280mTx/rWdl2c7USTPy5NPfs4QMZSm387AbYD/7h36NGoFIkMkju9j9tWLhGlhS4tfSNu2vVKZdskStYfYcpgibaLOE2ZvXSQZd/YTceL9mY6SfWrd8+euZhVnOPZYjleqBUySjvxmw6mOntGk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718217561; c=relaxed/simple; bh=MJVHRfHxaj60Hxhysjmfq/EOEVzWOTcWYElXRx7ibPY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=c/hjto4uGmGyhPTZt9DGz2fsI+InOFQE/uw9tedjHRIHW6U7Pwu/VbOM3r7FyP/CDk6Z7FyL467tndYqoPdRuVo6ZbPVeXiKmthsRFy3zc1kGTDg76t551XtlOyYJaLQoawiXlg6iOaFAw7DUs0fP9c2bU8cOigS80KMY9/ihNk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OzRr01nS; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28C51C116B1; Wed, 12 Jun 2024 18:39:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1718217560; bh=MJVHRfHxaj60Hxhysjmfq/EOEVzWOTcWYElXRx7ibPY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=OzRr01nSYr1S44pbL4683JbDFh4GYvuUS/2Ofesh3Z4B5uaQ+kRkCRG39mDhAn0GI vfVpxlR93ToKvKjsl+r9mJlCqJ7Ee7Pmzsy9tWmXs4MGllFzMegoH4kOcvgTRR+WTL 8L0KPjiDxrnjRw9bB97mwfLNL+UTtpXF/77wEYXHZ6wZzh8ShupTgm9XaHTOMDZrNR Vh99JEjgq/ISlIDVzLHIMo3B89SZbLQxU9+TLmmGylhIQzufbHGZ+ppZRAJg0d1IUC HhmV1nbdeMXkwVAGJPJIfHnYZ9HUmx415ClIB4+sR0W5ds5Co16KlV8uRLb4+xvdQU HnVc9gQ1W6qnw== Date: Wed, 12 Jun 2024 11:39:19 -0700 From: Kees Cook To: "Christoph Lameter (Ampere)" Cc: Vlastimil Babka , Chengming Zhou , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Feng Tang , linux-mm@kvack.org, linux-kernel@vger.kernel.org, zhouchengming@bytedance.com Subject: Re: [PATCH v3 1/3] slab: make check_object() more consistent Message-ID: <202406121135.A3900578BF@keescook> References: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> <20240607-b4-slab-debug-v3-1-bb2a326c4ceb@linux.dev> <63da08b7-7aa3-3fad-55e6-9fc3928a49de@gentwo.org> <8b844d71-01f1-472b-a63a-4c9cdb26e9ef@suse.cz> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Tue, Jun 11, 2024 at 03:52:49PM -0700, Christoph Lameter (Ampere) wrote: > On Mon, 10 Jun 2024, Vlastimil Babka wrote: > > > Even if some security people enable parts of slub debugging for security > > people it is my impression they would rather panic/reboot or have memory > > leaked than trying to salvage the slab page? (CC Kees) > > In the past these resilience features have been used to allow the continued > operation of a broken kernel. > > So first the Kernel crashed with some obscure oops in the allocator due to > metadata corruption. > > One can then put a slub_debug option on the kernel command line which will > result in detailed error reports on what caused the corruption. It will also > activate resilience measures that will often allow the continued operation > until a fix becomes available. Sure, as long as it's up to the deployment. I just don't want padding errors unilaterally ignored. If it's useful, there's the CHECK_DATA_CORRUPTION() macro. That'll let a deployment escalate the issue from WARN to BUG, etc. -- Kees Cook