From patchwork Mon Sep 9 01:29:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Feng Tang X-Patchwork-Id: 13795729 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FAEDCD4F4C for ; Mon, 9 Sep 2024 01:30:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8EDB96B00FA; Sun, 8 Sep 2024 21:30:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 89DB06B00FC; Sun, 8 Sep 2024 21:30:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 717D06B00FD; Sun, 8 Sep 2024 21:30:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 4FAE16B00FA for ; Sun, 8 Sep 2024 21:30:10 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 129301C0653 for ; Mon, 9 Sep 2024 01:30:10 +0000 (UTC) X-FDA: 82543468980.01.0666E07 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) by imf30.hostedemail.com (Postfix) with ESMTP id F103180002 for ; Mon, 9 Sep 2024 01:30:07 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=T2sx01ob; spf=pass (imf30.hostedemail.com: domain of feng.tang@intel.com designates 198.175.65.15 as permitted sender) smtp.mailfrom=feng.tang@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1725845274; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=praePlo9gXwYoSdDC3+quBDxNg2mp+3vLJVC4CIDpoM=; b=G+pLpNmF05VjeNPpDZSF6zxWRad9DwbhKGtFR1JDtelkjdkoNOMMmNiLvrEnCLfVQQgn1f EkHQUxq8zxoa1Rf7eHC20TUTB1gnIsyW7cFi9k/KrmHG+yS9e9tAEFdEG51ghtS/EQtAUI 0l/7oq1R/mOUmTKrMGs1SyD9sfy609c= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=T2sx01ob; spf=pass (imf30.hostedemail.com: domain of feng.tang@intel.com designates 198.175.65.15 as permitted sender) smtp.mailfrom=feng.tang@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725845274; a=rsa-sha256; cv=none; b=nu9bMJDC7urhOAKuGJOi4UzY/26OObCQv5E5w2xPC0WvCqWDAcZQfb+RfP6fFPc5JtbH8y Q4EvGvuRP7n7nx27+Q0qKk9fMVIsqJ7RO6OMlZTefV+8Mpw6OuJAYMIc0YWOnPvsLsIeXm bhVwVrvlCvg3d+ZiNgQ1uaG7l+HoFyE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1725845408; x=1757381408; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=pVsgqwZadHhdmsZUe9yKROnQBO6McnXZ8J3vApLU53I=; b=T2sx01obrcg6hn4YcJPB0+HLOSHNPzDxDRbu8GUa5zptODvli9Tp8q5o VXyTupaKHHxrFOBU9zJxE9Jfdcvs2CH76SsiUF/uSvRjgpyAQ5Tr/zE6S pXR6qkmjl2xDe7i0YT7CfJieK3G5Vtbg4SU1lnh9TcLamZREHiasEYFf3 1qmRcaR88nsPAy6rYpgdpH9XbVqbV0plNBwzUJG4xqYUbosKzntNkHj8X pW/Md9qD0fu/jgm0Gtn/Izaa3wRtEG0FBp+UVUq715ml0GMpTGLR5AGjp wm7Oedb1+vN9QOPu/I2V1RpxgXZdhrtKUna0XpNqklcobfPZPUd8kdNzX g==; X-CSE-ConnectionGUID: eKCpMuQRRUCHD5bNugubDw== X-CSE-MsgGUID: p081n97KSOeuC46ZrW4/IQ== X-IronPort-AV: E=McAfee;i="6700,10204,11189"; a="28258105" X-IronPort-AV: E=Sophos;i="6.10,213,1719903600"; d="scan'208";a="28258105" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Sep 2024 18:30:07 -0700 X-CSE-ConnectionGUID: UowcQFlWTN6ZxGnlayNrVA== X-CSE-MsgGUID: NSxbVtALS32RTELxfc1T0A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.10,213,1719903600"; d="scan'208";a="66486438" Received: from feng-clx.sh.intel.com ([10.239.159.50]) by orviesa009.jf.intel.com with ESMTP; 08 Sep 2024 18:30:03 -0700 From: Feng Tang To: Vlastimil Babka , Andrew Morton , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Andrey Konovalov , Marco Elver , Shuah Khan , David Gow , Danilo Krummrich Cc: linux-mm@kvack.org, kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org, Feng Tang Subject: [PATCH 1/5] mm/kasan: Don't store metadata inside kmalloc object when slub_debug_orig_size is on Date: Mon, 9 Sep 2024 09:29:54 +0800 Message-Id: <20240909012958.913438-2-feng.tang@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240909012958.913438-1-feng.tang@intel.com> References: <20240909012958.913438-1-feng.tang@intel.com> MIME-Version: 1.0 X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: F103180002 X-Stat-Signature: jmiestm69ro1es6r9g5hq5zom7mf5mh7 X-Rspam-User: X-HE-Tag: 1725845407-324354 X-HE-Meta: U2FsdGVkX1/YICZlEr2gf7CWlrmw6v3E8Lu4//vk49Su9GdQzmVUetyF2qsEcl38T5ZR20Fv0oWAO68YZYoZZDCX8oPtg2L+NC3MGv/BG74nXq0gkufjIckZ5GLZxLIlTWOQJRkwTWlxCP6cjO/co+5+vZlwuXVID+5ueoyfb8g2XBzX6K/lLHwFpvKMxbj+liSVDKGaQ9RQmeYuULH90+XRtEzUk7bFpamvP+I3+fKbhgxL9LhaPr1GvDyWlqxViHPQbVrTShDGzhD2LXyYpPG+4yXE7P9OzlatQ58oHL/j9X1d9qiZtSFhZZo2CppTFlDufUr2+Q2cI1Ea6HDS5ApL1MwqTLRhP445e/q+hIqsV3n6iaMzuAV3muziWwvXczPd0pQmWrG1K0bYibIojaCOdViFfdBV+IeSNjal7F1ymmDCInv3/HLUP759bVwMmURaJJQ5bJXKjA1C5Lqu+oeQ6XDPL/S/U1BZimqJBwla5HlECM1heJ42bhzPauSe5Jr/yuCH2VE+opUBk9nZGVhesXh4AIsLiCNFXwvVDAzUuSmHUCYLtb++jNRA7XZAudvJ+wiotdEmZ66vm1VgFJUYAPGhmyIK6YnSrg0RaaPBJw12B46LVA77HrOju6hOojWPO1azqYSZXVUBnXA02Q6g/MpqndlBlOhOnA5xm7cI0HnFbwja5u39NORueG5Uk7LejKGmcC00HWkpNj/2mI7PfiL4Rhc4Qsmf/87asImsL1PK20oZIF7JJwUYyHWJm5Cl/p2EC26ofGKpUNWmKp/pGxVWM/gVEXdR6ZDu0y9mYuOlRGUCR2InTpoyVGcL9VyyxJ12JF3qMMxACmuKEgJm1CFraxfupI/Tfhj+Jhb0gvvKTS+IA9zCZQi3JLXWSP5DuyneQAuQc8Qeb0pjAK91HwXI+4us615mxLe/mfT59fMPUKNxve6RWhLCt1fbpz8QQ4Dgaf+sA0UTULB C4A6wZlL JLby6ytQmy1PTE9KO/0qD+jRRG7jz/URpxdWJDg1HE+evHYTRO9oplc6UyBgo/Ce55qQASjo3aLrGm8z5LAoX8ju1sFFuQIzUlgK4LeWyJutO9SPp6VWnGNDCuE4WC4U294PWhFfMv7FeXd5rVTi0oudHFM6jwLg9pNrEu6WaEa4sbIWakSVmke4zK5OL0qFgKWDD2/8sTuEs2tDq73ZXl/shlerVqsiZc1ocszImkegh8IKBexyKXMu10uffSRJXHK0tVPoIA1lgQaqJ0/t3TucE8gyk98rUVhZIiozt7vDpP84= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: For a kmalloc object, when both kasan and slub redzone sanity check are enabled, they could both manipulate its data space like storing kasan free meta data and setting up kmalloc redzone, and may affect accuracy of that object's 'orig_size'. As an accurate 'orig_size' will be needed by some function like krealloc() soon, save kasan's free meta data in slub's metadata area instead of inside object when 'orig_size' is enabled. This will make it easier to maintain/understand the code. Size wise, when these two options are both enabled, the slub meta data space is already huge, and this just slightly increase the overall size. Signed-off-by: Feng Tang Acked-by: Andrey Konovalov --- mm/kasan/generic.c | 5 ++++- mm/slab.h | 6 ++++++ mm/slub.c | 17 ----------------- 3 files changed, 10 insertions(+), 18 deletions(-) diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c index 6310a180278b..cad376199d47 100644 --- a/mm/kasan/generic.c +++ b/mm/kasan/generic.c @@ -393,8 +393,11 @@ void kasan_cache_create(struct kmem_cache *cache, unsigned int *size, * be touched after it was freed, or * 2. Object has a constructor, which means it's expected to * retain its content until the next allocation. + * 3. It is from a kmalloc cache which enables the debug option + * to store original size. */ - if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor) { + if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor || + slub_debug_orig_size(cache)) { cache->kasan_info.free_meta_offset = *size; *size += sizeof(struct kasan_free_meta); goto free_meta_added; diff --git a/mm/slab.h b/mm/slab.h index 90f95bda4571..7a0e9b34ba2a 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -689,6 +689,12 @@ void __kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *slab) void __check_heap_object(const void *ptr, unsigned long n, const struct slab *slab, bool to_user); +static inline bool slub_debug_orig_size(struct kmem_cache *s) +{ + return (kmem_cache_debug_flags(s, SLAB_STORE_USER) && + (s->flags & SLAB_KMALLOC)); +} + #ifdef CONFIG_SLUB_DEBUG void skip_orig_size_check(struct kmem_cache *s, const void *object); #endif diff --git a/mm/slub.c b/mm/slub.c index 23761533329d..996a72fa6f62 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -230,12 +230,6 @@ static inline bool kmem_cache_debug(struct kmem_cache *s) return kmem_cache_debug_flags(s, SLAB_DEBUG_FLAGS); } -static inline bool slub_debug_orig_size(struct kmem_cache *s) -{ - return (kmem_cache_debug_flags(s, SLAB_STORE_USER) && - (s->flags & SLAB_KMALLOC)); -} - void *fixup_red_left(struct kmem_cache *s, void *p) { if (kmem_cache_debug_flags(s, SLAB_RED_ZONE)) @@ -760,21 +754,10 @@ static inline void set_orig_size(struct kmem_cache *s, void *object, unsigned int orig_size) { void *p = kasan_reset_tag(object); - unsigned int kasan_meta_size; if (!slub_debug_orig_size(s)) return; - /* - * KASAN can save its free meta data inside of the object at offset 0. - * If this meta data size is larger than 'orig_size', it will overlap - * the data redzone in [orig_size+1, object_size]. Thus, we adjust - * 'orig_size' to be as at least as big as KASAN's meta data. - */ - kasan_meta_size = kasan_metadata_size(s, true); - if (kasan_meta_size > orig_size) - orig_size = kasan_meta_size; - p += get_info_end(s); p += sizeof(struct track) * 2;