Re: [PATCH v3 3/3] KEYS: Use kvmalloc() to better handle large buffer allocation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: Waiman Long <longman@redhat.com>
Cc: David Howells <dhowells@redhat.com>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-integrity@vger.kernel.org,
	Sumit Garg <sumit.garg@linaro.org>,
	Jerry Snitselaar <jsnitsel@redhat.com>,
	Roberto Sassu <roberto.sassu@huawei.com>,
	Chris von Recklinghausen <crecklin@redhat.com>
Subject: Re: [PATCH v3 3/3] KEYS: Use kvmalloc() to better handle large buffer allocation
Date: Fri, 13 Mar 2020 16:43:06 +0000	[thread overview]
Message-ID: <20200313164306.GA907@sol.localdomain> (raw)
In-Reply-To: <20200313152102.1707-4-longman@redhat.com>

On Fri, Mar 13, 2020 at 11:21:02AM -0400, Waiman Long wrote:
> For large multi-page temporary buffer allocation, the security/keys
> subsystem don't need contiguous physical pages. It will work perfectly
> fine with virtually mapped pages.
> 
> Replace the kmalloc() call by kvmalloc() and provide a __kvzfree()
> helper function to clear and free the kvmalloc'ed buffer. This will
> reduce the chance of memory allocation failure just because of highly
> fragmented pages.
> 
> Suggested-by: David Howells <dhowells@redhat.com>
> Signed-off-by: Waiman Long <longman@redhat.com>
> ---
>  security/keys/internal.h | 14 ++++++++++++++
>  security/keys/keyctl.c   | 10 +++++-----
>  2 files changed, 19 insertions(+), 5 deletions(-)
> 
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index ba3e2da14cef..855b11eb73ee 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -16,6 +16,8 @@
>  #include <linux/keyctl.h>
>  #include <linux/refcount.h>
>  #include <linux/compat.h>
> +#include <linux/mm.h>
> +#include <linux/vmalloc.h>
>  
>  struct iovec;
>  
> @@ -349,4 +351,16 @@ static inline void key_check(const struct key *key)
>  
>  #endif
>  
> +/*
> + * Helper function to clear and free a kvmalloc'ed memory object.
> + */
> +static inline void __kvzfree(const void *addr, size_t len)
> +{
> +	if (is_vmalloc_addr(addr)) {
> +		memset((void *)addr, 0, len);
> +		vfree(addr);
> +	} else {
> +		kzfree(addr);
> +	}
> +}

Since this takes the length as a parameter, it can be simplified to:

static inline void __kvzfree(const void *addr, size_t len)
{
	if (addr) {
		memset((void *)addr, 0, len);
		kvfree(addr);
	}
}

>  			if (!tmpbuf || unlikely(ret > tmpbuflen)) {
>  				if (unlikely(tmpbuf))
> -					kzfree(tmpbuf);
> +					__kvzfree(tmpbuf, tmpbuflen);

Both kzfree() and __kvzfree() handle a NULL pointer, so there's no need for the
NULL check first.

> @@ -920,7 +920,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
>  				ret = -EFAULT;
>  		}
>  		if (tmpbuf)
> -			kzfree(tmpbuf);
> +			__kvzfree(tmpbuf, tmpbuflen);

Likewise here.  No need for the NULL check.

- Eric

WARNING: multiple messages have this Message-ID (diff)

From: Eric Biggers <ebiggers@kernel.org>
To: Waiman Long <longman@redhat.com>
Cc: David Howells <dhowells@redhat.com>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-integrity@vger.kernel.org,
	Sumit Garg <sumit.garg@linaro.org>,
	Jerry Snitselaar <jsnitsel@redhat.com>,
	Roberto Sassu <roberto.sassu@huawei.com>,
	Chris von Recklinghausen <crecklin@redhat.com>
Subject: Re: [PATCH v3 3/3] KEYS: Use kvmalloc() to better handle large buffer allocation
Date: Fri, 13 Mar 2020 09:43:06 -0700	[thread overview]
Message-ID: <20200313164306.GA907@sol.localdomain> (raw)
In-Reply-To: <20200313152102.1707-4-longman@redhat.com>

On Fri, Mar 13, 2020 at 11:21:02AM -0400, Waiman Long wrote:
> For large multi-page temporary buffer allocation, the security/keys
> subsystem don't need contiguous physical pages. It will work perfectly
> fine with virtually mapped pages.
> 
> Replace the kmalloc() call by kvmalloc() and provide a __kvzfree()
> helper function to clear and free the kvmalloc'ed buffer. This will
> reduce the chance of memory allocation failure just because of highly
> fragmented pages.
> 
> Suggested-by: David Howells <dhowells@redhat.com>
> Signed-off-by: Waiman Long <longman@redhat.com>
> ---
>  security/keys/internal.h | 14 ++++++++++++++
>  security/keys/keyctl.c   | 10 +++++-----
>  2 files changed, 19 insertions(+), 5 deletions(-)
> 
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index ba3e2da14cef..855b11eb73ee 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -16,6 +16,8 @@
>  #include <linux/keyctl.h>
>  #include <linux/refcount.h>
>  #include <linux/compat.h>
> +#include <linux/mm.h>
> +#include <linux/vmalloc.h>
>  
>  struct iovec;
>  
> @@ -349,4 +351,16 @@ static inline void key_check(const struct key *key)
>  
>  #endif
>  
> +/*
> + * Helper function to clear and free a kvmalloc'ed memory object.
> + */
> +static inline void __kvzfree(const void *addr, size_t len)
> +{
> +	if (is_vmalloc_addr(addr)) {
> +		memset((void *)addr, 0, len);
> +		vfree(addr);
> +	} else {
> +		kzfree(addr);
> +	}
> +}

Since this takes the length as a parameter, it can be simplified to:

static inline void __kvzfree(const void *addr, size_t len)
{
	if (addr) {
		memset((void *)addr, 0, len);
		kvfree(addr);
	}
}

>  			if (!tmpbuf || unlikely(ret > tmpbuflen)) {
>  				if (unlikely(tmpbuf))
> -					kzfree(tmpbuf);
> +					__kvzfree(tmpbuf, tmpbuflen);

Both kzfree() and __kvzfree() handle a NULL pointer, so there's no need for the
NULL check first.

> @@ -920,7 +920,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
>  				ret = -EFAULT;
>  		}
>  		if (tmpbuf)
> -			kzfree(tmpbuf);
> +			__kvzfree(tmpbuf, tmpbuflen);

Likewise here.  No need for the NULL check.

- Eric

next prev parent reply	other threads:[~2020-03-13 16:43 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-13 15:20 [PATCH v3 0/3] KEYS: Read keys to internal buffer & then copy to userspace Waiman Long
2020-03-13 15:20 ` Waiman Long
2020-03-13 15:21 ` [PATCH v3 1/3] KEYS: Don't write out to userspace while holding key semaphore Waiman Long
2020-03-13 15:21   ` Waiman Long
2020-03-15 19:21   ` Jarkko Sakkinen
2020-03-15 19:21     ` Jarkko Sakkinen
2020-03-15 21:27     ` Jarkko Sakkinen
2020-03-15 21:27       ` Jarkko Sakkinen
2020-03-16 11:22       ` David Howells
2020-03-16 13:53         ` Jarkko Sakkinen
2020-03-16 13:53           ` Jarkko Sakkinen
2020-03-16 16:33           ` Waiman Long
2020-03-16 16:33             ` Waiman Long
2020-03-17 18:10           ` Waiman Long
2020-03-17 18:10             ` Waiman Long
2020-03-16 11:34       ` David Howells
2020-03-16 11:50   ` David Howells
2020-03-17 18:09     ` Waiman Long
2020-03-17 18:09       ` Waiman Long
2020-03-13 15:21 ` [PATCH v3 2/3] KEYS: Avoid false positive ENOMEM error on key read Waiman Long
2020-03-13 15:21   ` Waiman Long
2020-03-15 21:32   ` Jarkko Sakkinen
2020-03-15 21:32     ` Jarkko Sakkinen
2020-03-17 18:36     ` Waiman Long
2020-03-17 18:36       ` Waiman Long
2020-03-13 15:21 ` [PATCH v3 3/3] KEYS: Use kvmalloc() to better handle large buffer allocation Waiman Long
2020-03-13 15:21   ` Waiman Long
2020-03-13 16:43   ` Eric Biggers [this message]
2020-03-13 16:43     ` Eric Biggers
2020-03-13 17:49     ` Waiman Long
2020-03-13 17:49       ` Waiman Long
2020-03-15 21:52       ` Jarkko Sakkinen
2020-03-15 21:52         ` Jarkko Sakkinen
2020-03-15 22:01         ` Waiman Long
2020-03-15 22:01           ` Waiman Long
2020-03-16 14:24   ` David Howells
2020-03-16 15:21     ` Waiman Long
2020-03-16 15:21       ` Waiman Long
2020-03-16 22:19     ` Jarkko Sakkinen
2020-03-16 22:19       ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200313164306.GA907@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=crecklin@redhat.com \
    --cc=dhowells@redhat.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jmorris@namei.org \
    --cc=jsnitsel@redhat.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=longman@redhat.com \
    --cc=roberto.sassu@huawei.com \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.