From: Kees Cook <keescook@chromium.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: "Feng Tang" <feng.tang@intel.com>,
linux-wireless@vger.kernel.org, llvm@lists.linux.dev,
dri-devel@lists.freedesktop.org, linux-mm@kvack.org,
"Eric Dumazet" <edumazet@google.com>,
linux-hardening@vger.kernel.org,
"Hyeonggon Yoo" <42.hyeyoo@gmail.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
dev@openvswitch.org, x86@kernel.org,
intel-wired-lan@lists.osuosl.org,
"David Rientjes" <rientjes@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>, "Yonghong Song" <yhs@fb.com>,
"Paolo Abeni" <pabeni@redhat.com>,
linux-media@vger.kernel.org, "Marco Elver" <elver@google.com>,
"Josef Bacik" <josef@toxicpanda.com>,
linaro-mm-sig@lists.linaro.org,
"Jakub Kicinski" <kuba@kernel.org>,
"David Sterba" <dsterba@suse.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Alex Elder" <elder@kernel.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org,
"Christian König" <christian.koenig@amd.com>,
"Pekka Enberg" <penberg@kernel.org>,
"Daniel Micay" <danielmicay@gmail.com>,
netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"Andrew Morton" <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
linux-btrfs@vger.kernel.org
Subject: Re: [Intel-wired-lan] [PATCH 00/12] slab: Introduce kmalloc_size_roundup()
Date: Thu, 22 Sep 2022 14:49:08 -0700 [thread overview]
Message-ID: <202209221446.5E90AEED@keescook> (raw)
In-Reply-To: <cb38655c-2107-bda6-2fa8-f5e1e97eab14@suse.cz>
On Thu, Sep 22, 2022 at 11:05:47PM +0200, Vlastimil Babka wrote:
> On 9/22/22 17:55, Kees Cook wrote:
> > On Thu, Sep 22, 2022 at 09:10:56AM +0200, Christian König wrote:
> > [...]
> > > So when this patch set is about to clean up this use case it should probably
> > > also take care to remove ksize() or at least limit it so that it won't be
> > > used for this use case in the future.
> >
> > Yeah, my goal would be to eliminate ksize(), and it seems possible if
> > other cases are satisfied with tracking their allocation sizes directly.
>
> I think we could leave ksize() to determine the size without a need for
> external tracking, but from now on forbid callers from using that hint to
> overflow the allocation size they actually requested? Once we remove the
> kasan/kfence hooks in ksize() that make the current kinds of usage possible,
> we should be able to catch any offenders of the new semantics that would appear?
That's correct. I spent the morning working my way through the rest of
the ksize() users I didn't clean up yesterday, and in several places I
just swapped in __ksize(). But that wouldn't even be needed if we just
removed the kasan unpoisoning from ksize(), etc.
I am tempted to leave it __ksize(), though, just to reinforce that it's
not supposed to be used "normally". What do you think?
--
Kees Cook
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: "Christian König" <christian.koenig@amd.com>,
"Pekka Enberg" <penberg@kernel.org>,
"Feng Tang" <feng.tang@intel.com>,
"David Rientjes" <rientjes@google.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Paolo Abeni" <pabeni@redhat.com>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
"Alex Elder" <elder@kernel.org>,
"Josef Bacik" <josef@toxicpanda.com>,
"David Sterba" <dsterba@suse.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Jesse Brandeburg" <jesse.brandeburg@intel.com>,
"Daniel Micay" <danielmicay@gmail.com>,
"Yonghong Song" <yhs@fb.com>, "Marco Elver" <elver@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
netdev@vger.kernel.org, linux-btrfs@vger.kernel.org,
linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org,
linaro-mm-sig@lists.linaro.org, linux-fsdevel@vger.kernel.org,
intel-wired-lan@lists.osuosl.org, dev@openvswitch.org,
x86@kernel.org, linux-wireless@vger.kernel.org,
llvm@lists.linux.dev, linux-hardening@vger.kernel.org,
"Hyeonggon Yoo" <42.hyeyoo@gmail.com>
Subject: Re: [PATCH 00/12] slab: Introduce kmalloc_size_roundup()
Date: Thu, 22 Sep 2022 14:49:08 -0700 [thread overview]
Message-ID: <202209221446.5E90AEED@keescook> (raw)
In-Reply-To: <cb38655c-2107-bda6-2fa8-f5e1e97eab14@suse.cz>
On Thu, Sep 22, 2022 at 11:05:47PM +0200, Vlastimil Babka wrote:
> On 9/22/22 17:55, Kees Cook wrote:
> > On Thu, Sep 22, 2022 at 09:10:56AM +0200, Christian König wrote:
> > [...]
> > > So when this patch set is about to clean up this use case it should probably
> > > also take care to remove ksize() or at least limit it so that it won't be
> > > used for this use case in the future.
> >
> > Yeah, my goal would be to eliminate ksize(), and it seems possible if
> > other cases are satisfied with tracking their allocation sizes directly.
>
> I think we could leave ksize() to determine the size without a need for
> external tracking, but from now on forbid callers from using that hint to
> overflow the allocation size they actually requested? Once we remove the
> kasan/kfence hooks in ksize() that make the current kinds of usage possible,
> we should be able to catch any offenders of the new semantics that would appear?
That's correct. I spent the morning working my way through the rest of
the ksize() users I didn't clean up yesterday, and in several places I
just swapped in __ksize(). But that wouldn't even be needed if we just
removed the kasan unpoisoning from ksize(), etc.
I am tempted to leave it __ksize(), though, just to reinforce that it's
not supposed to be used "normally". What do you think?
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: "Feng Tang" <feng.tang@intel.com>,
linux-wireless@vger.kernel.org, llvm@lists.linux.dev,
dri-devel@lists.freedesktop.org, linux-mm@kvack.org,
"Eric Dumazet" <edumazet@google.com>,
linux-hardening@vger.kernel.org,
"Hyeonggon Yoo" <42.hyeyoo@gmail.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
dev@openvswitch.org, x86@kernel.org,
"Jesse Brandeburg" <jesse.brandeburg@intel.com>,
intel-wired-lan@lists.osuosl.org,
"David Rientjes" <rientjes@google.com>,
"Miguel Ojeda" <ojeda@kernel.org>, "Yonghong Song" <yhs@fb.com>,
"Paolo Abeni" <pabeni@redhat.com>,
linux-media@vger.kernel.org, "Marco Elver" <elver@google.com>,
"Josef Bacik" <josef@toxicpanda.com>,
linaro-mm-sig@lists.linaro.org,
"Jakub Kicinski" <kuba@kernel.org>,
"David Sterba" <dsterba@suse.com>,
"Joonsoo Kim" <iamjoonsoo.kim@lge.com>,
"Alex Elder" <elder@kernel.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Nick Desaulniers" <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org,
"Christian König" <christian.koenig@amd.com>,
"Pekka Enberg" <penberg@kernel.org>,
"Daniel Micay" <danielmicay@gmail.com>,
netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"Andrew Morton" <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
linux-btrfs@vger.kernel.org
Subject: Re: [PATCH 00/12] slab: Introduce kmalloc_size_roundup()
Date: Thu, 22 Sep 2022 14:49:08 -0700 [thread overview]
Message-ID: <202209221446.5E90AEED@keescook> (raw)
In-Reply-To: <cb38655c-2107-bda6-2fa8-f5e1e97eab14@suse.cz>
On Thu, Sep 22, 2022 at 11:05:47PM +0200, Vlastimil Babka wrote:
> On 9/22/22 17:55, Kees Cook wrote:
> > On Thu, Sep 22, 2022 at 09:10:56AM +0200, Christian König wrote:
> > [...]
> > > So when this patch set is about to clean up this use case it should probably
> > > also take care to remove ksize() or at least limit it so that it won't be
> > > used for this use case in the future.
> >
> > Yeah, my goal would be to eliminate ksize(), and it seems possible if
> > other cases are satisfied with tracking their allocation sizes directly.
>
> I think we could leave ksize() to determine the size without a need for
> external tracking, but from now on forbid callers from using that hint to
> overflow the allocation size they actually requested? Once we remove the
> kasan/kfence hooks in ksize() that make the current kinds of usage possible,
> we should be able to catch any offenders of the new semantics that would appear?
That's correct. I spent the morning working my way through the rest of
the ksize() users I didn't clean up yesterday, and in several places I
just swapped in __ksize(). But that wouldn't even be needed if we just
removed the kasan unpoisoning from ksize(), etc.
I am tempted to leave it __ksize(), though, just to reinforce that it's
not supposed to be used "normally". What do you think?
--
Kees Cook
next prev parent reply other threads:[~2022-09-22 21:49 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-22 3:10 [Intel-wired-lan] [PATCH 00/12] slab: Introduce kmalloc_size_roundup() Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 01/12] " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 11:12 ` [Intel-wired-lan] " Hyeonggon Yoo
2022-09-22 11:12 ` Hyeonggon Yoo
2022-09-22 11:12 ` Hyeonggon Yoo
2022-09-23 1:17 ` [Intel-wired-lan] " Feng Tang
2022-09-23 1:17 ` Feng Tang
2022-09-23 1:17 ` Feng Tang
2022-09-23 18:50 ` [Intel-wired-lan] " Kees Cook
2022-09-23 18:50 ` Kees Cook
2022-09-23 18:50 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 02/12] skbuff: Proactively round up to kmalloc bucket size Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 19:40 ` [Intel-wired-lan] " Jakub Kicinski
2022-09-22 19:40 ` Jakub Kicinski
2022-09-22 19:40 ` Jakub Kicinski
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 03/12] net: ipa: " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 13:45 ` [Intel-wired-lan] " Alex Elder
2022-09-22 13:45 ` Alex Elder
2022-09-22 13:45 ` Alex Elder
2022-09-22 15:57 ` [Intel-wired-lan] " Kees Cook
2022-09-22 15:57 ` Kees Cook
2022-09-22 15:57 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 04/12] btrfs: send: " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 13:30 ` [Intel-wired-lan] " David Sterba
2022-09-22 13:30 ` David Sterba
2022-09-22 13:30 ` David Sterba
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 05/12] dma-buf: " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 06/12] coredump: " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 07/12] igb: " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 15:56 ` [Intel-wired-lan] " Ruhl, Michael J
2022-09-22 15:56 ` Ruhl, Michael J
2022-09-22 15:56 ` Ruhl, Michael J
2022-09-22 16:00 ` [Intel-wired-lan] " Kees Cook
2022-09-22 16:00 ` Kees Cook
2022-09-22 16:00 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 08/12] openvswitch: " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 09/12] x86/microcode/AMD: Track patch allocation size explicitly Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 10/12] iwlwifi: Track scan_cmd " Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 4:18 ` [Intel-wired-lan] " Kalle Valo
2022-09-22 4:18 ` Kalle Valo
2022-09-22 4:18 ` Kalle Valo
2022-09-22 5:26 ` [Intel-wired-lan] " Kees Cook
2022-09-22 5:26 ` Kees Cook
2022-09-22 5:26 ` Kees Cook
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 11/12] slab: Remove __malloc attribute from realloc functions Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 9:23 ` [Intel-wired-lan] " Miguel Ojeda
2022-09-22 9:23 ` Miguel Ojeda
2022-09-22 9:23 ` Miguel Ojeda
2022-09-22 15:56 ` [Intel-wired-lan] " Kees Cook
2022-09-22 15:56 ` Kees Cook
2022-09-22 15:56 ` Kees Cook
2022-09-22 17:41 ` [Intel-wired-lan] " Miguel Ojeda
2022-09-22 17:41 ` Miguel Ojeda
2022-09-22 17:41 ` Miguel Ojeda
2022-09-22 3:10 ` [Intel-wired-lan] [PATCH 12/12] slab: Restore __alloc_size attribute to __kmalloc_track_caller Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 3:10 ` Kees Cook
2022-09-22 7:10 ` [Intel-wired-lan] [PATCH 00/12] slab: Introduce kmalloc_size_roundup() Christian König
2022-09-22 7:10 ` Christian König
2022-09-22 7:10 ` Christian König
2022-09-22 15:55 ` [Intel-wired-lan] " Kees Cook
2022-09-22 15:55 ` Kees Cook
2022-09-22 15:55 ` Kees Cook
2022-09-22 21:05 ` [Intel-wired-lan] " Vlastimil Babka
2022-09-22 21:05 ` Vlastimil Babka
2022-09-22 21:05 ` Vlastimil Babka
2022-09-22 21:49 ` Kees Cook [this message]
2022-09-22 21:49 ` Kees Cook
2022-09-22 21:49 ` Kees Cook
2022-09-23 9:07 ` [Intel-wired-lan] " Vlastimil Babka
2022-09-23 9:07 ` Vlastimil Babka
2022-09-23 9:07 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202209221446.5E90AEED@keescook \
--to=keescook@chromium.org \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=christian.koenig@amd.com \
--cc=danielmicay@gmail.com \
--cc=davem@davemloft.net \
--cc=dev@openvswitch.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=dsterba@suse.com \
--cc=edumazet@google.com \
--cc=elder@kernel.org \
--cc=elver@google.com \
--cc=feng.tang@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=josef@toxicpanda.com \
--cc=kuba@kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-wireless@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=pabeni@redhat.com \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=sumit.semwal@linaro.org \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.