From: Kees Cook <kees@kernel.org>
To: David Rientjes <rientjes@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Roman Gushchin <roman.gushchin@linux.dev>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
"Gustavo A . R . Silva" <gustavoars@kernel.org>,
Bill Wendling <morbo@google.com>,
Justin Stitt <justinstitt@google.com>,
Jann Horn <jannh@google.com>,
Przemek Kitszel <przemyslaw.kitszel@intel.com>,
Marco Elver <elver@google.com>,
linux-mm@kvack.org, Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-kernel@vger.kernel.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH] slab: Introduce kmalloc_obj() and family
Date: Sat, 20 Jul 2024 09:44:17 -0700 [thread overview]
Message-ID: <202407200942.ECB06F1@keescook> (raw)
In-Reply-To: <cd446dfc-d6b6-781f-3a07-5af1edbf2230@google.com>
On Fri, Jul 19, 2024 at 08:50:41PM -0700, David Rientjes wrote:
> On Fri, 19 Jul 2024, Kees Cook wrote:
>
> > diff --git a/include/linux/slab.h b/include/linux/slab.h
> > index 7247e217e21b..3817554f2d51 100644
> > --- a/include/linux/slab.h
> > +++ b/include/linux/slab.h
> > @@ -665,6 +665,44 @@ static __always_inline __alloc_size(1) void *kmalloc_noprof(size_t size, gfp_t f
> > }
> > #define kmalloc(...) alloc_hooks(kmalloc_noprof(__VA_ARGS__))
> >
> > +#define __alloc_obj3(ALLOC, P, COUNT, FLAGS) \
> > +({ \
> > + size_t __obj_size = size_mul(sizeof(*P), COUNT); \
> > + void *__obj_ptr; \
> > + (P) = __obj_ptr = ALLOC(__obj_size, FLAGS); \
> > + if (!__obj_ptr) \
> > + __obj_size = 0; \
> > + __obj_size; \
> > +})
> > +
> > +#define __alloc_obj2(ALLOC, P, FLAGS) __alloc_obj3(ALLOC, P, 1, FLAGS)
> > +
> > +#define __alloc_obj4(ALLOC, P, FAM, COUNT, FLAGS) \
> > +({ \
> > + size_t __obj_size = struct_size(P, FAM, COUNT); \
> > + void *__obj_ptr; \
> > + (P) = __obj_ptr = ALLOC(__obj_size, FLAGS); \
> > + if (!__obj_ptr) \
> > + __obj_size = 0; \
> > + __obj_size; \
> > +})
> > +
> > +#define kmalloc_obj(...) \
> > + CONCATENATE(__alloc_obj, \
> > + COUNT_ARGS(__VA_ARGS__))(kmalloc, __VA_ARGS__)
> > +
> > +#define kzalloc_obj(...) \
> > + CONCATENATE(__alloc_obj, \
> > + COUNT_ARGS(__VA_ARGS__))(kzalloc, __VA_ARGS__)
> > +
> > +#define kvmalloc_obj(...) \
> > + CONCATENATE(__alloc_obj, \
> > + COUNT_ARGS(__VA_ARGS__))(kvmalloc, __VA_ARGS__)
> > +
> > +#define kvzalloc_obj(...) \
> > + CONCATENATE(__alloc_obj, \
> > + COUNT_ARGS(__VA_ARGS__))(kvzalloc, __VA_ARGS__)
> > +
> > static __always_inline __alloc_size(1) void *kmalloc_node_noprof(size_t size, gfp_t flags, int node)
> > {
> > if (__builtin_constant_p(size) && size) {
>
> I'm supportive of this especially because it will pave a pathway toward
> future hardening work. Request: could we get an addition to
Thanks!
> Documentation/ that explains how common idioms today can be converted to
> these new macros for future users? The above makes sense only when
> accompanied by your commit description :)
Oh, yes. Very good point! I will figure out a place to add this. I'm not
sure if kerndoc would be best here.
--
Kees Cook
next prev parent reply other threads:[~2024-07-20 16:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-19 19:27 [PATCH] slab: Introduce kmalloc_obj() and family Kees Cook
2024-07-20 3:50 ` David Rientjes
2024-07-20 16:44 ` Kees Cook [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-08-07 23:54 Kees Cook
2024-08-09 8:59 ` Vlastimil Babka
2024-08-12 18:22 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202407200942.ECB06F1@keescook \
--to=kees@kernel.org \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=elver@google.com \
--cc=gustavoars@kernel.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=jannh@google.com \
--cc=justinstitt@google.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llvm@lists.linux.dev \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=penberg@kernel.org \
--cc=przemyslaw.kitszel@intel.com \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.