From: Hyeonggon Yoo <42.hyeyoo@gmail.com>
To: Feng Tang <feng.tang@intel.com>
Cc: Vlastimil Babka <vbabka@suse.cz>,
John Thomson <lists@johnthomson.fastmail.com.au>,
Andrew Morton <akpm@linux-foundation.org>,
Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Dmitry Vyukov <dvyukov@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Andrey Konovalov <andreyknvl@gmail.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kasan-dev@googlegroups.com" <kasan-dev@googlegroups.com>,
Robin Murphy <robin.murphy@arm.com>,
John Garry <john.garry@huawei.com>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
"linux-mips@vger.kernel.org" <linux-mips@vger.kernel.org>
Subject: Re: [PATCH v6 1/4] mm/slub: enable debugging memory wasting of kmalloc
Date: Thu, 3 Nov 2022 23:36:19 +0900 [thread overview]
Message-ID: <Y2PR45BW2mgLLMwC@hyeyoo> (raw)
In-Reply-To: <Y2PNLENnxxpqZ74g@feng-clx>
On Thu, Nov 03, 2022 at 10:16:12PM +0800, Feng Tang wrote:
> On Thu, Nov 03, 2022 at 09:33:28AM +0100, Vlastimil Babka wrote:
> [...]
> > >> AFAICS before this patch, we "survive" "kmem_cache *s" being NULL as
> > >> slab_pre_alloc_hook() will happen to return NULL and we bail out from
> > >> slab_alloc_node(). But this is a side-effect, not an intended protection.
> > >> Also the CONFIG_TRACING variant of kmalloc_trace() would have called
> > >> trace_kmalloc dereferencing s->size anyway even before this patch.
> > >>
> > >> I don't think we should add WARNS in the slab hot paths just to prevent this
> > >> rare error of using slab too early. At most VM_WARN... would be acceptable
> > >> but still not necessary as crashing immediately from a NULL pointer is
> > >> sufficient.
> > >>
> > >> So IMHO mips should fix their soc init,
> > >
> > > Yes, for the mips fix, John has proposed to defer the calling of prom_soc_init(),
> > > which looks reasonable.
> > >
> > >> and we should look into the
> > >> CONFIG_TRACING=n variant of kmalloc_trace(), to pass orig_size properly.
> > >
> > > You mean check if the pointer is NULL and bail out early.
> >
> > No I mean here:
> >
> > #else /* CONFIG_TRACING */
> > /* Save a function call when CONFIG_TRACING=n */
> > static __always_inline __alloc_size(3)
> > void *kmalloc_trace(struct kmem_cache *s, gfp_t flags, size_t size)
> > {
> > void *ret = kmem_cache_alloc(s, flags);
> >
> > ret = kasan_kmalloc(s, ret, size, flags);
> > return ret;
> > }
> >
> > we call kmem_cache_alloc() and discard the size parameter, so it will assume
> > s->object_size (and as the side-effect, crash if s is NULL). We shouldn't
> > add "s is NULL?" checks, but fix passing the size - probably switch to
> > __kmem_cache_alloc_node()? and in the following kmalloc_node_trace() analogically.
>
> Got it, thanks! I might have missed it during some rebasing for the
> kmalloc wastage debug patch.
That was good catch and I missed too!
But FYI I'm suggesting to drop CONFIG_TRACING=n variant:
https://lore.kernel.org/linux-mm/20221101222520.never.109-kees@kernel.org/T/#m20ecf14390e406247bde0ea9cce368f469c539ed
Any thoughts?
>
> How about the following fix?
>
> Thanks,
> Feng
>
> ---
> From 9f9fa9da8946fd44625f873c0f51167357075be1 Mon Sep 17 00:00:00 2001
> From: Feng Tang <feng.tang@intel.com>
> Date: Thu, 3 Nov 2022 21:32:10 +0800
> Subject: [PATCH] mm/slub: Add missing orig_size parameter for wastage debug
>
> commit 6edf2576a6cc ("mm/slub: enable debugging memory wasting of
> kmalloc") was introduced for debugging kmalloc memory wastage,
> and it missed to pass the original request size for kmalloc_trace()
> and kmalloc_node_trace() in CONFIG_TRACING=n path.
>
> Fix it by using __kmem_cache_alloc_node() with correct original
> request size.
>
> Fixes: 6edf2576a6cc ("mm/slub: enable debugging memory wasting of kmalloc")
> Suggested-by: Vlastimil Babka <vbabka@suse.cz>
> Signed-off-by: Feng Tang <feng.tang@intel.com>
> ---
> include/linux/slab.h | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/slab.h b/include/linux/slab.h
> index 90877fcde70b..9691afa569e1 100644
> --- a/include/linux/slab.h
> +++ b/include/linux/slab.h
> @@ -469,6 +469,9 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) __assume_kmalloc_alignm
> __alloc_size(1);
> void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t flags, int node) __assume_slab_alignment
> __malloc;
> +void *__kmem_cache_alloc_node(struct kmem_cache *s, gfp_t flags, int node,
> + size_t orig_size, unsigned long caller) __assume_slab_alignment
> + __malloc;
>
> #ifdef CONFIG_TRACING
> void *kmalloc_trace(struct kmem_cache *s, gfp_t flags, size_t size)
> @@ -482,7 +485,8 @@ void *kmalloc_node_trace(struct kmem_cache *s, gfp_t gfpflags,
> static __always_inline __alloc_size(3)
> void *kmalloc_trace(struct kmem_cache *s, gfp_t flags, size_t size)
> {
> - void *ret = kmem_cache_alloc(s, flags);
> + void *ret = __kmem_cache_alloc_node(s, flags, NUMA_NO_NODE,
> + size, _RET_IP_);
>
> ret = kasan_kmalloc(s, ret, size, flags);
> return ret;
> @@ -492,7 +496,8 @@ static __always_inline __alloc_size(4)
> void *kmalloc_node_trace(struct kmem_cache *s, gfp_t gfpflags,
> int node, size_t size)
> {
> - void *ret = kmem_cache_alloc_node(s, gfpflags, node);
> + void *ret = __kmem_cache_alloc_node(s, gfpflags, node,
> + size, _RET_IP_);
>
> ret = kasan_kmalloc(s, ret, size, gfpflags);
> return ret;
> --
> 2.34.1
>
>
>
--
Thanks,
Hyeonggon
next prev parent reply other threads:[~2022-11-03 14:36 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-13 6:54 [PATCH v6 0/4] mm/slub: some debug enhancements for kmalloc Feng Tang
2022-09-13 6:54 ` [PATCH v6 1/4] mm/slub: enable debugging memory wasting of kmalloc Feng Tang
2022-09-23 11:43 ` Vlastimil Babka
2022-09-24 7:08 ` Feng Tang
2022-10-30 19:23 ` John Thomson
2022-10-30 21:30 ` Vlastimil Babka
2022-10-31 2:36 ` Feng Tang
2022-10-31 10:05 ` John Thomson
2022-10-31 11:36 ` Hyeonggon Yoo
2022-10-31 11:42 ` Feng Tang
2022-11-01 0:18 ` John Thomson
2022-11-01 2:41 ` John Thomson
2022-11-01 7:57 ` Feng Tang
2022-11-01 9:20 ` John Thomson
2022-11-01 9:31 ` Hyeonggon Yoo
2022-11-01 10:33 ` John Thomson
2022-11-01 10:42 ` Hyeonggon Yoo
2022-11-01 13:55 ` Feng Tang
2022-11-01 19:39 ` John Thomson
2022-11-02 6:08 ` Feng Tang
2022-11-02 7:16 ` Hyeonggon Yoo
2022-11-03 7:18 ` Feng Tang
2022-11-03 7:45 ` John Thomson
2022-11-03 8:16 ` Feng Tang
2022-11-02 8:22 ` Vlastimil Babka
2022-11-03 5:54 ` Feng Tang
2022-11-03 8:33 ` Vlastimil Babka
2022-11-03 14:16 ` Feng Tang
2022-11-03 14:36 ` Hyeonggon Yoo [this message]
2022-11-03 16:57 ` Vlastimil Babka
2022-11-03 17:35 ` Vlastimil Babka
2022-11-04 3:52 ` Feng Tang
2022-09-13 6:54 ` [PATCH v6 2/4] mm/slub: only zero the requested size of buffer for kzalloc Feng Tang
2022-09-26 19:11 ` Andrey Konovalov
2022-09-26 20:15 ` Kees Cook
2022-09-27 1:22 ` Feng Tang
2022-09-27 2:42 ` Feng Tang
2022-10-13 14:00 ` Andrey Konovalov
2022-10-14 5:59 ` Feng Tang
2022-09-13 6:54 ` [PATCH v6 3/4] mm: kasan: Add free_meta size info in struct kasan_cache Feng Tang
2022-09-20 19:20 ` Andrey Konovalov
2022-09-21 12:02 ` Feng Tang
2022-09-24 18:05 ` Andrey Konovalov
2022-09-25 11:26 ` Feng Tang
2022-09-25 16:31 ` Andrey Konovalov
2022-09-27 3:03 ` Feng Tang
2022-09-13 6:54 ` [PATCH v6 4/4] mm/slub: extend redzone check to extra allocated kmalloc space than requested Feng Tang
2022-09-13 8:53 ` Hyeonggon Yoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y2PR45BW2mgLLMwC@hyeyoo \
--to=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=cl@linux.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=dvyukov@google.com \
--cc=feng.tang@intel.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=john.garry@huawei.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lists@johnthomson.fastmail.com.au \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=robin.murphy@arm.com \
--cc=roman.gushchin@linux.dev \
--cc=tsbogend@alpha.franken.de \
--cc=vbabka@suse.cz \
--cc=wangkefeng.wang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.