From: Harry Yoo <harry.yoo@oracle.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Feng Tang <feng.tang@linux.alibaba.com>,
Peng Fan <peng.fan@nxp.com>, Hyeonggon Yoo <42.hyeyoo@gmail.com>,
David Rientjes <rientjes@google.com>,
Christoph Lameter <cl@linux.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Petr Tesarik <ptesarik@suse.com>
Subject: Re: slub - extended kmalloc redzone and dma alignment
Date: Fri, 4 Apr 2025 19:30:09 +0900 [thread overview]
Message-ID: <Z--0sbpM8sPo7HPf@harry> (raw)
In-Reply-To: <ed8f2075-90bc-4797-8df5-b251e2278c7b@suse.cz>
On Fri, Apr 04, 2025 at 11:30:49AM +0200, Vlastimil Babka wrote:
> Hi,
>
> due to some off-list inquiry I have realized that since 946fa0dbf2d8
> ("mm/slub: extend redzone check to extra allocated kmalloc space than
> requested")
> we might be reporting false positives due to dma writing into the redzone.
>
> It wasn't confirmed (yet) during the conversation but AFAICS it can be
> happening. We have this ARCH_DMA_MINALIGN and kmalloc() will guarantee it,
> but the redzone check doesn't take it into account.
Sounds valid to me.
> So if it's 8 bytes, I think it's valid to do e.g. kmalloc(60), get a 64 byte
> object, do a dma operation and it can write into the last 4 bytes.
> But the redzone check will then report a buffer overflow.
>
> Do you agree? If yes we should probably align the redzone with
> ARCH_DMA_MINALIGN even if it means not reporting some non-dma buffer
> overflows anymore.
Hmm then to fix it, we need to only do the extended redzone check
starting from <obj addr> + align(req_size, ARCH_DMA_MINALIGN),
instead of <obj addr> + req_size?
For instance, if req_size is 33 bytes and it's aligned to 40 bytes, a 64-byte
object will be allocated. Then the extended redzone check should only cover
the remaining 14 bytes.
--
Cheers,
Harry (formerly known as Hyeonggon)
next prev parent reply other threads:[~2025-04-04 10:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-04 9:30 slub - extended kmalloc redzone and dma alignment Vlastimil Babka
2025-04-04 10:30 ` Harry Yoo [this message]
2025-04-04 11:12 ` Petr Tesarik
2025-04-04 12:45 ` Vlastimil Babka
2025-04-04 13:53 ` Petr Tesarik
2025-04-06 14:02 ` Feng Tang
2025-04-07 7:21 ` Feng Tang
2025-04-07 7:54 ` Vlastimil Babka
2025-04-07 9:50 ` Petr Tesarik
2025-04-07 17:12 ` Catalin Marinas
2025-04-08 5:27 ` Petr Tesarik
2025-04-08 15:07 ` Catalin Marinas
2025-04-09 8:39 ` Petr Tesarik
2025-04-09 9:05 ` Petr Tesarik
2025-04-09 9:47 ` Catalin Marinas
2025-04-09 12:18 ` Petr Tesarik
2025-04-09 12:49 ` Catalin Marinas
2025-04-09 13:41 ` Petr Tesarik
2025-04-09 8:51 ` Vlastimil Babka
2025-04-09 11:11 ` Catalin Marinas
2025-04-09 12:22 ` Vlastimil Babka
2025-04-09 14:30 ` Catalin Marinas
2025-04-10 1:54 ` Feng Tang
2025-04-07 7:45 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z--0sbpM8sPo7HPf@harry \
--to=harry.yoo@oracle.com \
--cc=42.hyeyoo@gmail.com \
--cc=cl@linux.com \
--cc=feng.tang@linux.alibaba.com \
--cc=linux-mm@kvack.org \
--cc=peng.fan@nxp.com \
--cc=ptesarik@suse.com \
--cc=rientjes@google.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.