All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Vlastimil Babka (SUSE)" <vbabka@kernel.org>
To: Matthew Wilcox <willy@infradead.org>, Dan Carpenter <error27@gmail.com>
Cc: ksummit@lists.linux.dev
Subject: Re: [TECH TOPIC] Implementing malloc
Date: Mon, 29 Jun 2026 18:00:40 +0200	[thread overview]
Message-ID: <e74cc115-23e2-45b7-b273-4c3c030738b5@kernel.org> (raw)
In-Reply-To: <akKPtGfBKDtuTai2@casper.infradead.org>

On 6/29/26 17:31, Matthew Wilcox wrote:
> On Mon, Jun 29, 2026 at 06:07:43PM +0300, Dan Carpenter wrote:
>> I wish that we would just acknowledge say that small allocations cannot
>> fail.  We could add a BUILD_BUG_ON() in km/zalloc_obj() which ensures that
>> it is only used for small allocations.  Then we could remove all the
>> error handling from those.
> 
> That's part of the fallibility discussion I alluded to.  The problem
> is that kzalloc_obj(x, GFP_NOWAIT) can fail, even for small objects.
> And that is what the caller asked for!  So we have a tension there.

Indeed. Also userspace malloc() isn't "cannot fail" either?

>> With regards to use after frees, my impression is that the places which
>> use caches are the worst affected and also where we do the worst at
>> detecting them?  Does KASAN detect use after frees with kmem_cache and
>> mempools?
> 
> I believe it does, but I'm not an expert.  My question in this instance
> is really, "Are KASAN et al now good enough and widely deployed enough
> that we don't need eg red zones or unmapped pages to catch these things".

My understanding (also not KASAN expert, but through the slab interactions
learned some stuff) is that HW TAGS based KASAN is enough for Android
production, but the overhead is not negligible and the HW support isn't
ubiquitous.

"Classic" KASAN is powerful but overhead is large and needs a recompile. Not
something suitable for production.

Stuff like poisoning and slab_debug or debug_pagealloc (unmapping) is weaker
(less likely to catch a culprit), also have overhead, but their advantage is
they can be always compiled-in in a generic distro kernel and you can tell a
user to enable it on boot as part of chasing a bug seen in production,
without using a special debug kernel.

So I'd say everything above has its use case and its not time to drop
something in favor of something else.

  reply	other threads:[~2026-06-29 16:00 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-29 14:29 [TECH TOPIC] Implementing malloc Matthew Wilcox
2026-06-29 15:07 ` Dan Carpenter
2026-06-29 15:21   ` H. Peter Anvin
2026-06-29 15:31   ` Matthew Wilcox
2026-06-29 16:00     ` Vlastimil Babka (SUSE) [this message]
2026-06-29 16:37     ` H. Peter Anvin
2026-06-29 16:48 ` Alexey Dobriyan
2026-06-29 16:48 ` H. Peter Anvin
2026-06-29 18:19   ` Matthew Wilcox
2026-06-29 18:22     ` H. Peter Anvin
2026-06-29 18:29     ` Mark Brown
2026-06-29 18:37       ` Vlastimil Babka (SUSE)
2026-06-30 18:53     ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e74cc115-23e2-45b7-b273-4c3c030738b5@kernel.org \
    --to=vbabka@kernel.org \
    --cc=error27@gmail.com \
    --cc=ksummit@lists.linux.dev \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.