Re: [PATCH v2 02/15] slab: add struct kmem_cache_args

[Christian Brauner <brauner@kernel.org>]

On Wed, Sep 04, 2024 at 07:16:07PM GMT, Mike Rapoport wrote:
> On Wed, Sep 04, 2024 at 05:48:31PM +0200, Christian Brauner wrote:
> > On Wed, Sep 04, 2024 at 06:16:16PM GMT, Mike Rapoport wrote:
> > > On Tue, Sep 03, 2024 at 04:20:43PM +0200, Christian Brauner wrote:
> > > > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > > > ---
> > > >  include/linux/slab.h | 21 ++++++++++++++++
> > > >  mm/slab_common.c     | 67 +++++++++++++++++++++++++++++++++++++++-------------
> > > >  2 files changed, 72 insertions(+), 16 deletions(-)
> > > > 
> > > > diff --git a/include/linux/slab.h b/include/linux/slab.h
> > > > index 5b2da2cf31a8..79d8c8bca4a4 100644
> > > > --- a/include/linux/slab.h
> > > > +++ b/include/linux/slab.h
> > > > @@ -240,6 +240,27 @@ struct mem_cgroup;
> > > >   */
> > > >  bool slab_is_available(void);
> > > >  
> > > > +/**
> > > > + * @align: The required alignment for the objects.
> > > > + * @useroffset: Usercopy region offset
> > > > + * @usersize: Usercopy region size
> > > > + * @freeptr_offset: Custom offset for the free pointer in RCU caches
> > > > + * @use_freeptr_offset: Whether a @freeptr_offset is used
> > > > + * @ctor: A constructor for the objects.
> > > > + */
> > > > +struct kmem_cache_args {
> > > > +	unsigned int align;
> > > > +	unsigned int useroffset;
> > > > +	unsigned int usersize;
> > > > +	unsigned int freeptr_offset;
> > > > +	bool use_freeptr_offset;
> > > > +	void (*ctor)(void *);
> > > > +};
> > > > +
> > > > +struct kmem_cache *__kmem_cache_create_args(const char *name,
> > > > +					    unsigned int object_size,
> > > > +					    struct kmem_cache_args *args,
> > > > +					    slab_flags_t flags);
> > > >  struct kmem_cache *kmem_cache_create(const char *name, unsigned int size,
> > > >  			unsigned int align, slab_flags_t flags,
> > > >  			void (*ctor)(void *));
> > > > diff --git a/mm/slab_common.c b/mm/slab_common.c
> > > > index 91e0e36e4379..0f13c045b8d1 100644
> > > > --- a/mm/slab_common.c
> > > > +++ b/mm/slab_common.c
> > > > @@ -248,14 +248,24 @@ static struct kmem_cache *create_cache(const char *name,
> > > >  	return ERR_PTR(err);
> > > >  }
> > > >  
> > > > -static struct kmem_cache *
> > > > -do_kmem_cache_create_usercopy(const char *name,
> > > > -		  unsigned int size, unsigned int freeptr_offset,
> > > > -		  unsigned int align, slab_flags_t flags,
> > > > -		  unsigned int useroffset, unsigned int usersize,
> > > > -		  void (*ctor)(void *))
> > > > +/**
> > > > + * __kmem_cache_create_args - Create a kmem cache
> > > > + * @name: A string which is used in /proc/slabinfo to identify this cache.
> > > > + * @object_size: The size of objects to be created in this cache.
> > > > + * @args: Arguments for the cache creation (see struct kmem_cache_args).
> > > > + * @flags: See %SLAB_* flags for an explanation of individual @flags.
> > > > + *
> > > > + * Cannot be called within a interrupt, but can be interrupted.
> > > > + *
> > > > + * Return: a pointer to the cache on success, NULL on failure.
> > > > + */
> > > > +struct kmem_cache *__kmem_cache_create_args(const char *name,
> > > > +					    unsigned int object_size,
> > > > +					    struct kmem_cache_args *args,
> > > > +					    slab_flags_t flags)
> > > >  {
> > > >  	struct kmem_cache *s = NULL;
> > > > +	unsigned int freeptr_offset = UINT_MAX;
> > > >  	const char *cache_name;
> > > >  	int err;
> > > >  
> > > > @@ -275,7 +285,7 @@ do_kmem_cache_create_usercopy(const char *name,
> > > >  
> > > >  	mutex_lock(&slab_mutex);
> > > >  
> > > > -	err = kmem_cache_sanity_check(name, size);
> > > > +	err = kmem_cache_sanity_check(name, object_size);
> > > >  	if (err) {
> > > >  		goto out_unlock;
> > > >  	}
> > > > @@ -296,12 +306,14 @@ do_kmem_cache_create_usercopy(const char *name,
> > > >  
> > > >  	/* Fail closed on bad usersize of useroffset values. */
> > > >  	if (!IS_ENABLED(CONFIG_HARDENED_USERCOPY) ||
> > > > -	    WARN_ON(!usersize && useroffset) ||
> > > > -	    WARN_ON(size < usersize || size - usersize < useroffset))
> > > > -		usersize = useroffset = 0;
> > > > -
> > > > -	if (!usersize)
> > > > -		s = __kmem_cache_alias(name, size, align, flags, ctor);
> > > > +	    WARN_ON(!args->usersize && args->useroffset) ||
> > > > +	    WARN_ON(object_size < args->usersize ||
> > > > +		    object_size - args->usersize < args->useroffset))
> > > > +		args->usersize = args->useroffset = 0;
> > > > +
> > > > +	if (!args->usersize)
> > > > +		s = __kmem_cache_alias(name, object_size, args->align, flags,
> > > > +				       args->ctor);
> > > 
> > > Sorry I missed it in the previous review, but nothing guaranties that
> > > nobody will call kmem_cache_create_args with args != NULL.
> > > 
> > > I think there should be a check for args != NULL and a substitution of args
> > > with defaults if it actually was NULL.
> > 
> > I think that callers that pass NULL should all be switched to
> > KMEM_CACHE() and passing NULL should simply not be supported. And the
> > few callers that need some very special alignment need to pass struct
> > kmem_cache_args anyway. So there should never be a need to pass NULL.
> 
> But you can't guarantee that some random driver won't call
> 
> 	__kmem_cache_create_args("name", size, NULL, flags);
> 
> At least we'd need
> 	
> 	if (!args)
> 		return -EINVAL;

Calling __kmem_cache_create_args() directly is a bug. That's why it's __*().
And we don't check for non-NULL @name either. In fact we almost never do
such checks.

Plus, if someone did:

kmem_cache_create("foo", sizeof(foo), NULL, flags);

they'd get a compile time error due to _Generic().