* [PATCH v4 13/16] usercopy: Remove folio references from check_heap_object() [not found] <20251113000932.1589073-1-willy@infradead.org> @ 2025-11-13 0:09 ` Matthew Wilcox (Oracle) 2025-11-24 6:14 ` Harry Yoo 2025-11-24 21:06 ` Kees Cook 0 siblings, 2 replies; 3+ messages in thread From: Matthew Wilcox (Oracle) @ 2025-11-13 0:09 UTC (permalink / raw) To: Vlastimil Babka, Andrew Morton Cc: Matthew Wilcox (Oracle), Christoph Lameter, David Rientjes, Roman Gushchin, Harry Yoo, linux-mm, Kees Cook, Gustavo A. R. Silva, linux-hardening Use page_slab() instead of virt_to_folio() followed by folio_slab(). We do end up calling compound_head() twice for non-slab copies, but that will not be a problem once we allocate memdescs separately. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Kees Cook <kees@kernel.org> Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> Cc: linux-hardening@vger.kernel.org --- mm/usercopy.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/mm/usercopy.c b/mm/usercopy.c index dbdcc43964fb..5de7a518b1b1 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c @@ -164,7 +164,8 @@ static inline void check_heap_object(const void *ptr, unsigned long n, { unsigned long addr = (unsigned long)ptr; unsigned long offset; - struct folio *folio; + struct page *page; + struct slab *slab; if (is_kmap_addr(ptr)) { offset = offset_in_page(ptr); @@ -189,16 +190,23 @@ static inline void check_heap_object(const void *ptr, unsigned long n, if (!virt_addr_valid(ptr)) return; - folio = virt_to_folio(ptr); - - if (folio_test_slab(folio)) { + page = virt_to_page(ptr); + slab = page_slab(page); + if (slab) { /* Check slab allocator for flags and size. */ - __check_heap_object(ptr, n, folio_slab(folio), to_user); - } else if (folio_test_large(folio)) { - offset = ptr - folio_address(folio); - if (n > folio_size(folio) - offset) + __check_heap_object(ptr, n, slab, to_user); + } else if (PageCompound(page)) { + page = compound_head(page); + offset = ptr - page_address(page); + if (n > page_size(page) - offset) usercopy_abort("page alloc", NULL, to_user, offset, n); } + + /* + * We cannot check non-compound pages. They might be part of + * a large allocation, in which case crossing a page boundary + * is fine. + */ } DEFINE_STATIC_KEY_MAYBE_RO(CONFIG_HARDENED_USERCOPY_DEFAULT_ON, -- 2.47.2 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v4 13/16] usercopy: Remove folio references from check_heap_object() 2025-11-13 0:09 ` [PATCH v4 13/16] usercopy: Remove folio references from check_heap_object() Matthew Wilcox (Oracle) @ 2025-11-24 6:14 ` Harry Yoo 2025-11-24 21:06 ` Kees Cook 1 sibling, 0 replies; 3+ messages in thread From: Harry Yoo @ 2025-11-24 6:14 UTC (permalink / raw) To: Matthew Wilcox (Oracle) Cc: Vlastimil Babka, Andrew Morton, Christoph Lameter, David Rientjes, Roman Gushchin, linux-mm, Kees Cook, Gustavo A. R. Silva, linux-hardening On Thu, Nov 13, 2025 at 12:09:27AM +0000, Matthew Wilcox (Oracle) wrote: > Use page_slab() instead of virt_to_folio() followed by folio_slab(). > We do end up calling compound_head() twice for non-slab copies, but that > will not be a problem once we allocate memdescs separately. > > Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> > Cc: Kees Cook <kees@kernel.org> > Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> > Cc: linux-hardening@vger.kernel.org > --- Looks good to me, Reviewed-by: Harry Yoo <harry.yoo@oracle.com> -- Cheers, Harry / Hyeonggon ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v4 13/16] usercopy: Remove folio references from check_heap_object() 2025-11-13 0:09 ` [PATCH v4 13/16] usercopy: Remove folio references from check_heap_object() Matthew Wilcox (Oracle) 2025-11-24 6:14 ` Harry Yoo @ 2025-11-24 21:06 ` Kees Cook 1 sibling, 0 replies; 3+ messages in thread From: Kees Cook @ 2025-11-24 21:06 UTC (permalink / raw) To: Matthew Wilcox (Oracle) Cc: Vlastimil Babka, Andrew Morton, Christoph Lameter, David Rientjes, Roman Gushchin, Harry Yoo, linux-mm, Gustavo A. R. Silva, linux-hardening On Thu, Nov 13, 2025 at 12:09:27AM +0000, Matthew Wilcox (Oracle) wrote: > Use page_slab() instead of virt_to_folio() followed by folio_slab(). > We do end up calling compound_head() twice for non-slab copies, but that > will not be a problem once we allocate memdescs separately. > > Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Kees Cook <kees@kernel.org> -- Kees Cook ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-11-24 21:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20251113000932.1589073-1-willy@infradead.org>
2025-11-13 0:09 ` [PATCH v4 13/16] usercopy: Remove folio references from check_heap_object() Matthew Wilcox (Oracle)
2025-11-24 6:14 ` Harry Yoo
2025-11-24 21:06 ` Kees Cook
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox