[PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()

Linux-mm Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <kees@kernel.org>
To: Vlastimil Babka <vbabka@kernel.org>
Cc: Kees Cook <kees@kernel.org>, Harry Yoo <harry@kernel.org>,
	Marco Elver <elver@google.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	David Hildenbrand <david@kernel.org>,
	Lorenzo Stoakes <ljs@kernel.org>,
	"Liam R. Howlett" <liam@infradead.org>,
	Mike Rapoport <rppt@kernel.org>,
	Suren Baghdasaryan <surenb@google.com>,
	Michal Hocko <mhocko@suse.com>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: [PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()
Date: Thu, 21 May 2026 05:40:31 -0700	[thread overview]
Message-ID: <20260521124026.work.036-kees@kernel.org> (raw)

The use of the kmemdup_nul()-family of allocations are explicitly for
allocating NUL terminated strings, so these would be best separated from
typed allocations, as they are their own set of arbitrarily sized
allocations. They are not as risky as userspace controlled allocations,
but these would be good to separate as well.

  # grep memdup_nul /proc/slabinfo | cut -c-25
  memdup_nul-8k          0
  memdup_nul-4k          0
  memdup_nul-2k          0
  memdup_nul-1k          0
  memdup_nul-512        28
  memdup_nul-256         0
  memdup_nul-192        60
  memdup_nul-128        60
  memdup_nul-96         60
  memdup_nul-64        180
  memdup_nul-32        960
  memdup_nul-16       1860
  memdup_nul-8        1980

Suggested-by: Harry Yoo <harry@kernel.org>
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Vlastimil Babka <vbabka@kernel.org>
Cc: Marco Elver <elver@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: David Hildenbrand <david@kernel.org>
Cc: Lorenzo Stoakes <ljs@kernel.org>
Cc: "Liam R. Howlett" <liam@infradead.org>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: <linux-mm@kvack.org>
---
 mm/util.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/mm/util.c b/mm/util.c
index 3cc949a0b7ed..419269bb53da 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -34,6 +34,9 @@
 #include "internal.h"
 #include "swap.h"
 
+static kmem_buckets *user_buckets __ro_after_init;
+static kmem_buckets *nul_buckets __ro_after_init;
+
 /**
  * kfree_const - conditionally free memory
  * @x: pointer to the memory
@@ -61,7 +64,7 @@ static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp)
 	char *buf;
 
 	/* '+1' for the NUL terminator */
-	buf = kmalloc_track_caller(len + 1, gfp);
+	buf = kmem_buckets_alloc_track_caller(nul_buckets, len + 1, gfp);
 	if (!buf)
 		return NULL;
 
@@ -195,15 +198,14 @@ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp)
 }
 EXPORT_SYMBOL(kmemdup_nul);
 
-static kmem_buckets *user_buckets __ro_after_init;
-
-static int __init init_user_buckets(void)
+static int __init init_buckets(void)
 {
 	user_buckets = kmem_buckets_create("memdup_user", 0, 0, INT_MAX, NULL);
+	nul_buckets = kmem_buckets_create("memdup_nul", 0, 0, INT_MAX, NULL);
 
 	return 0;
 }
-subsys_initcall(init_user_buckets);
+subsys_initcall(init_buckets);
 
 /**
  * memdup_user - duplicate memory region from user space
-- 
2.34.1

next             reply	other threads:[~2026-05-21 12:40 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-21 12:40 Kees Cook [this message]
2026-05-21 12:46 ` [PATCH] mm/util: Use kmalloc buckets for kmemdup_nul() Marco Elver
2026-05-21 17:46 ` kernel test robot

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3cc949a0b7e dfblob:419269bb53d )
 OR (
bs:"[PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260521124026.work.036-kees@kernel.org \
    --to=kees@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=david@kernel.org \
    --cc=elver@google.com \
    --cc=harry@kernel.org \
    --cc=liam@infradead.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=ljs@kernel.org \
    --cc=mhocko@suse.com \
    --cc=rppt@kernel.org \
    --cc=surenb@google.com \
    --cc=vbabka@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox