From: Kees Cook <keescook@chromium.org>
To: Mathias Krause <minipli@googlemail.com>
Cc: Alexander Potapenko <glider@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Christoph Lameter <cl@linux.com>,
kernel-hardening@lists.openwall.com,
Masahiro Yamada <yamada.masahiro@socionext.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Nick Desaulniers <ndesaulniers@google.com>,
Kostya Serebryany <kcc@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Sandeep Patil <sspatil@android.com>,
Laura Abbott <labbott@redhat.com>,
Randy Dunlap <rdunlap@infradead.org>,
Jann Horn <jannh@google.com>, Mark Rutland <mark.rutland@arm.com>,
linux-mm@kvack.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH 5/4] mm: Introduce SLAB_NO_FREE_INIT and mark excluded caches
Date: Mon, 20 May 2019 09:12:13 -0700 [thread overview]
Message-ID: <201905200902.68FD66AD9E@keescook> (raw)
In-Reply-To: <CA+rthh9bLiohU78PBMonji_LPjj756rhTy22v9nL8LpL0cTb5g@mail.gmail.com>
On Mon, May 20, 2019 at 08:10:19AM +0200, Mathias Krause wrote:
> Hi Kees,
>
> On Fri, 17 May 2019 at 02:50, Kees Cook <keescook@chromium.org> wrote:
> > In order to improve the init_on_free performance, some frequently
> > freed caches with less sensitive contents can be excluded from the
> > init_on_free behavior.
> >
> > This patch is modified from Brad Spengler/PaX Team's code in the
> > last public patch of grsecurity/PaX based on my understanding of the
> > code. Changes or omissions from the original code are mine and don't
> > reflect the original grsecurity/PaX code.
>
> you might want to give secunet credit for this one, as can be seen here:
>
> https://github.com/minipli/linux-grsec/commit/309d494e7a3f6533ca68fc8b3bd89fa76fd2c2df
>
> However, please keep the "Changes or omissions from the original
> code..." part as your version slightly differs.
Ah-ha! Thanks for finding the specific commit; I'll adjust
attribution. Are you able to describe how you chose the various excluded
kmem caches? (I assume it wasn't just "highest numbers in the stats
reporting".) And why run the ctor after wipe? Doesn't that means you're
just running the ctor again at the next allocation time?
Thanks!
-Kees
>
> Thanks,
> Mathias
>
> >
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> > fs/buffer.c | 2 +-
> > fs/dcache.c | 3 ++-
> > include/linux/slab.h | 3 +++
> > kernel/fork.c | 6 ++++--
> > mm/rmap.c | 5 +++--
> > mm/slab.h | 5 +++--
> > net/core/skbuff.c | 6 ++++--
> > 7 files changed, 20 insertions(+), 10 deletions(-)
> >
> > diff --git a/fs/buffer.c b/fs/buffer.c
> > index 0faa41fb4c88..04a85bd4cf2e 100644
> > --- a/fs/buffer.c
> > +++ b/fs/buffer.c
> > @@ -3457,7 +3457,7 @@ void __init buffer_init(void)
> > bh_cachep = kmem_cache_create("buffer_head",
> > sizeof(struct buffer_head), 0,
> > (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
> > - SLAB_MEM_SPREAD),
> > + SLAB_MEM_SPREAD|SLAB_NO_FREE_INIT),
> > NULL);
> >
> > /*
> > diff --git a/fs/dcache.c b/fs/dcache.c
> > index 8136bda27a1f..323b039accba 100644
> > --- a/fs/dcache.c
> > +++ b/fs/dcache.c
> > @@ -3139,7 +3139,8 @@ void __init vfs_caches_init_early(void)
> > void __init vfs_caches_init(void)
> > {
> > names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
> > - SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL);
> > + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_FREE_INIT, 0,
> > + PATH_MAX, NULL);
> >
> > dcache_init();
> > inode_init();
> > diff --git a/include/linux/slab.h b/include/linux/slab.h
> > index 9449b19c5f10..7eba9ad8830d 100644
> > --- a/include/linux/slab.h
> > +++ b/include/linux/slab.h
> > @@ -92,6 +92,9 @@
> > /* Avoid kmemleak tracing */
> > #define SLAB_NOLEAKTRACE ((slab_flags_t __force)0x00800000U)
> >
> > +/* Exclude slab from zero-on-free when init_on_free is enabled */
> > +#define SLAB_NO_FREE_INIT ((slab_flags_t __force)0x01000000U)
> > +
> > /* Fault injection mark */
> > #ifdef CONFIG_FAILSLAB
> > # define SLAB_FAILSLAB ((slab_flags_t __force)0x02000000U)
> > diff --git a/kernel/fork.c b/kernel/fork.c
> > index b4cba953040a..9868585f5520 100644
> > --- a/kernel/fork.c
> > +++ b/kernel/fork.c
> > @@ -2550,11 +2550,13 @@ void __init proc_caches_init(void)
> >
> > mm_cachep = kmem_cache_create_usercopy("mm_struct",
> > mm_size, ARCH_MIN_MMSTRUCT_ALIGN,
> > - SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT,
> > + SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT|
> > + SLAB_NO_FREE_INIT,
> > offsetof(struct mm_struct, saved_auxv),
> > sizeof_field(struct mm_struct, saved_auxv),
> > NULL);
> > - vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_ACCOUNT);
> > + vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_ACCOUNT|
> > + SLAB_NO_FREE_INIT);
> > mmap_init();
> > nsproxy_cache_init();
> > }
> > diff --git a/mm/rmap.c b/mm/rmap.c
> > index e5dfe2ae6b0d..b7b8013eeb0a 100644
> > --- a/mm/rmap.c
> > +++ b/mm/rmap.c
> > @@ -432,10 +432,11 @@ static void anon_vma_ctor(void *data)
> > void __init anon_vma_init(void)
> > {
> > anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
> > - 0, SLAB_TYPESAFE_BY_RCU|SLAB_PANIC|SLAB_ACCOUNT,
> > + 0, SLAB_TYPESAFE_BY_RCU|SLAB_PANIC|SLAB_ACCOUNT|
> > + SLAB_NO_FREE_INIT,
> > anon_vma_ctor);
> > anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain,
> > - SLAB_PANIC|SLAB_ACCOUNT);
> > + SLAB_PANIC|SLAB_ACCOUNT|SLAB_NO_FREE_INIT);
> > }
> >
> > /*
> > diff --git a/mm/slab.h b/mm/slab.h
> > index 24ae887359b8..f95b4f03c57b 100644
> > --- a/mm/slab.h
> > +++ b/mm/slab.h
> > @@ -129,7 +129,8 @@ static inline slab_flags_t kmem_cache_flags(unsigned int object_size,
> > /* Legal flag mask for kmem_cache_create(), for various configurations */
> > #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | \
> > SLAB_CACHE_DMA32 | SLAB_PANIC | \
> > - SLAB_TYPESAFE_BY_RCU | SLAB_DEBUG_OBJECTS )
> > + SLAB_TYPESAFE_BY_RCU | SLAB_DEBUG_OBJECTS | \
> > + SLAB_NO_FREE_INIT)
> >
> > #if defined(CONFIG_DEBUG_SLAB)
> > #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
> > @@ -535,7 +536,7 @@ static inline bool slab_want_init_on_alloc(gfp_t flags, struct kmem_cache *c)
> > static inline bool slab_want_init_on_free(struct kmem_cache *c)
> > {
> > if (static_branch_unlikely(&init_on_free))
> > - return !(c->ctor);
> > + return !(c->ctor) && ((c->flags & SLAB_NO_FREE_INIT) == 0);
> > else
> > return false;
> > }
> > diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> > index e89be6282693..b65902d2c042 100644
> > --- a/net/core/skbuff.c
> > +++ b/net/core/skbuff.c
> > @@ -3981,14 +3981,16 @@ void __init skb_init(void)
> > skbuff_head_cache = kmem_cache_create_usercopy("skbuff_head_cache",
> > sizeof(struct sk_buff),
> > 0,
> > - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
> > + SLAB_HWCACHE_ALIGN|SLAB_PANIC|
> > + SLAB_NO_FREE_INIT,
> > offsetof(struct sk_buff, cb),
> > sizeof_field(struct sk_buff, cb),
> > NULL);
> > skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
> > sizeof(struct sk_buff_fclones),
> > 0,
> > - SLAB_HWCACHE_ALIGN|SLAB_PANIC,
> > + SLAB_HWCACHE_ALIGN|SLAB_PANIC|
> > + SLAB_NO_FREE_INIT,
> > NULL);
> > skb_extensions_init();
> > }
> > --
> > 2.17.1
> >
> >
> > --
> > Kees Cook
--
Kees Cook
prev parent reply other threads:[~2019-05-20 16:12 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190514143537.10435-1-glider@google.com>
2019-05-14 14:35 ` [PATCH v2 1/4] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options Alexander Potapenko
2019-05-16 16:19 ` Kees Cook
2019-05-16 16:42 ` Alexander Potapenko
2019-05-16 17:03 ` Kees Cook
2019-05-17 1:26 ` Kees Cook
2019-05-17 14:38 ` Alexander Potapenko
2019-05-17 14:04 ` Michal Hocko
2019-05-17 14:11 ` Alexander Potapenko
2019-05-17 14:20 ` Michal Hocko
2019-05-17 16:36 ` Kees Cook
2019-05-17 17:11 ` Michal Hocko
2019-05-14 14:35 ` [PATCH v2 2/4] lib: introduce test_meminit module Alexander Potapenko
2019-05-16 1:02 ` Kees Cook
2019-05-17 15:51 ` Alexander Potapenko
2019-05-17 16:37 ` Kees Cook
2019-05-14 14:35 ` [PATCH v2 3/4] gfp: mm: introduce __GFP_NO_AUTOINIT Alexander Potapenko
2019-05-17 12:59 ` Michal Hocko
2019-05-17 13:18 ` Alexander Potapenko
2019-05-17 13:25 ` Michal Hocko
2019-05-17 13:37 ` Alexander Potapenko
2019-05-17 14:01 ` Michal Hocko
2019-05-17 16:27 ` Kees Cook
2019-05-17 17:11 ` Michal Hocko
2019-05-21 14:18 ` Alexander Potapenko
2019-05-21 14:25 ` Michal Hocko
2019-05-14 14:35 ` [PATCH v2 4/4] net: apply __GFP_NO_AUTOINIT to AF_UNIX sk_buff allocations Alexander Potapenko
2019-05-16 16:53 ` Kees Cook
2019-05-17 0:26 ` Kees Cook
2019-05-17 8:49 ` Alexander Potapenko
2019-05-17 13:50 ` Alexander Potapenko
2019-05-17 16:13 ` Kees Cook
2019-05-17 0:50 ` [PATCH 5/4] mm: Introduce SLAB_NO_FREE_INIT and mark excluded caches Kees Cook
2019-05-17 8:34 ` Alexander Potapenko
2019-05-17 15:59 ` Kees Cook
2019-05-20 6:10 ` Mathias Krause
2019-05-20 16:12 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201905200902.68FD66AD9E@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=kcc@google.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=minipli@googlemail.com \
--cc=ndesaulniers@google.com \
--cc=rdunlap@infradead.org \
--cc=serge@hallyn.com \
--cc=sspatil@android.com \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).