From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A7D4C433FE for ; Tue, 1 Nov 2022 05:24:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229947AbiKAFYQ (ORCPT ); Tue, 1 Nov 2022 01:24:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229882AbiKAFYH (ORCPT ); Tue, 1 Nov 2022 01:24:07 -0400 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 18E09109C for ; Mon, 31 Oct 2022 22:23:56 -0700 (PDT) Received: by mail-pf1-x42f.google.com with SMTP id f140so12573086pfa.1 for ; Mon, 31 Oct 2022 22:23:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Ckme17bDZWxNa/iBrFHvpbZAlPaN1AATcxEYKVR5N8g=; b=G3J/0mFiAFHA1lsmj/bsPEXX9ijq8ulfS8Z54Vtj+6oDabl3DmskvPp9QBgIHelZoj XUF7AJ9UblwlD7+KOM0gEMh5cqELGGGTdL2LLdwfhq/sTis9oarKQzqLUhUWcUPmKc7V k26SzoGnRIgCvh16xegLCWqK6abjyR7j1CuCQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Ckme17bDZWxNa/iBrFHvpbZAlPaN1AATcxEYKVR5N8g=; b=uQ3Wy91hiuTm6LnCsNONPX66co/iUjcBXGARjTcEFrnU0Cjh9n0/5pBW3MKysS9gCY Y6Yatk3oAFvx4GAKw/tfzVTVCKKQi1mzfFvanFW+LRkVayrDWkqxA0J2/fT4i0SXV/DC b2GJux9Ag1UElfUScY7ipDqxjXdkvhF9WmEzJphnMfZm9doY1AYsBVL2zBSPz8Rk3hiE COPYdyPU8SWzQLpODGxxVinn20Mt5SPUhr4cZwtHCsddMBlVcjpCyG36m9Htb7AE7isc JBfaJdCGaqhl/Fr0oDWb4tCDyQllhJ+Gd98B25lMymr8zjZl4qIzyk0dmrilywFAoxQg fH1A== X-Gm-Message-State: ACrzQf3JRE+/JHHEViSWiP2CXGx4C0XfVg0bjWLXPTcZU4V98b5Wj4/t JYbMtDfnuB5kcHjaYwmaCpq+HOf5v2p2xw== X-Google-Smtp-Source: AMsMyM7axCKf5t2an+uR1OgVVP6jvEDx7TMZGaFnNA5XMS09xxYJdATNmQ+GiQ1szPf0wgJWBN3utw== X-Received: by 2002:a65:6e93:0:b0:456:5024:e6ae with SMTP id bm19-20020a656e93000000b004565024e6aemr68920pgb.466.1667280235910; Mon, 31 Oct 2022 22:23:55 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id ix22-20020a170902f81600b001769206a766sm5296014plb.307.2022.10.31.22.23.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Oct 2022 22:23:55 -0700 (PDT) Date: Mon, 31 Oct 2022 22:23:54 -0700 From: Kees Cook To: Stanislav Fomichev Cc: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Hao Luo , Jiri Olsa , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH bpf-next v2 3/3] bpf/verifier: Take advantage of full allocation sizes Message-ID: <202210312222.0AE80CD3@keescook> References: <20221029024444.gonna.633-kees@kernel.org> <20221029025433.2533810-3-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 31, 2022 at 02:53:35PM -0700, Stanislav Fomichev wrote: > On Fri, Oct 28, 2022 at 7:54 PM Kees Cook wrote: > > > > Since the full kmalloc bucket size is being explicitly allocated, pass > > back the resulting details to take advantage of the full size so that > > reallocation checking will be needed less frequently. > > > > Cc: Alexei Starovoitov > > Cc: Daniel Borkmann > > Cc: John Fastabend > > Cc: Andrii Nakryiko > > Cc: Martin KaFai Lau > > Cc: Song Liu > > Cc: Yonghong Song > > Cc: KP Singh > > Cc: Stanislav Fomichev > > Cc: Hao Luo > > Cc: Jiri Olsa > > Cc: bpf@vger.kernel.org > > Signed-off-by: Kees Cook > > --- > > kernel/bpf/verifier.c | 27 ++++++++++++++++----------- > > 1 file changed, 16 insertions(+), 11 deletions(-) > > > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > > index 1c040d27b8f6..e58b554e862b 100644 > > --- a/kernel/bpf/verifier.c > > +++ b/kernel/bpf/verifier.c > > @@ -1020,20 +1020,23 @@ static void *copy_array(void *dst, const void *src, size_t n, size_t size, gfp_t > > return dst ? dst : ZERO_SIZE_PTR; > > } > > > > -/* resize an array from old_n items to new_n items. the array is reallocated if it's too > > - * small to hold new_n items. new items are zeroed out if the array grows. > > +/* Resize an array from old_n items to *new_n items. The array is > > + * reallocated if it's too small to hold *new_n items. New items are > > + * zeroed out if the array grows. Allocation is rounded up to next kmalloc > > + * bucket size to reduce frequency of resizing. *new_n contains the new > > + * total number of items that will fit. > > * > > - * Contrary to krealloc_array, does not free arr if new_n is zero. > > + * Contrary to krealloc, does not free arr if new_n is zero. > > */ > > -static void *realloc_array(void *arr, size_t old_n, size_t new_n, size_t size) > > +static void *realloc_array(void *arr, size_t old_n, size_t *new_n, size_t size) > > { > > size_t alloc_size; > > void *new_arr; > > > > - if (!new_n || old_n == new_n) > > + if (!new_n || !*new_n || old_n == *new_n) > > goto out; > > > > - alloc_size = kmalloc_size_roundup(size_mul(new_n, size)); > > + alloc_size = kmalloc_size_roundup(size_mul(*new_n, size)); > > new_arr = krealloc(arr, alloc_size, GFP_KERNEL); > > if (!new_arr) { > > kfree(arr); > > @@ -1041,8 +1044,9 @@ static void *realloc_array(void *arr, size_t old_n, size_t new_n, size_t size) > > } > > arr = new_arr; > > > > - if (new_n > old_n) > > - memset(arr + old_n * size, 0, (new_n - old_n) * size); > > + *new_n = alloc_size / size; > > + if (*new_n > old_n) > > + memset(arr + old_n * size, 0, (*new_n - old_n) * size); > > > > out: > > return arr ? arr : ZERO_SIZE_PTR; > > [..] > > > @@ -1074,7 +1078,7 @@ static int copy_stack_state(struct bpf_func_state *dst, const struct bpf_func_st > > > > static int resize_reference_state(struct bpf_func_state *state, size_t n) > > { > > - state->refs = realloc_array(state->refs, state->acquired_refs, n, > > + state->refs = realloc_array(state->refs, state->acquired_refs, &n, > > sizeof(struct bpf_reference_state)); > > if (!state->refs) > > return -ENOMEM; > > Patches 1 & 2 look good, but not sure about this part. We later do the > following in the same routine: I'm totally fine leaving off #3. 1 is a bug fix, 2 is what I need to get the ksize side-effect managed in bpf, and 3 was maybe an optimization. -- Kees Cook