From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0435BC64EC4
	for <linux-mm@archiver.kernel.org>; Fri, 10 Feb 2023 08:44:17 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 737A66B0110; Fri, 10 Feb 2023 03:44:17 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6E64C6B0111; Fri, 10 Feb 2023 03:44:17 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 588E06B0112; Fri, 10 Feb 2023 03:44:17 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 324766B0110
	for <linux-mm@kvack.org>; Fri, 10 Feb 2023 03:44:17 -0500 (EST)
Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id B7819160294
	for <linux-mm@kvack.org>; Fri, 10 Feb 2023 08:44:16 +0000 (UTC)
X-FDA: 80450745312.20.9623A9E
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
	by imf09.hostedemail.com (Postfix) with ESMTP id A6E8214000D
	for <linux-mm@kvack.org>; Fri, 10 Feb 2023 08:44:13 +0000 (UTC)
Authentication-Results: imf09.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=xni5+alh;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=e5rcZXpy;
	spf=pass (imf09.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1676018654;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=UVINLfWoByaCJXVftpzcYlbIo/nk7wbOQy/Pd2ADzc4=;
	b=cDFa/L5VCrBsL1F2fCfT4UI1RcBA7UjHHmwtCRxvygAWqNAn7JD5ouMIe5j3N2Sw/8kyfj
	bHOivlot2kWw8zE6+V4cI1I6/sI4Cgl4oEz9OZUWmmiLBLqD/Dfk+wkwfO4fM0H0mn+vXr
	sno5nDF3aKMpbvTmilK9PCz2EpiRVl4=
ARC-Authentication-Results: i=1;
	imf09.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=xni5+alh;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=e5rcZXpy;
	spf=pass (imf09.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676018654; a=rsa-sha256;
	cv=none;
	b=d6mwrqc59dyALEosCzqsQnqLRxo/z6Lf/nEZvqC37uaNB5pJUM+m7Tn1v2JVqjhMptaK3q
	GcoEjiAgFZDdiKQlW8ilySbJRmofFJB/Nof61nbNcyKEsbLmadQW2KFeUtG3qdeh0YZyVl
	4H9eOzvo2fHD+9C+GGq364nU0KXeGFY=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id 2156167207;
	Fri, 10 Feb 2023 08:44:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1676018652; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=UVINLfWoByaCJXVftpzcYlbIo/nk7wbOQy/Pd2ADzc4=;
	b=xni5+alhgoHFaCl1x313GvQBtvv3GPW+InczHZPd3O0X4AEl1e4wsuyhKTNm+1NUvHXNZF
	r9KJiyDalgrx4EaZkij5oNTuRIzwk0yWfd5cRuibsTb6RuJR9+zOqn31Jg9oxkfV+vEP4V
	F9Tz7D9CRy5WzrbfOKUYAUq7my/ZXqU=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1676018652;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=UVINLfWoByaCJXVftpzcYlbIo/nk7wbOQy/Pd2ADzc4=;
	b=e5rcZXpyfz0QqEjd8c5zHyXM2ouAx2bUUTYUiu61xQ61hmcNND8ibgWMGHrrTr3uX5Qblh
	4sVTKfmLDUoSGuAw==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B6A2E13588;
	Fri, 10 Feb 2023 08:44:11 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
	by imap2.suse-dmz.suse.de with ESMTPSA
	id MfPbK9sD5mPCEgAAMHmgww
	(envelope-from <vbabka@suse.cz>); Fri, 10 Feb 2023 08:44:11 +0000
Message-ID: <046f0c76-f2b1-5df7-7c3e-76c0187da069@suse.cz>
Date: Fri, 10 Feb 2023 09:44:11 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Subject: Re: [PATCH] Revert "slub: force on no_hash_pointers when slub_debug
 is enabled"
Content-Language: en-US
To: Kees Cook <keescook@chromium.org>
Cc: Stephen Boyd <swboyd@chromium.org>, concord@gentoo.org,
 Pekka Enberg <penberg@kernel.org>, David Rientjes <rientjes@google.com>,
 Joonsoo Kim <iamjoonsoo.kim@lge.com>, Petr Mladek <pmladek@suse.com>,
 linux-mm@kvack.org, stable@vger.kernel.org,
 Steven Rostedt <rostedt@goodmis.org>,
 Sergey Senozhatsky <senozhatsky@chromium.org>,
 Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
 Rasmus Villemoes <linux@rasmusvillemoes.dk>, Christoph Lameter
 <cl@linux.com>, Andrew Morton <akpm@linux-foundation.org>,
 Roman Gushchin <roman.gushchin@linux.dev>,
 Hyeonggon Yoo <42.hyeyoo@gmail.com>, Keith Busch <kbusch@kernel.org>,
 Jens Axboe <axboe@kernel.dk>, Bart Van Assche <bvanassche@acm.org>,
 Mikulas Patocka <mpatocka@redhat.com>, Ard Biesheuvel <ardb@kernel.org>,
 Mark Rutland <mark.rutland@arm.com>, linux-kernel@vger.kernel.org,
 linux-hardening@vger.kernel.org, Peter Gerber <peter@arbitrary.ch>
References: <20230208194712.never.999-kees@kernel.org>
From: Vlastimil Babka <vbabka@suse.cz>
In-Reply-To: <20230208194712.never.999-kees@kernel.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Rspamd-Server: rspam07
X-Rspamd-Queue-Id: A6E8214000D
X-Rspam-User: 
X-Stat-Signature: ko9rd6pg3fd9fh4saporori5d44fksum
X-HE-Tag: 1676018653-364679
X-HE-Meta: U2FsdGVkX1+yBuvoiS4D+Z1lzjigOHDslwVTXPa5tYB3RSczu//5ioLERKIMYhKGJgE6tc1EpLURAvkuie0sS7BNcF8I8TlmLTepa8aM+VDkBoi60z8nkoKVvdb3KFVh5hrKmK7x93+TKz0JVlxY+VP6Kgye1T9eUG+1nvhKMG0jP7ts9S8xzHnIl/XqPqs3kM0SNs69/id566at5tz7T0vwJnQuB4lps5W5+cpYO+lGmHdBFHwqBIfqvaaZG1XLWrHIaivr7g0D8cRGfo2ZyQSbkauvI3uURuiOTWvGuwI15OcA2BW11f5BvDP58GuckU9VnVt2Djhkzzdbm1pMNaCIUGnWrryx5ZkWZA1a521ZBiZ4445m9NKvjEvihRO+zKuCe+YKG/UGLfta538YudzPpMN2pSQaE9UYiqB5JIo2W5rTCE3AlV+vbT2cHfTENisozgYpfztv5t7IzMY/YMJnGzqVJqQtCuU4dfibzLJ3T9cC1r6SkqSsXmld0/onxwC8L10/tdIR6KCgB8IdVCKaNaERpVAT8un+mVBWz/85yvjB5tr5BsPs+Cpi66nSVUF/8Kb7cDlP72BZrRVMSedwn3VQNQ77ppAAMfCUbDJt88SAmuuM1mEJqsp2UPf6+SKUisO99tlfLqMkqrnTqzSfgrBHVIuigjUNLTGQyUxm4sqyNbAhG7sBC0bWxuD99iAUT8ZHl9LhPSn9lwiQkCW5GR7EUsLQmPyXcLItbcBzpjoNSphMVoIzlL5BfmIHHWAn5qZP8l2OOkCpVQHIMlF7LjHUZn5P3pacxBJlCjqHf624q7gEoeZnc7kHNFokt90EYFsLPKTABQK8vcfiHLV9u/2M+fKJht998WdtGF5VnPNN6xCDhEIck5ZCau4n6fUoF92cjJD03+VwJYXCVKxtaSNeAVlsFzkTwaz1CB7OxKzGuyH8yo7043ifP1wUzZHuwbt9KK/LZvzRfEr
 F7AXkowl
 xKrgoGNFiP+nGW/GM5C/ny82/zxg0UZVmswI92F+0kY6nA2U5yeWDjf7gED7jlCsVFkdE3/o/xph6tiogfzoQXGa2fIJmp13yvf+HmAGoyKJQO+hEb0FPv9TBmAKKcmW6cWyGbC+FD9Ui/6QWl9jEUwCUYgJI8IEF8fsJSLENA1x1CmKHb/8wXzAnC6nZw0Zx4V+Qq4p0hb91+JCOQD1KVEBkIEJ2QefWC4eeGgZO+LQInVOgELZQBi1Q6nO50DeGW1N8FTbOFhOCiYS2rRM/OXOZgfDlwq2UnipcNDb3y7hSPF9baACEv+1li1jrfHdQToN6m6CEbgerBXdMu9JaQqzczPwhEQiSXQdcfWCt6tOA93rEnyKtYfsi7TeuhrfhcNV4Nr2sDKLiN6Ljf5ZEr6cZMhYsL37meoQ9njrXOqeHxYUzL2xWXKydVEAMqLm2pmvtngPN7XXmJEknHt5ykfqV3yh8VQt9bSnwhjsSnAx90djc0a8dXz1qtT+zgRfY6sUmdfHZrF0+q3s0TsoMzeCp/VN+0Ruh0w5JMpwtDo8b03EPba92Yi0bn09FDKOLj15VWwp1/c8NOkAgKSDgiLZa9K9gHI3i2AYu12Vpb+7uFKhyXlKH0EBq/q419zsQgJVneAfmHts5Qp+IpwunX7cKmI3orcDfsDV6eFKe9EiiOoOgxvnaI+gvXC97177RHpfzpi1/BX1xDMKSVDZnKuHVj0+X1e0bykUzIL+fBmAJ/iwhS5qYLWOfLwWwenjb7J4q
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 2/8/23 20:47, Kees Cook wrote:
> This reverts commit 792702911f581f7793962fbeb99d5c3a1b28f4c3.
> 
> Linking no_hash_pointers() to slub_debug has had a chilling effect
> on using slub_debug features for security hardening, since system
> builders are forced to choose between redzoning and heap address location
> exposures. Instead, just require that the "no_hash_pointers" boot param
> needs to be used to expose pointers during slub_debug reports.

Searching lore made me find [1] and I like the more concrete changelog as
well as updated documentation.

While it's convenient, it's probably indeed not slub's decision to enable
no_hash_pointers. But Stephen also has a point in reply to [1]. If the
data/address leak is indeed a concern, slub_debug will still print raw dumps
as part of the reports, so will e.g. dump_page(), so hashing %p is not a
complete solution and something more generic could be created for
controlling prints that distinguishes hardening vs debugging?

[1]
https://lore.kernel.org/all/8e472c9e-2076-bc25-5912-8433adf7b579@arbitrary.ch/

> Cc: Vlastimil Babka <vbabka@suse.cz>
> Cc: Stephen Boyd <swboyd@chromium.org>
> Cc: concord@gentoo.org
> Cc: Pekka Enberg <penberg@kernel.org>
> Cc: David Rientjes <rientjes@google.com>
> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
> Cc: Petr Mladek <pmladek@suse.com>
> Cc: linux-mm@kvack.org
> Cc: stable@vger.kernel.org
> Link: https://lore.kernel.org/lkml/202109200726.2EFEDC5@keescook/
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  include/linux/kernel.h | 2 --
>  lib/vsprintf.c         | 2 +-
>  mm/slub.c              | 4 ----
>  3 files changed, 1 insertion(+), 7 deletions(-)
> 
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index fe6efb24d151..e3d9d3879495 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -229,8 +229,6 @@ int sscanf(const char *, const char *, ...);
>  extern __scanf(2, 0)
>  int vsscanf(const char *, const char *, va_list);
>  
> -extern int no_hash_pointers_enable(char *str);
> -
>  extern int get_option(char **str, int *pint);
>  extern char *get_options(const char *str, int nints, int *ints);
>  extern unsigned long long memparse(const char *ptr, char **retptr);
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> index be71a03c936a..410b4a80a58a 100644
> --- a/lib/vsprintf.c
> +++ b/lib/vsprintf.c
> @@ -2222,7 +2222,7 @@ char *fwnode_string(char *buf, char *end, struct fwnode_handle *fwnode,
>  	return widen_string(buf, buf - buf_start, end, spec);
>  }
>  
> -int __init no_hash_pointers_enable(char *str)
> +static int __init no_hash_pointers_enable(char *str)
>  {
>  	if (no_hash_pointers)
>  		return 0;
> diff --git a/mm/slub.c b/mm/slub.c
> index 13459c69095a..63f7337dd433 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -5005,10 +5005,6 @@ void __init kmem_cache_init(void)
>  	if (debug_guardpage_minorder())
>  		slub_max_order = 0;
>  
> -	/* Print slub debugging pointers without hashing */
> -	if (__slub_debug_enabled())
> -		no_hash_pointers_enable(NULL);
> -
>  	kmem_cache_node = &boot_kmem_cache_node;
>  	kmem_cache = &boot_kmem_cache;
>