From: andrey.konovalov@linux.dev
To: Marco Elver <elver@google.com>, Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
kasan-dev@googlegroups.com, Evgenii Stepanov <eugenis@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH RFC 19/20] skbuff: use mempool KASAN hooks
Date: Mon, 6 Nov 2023 21:10:28 +0100 [thread overview]
Message-ID: <13e15a27958e63070970ca4d7bb52c8c156bfa02.1699297309.git.andreyknvl@google.com> (raw)
In-Reply-To: <cover.1699297309.git.andreyknvl@google.com>
From: Andrey Konovalov <andreyknvl@google.com>
Instead of using slab-internal KASAN hooks for poisoning and unpoisoning
cached objects, use the proper mempool KASAN hooks.
Also check the return value of kasan_mempool_poison_object to prevent
double-free and invali-free bugs.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
net/core/skbuff.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 63bb6526399d..bb75b4272992 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -337,7 +337,7 @@ static struct sk_buff *napi_skb_cache_get(void)
}
skb = nc->skb_cache[--nc->skb_count];
- kasan_unpoison_new_object(skbuff_cache, skb);
+ kasan_mempool_unpoison_object(skb, kmem_cache_size(skbuff_cache));
return skb;
}
@@ -1309,13 +1309,15 @@ static void napi_skb_cache_put(struct sk_buff *skb)
struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache);
u32 i;
- kasan_poison_new_object(skbuff_cache, skb);
+ if (!kasan_mempool_poison_object(skb))
+ return;
+
nc->skb_cache[nc->skb_count++] = skb;
if (unlikely(nc->skb_count == NAPI_SKB_CACHE_SIZE)) {
for (i = NAPI_SKB_CACHE_HALF; i < NAPI_SKB_CACHE_SIZE; i++)
- kasan_unpoison_new_object(skbuff_cache,
- nc->skb_cache[i]);
+ kasan_mempool_unpoison_object(nc->skb_cache[i],
+ kmem_cache_size(skbuff_cache));
kmem_cache_free_bulk(skbuff_cache, NAPI_SKB_CACHE_HALF,
nc->skb_cache + NAPI_SKB_CACHE_HALF);
--
2.25.1
next prev parent reply other threads:[~2023-11-06 20:13 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-06 20:10 [PATCH RFC 00/20] kasan: save mempool stack traces andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 01/20] kasan: rename kasan_slab_free_mempool to kasan_mempool_poison_object andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 02/20] kasan: move kasan_mempool_poison_object andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 03/20] kasan: document kasan_mempool_poison_object andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 04/20] kasan: add return value for kasan_mempool_poison_object andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 05/20] kasan: introduce kasan_mempool_unpoison_object andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 06/20] kasan: introduce kasan_mempool_poison_pages andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 07/20] kasan: introduce kasan_mempool_unpoison_pages andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 08/20] kasan: clean up __kasan_mempool_poison_object andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 09/20] kasan: save free stack traces for slab mempools andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 10/20] kasan: clean up and rename ____kasan_kmalloc andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 11/20] kasan: introduce poison_kmalloc_large_redzone andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 12/20] kasan: save alloc stack traces for mempool andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 13/20] mempool: use new mempool KASAN hooks andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 14/20] mempool: introduce mempool_use_prealloc_only andrey.konovalov
2023-11-22 17:20 ` Marco Elver
2023-11-23 18:06 ` Andrey Konovalov
2023-11-23 18:47 ` Marco Elver
2023-11-06 20:10 ` [PATCH RFC 15/20] kasan: add mempool tests andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 16/20] kasan: rename pagealloc tests andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 17/20] kasan: reorder tests andrey.konovalov
2023-11-06 20:10 ` [PATCH RFC 18/20] kasan: rename and document kasan_(un)poison_object_data andrey.konovalov
2023-11-06 20:10 ` andrey.konovalov [this message]
2023-11-06 20:10 ` [PATCH RFC 20/20] io_uring: use mempool KASAN hook andrey.konovalov
2023-11-22 17:13 ` [PATCH RFC 00/20] kasan: save mempool stack traces Marco Elver
2023-11-23 18:06 ` Andrey Konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=13e15a27958e63070970ca4d7bb52c8c156bfa02.1699297309.git.andreyknvl@google.com \
--to=andrey.konovalov@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=andreyknvl@google.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ryabinin.a.a@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox