From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFA75C7EE2D for ; Tue, 23 May 2023 17:04:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 489436B0074; Tue, 23 May 2023 13:04:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 411D0900003; Tue, 23 May 2023 13:04:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B328900002; Tue, 23 May 2023 13:04:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 165376B0074 for ; Tue, 23 May 2023 13:04:29 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id BB0B94073F for ; Tue, 23 May 2023 17:04:28 +0000 (UTC) X-FDA: 80822143416.30.5B61A9E Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by imf29.hostedemail.com (Postfix) with ESMTP id B7FB5120382 for ; Tue, 23 May 2023 17:02:20 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=lzYLf2Qh; spf=pass (imf29.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.169 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684861341; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LD/AHmnjp0NpxhS4p9Yvs385A6w+BDeBdMrso5+Dd0Q=; b=P4he8fwz3JfIbP68exKBE/XBUHdLMRJG2a+6LXozyWBd7j61iC+rExZ6Z2z9soAtQu9X7S futY7N++447BwUjBcEvuZ9n7uUfg+o3D0f5E1gc/pzEwuoeKpuQxqG1nUcjEc2NUaXoBtK vKwNq1keESEIdZc+O91NAnI5eG4I4pY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684861341; a=rsa-sha256; cv=none; b=FxIrNIn6ytF2DOu9N0Wr/Kjf9HaQPeWROJH7O7VdWtbB2AaM5afrASThfEsyg52Q6DEE1F CWwCqrpCs2aarMlDrfSljve7K/Tr9nbyhy7bmpC6V7cHQluX9LBW0W/CF4ssx9A8IRzTbz VGqJdVdMUZsIaOC7dFkDgH0SUD6i01w= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=lzYLf2Qh; spf=pass (imf29.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.169 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1ae85b71141so43063935ad.0 for ; Tue, 23 May 2023 10:02:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1684861339; x=1687453339; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=LD/AHmnjp0NpxhS4p9Yvs385A6w+BDeBdMrso5+Dd0Q=; b=lzYLf2QhhI3UYhDz/x7zeHwaOXZjxjX8RJUlSR/iSQkPre1BbQqZhNaRDgEu4WxPpP WNcoECD735LmNk3jkktPP1QBpuInwgX0QeDE+Je8kuS96RaNEoN22PMzB0jQKtPJ45VK TC6KZnWUWzT8p80Ad1hgSWEZcepO1zypQ1sME= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684861339; x=1687453339; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=LD/AHmnjp0NpxhS4p9Yvs385A6w+BDeBdMrso5+Dd0Q=; b=iDDv91MfuyBwhHNOs6viQ674a4KO/EeOjPx23rP7Y4dicajhSIXR+HhBlyiT/OWcFk mCF+Sb15h8aWxy7Zv2miyEjf5ci+u7wdMCizS3+zYlFsnKpbb922mE9CyO9P9Bf+/5BR fucf9pXKPKmItPt4yx1KdPodeH0jd7j1UmW/RLUZKHIqLRHOI5ohRxNZC748nsrYGxKC f2Qv8stxE8E4vY+9UYe3m+dfvECjRXfRSXWnxeXhGlVBGvPcz7wZea4XxeeHWZzqN/q4 BafG2Pr/z5tRvwn9Tx9ZluQQ94kKTiqXs31Rzr1gPek4uDfnFRURzzZUepFQgTZbCqrb mvPQ== X-Gm-Message-State: AC+VfDw0YZhHyIM3NsEZWpv/b7U26sxLzsOcz3yycsXFdHv2Xacu4qmw Ugc5tYyKzyjUC4Zv+WGaACv7Fw== X-Google-Smtp-Source: ACHHUZ6rSNlwleoHAlvIMBQhyIFB+/d1nvXlfbHZz0sPioooGAVPueHOXiNnTfSN1iiCo/VNjK8bMQ== X-Received: by 2002:a17:902:f815:b0:1ac:aaf6:ee3a with SMTP id ix21-20020a170902f81500b001acaaf6ee3amr13420526plb.32.1684861339266; Tue, 23 May 2023 10:02:19 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id r6-20020a170902be0600b001aafde15ff3sm6960489pls.293.2023.05.23.10.02.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 May 2023 10:02:18 -0700 (PDT) Date: Tue, 23 May 2023 10:02:17 -0700 From: Kees Cook To: David Hildenbrand Cc: Lorenzo Stoakes , Vlastimil Babka , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, linux-hardening@vger.kernel.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR Message-ID: <202305231001.08BC6058@keescook> References: <20230523073136.4900-1-vbabka@suse.cz> <310077ed-6f3f-41fe-afcf-36500a9408ec@lucifer.local> <623a87c6-c0d2-799a-c39e-0d14dcdfa6df@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: B7FB5120382 X-Rspam-User: X-Stat-Signature: 18i11afkqw3n91wnsfzn9zcokuf9yrme X-Rspamd-Server: rspam03 X-HE-Tag: 1684861340-743376 X-HE-Meta: U2FsdGVkX1/lY3cW340YuhY2xnKIKmdAezJs8gwlLm5g9dz5IaxW3FASUJYPNg3y+HpzlOYrEQI74tZRfJ07FdpI5nCWDxGzwCSwiQ/xxyuAKO/YsoN0o6pZtXvAe6aRq0C+N7Dy2Bhwm4hNUY+1lipocO2sDpHFtHLTio6WUqJc5hJWpGkYRcGwVGfoxr/6Kak4zteZR4hsQPgmI1kep7c4lqnAC2c9sN85OmgNThMmI2vSidcCpoHLhDHAKAMCXjaoAILj839KAV6bjZfRcenz3zYZkEQ+Frpq/nJpvMfpcrDyCVLo4QNrVaoUuUKCL6DG8MNTWCevUk2Loi3RrearyZqp6p7LN9dXrCAtTjxB4S7jqH1nkRyz9IAULhweiNiVHesXqNBWkHFIz2GRt5bG/iPRFf43o4YwRSH1O+iiB9CwHI1faNHy4ukNanzl6pgx7r9nL6y2HFdvJkQCTUndg8VAQpfX8iKMzii3DgOm4G58ZCJEbo0fT4FXbnNrvxRUIpK7goRVwlgcaT3ig5PmvvrxKghhORHiF2gtLT5h+Pk9fdIeOZts7CSMEqde9XyLxocgiJaPdU/yIg8EwOsbRee2fYUU6Pibi6iuJODGNpnm8jtsjQskjs90IpJjNy3L6jKe0zYkwFCykaqREjMoL5zM2FWNd/CRfotbnYyY8hHclFj3cNH2v/Fdaq2hkGc8fAVDhKszecwrM+jqvsAc6VWv3GMgUkr48z1d3M+paCEPG69coQOAfEEnBLSZ5HGCsFMePAklkCt1QzQIo5E3xF/91HtpDQM/FahyggSxnLX5uJJrmjfr8ggHZ1hb2dLTWJqy4jrJ34rtcI/TuXfYGHJ9/T/jI8tQ/3tMtMZZHckhkpvYpBT/IzaClPfxaWwDTJgbofChHZraYXbihaJySm8DjEtA/np3Y3kaDENgdbqz0TDVXNhXXAV2ooMS6t/NqFzN3pZwTnd7Iwp uzrBHUXH x0hv2vbDnTi0R1uT2UqHk4bu8GBi9gsZbNidiqfOGQJrcXO9HDmkhN+cfp/TgXgP+xBw69KJICBoTGAQuu5Lw1U/BHhM1BaRRoecwX2RfTNGU33shtQYBYajIz4v1NaAR05yg+C6NS6ycEtym390TOfDJHTrVY1ua1b32WsKVlnAnDeYHr9FyIyNlnw8POAi96UcQ6dIPA1AByd5zFkQT8/f0xs9eGOsfcc3aK0BmJ06w+qetiJf/8GHDqyTK+eywbh2xj6lBrX0/4Ra2+5phU8UZ/8d3Sh/Yreg5ocAXshx7ADG1gzasuvEcVfzCClrJnV0/6AjFauEh3lz6qPTKCBdaC4QuSXew6Vjpie9sTfpYskXLnL3KAp5SR7aNiAevOL/pYDMCV0XocPo9yyn7dzX5wF+Qle4aQrGnRCADU/uVaFGPd6xSwOHCsiJ1Y/xqnKdB+v4zPaBY4V7Vek600rhL/XfxJJlwzEmqPEkzXKicCsESDczLPT7jjwuxIlhJ27mRvD5yJHSQLJcdvQ+KJjZjok8UAwswT4jWJEMVAC18t+A= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, May 23, 2023 at 10:14:24AM +0200, David Hildenbrand wrote: > On 23.05.23 09:56, Lorenzo Stoakes wrote: > > On Tue, May 23, 2023 at 09:46:46AM +0200, Vlastimil Babka wrote: > > > On 5/23/23 09:42, Lorenzo Stoakes wrote: > > > > On Tue, May 23, 2023 at 09:31:36AM +0200, Vlastimil Babka wrote: > > > > > With SLOB removed, both remaining allocators support hardened usercopy, > > > > > so remove the config and associated #ifdef. > > > > > > > > > > Signed-off-by: Vlastimil Babka > > > > > --- > > > > > mm/Kconfig | 2 -- > > > > > mm/slab.h | 9 --------- > > > > > security/Kconfig | 8 -------- > > > > > 3 files changed, 19 deletions(-) > > > > > > > > > > diff --git a/mm/Kconfig b/mm/Kconfig > > > > > index 7672a22647b4..041f0da42f2b 100644 > > > > > --- a/mm/Kconfig > > > > > +++ b/mm/Kconfig > > > > > @@ -221,7 +221,6 @@ choice > > > > > config SLAB > > > > > bool "SLAB" > > > > > depends on !PREEMPT_RT > > > > > - select HAVE_HARDENED_USERCOPY_ALLOCATOR > > > > > help > > > > > The regular slab allocator that is established and known to work > > > > > well in all environments. It organizes cache hot objects in > > > > > @@ -229,7 +228,6 @@ config SLAB > > > > > > > > > > config SLUB > > > > > bool "SLUB (Unqueued Allocator)" > > > > > - select HAVE_HARDENED_USERCOPY_ALLOCATOR > > > > > help > > > > > SLUB is a slab allocator that minimizes cache line usage > > > > > instead of managing queues of cached objects (SLAB approach). > > > > > diff --git a/mm/slab.h b/mm/slab.h > > > > > index f01ac256a8f5..695ef96b4b5b 100644 > > > > > --- a/mm/slab.h > > > > > +++ b/mm/slab.h > > > > > @@ -832,17 +832,8 @@ struct kmem_obj_info { > > > > > void __kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *slab); > > > > > #endif > > > > > > > > > > -#ifdef CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR > > > > > void __check_heap_object(const void *ptr, unsigned long n, > > > > > const struct slab *slab, bool to_user); > > > > > -#else > > > > > -static inline > > > > > -void __check_heap_object(const void *ptr, unsigned long n, > > > > > - const struct slab *slab, bool to_user) > > > > > -{ > > > > > -} > > > > > -#endif > > > > > > > > Hm, this is still defined in slab.c/slub.c and invoked in usercopy.c, do we > > > > not want the prototype? > > > > > > Well I didn't delete the prototype, just the ifdef/else around, so now it's > > > there unconditionally. > > > > > > > Perhaps replacing with #ifdef > > > > CONFIG_HARDENED_USERCOPY instead? I may be missing something here :) > > > > > > Putting it under that #ifdef would work and match that the implementations > > > of that function are under that same ifdef, but maybe it's unnecessary noise > > > in the header? > > > > > > > Yeah my brain inserted extra '-'s there, sorry! > > > > Given we only define __check_heap_object() in sl[au]b.c if > > CONFIG_HARDENED_USERCOPY wouldn't we need to keep the empty version around > > if !CONFIG_HARDENED_USERCOPY since check_heap_object() appears to be called > > unconditionally? > > > > The file is only compiled with CONFIG_HARDENED_USERCOPY: > > mm/Makefile:obj-$(CONFIG_HARDENED_USERCOPY) += usercopy.o Right. > Reviewed-by: David Hildenbrand Thanks! Reviewed-by: Kees Cook -- Kees Cook