From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BD741EB64D0
	for <linux-mm@archiver.kernel.org>; Tue, 13 Jun 2023 16:44:55 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 28C286B0071; Tue, 13 Jun 2023 12:44:55 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 214226B0074; Tue, 13 Jun 2023 12:44:55 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 08DDF6B007B; Tue, 13 Jun 2023 12:44:55 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id E78AC6B0071
	for <linux-mm@kvack.org>; Tue, 13 Jun 2023 12:44:54 -0400 (EDT)
Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id BA5DB1A058D
	for <linux-mm@kvack.org>; Tue, 13 Jun 2023 16:44:54 +0000 (UTC)
X-FDA: 80898298908.20.F2CE36D
Received: from mail-qk1-f175.google.com (mail-qk1-f175.google.com [209.85.222.175])
	by imf15.hostedemail.com (Postfix) with ESMTP id 6A6DFA001E
	for <linux-mm@kvack.org>; Tue, 13 Jun 2023 16:44:51 +0000 (UTC)
Authentication-Results: imf15.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20221208 header.b=lTe2j27r;
	spf=pass (imf15.hostedemail.com: domain of boqun.feng@gmail.com designates 209.85.222.175 as permitted sender) smtp.mailfrom=boqun.feng@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686674691; a=rsa-sha256;
	cv=none;
	b=qJTcYqJAz5gLKoGh6vFnGkoaDmsiN6QSCPTrDBwVQKSMJNCuzFfd01p0/wcg4kOprMf8Mk
	SfnT9rTd/On8fNdkqm/tWMbSSehd9QiTSCKKMMlriLfgNYSSJ37cFUlc/416nmnHSdlrB9
	SRi35x33zBUduTvmj7EDhGUFOaRewu4=
ARC-Authentication-Results: i=1;
	imf15.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20221208 header.b=lTe2j27r;
	spf=pass (imf15.hostedemail.com: domain of boqun.feng@gmail.com designates 209.85.222.175 as permitted sender) smtp.mailfrom=boqun.feng@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1686674691;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:references:dkim-signature;
	bh=IdNyT3h/2Lj1GbQumw7eHKxO5LcFAdyfwGjCcOob+Zo=;
	b=aqMfUN/yKKv7Px5SrPTG4NyfgEAWecM7FWeKRMnJe+zYSKMFCCEyMbFUV1zUp+Ukvu0Prw
	CQexDhm24WQEiCoG7dpp/cqekc7xscCniUUXtoRJp0Dx2pWmbj21LphrVtJMqcUiChJudw
	AV98Aar746wR0cm0CtYfyfPMjdZ/Ao0=
Received: by mail-qk1-f175.google.com with SMTP id af79cd13be357-75d536afa43so72727685a.1
        for <linux-mm@kvack.org>; Tue, 13 Jun 2023 09:44:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1686674690; x=1689266690;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:feedback-id:from:to:cc:subject:date:message-id:reply-to;
        bh=IdNyT3h/2Lj1GbQumw7eHKxO5LcFAdyfwGjCcOob+Zo=;
        b=lTe2j27ro7nHxwhpMNVMaiaqsf4h8H9Q/qLOKjmvScJxCAHq1286pDm9kGwx1Wlvgn
         xmyViIgptANeoO7AQV2B5sp4LEOOF4lfarWLeXHPIxInTmN+6ryQEUFD/6tu8M1orOxu
         hZwdlAxBJpy7ljsHMKQIjzPhlgZ28MEq85t+VshZ4QjCeQtGHxzh5pMioiw0BU3UWGsD
         OYRGhDbbwU7lVsc09Kc+Vg/PLTwpOMB89vA2wUOpyC78UJ5ZIiMLe3ylNprTuYNjLeWH
         KWImR8JsSnnpr6bzg8QEmOXKdtsV6ua/C8h7fRVX8QtNUfmzk376Xr+D4TBpO3mhJJnZ
         LRmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1686674690; x=1689266690;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:feedback-id:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=IdNyT3h/2Lj1GbQumw7eHKxO5LcFAdyfwGjCcOob+Zo=;
        b=Xtm6e76JLuz+nTw/aOy6XPeDSiwzncqPSDQwg/wNUdtHJfgVUMGPOzQz0V67nNvWwd
         UsuwnNhpw8kDS0IzgG+1nph9+wN02vKe/dcFKxFwL2vcD14nSIx227vNtx+2emBvZn/G
         O9oajFyCj+1B8Leuz6UnqaXdHBD2d9AxgCDJgtqiYk2B/1y6A3gfxTKT8CnGXfpThtNG
         Zz+1aYYfdy0YzJUK8vtnfWqh0ONtJT0W6bUPdlo2N9/p9hU55WB8i9sziJFt93za95Ts
         7bMcZXdCvWAF8O03R8rrT7AfzbFmL4ZifiEbbcoS7+vFuyM5W3nn5rHUiNX8TRgWchXY
         vs7g==
X-Gm-Message-State: AC+VfDzJYZm8IV7krv34T+hm8cKr/6Yk4x4wdIjWGB+5aryYKj3Sm1WL
	4YxlToBlf5sqLE7/4ZQzbKo=
X-Google-Smtp-Source: ACHHUZ4xnn+16fUiAKlxfeCVeOhanJqobW3OzNkpPJDwLznYPOp0hNxDwK7UD1IIJuplfx+fgqczwA==
X-Received: by 2002:a37:511:0:b0:75e:b8ae:a4dd with SMTP id 17-20020a370511000000b0075eb8aea4ddmr14101150qkf.13.1686674690343;
        Tue, 13 Jun 2023 09:44:50 -0700 (PDT)
Received: from auth2-smtp.messagingengine.com (auth2-smtp.messagingengine.com. [66.111.4.228])
        by smtp.gmail.com with ESMTPSA id c16-20020a05620a135000b0075aff6f835bsm3746625qkl.19.2023.06.13.09.44.48
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 13 Jun 2023 09:44:49 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailauth.nyi.internal (Postfix) with ESMTP id 92A5D27C0054;
	Tue, 13 Jun 2023 12:44:48 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Tue, 13 Jun 2023 12:44:48 -0400
X-ME-Sender: <xms:_ZyIZCEMpKU3-0FQezo9hIr467C7165mPS6_leTnoG_hcXlBsQdw4A>
    <xme:_ZyIZDXsIP48kLEAol0ApxB2Ct_MvTYpIUc-IwlXBzEIp5nxs25-ya-_ezy6xkB1s
    XrMDpMwCJjNLAm63w>
X-ME-Received: <xmr:_ZyIZMKIeHYCuwQFSbzwClCCq57qpEjQEnWPm28vakOP_Vyw-c4eDwzAlcM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgedujedguddtudcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
    enucfjughrpefhvfevufffkffoggfgsedtkeertdertddtnecuhfhrohhmpeeuohhquhhn
    ucfhvghnghcuoegsohhquhhnrdhfvghnghesghhmrghilhdrtghomheqnecuggftrfgrth
    htvghrnhepfeekieejhfevhfffgfeftdektdevueelgffgjeefhfduheeljeeiieekvdef
    hfehnecuffhomhgrihhnpehruhhsthdqlhgrnhhgrdhorhhgnecuvehluhhsthgvrhfuih
    iivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepsghoqhhunhdomhgvshhmthhprghu
    thhhphgvrhhsohhnrghlihhthidqieelvdeghedtieegqddujeejkeehheehvddqsghoqh
    hunhdrfhgvnhhgpeepghhmrghilhdrtghomhesfhhigihmvgdrnhgrmhgv
X-ME-Proxy: <xmx:_ZyIZMHy609JHLuw-CGaHlviIaJq9EF5Za9rmGWUXMhgmdiQMbWVMQ>
    <xmx:_ZyIZIWGv2dL329uWW1nEu3yzcMIY7gSBZFr1cqWNfYEGSzNs25heA>
    <xmx:_ZyIZPNg6hhPotxbNG4wHr1CSBeNcSROi_GLpyj-5ID9SlkgJfZ_Yw>
    <xmx:AJ2IZC_t6OmZoq9xsmiOl8jjfC6rLsw97goNv-8JHfsiThOjA6soBA>
Feedback-ID: iad51458e:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 13 Jun 2023 12:44:45 -0400 (EDT)
From: Boqun Feng <boqun.feng@gmail.com>
To: rust-for-linux@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org
Cc: Miguel Ojeda <ojeda@kernel.org>,
	Alex Gaynor <alex.gaynor@gmail.com>,
	Wedson Almeida Filho <wedsonaf@gmail.com>,
	Boqun Feng <boqun.feng@gmail.com>,
	Gary Guo <gary@garyguo.net>,
	=?UTF-8?q?Bj=C3=B6rn=20Roy=20Baron?= <bjorn3_gh@protonmail.com>,
	Benno Lossin <benno.lossin@proton.me>,
	Martin Rodriguez Reboredo <yakoyoku@gmail.com>,
	Alice Ryhl <aliceryhl@google.com>,
	Dariusz Sosnowski <dsosnowski@dsosnowski.pl>,
	Geoffrey Thomas <geofft@ldpreload.com>,
	Fox Chen <foxhlchen@gmail.com>,
	John Baublitz <john.m.baublitz@gmail.com>,
	Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Vlastimil Babka <vbabka@suse.cz>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	Kees Cook <keescook@chromium.org>,
	Andreas Hindborg <nmi@metaspace.dk>,
	stable@vger.kernel.org
Subject: [PATCH] rust: allocator: Prevents mis-aligned allocation
Date: Tue, 13 Jun 2023 09:42:58 -0700
Message-Id: <20230613164258.3831917-1-boqun.feng@gmail.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: 6A6DFA001E
X-Stat-Signature: ajfq1yswtxu5sjyji9rw8cxq3gacamja
X-Rspam-User: 
X-HE-Tag: 1686674691-69887
X-HE-Meta: U2FsdGVkX1+sTPYQw6yywxKOKQfOPhMlvbNyjVyHuHbO33mF/oNBY/qQp7imDDfFgXYmO3vfKywBbTf0O5vN8eQmaIl/mth2d1iQUsbQmlubpP1wWjK42MX8RArFnyxlWDiJfNU+reEx8obnOzukg5/A/a9y25vu+HZT+JgMKSpNWkhgVFTWtErf7Hwxy1QfwMKrwUGCaNxaHjhVaFO88IUVPWLIlhoaj/9ob9L3oyW5e+fY2ReGt+oorWJ3BIYh6semmOT1nmCbUuog5paBDomC/a5CvSLr/gMTfkNTDUEeYeDKLue8t2ao3EeE91caoAUSpfMr0Iej169KrpKt/W0C1AOTzkRaSqQVTuEzKIVERxANqX84lrlTS0tCtNuHogG4HW4t/FG4gVIQf2wlRp0zjyQs8zQVYY406Jy7Wd82V1tFdINHf3JcOiOkFFV6mx48wpnGuMjw22shYyWmSJ2kdR/1/HwAIB4x1TF1aT1pbBLH4ocXfNArZnL9IMLVwQ7R6xaBmQwksrV/rdEaBk9/oDnOKNov4AxtzhF5baIF3r3Fb+a9azDXYH4qMho+/dqNPJ6dtWuH2CkSP2LS+/JMJssZ0WRhMLsf1uaJDUG3fwhH3DsdagyZmLjTeIRGvKe6wK97lrZ9SBnaosbhUAr+m9W4Aj1k5sz6YKSCeWHG3I+hJNwhZFvk4DLBpc4P2A8oKHNG3Pa5t7gJITCfMejGzOqA9uwlUE2L/+B7nWGlzEIEE3VUC4PTwrRWuZ6ZaELlZEXAeGwtSm5GeJAETRC24jr24MVQ8wkk+XmhN9sI/vgMiiXC4ybhogudMvAvYo4THydS81jGYBDhDtHHRZLmwJwzDsnu6TBf9ea47JkL6wGuhoM0Zre/QQ/jPStg261JkCSxvwa/oz3aAuN1Bg7GPmM2RByBQAt/DsCymLW8vIGFULqzDw4S+7/p2mrjXM98xnZJott8u8zrAYb
 u0MLt2NR
 hZf4SOGpQXG4UPUGGp+k+AmgTxkCMou/6BDOlyizL10dvvRm3ap3o9fB72NI3QRN5WPG0mBxATqLJPtSfMPqxpzoUhyhjqluFz/aJW4JudhyA3e06lBKAUycuAOMbzJgnFh7na1nHhZSUdCAhlLrJDu3a1TOSXOiwr7r7JlLsBduE9pzRokwBn+75Vuggz973LTGrQPixWwa050fPAFqslRk3OClPM/kzB9BpcoO4DkZcnAS9kdjfQ+3m1AtgBVD29cPJ0IIOCR2ohjQMx7avAYNJNdCGCMkMNRJvz4BDVrxnRIC9+80w2YtZ85oNz4hDaha0QWiX6wfifm7vou0M85Ffx/Fk5JrIQMlx1Y9lN+VrSRpNhJODyjNuLhFSQ+QMqJoE2ivAHKNrcdVRGO8VcUDMRy1hL/I/8bOE4F0WSRCoY3hSECUqihsTw2gRpzpJ6KLypP41y+YcPdebda3jIMqrGBJHYuMP7mrk9/VQ/iSrg0mEXOxUKS+Wxj5LiVOooseK24SUBGI1MH3WOZeDDCexIJE2sVmaBWNYlVlUYq177/xlZY4vVNeGsQI0j6/3H+v3skiim1LBfHpWGM6+IG5Aa/p03g6vxLQp6xIV4hbo9KFWa0srrylOlhDTq7xBRWUirxTlRaVJs+50CjgibTipyiATqlN673e7U9FzfhkqKxM=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Currently the KernelAllocator simply passes the size of the type Layout
to krealloc(), and in theory the alignment requirement from the type
Layout may be larger than the guarantee provided by SLAB, which means
the allocated object is mis-aligned.

Fixes this by adjusting the allocation size to the nearest power of two,
which SLAB always guarantees a size-aligned allocation. And because Rust
guarantees that original size must be a multiple of alignment and the
alignment must be a power of two, then the alignment requirement is
satisfied.

Suggested-by: Vlastimil Babka <vbabka@suse.cz>
Co-developed-by: Andreas Hindborg (Samsung) <nmi@metaspace.dk>
Signed-off-by: Andreas Hindborg (Samsung) <nmi@metaspace.dk>
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Cc: stable@vger.kernel.org # v6.1+
---
Some more explanation:

* Layout is a data structure describing a particular memory layout,
  conceptionally it has two fields: align and size.

  * align is guaranteed to be a power of two.
  * size can be smaller than align (only when the Layout is created via
    Layout::from_align_size())
  * After pad_to_align(), the size is guaranteed to be a multiple of
    align

For more information, please see: 

	https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html

 rust/bindings/bindings_helper.h |  1 +
 rust/kernel/allocator.rs        | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/rust/bindings/bindings_helper.h b/rust/bindings/bindings_helper.h
index 3e601ce2548d..6619ce95dd37 100644
--- a/rust/bindings/bindings_helper.h
+++ b/rust/bindings/bindings_helper.h
@@ -15,3 +15,4 @@
 /* `bindgen` gets confused at certain things. */
 const gfp_t BINDINGS_GFP_KERNEL = GFP_KERNEL;
 const gfp_t BINDINGS___GFP_ZERO = __GFP_ZERO;
+const size_t BINDINGS_ARCH_SLAB_MINALIGN = ARCH_SLAB_MINALIGN;
diff --git a/rust/kernel/allocator.rs b/rust/kernel/allocator.rs
index 397a3dd57a9b..66575cf87ce2 100644
--- a/rust/kernel/allocator.rs
+++ b/rust/kernel/allocator.rs
@@ -11,9 +11,24 @@
 
 unsafe impl GlobalAlloc for KernelAllocator {
     unsafe fn alloc(&self, layout: Layout) -> *mut u8 {
+        // Customized layouts from `Layout::from_size_align()` can have size < align, so pads first.
+        let layout = layout.pad_to_align();
+
+        let mut size = layout.size();
+
+        if layout.align() > bindings::BINDINGS_ARCH_SLAB_MINALIGN {
+            // The alignment requirement exceeds the slab guarantee, then tries to enlarges the size
+            // to use the "power-of-two" size/alignment guarantee (see comments in kmalloc() for
+            // more information).
+            //
+            // Note that `layout.size()` (after padding) is guaranteed to be muliples of
+            // `layout.align()`, so `next_power_of_two` gives enough alignment guarantee.
+            size = size.next_power_of_two();
+        }
+
         // `krealloc()` is used instead of `kmalloc()` because the latter is
         // an inline function and cannot be bound to as a result.
-        unsafe { bindings::krealloc(ptr::null(), layout.size(), bindings::GFP_KERNEL) as *mut u8 }
+        unsafe { bindings::krealloc(ptr::null(), size, bindings::GFP_KERNEL) as *mut u8 }
     }
 
     unsafe fn dealloc(&self, ptr: *mut u8, _layout: Layout) {
-- 
2.39.2