From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11389C27C4F for ; Mon, 10 Jun 2024 21:37:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 732536B0096; Mon, 10 Jun 2024 17:37:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6E26A6B0099; Mon, 10 Jun 2024 17:37:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5AA546B009A; Mon, 10 Jun 2024 17:37:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 3CECF6B0096 for ; Mon, 10 Jun 2024 17:37:33 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A2E8EC04E9 for ; Mon, 10 Jun 2024 21:37:32 +0000 (UTC) X-FDA: 82216290744.19.4180037 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf17.hostedemail.com (Postfix) with ESMTP id 56F054000E for ; Mon, 10 Jun 2024 21:37:29 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CNleXRnc; spf=pass (imf17.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1718055451; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Q9NjYOK9C/4TJUaflVMXNQO+6vSkArR4NpLkrNnH2UM=; b=htzKcTg9ZfC5KHR1X4LzSx81jJ7KG8zKi1qqKC7YW+AjajjlcE0QIeh1u/Mwe3jNN+NAOs A2jIEyXTB9sBh5YPLKn2Xijrx/lR/1/HZMryVOM7mXZfMmDTCTWCivxh7F5mkxzJ/COWjy zoIGnauZKXnqevRzuJDHJGa+W7KBIfA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718055451; a=rsa-sha256; cv=none; b=ms9bVvCiyZ89g+W9de85T4uEwgtuN0Qn2By+tallAhXvUUKJARvzznO6Xz4IRzi+xZuCJX hzGHngKzedE+OS+ooRU17V2m/apwkfKqHzI5KdK/rBBVdQB9qthiroPfVcCfl2CRz2obkQ uSldDgP3oLlXieeuTBgirrrFKpfxZWg= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CNleXRnc; spf=pass (imf17.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 17411CE175F; Mon, 10 Jun 2024 21:37:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 625A5C2BBFC; Mon, 10 Jun 2024 21:37:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1718055446; bh=mGFu6cSxcGL7BAm7VjvH2ETdU/guKysdduxH3UuB8uE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=CNleXRncGXQ9/iFza5UxOCk38K5FYIdK2YFgojVYExC8X6QPuAmxb4ZgVf6RjyvnW +zMsjl+Xg/vNaNbTT0L2rrNjK4Hg0KV3lL01wIZJNsnguJCbvZRGnkPHHbssdWb1ng 7C7M0jTh6mrbXt+rMmit/gOOOcdkX5oDUgJKJtjgy+ph+hLNLgOBl2zR0DsN0Itvw3 u9PwKVYsnp1lyH968nXrQLJ4nshr/bp6qZOp4TfjQw07JzsuWSvpsZohBbV+HQnl7r 0ZkP5wK/SLdd1DQd6ZxMUhYBcxF/gqqEpgcdj16CDrA+4ZUlAa0qVgIbEpUJtSAl67 ugvinssUledtw== Date: Mon, 10 Jun 2024 14:37:25 -0700 From: Kees Cook To: Vlastimil Babka Cc: "Christoph Lameter (Ampere)" , Chengming Zhou , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Feng Tang , linux-mm@kvack.org, linux-kernel@vger.kernel.org, zhouchengming@bytedance.com Subject: Re: [PATCH v3 1/3] slab: make check_object() more consistent Message-ID: <202406101435.DFBCA953B@keescook> References: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> <20240607-b4-slab-debug-v3-1-bb2a326c4ceb@linux.dev> <63da08b7-7aa3-3fad-55e6-9fc3928a49de@gentwo.org> <8b844d71-01f1-472b-a63a-4c9cdb26e9ef@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8b844d71-01f1-472b-a63a-4c9cdb26e9ef@suse.cz> X-Rspamd-Server: rspam03 X-Stat-Signature: ih4nu7x3osstnfn5a38qae7shj9gc5x9 X-Rspamd-Queue-Id: 56F054000E X-Rspam-User: X-HE-Tag: 1718055449-583939 X-HE-Meta: U2FsdGVkX19NMN/6VmmUMkmIecFkubnWCH9aLSOWVba1tREU3agFLkIWjEl9rlrU5Q73syHNL7o/usrFy48X/YmCtns5lqbVjMVKzuJE6BEdQ0KdUFl3P4jy7YIKfwS6KEhFFYtxJjNHRwm8v08bdm8CyqI7E3ROfi4c9eCdV+hc7atmP2Jy8dQYKlCJ36S7hF24t/akplitWeynUeGceG4cuF6mXxS5c4KJTaCHiNIVyVdrPzSgcl3k5zD8PMgQhot79nWRpcFZMFdNBtSjqoY0C4rbmNKHmLs+p/fCxEphovkRC4g2ibIRGCX8qJAvw5Wf1/rAoGjm1U9U8zviigzvFtHO6Jn8KfRzpSf+yQ8TrHr1d/Y3zI/uR2lZmk31ohz/trQdeW4LGRKoVJxjwxQyjHTezdZ3SK6TJznK8Tz5uBzfTFYIAd34o4MQAw+nywBsYtFFDb1Kf3OpDgZqXuA+LYz1M0kpuK+aCYP9ow6rNWuSuJLUgDe2DwjfbsNB1wiYo3OGgQ8owsWzgoBDmOKfFLeA6TFSCUc43IEfz09jY0U2WwZ1Bj7OjJEPaoJLvWNG328iL7+OPJud2GY42i6nQjpvGDhxM3Q/IKjfDRTM09vJ+6pDAw8qFsqNYBqQD8e1H66cRroaZYRdhxYLiRmm+/PxjLZHIB8q48VwJ5MQU5HTKGbPJmWdeOgFaxspmhgUQUsxrKEAGxnRAjAhbJQwCZaitqdZACEXf1w6vc8F0NzCh4Y6yWDi+wrNvYrEnzJK+Z1kDGymH3U7e789MaOPMpCv7itNasX9GuRM0OZlNSc9AYCNiGy5XDkHuJfTIU7V9kYg/OZi6jOYpIqvhIsET0IVDnicSZomhgfFHtl7SgSM2b41IgLBXFMI8wJNMZ+j1RrlXGjoNy0ndoLN7fUdu08HK52WkjH3yLxEV7Q1nGxUk6Neq4mP3uFyFI9zSDOJH4rihYR8XYj0MUr isiqdAjp HGbLYU/DZ6Kqg97grSRPC2GqIL1cw9rf51WUFQp8b2ckN2dTYd9+FJTKrspBucGnLYgy8T6u5EsJyxqhE16Pz3JuqORZSN3CZHRfWI5pn3tVgz83KRkoCGe191qhCMaXWS8A2ndc45i0mA1gQkMwhZmDB3phkXKRhpw2hynopEtuokrLvWmuhvEybXjREpwXM79urpL9NIV+aJMoz7DwfvmhDje2A2OOMSB90K0XXRgRDkFQsiJd0fmHDylPhph56Mu1oqUCmz7KQCBpxx8rXmrycIynBT7rDEGB68e7yckC+YeYuLtCdYWy1zQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jun 10, 2024 at 10:54:26PM +0200, Vlastimil Babka wrote: > On 6/10/24 7:07 PM, Christoph Lameter (Ampere) wrote: > > On Fri, 7 Jun 2024, Chengming Zhou wrote: > > > >> There are two inconsistencies in check_object(), which are alignment > >> padding checking and object padding checking. We only print the error > >> messages but don't return 0 to tell callers that something is wrong > >> and needs to be handled. Please see alloc_debug_processing() and > >> free_debug_processing() for details. > > > > If the error is in the padding and the redzones are ok then its likely > > that the objects are ok. So we can actually continue with this slab page > > instead of isolating it. > > > > We isolate it in the case that the redzones have been violated because > > that suggests someone overwrote the end of the object f.e. In that case > > objects may be corrupted. Its best to isolate the slab and hope for the > > best. > > > > If it was just the padding then the assumption is that this may be a > > scribble. So clean it up and continue. "a scribble"? :P If padding got touched, something has the wrong size for an object write. It should be treated just like the redzones. We want maximal coverage if this checking is enabled. > Hm is it really worth such nuance? We enabled debugging and actually hit a > bug. I think it's best to keep things as much as they were and not try to > allow further changes. This e.g. allows more detailed analysis if somebody > later notices the bug report and decides to get a kdump crash dump (or use > drgn on live system). Maybe we should even stop doing the restore_bytes() > stuff, and prevent any further frees in the slab page to happen if possible > without affecting fast paths (now we mark everything as used but don't > prevent further frees of objects that were actually allocated before). > > Even if some security people enable parts of slub debugging for security > people it is my impression they would rather panic/reboot or have memory > leaked than trying to salvage the slab page? (CC Kees) Yeah, if we're doing these checks, we should do the checks fully. Padding is just extra redzone. :) -- Kees Cook