From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8392C369AB for ; Tue, 15 Apr 2025 17:00:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EB92C28009B; Tue, 15 Apr 2025 13:00:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E3F5528008F; Tue, 15 Apr 2025 13:00:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CBAF328009B; Tue, 15 Apr 2025 13:00:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id A66D728008F for ; Tue, 15 Apr 2025 13:00:05 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 478E71CDD4F for ; Tue, 15 Apr 2025 17:00:06 +0000 (UTC) X-FDA: 83336890812.27.B9C0F19 Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf04.hostedemail.com (Postfix) with ESMTP id 7A0FA40013 for ; Tue, 15 Apr 2025 17:00:04 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=edUbzBjj; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744736404; a=rsa-sha256; cv=none; b=SRdy6KH4Sv1KBmk6yvkIzdfo+LK8MsqwARmM/tNjgx8gMI3BhdkutyyAniZV7xLlcI4y/U HloDrXtBJDne73htm79MsaGI62gY0Xnx2RY/lvhODu4N7lw968FaWKoK0TTK4y0M7aToDV Vqqur2pVHcGHQynVphi2/sjoI+/iLus= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=edUbzBjj; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of kees@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744736404; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SiGMGHmK+rbWC3waTcZM1GHVuyQHkw1dfMfn0n1kiXI=; b=llznBXyVOae+KNVnqT6kdFpnGsEFESBp4KgBwujRVh8aAqoFRPJwljrCSYBs3NRTISJjsD 1WstUQBbF7sIRtU1LCeXoMyNfFXy4YVf3ipQTpRxyJNUQ/e56WRwLdN4FdBo5zCCBnJWUk Ql6YJ0CYlOCB5RZKNfauEhHLUkoT3l0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id 4BA294A0DA; Tue, 15 Apr 2025 17:00:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 12E4BC4CEE9; Tue, 15 Apr 2025 17:00:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744736403; bh=K5ffwUoIPZMzOdb9wN+7SAH5h6bX8pLcajxWE/Iis2s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=edUbzBjjOmodaXj6JfbuCpTgUp2PWa37c1CGYhXKWoY0uDuA5eSN6qrmxKwUZOtZE iC/8CHBAPcHyDLW6By/H2BS/HBP1apDreRO0gpTS9DJM7ksbPOOHAN9GOoZIxl1NWl vloz5ui324K8NL3oA5ZCbY/daYek0pmLRc0k06EmM1LbbiJNFuW90CZJmqpAR70tuG PYKLbUaQIS9x9wLJpsuKmbFpTT8WTN9W7XCOdqZCaLKEZWuEF1GYUr3YTNxlbD1wGN /gCkpoDEHp/I1Edrp1av53pb84/+h59ZyzDgZD5tGBr5YcD2bo/3FzEVCOwIuoADYK pqtWr5YahT1UA== Date: Tue, 15 Apr 2025 10:00:00 -0700 From: Kees Cook To: Petr Mladek Cc: Vlastimil Babka , Sergio Perez Gonzalez , Jonathan Corbet , Steven Rostedt , Andy Shevchenko , Rasmus Villemoes , Sergey Senozhatsky , Andrew Morton , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Roman Gushchin , Harry Yoo , "Paul E. McKenney" , Randy Dunlap , Tamir Duberstein , Miguel Ojeda , Alice Ryhl , linux-doc@vger.kernel.org, linux-mm@kvack.org, Thomas Huth , "Borislav Petkov (AMD)" , Ard Biesheuvel , Greg Kroah-Hartman , Andreas Hindborg , Stephen Boyd , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] slab: Decouple slab_debug and no_hash_pointers Message-ID: <202504150956.9AFF9545@keescook> References: <20250410174428.work.488-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Queue-Id: 7A0FA40013 X-Rspamd-Server: rspam04 X-Stat-Signature: c5fuwfqcs3coqtzg6w4kr7yumssq6gmb X-HE-Tag: 1744736404-769458 X-HE-Meta: U2FsdGVkX18+Tl2m476uKlDlV0vVusnVoMmk7OEkp0wWnFYAxifR4DsJIiwTuh49sPWC7f83+oJKPKG4BL9668G0Zm+E729imzXZYSJN/1WfTIkwae9/xn08nvR8TLYGeIKZERI9Z/YYJ+sGfQ4kygJIcm4RGfvABrVWU1HpwDeAcjGM2IuhTMNGSym4dqxJS8oxk3q3lJFoZmjZiIi3u9XI4KMSs9XkW4cLq+e/MoT4uYVdSVBT42fJDbylld4kCHv9bg0kfUNbAk6LcGe5OiGfRv3cNWZwDTFt0wHwQj7oUalmBSrXOcc10qvkXeOiz4acGwjfIWnobcCwLvA+bNJw+y2NqYUYJ7rHhN6grcbMmADR0pFvB/kK+W4hJm/iyi5ccwye+1NVn2dG8t6WexrK23qKkeRnYc039UgXuvjJ+JlPKVfdCkn8wLTkqbvb9hyCw2odmcWeRBIj9OMIkP5ckjW/kNlwQd6ypj7n7fH9rrm6ern4xscgGH+3KZTSw2t47moSR+w3yLQA4WtEP4TR6YR/cbllVq8iOh6b2Fng2+avxok6dbsGWLV0mwBIfP2EClzut7mSbhQZkO7jbcOKAdCF7ihy5AzrWLCLFF7u4kb4z27bLufssx1IMm8HpTQ2ojccFYdqXEe1/dEHgGtNQyqwQ6cjZkD+YAfpShALhnqth/XgcwKdJMuON093yyKQastqgenULbh0PvY+mXKGYo2P87Qo72aOCycphZN/9GQHB5QlQaRtECNMc4Gx3ZarQqVetEi7FO6Qqk6R84Hvt33NjXmxOPbD+dFXskMQcvBaLHEr8x9sxqX2E028NuSnMvhrF94G6XxopkALVKuIAYXPA8lgBuysgAjdVCfOhgUkaqs/Of3m/qJ7v7YtxutAG1CdFDKmYWdhuduYzWbMvTg1UY47QsKLEn+SChYAqTIrhXdEzYLn7HLtL3Rrt+eR9uUAsaG29TDTbHX oohozmcv NUR4AtbAs6hTsm1XStaXjZbTS7SwfNp3TY8PgRWFm/YHCFx9xJ/LMmLVqUoeyknnZUK6gKTiLmGGpi12BoJSzCpKVwKhPr73tNHwGqUDNheGeFlQ8mY55jeZnP7AgnWSQL9RkWj5HpwSL206csq9YQ3vzA01wKuhhBvg1Zuxlowu/Kq2+NsAHdh5l1ke/pprCg++q3cxFNfIfvb0mIAhABFY5msuesKsO/7xQEkmURwtzFtolUHYefPPkYDvdh/4teyFn722rHQElSRujAAJQmVByHbEHPEaoddLs97Sh3G6t//0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Apr 14, 2025 at 02:31:42PM +0200, Petr Mladek wrote: > On Thu 2025-04-10 10:44:31, Kees Cook wrote: > > Some system owners use slab_debug=FPZ (or similar) as a hardening option, > > but do not want to be forced into having kernel addresses exposed due > > to the implicit "no_hash_pointers" boot param setting.[1] > > > > Introduce the "hash_pointers" boot param, which defaults to "auto" > > (the current behavior), but also includes "always" (forcing on hashing > > even when "slab_debug=..." is defined), and "never". The existing > > "no_hash_pointers" boot param becomes an alias for "hash_pointers=never". > > > > This makes it possible to boot with "slab_debug=FPZ hash_pointers=always". > > The idea makes sense. But it seems that the patch did not handle > the "always" mode correctly, see below. Actually, it was the "never" mode that was being ignored. Whoops! (The double negation language is a little odd.) I've fixed this for v2 with an explicit switch statement. > > -int __init no_hash_pointers_enable(char *str) > > +void __init hash_pointers_finalize(bool slub_debug) > > { > > - if (no_hash_pointers) > > - return 0; > > + if (hash_pointers_mode == HASH_PTR_AUTO && slub_debug) > > + no_hash_pointers = true; > > > > - no_hash_pointers = true; > > + if (!no_hash_pointers) > > + return; > > > > pr_warn("**********************************************************\n"); > > pr_warn("** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **\n"); > > > The mode/policy is generic but this function is ready to be called > only once. And we might actually want to call it twice, see below. I'd like to keep it a single call. I feel this simplifies the reporting logic, keeps the selection logic in one place, and allows us to trivially examine that it is safe to use with __init. Thanks for the review! -- Kees Cook