From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD8CCC369BA for ; Wed, 16 Apr 2025 17:52:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 911ED280130; Wed, 16 Apr 2025 13:52:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8C0D528012D; Wed, 16 Apr 2025 13:52:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 78991280130; Wed, 16 Apr 2025 13:52:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 5ADF428012D for ; Wed, 16 Apr 2025 13:52:14 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 55A751CC3C1 for ; Wed, 16 Apr 2025 17:52:15 +0000 (UTC) X-FDA: 83340651030.13.791ED0C Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254]) by imf05.hostedemail.com (Postfix) with ESMTP id D756E10000C for ; Wed, 16 Apr 2025 17:52:13 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=bRYvgBTH; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744825934; a=rsa-sha256; cv=none; b=TSmqtt/QtDtz4ElykysVgcndbicMT2R2MLstw9iU6dGnJJYK5eZAz7TbmqrqKVlNakp+lR 1NmGkvfYAMqrQno64Wt8PXCrKwMdtZ0IrQsTDFVJnFQNfan/VFv6gPRKFz6OhhNTHyaW57 TH17TOWXkSI3OfNksbfvmB7Yt0yX1Ho= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=bRYvgBTH; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744825933; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FWmntZGViYHrgj0YMpod4nxkLiTatcLrVQCvMCamFik=; b=r6LPgn3PeOnru0SDMkB+bnpbnbBZAnXsYvSc2EeM17BZROl1agwV4AqwSF44sHl7jr2GMe JIGV9Da2F7ne+zzy3U2GksPB1o+jtMk5qAyti0/DL4SagUdu5T5y80K1BDa2LHaORNsosh CDfS0Vve27WCYRd60A1BvlS727fjz+w= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id DB9686156A; Wed, 16 Apr 2025 17:51:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 768B8C4CEE2; Wed, 16 Apr 2025 17:52:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744825932; bh=MGg7zlY8w1c4ygae3wQmVztn9Aa9+X7cqIum9lXVmSk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=bRYvgBTHPEyRc9yOHaQf4+d3mlyza5BchLoQ8UCuMfTwuI4nBe49tu4eOGOLMokZu dnOv938m1QVM2RnTc74JIR5fmJn2r4uVtnqGJgBtVhizCaf+buQaxaSakDKDFlXKLu Ib8HEx/wA8nS1mSs7VWbsrlx36rNG/YJ4RJoJg/ep5lLVgvMRoxlCeo19gSTZjASS+ ddCuPrBo2TD8Nyu+j12gGkILvQU4hKvRfp6jvbDYNNtq0I7iB7zY/hTujOzrr6Lc9V nqhoSAxh0TZo6ae8WfyhUzo6DCBglvi0A7ASJ2iT78PXFiFRXxHmyccoZvSVusPp1b qU58RTAJW0sMw== Date: Wed, 16 Apr 2025 10:52:09 -0700 From: Kees Cook To: Petr Mladek Cc: Sergio Perez Gonzalez , Vlastimil Babka , David Rientjes , Bagas Sanjaya , Jonathan Corbet , Steven Rostedt , Andy Shevchenko , Rasmus Villemoes , Sergey Senozhatsky , Andrew Morton , Christoph Lameter , Pekka Enberg , Joonsoo Kim , Roman Gushchin , Harry Yoo , "Paul E. McKenney" , Randy Dunlap , Tamir Duberstein , Miguel Ojeda , Alice Ryhl , linux-doc@vger.kernel.org, linux-mm@kvack.org, Thomas Huth , "Borislav Petkov (AMD)" , Ard Biesheuvel , Greg Kroah-Hartman , Andreas Hindborg , Stephen Boyd , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH v2] slab: Decouple slab_debug and no_hash_pointers Message-ID: <202504161048.B7A4CAFB@keescook> References: <20250415170232.it.467-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: D756E10000C X-Stat-Signature: j5sbmiyctzwt55ipjb9eq1ztxbic19fb X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1744825933-893036 X-HE-Meta: U2FsdGVkX189HiIZ/WJgqaK0zRG7+iVmcugu3QNFOKu7SOd+Z8Jz1vE0OldWEw9GKwdNz/kdQtbJGKEL0LgkDafubYdcMvrTOjKIleOIYpumobHesjoj81ROs4Jp7p/ib0a99klB/zaGRSnhUBjfH/MZ8asrVFXNI8uzXE8kGcMQpMexVboVopYENwJlBkSz1hmt+byF80ay+7XFy+Ph7Xf5o4MnuLyDMN+TTe3piD6EkmnSkCl5bQbdEfuPoqtkL15vs3dmtFobU79tUswypzvgHKrzvKGmQNtL6v58UKDpM59/eQMbkfwWgsNP5IH5Ahk4S0St/xm2kOjr2EVenvr0tnzSk94anuuSJ4dxuJLQ1KneQiVtSRYr+QqiwT0+QUochx4xploLgyaF343/Rs4xp9OBytIvHtEPDPzbmaC3xQhfgAL58k7X1S4d8jVftYpLIc9Z6iAW0ZfqXehzfxDzdlFyr8c6wUFNdGtjtZWVUNdCTzkssI8Q4lhiUgc5FkRhl7DsUwiqjY9EquhxS7/GdgzL4GLgVRgxITe77TPdpl4ivEnMkT0ShftHC8MOC81heonc89QM0VR+NTqXjMidxrTuYgst8Ade3TOwtTHoTE+yIz0SFr9qZAnkURzcUfwPEqWaeZaUnqxJAY1IP64v+VqYaWuHDGiA2yfXHkTVwuSFmHTPUHVZ4FFzZUo14E7POzRh6+w9BssZwoiFmVXo6mL2RBnjb2i94A+GqGLhlEAhbyC+WL8bThvCOH6zjeAhyZOb6Xf7gGeY42Y4IhSk3MRcOa0Hv7fV6ZObMkkwFKlBamaDcTTWRACzaNbzauKOT46o1MJr4x/4Ku9dsd1XETELHrmGLS614S64lkPsO33N9lRVK4gXAtE3ANg3jAWY7r5e44AsbKjgTsFVZ99xPq3jvgMrK1mFTthbbRssFufeUZKbN30ETxjqnqDW2gJBAjS4c8xGI/uywI5 VNkJoQee H/6kE X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Apr 16, 2025 at 02:06:21PM +0200, Petr Mladek wrote: > On Tue 2025-04-15 10:02:33, Kees Cook wrote: > > Some system owners use slab_debug=FPZ (or similar) as a hardening option, > > but do not want to be forced into having kernel addresses exposed due > > to the implicit "no_hash_pointers" boot param setting.[1] > > > > Introduce the "hash_pointers" boot param, which defaults to "auto" > > (the current behavior), but also includes "always" (forcing on hashing > > even when "slab_debug=..." is defined), and "never". The existing > > "no_hash_pointers" boot param becomes an alias for "hash_pointers=never". > > > > This makes it possible to boot with "slab_debug=FPZ hash_pointers=always". > > > > Link: https://github.com/KSPP/linux/issues/368 [1] > > Fixes: 792702911f58 ("slub: force on no_hash_pointers when slub_debug is enabled") > > Co-developed-by: Sergio Perez Gonzalez > > Signed-off-by: Sergio Perez Gonzalez > > Acked-by: Vlastimil Babka > > Acked-by: David Rientjes > > Reviewed-by: Bagas Sanjaya > > Signed-off-by: Kees Cook > > Tested-by: Petr Mladek > Reviewed-by: Petr Mladek > > I am going to wait few more days for a potential feedback. > I'll queue it for 6.16 unless anyone complains. Thanks very much! > See a rant below ;-) > [...] > I personally do not like that these two parameters do not have the > real effect until hash_pointers_finalize() is called at some > "random" "unrelated" location, namely kmem_cache_init(). > But I could live with it. Yeah, this is mainly due to slab_debug wanting to be able to control it. I'd prefer they weren't linked at all, but it's also not too unreasonable. > But the alternative solution proposed at > https://lore.kernel.org/r/Z_0AFjai6Bvg-YLD@pathway.suse.cz > was hairy another way. > > We could always improve it when it causes troubles. Right. My thinking is that if another subsystem comes along with the same compelling complaint as kmem, we can look at it again then. IMO, really only an allocator should be in charge of such a large knob -- its whole job is managing pointers. :) -Kees -- Kees Cook