From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4BC5C369CB for ; Thu, 24 Apr 2025 02:31:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 458C46B0006; Wed, 23 Apr 2025 22:31:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3E0E06B0007; Wed, 23 Apr 2025 22:31:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 281C46B0008; Wed, 23 Apr 2025 22:31:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 06AE76B0006 for ; Wed, 23 Apr 2025 22:31:30 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 10C9D161239 for ; Thu, 24 Apr 2025 02:31:30 +0000 (UTC) X-FDA: 83367361140.16.D5E9B35 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 6687220003 for ; Thu, 24 Apr 2025 02:31:28 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="hLRmod4/"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745461888; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=rSUol9nrNvu5tCyGHDT2gEqNJiq2frevCMPiHpUinb0=; b=3DWRo/A1nqllY5nFtrwrmDWcWc8SZHz8I2TqKbAuizTaCOaJGlZmIstE3NYtoSMn0nIU0S vKhEktwvC+SWCpllDqAhHVTUAcSTf9ksF/q+wwBp+AMZ0sQ2FiCx2hWLf17UwIcNj8LmKh 9W4KdH4YdlmHCu5Le4Dum0xVTLp9ddA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745461888; a=rsa-sha256; cv=none; b=jNu3LZ0Jt88e8D66DkzMGHxDZ7YFKfM2GcMFNs7HIX8+Pu3VxW/qIJDlRRPF5NbZBVW94u PXxsetYqInIo60MBfS0mfGds4Xj4hX/Bu+RACkmn9e+2hXz9FJwq2IGz0ooZoexesiS1Y8 4cVLmgkp8AbBRLllu9yCM1ocuoxH2dM= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="hLRmod4/"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3F8E45C4947; Thu, 24 Apr 2025 02:29:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 00861C4CEE2; Thu, 24 Apr 2025 02:31:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1745461887; bh=F+VOSj6UtH+TTn63+hB3/3gz1CdcNwfMxLUTwC58j6M=; h=From:To:Cc:Subject:Date:From; b=hLRmod4/B/lyG5ddQk94K6GXnHLJKlqg6eoYlj3APrrxZgsqybZYS9o3iu3AojMA3 plwO9KMPhcWfPsTJvC0j3mJypQT3yx6+AmxGAQySJAFjVxwZ0r4as25rcapo3DIJyM 18Yn1GuntFm3NQ1bKRVVg5Js4R0/Jy7jncvbPSzcKikJrqhvLM3PCEFNjsnUjugZ5e O5Oq+aL+gdX+zJ1LFq3zH/hKtOsT2WRp7qNI0G0UJRqlxGKJPjOjhrl1n2EyLN0GHd 9FfmlbKEmxvpeQeaegzBBmVJu/JlSCYuVD137UhqtDAysLJz/WdiX092iTG6HunY1p 8WWExvkUxmZ7Q== From: Kees Cook To: Andrew Morton Cc: Kees Cook , Erhard Furtner , Danilo Krummrich , Michal Hocko , Vlastimil Babka , Uladzislau Rezki , linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] mm: vmalloc: Support more granular vrealloc() sizing Date: Wed, 23 Apr 2025 19:31:23 -0700 Message-Id: <20250424023119.work.333-kees@kernel.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3853; i=kees@kernel.org; h=from:subject:message-id; bh=F+VOSj6UtH+TTn63+hB3/3gz1CdcNwfMxLUTwC58j6M=; b=owGbwMvMwCVmps19z/KJym7G02pJDBmci6rrZ6TV+31/f/hx9H2fCQ2bZef5B85bP0Py2Pl7S YJMW+9d6ShlYRDjYpAVU2QJsnOPc/F42x7uPlcRZg4rE8gQBi5OAZjI20uMDLu05Vf2Oa86Pj/v vLRNnIt3ea8Fi62FQlOQnc3zy8eUJjP8rxK65u5rLRfRYmAlGv2rZ/+tosZLj9tSdxWaFmkuKLJ kBQA= X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 6687220003 X-Rspam-User: X-Stat-Signature: tehpw457mk1wzinykyyzkcqg1mnkrt4f X-HE-Tag: 1745461888-696379 X-HE-Meta: U2FsdGVkX184gmC4GJ3wka5sSwWu6IttqeTLYc8kUfsjWVTdkWCuFmhWMVMXxejXMw70SNa1PAiivph4h4P8V3NTT4rbm6ESAZ985QEKZkP6YEDelrVRx0x3HoB8/ey6LwOb6I5L5P8+mRukXi0VJu9wFgvnjVX6yOKDeD6soFE3RAN3QstOx1H9q0PDUqJH25H2hepWyXxoqrZ4TxdN7mcIPfkEquDYfe0x/rVeVtopy8hnxjZ6D19ViqNE6ERXAmz68oNyQTXGk9GU0Ht2qE7YvZ/70QaMeN4aLvL3V5mOysTVWEldWZuP5QIaKWymjBfKNnz38g0iE9ievLSe1pAtPv88Mhec1wvAzXYSS1MBuSQ5TuMTemlNLS1hSgz8e/iMH9xXKu/ySnAExnxZeT5xpPLlwZ17DxRdMRjDCurgPMqqW9nkXbzpUBOKH0BF6mpCGb81dp4HiC3GBSb10wBvGJVLFIleC7XAP6AlLLuK31wC0HH2vPIIS5BEMu5x6T4XDA05FLokcNnJYo5cXVQhE5P/GJeoIjUZkUINrVcrm61NkmPHJfofMZuv+bvsiQMGXJ7ziMkClMl/2onzEr8ftqUvLRY0q1IJZnhXvJH039KauNbMQMlCSUsfD2ibu982adch45P0/JuuZODaSN0vr0r5+LAszWdW03KS3idLAkP664FPOJuFs1Igru7cXivXyFUNdpY5L09gLrn9vJujfoz/vwiy7nQckPN1CU/a3FGboVVmI6YYCBrxScXhEbhCTkqxQwXKzPSx7Z9wbRyh9D/bBINMAUfdlbB9ZeZlxs0fGwuBbtaZc+NQ4SWvvO0CW9ZQ2Cx456coqGDcnsFuFlSXO1E+Un03prHzz7tB3p4WOkEmMxCZz3UdmIcN5w1x9qKZD5IicBd5o0W+NqSY2rXUT7y/IzPxDyGFUgG4Rl2MeHTK3ahldbSvYXUT8TWe+jPhCIDxx+Fw/4T 5WK5ZKsv wutbeCNu8Q/mBypije/xlIkdSU7eQJd3QNJx8D1VAWbyRPPiouXGpZMFsevCYytzQLohfUr/5pcl3F4PxKs0+xN6R+XHbVvblNHgqyyr0kEe0nDKg5u6lZzbTKuJaj2Bi+bJZTCCXvXDginrlSbUMXG9/G5FyCNzj96cZs1yNgQwAZ+RMzDdZMGGgPdY1rHAIhKxoO50S19OE194YlRx9RO0xxYHAtV4DNCkHHvFBJJpr9eldQIUdGrfCNg1zIJPrmerJVifNDAYeuVGaNZgDt7ufIk9D3/JzJD5QiF33ojPTySLWQOY0od8E4QNxbR+65Ahw2uCItu2tbpJaT9jMBpS5U969OqV4fVq4xrbw11wYL9u+z4Q6NcyvA+/boYtG0SeNnMcNgcwdL/EOsv9WW5b2uDCtb6URbPYd+wavDSiis+ci0IAUobk4WBfCvIkfK4BpyknjIpxnvnVAMy1B3FVP+YCf4ShMGHDC9HpiuDyMXYdyF9VpKP7kSA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Introduce struct vm_struct::requested_size so that the requested (re)allocation size is retained separately from the allocated area size. This means that KASAN will correctly poison the correct spans of requested bytes. This also means we can support growing the usable portion of an allocation that can already be supported by the existing area's existing allocation. Reported-by: Erhard Furtner Closes: https://lore.kernel.org/all/20250408192503.6149a816@outsider.home/ Fixes: 3ddc2fefe6f3 ("mm: vmalloc: implement vrealloc()") Signed-off-by: Kees Cook --- Cc: Andrew Morton Cc: Danilo Krummrich Cc: Michal Hocko Cc: Vlastimil Babka Cc: Uladzislau Rezki Cc: --- include/linux/vmalloc.h | 1 + mm/vmalloc.c | 30 ++++++++++++++++++++++++------ 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h index 31e9ffd936e3..5ca8d4dd149d 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -61,6 +61,7 @@ struct vm_struct { unsigned int nr_pages; phys_addr_t phys_addr; const void *caller; + unsigned long requested_size; }; struct vmap_area { diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 3ed720a787ec..bd8cf50f06b3 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -1940,7 +1940,7 @@ static inline void setup_vmalloc_vm(struct vm_struct *vm, { vm->flags = flags; vm->addr = (void *)va->va_start; - vm->size = va_size(va); + vm->size = vm->requested_size = va_size(va); vm->caller = caller; va->vm = vm; } @@ -3133,6 +3133,7 @@ struct vm_struct *__get_vm_area_node(unsigned long size, area->flags = flags; area->caller = caller; + area->requested_size = requested_size; va = alloc_vmap_area(size, align, start, end, node, gfp_mask, 0, area); if (IS_ERR(va)) { @@ -4063,6 +4064,8 @@ EXPORT_SYMBOL(vzalloc_node_noprof); */ void *vrealloc_noprof(const void *p, size_t size, gfp_t flags) { + struct vm_struct *vm = NULL; + size_t alloced_size = 0; size_t old_size = 0; void *n; @@ -4072,15 +4075,17 @@ void *vrealloc_noprof(const void *p, size_t size, gfp_t flags) } if (p) { - struct vm_struct *vm; - vm = find_vm_area(p); if (unlikely(!vm)) { WARN(1, "Trying to vrealloc() nonexistent vm area (%p)\n", p); return NULL; } - old_size = get_vm_area_size(vm); + alloced_size = get_vm_area_size(vm); + old_size = vm->requested_size; + if (WARN(alloced_size < old_size, + "vrealloc() has mismatched area vs requested sizes (%p)\n", p)) + return NULL; } /* @@ -4088,14 +4093,27 @@ void *vrealloc_noprof(const void *p, size_t size, gfp_t flags) * would be a good heuristic for when to shrink the vm_area? */ if (size <= old_size) { - /* Zero out spare memory. */ - if (want_init_on_alloc(flags)) + /* Zero out "freed" memory. */ + if (want_init_on_free()) memset((void *)p + size, 0, old_size - size); + vm->requested_size = size; kasan_poison_vmalloc(p + size, old_size - size); kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL); return (void *)p; } + /* + * We already have the bytes available in the allocation; use them. + */ + if (size <= alloced_size) { + kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL); + /* Zero out "alloced" memory. */ + if (want_init_on_alloc(flags)) + memset((void *)p + old_size, 0, size - old_size); + vm->requested_size = size; + kasan_poison_vmalloc(p + size, alloced_size - size); + } + /* TODO: Grow the vm_area, i.e. allocate and map additional pages. */ n = __vmalloc_noprof(size, flags); if (!n) -- 2.34.1