From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2F97CC369C2
	for <linux-mm@archiver.kernel.org>; Sat, 26 Apr 2025 00:11:26 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 1BCB26B0005; Fri, 25 Apr 2025 20:11:25 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 16E436B0007; Fri, 25 Apr 2025 20:11:25 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 033596B0008; Fri, 25 Apr 2025 20:11:24 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id D76DB6B0005
	for <linux-mm@kvack.org>; Fri, 25 Apr 2025 20:11:24 -0400 (EDT)
Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id E21BC120D8A
	for <linux-mm@kvack.org>; Sat, 26 Apr 2025 00:11:24 +0000 (UTC)
X-FDA: 83374265688.17.A9DC152
Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254])
	by imf30.hostedemail.com (Postfix) with ESMTP id 8439F80008
	for <linux-mm@kvack.org>; Sat, 26 Apr 2025 00:11:23 +0000 (UTC)
Authentication-Results: imf30.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=WgIq0piQ;
	dmarc=pass (policy=quarantine) header.from=kernel.org;
	spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745626283; a=rsa-sha256;
	cv=none;
	b=lRLs56JDWQj+2aINRDnDwygcGSwq9W9IEiUbOecLD+EtiM9/w5MM8b33sKo0ncGTwTsdVF
	ee5B26mPk/QZh3zKMa2jVrSOWVjxDO7X7DHv7MM14Vi6ivaQE0eFuXT5guOtEV+AQaMofk
	S6DxA2ruGcweIL2XU5Su/NuApJlyEds=
ARC-Authentication-Results: i=1;
	imf30.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=WgIq0piQ;
	dmarc=pass (policy=quarantine) header.from=kernel.org;
	spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1745626283;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:references:dkim-signature;
	bh=u0KhO8L9EZC37vEjFhJ87Byv8Otp4YKSErcSADbSyaM=;
	b=x4qBbYM8b9AxFa9ymhxRUSnerGMv6Ww4IPb1WnPXXEYW+r9tKAH5dV/rKJo+2i4B5KpDWj
	JZ4iHKTphrniXU5As5q8oMUspyilAwzMzmsOfBnX4Vi31PMej7MDkTUCUDlPx39RXinRpu
	knsn3v4fbYfiqTUsqXF1gycZtAzMJnQ=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by tor.source.kernel.org (Postfix) with ESMTP id 4A69A61136;
	Sat, 26 Apr 2025 00:11:00 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7E672C4CEE4;
	Sat, 26 Apr 2025 00:11:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1745626282;
	bh=DFNipnoqmsR5fihOyPm8o+8H9EYU2K0QxreJWh7S2IU=;
	h=From:To:Cc:Subject:Date:From;
	b=WgIq0piQPB32xXyAho4BKC8PU4ny3GmB6xplNbn6HMbs1bPzGdu99PZdxqK0EKahj
	 enZSTa/WInTc6O5uARi/BCiVMry2bA6vYt2ZZwBYmjLXkqQuF/ycwKsVnPKehLAINO
	 IfkwPHGpzlDXBDHkPTY/zWY7T2SPZGxiftPYrxuQpE5vNa/m6PDAZdq1Ahz74Edjgj
	 4VsvkHUW+svDuOYqup//vYx6FhLkt3sfbxNRP375+hkxVvfIZTirxVz17vmmVzyQTx
	 mEKOkEIOzZsUNh8sOzf3ZsLfkFXLEWcikRQoWyeBeqGTXtmtZWGYrRobI87WeeA8w+
	 Rg3hAmQTpj/HA==
From: Kees Cook <kees@kernel.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <kees@kernel.org>,
	Erhard Furtner <erhard_f@mailbox.org>,
	Danilo Krummrich <dakr@kernel.org>,
	Michal Hocko <mhocko@suse.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	Uladzislau Rezki <urezki@gmail.com>,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: [PATCH v2] mm: vmalloc: Support more granular vrealloc() sizing
Date: Fri, 25 Apr 2025 17:11:07 -0700
Message-Id: <20250426001105.it.679-kees@kernel.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3832; i=kees@kernel.org; h=from:subject:message-id; bh=DFNipnoqmsR5fihOyPm8o+8H9EYU2K0QxreJWh7S2IU=; b=owGbwMvMwCVmps19z/KJym7G02pJDBk8KrMa8utO1i8SvnOyNfzJwpStsSc+S6xfEHJq4puwp awzvl/m6ChlYRDjYpAVU2QJsnOPc/F42x7uPlcRZg4rE8gQBi5OAZjIx8WMDO1H2qZ43jOfe+fV ahXXxJQTxdtvXN8j8bCzZVHbx/+5K/8zMjw4eTmkufjmp4aFrLfa3n1U/+T2dbFQ8b6vbgdd1m1 pWccBAA==
X-Developer-Key: i=kees@kernel.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam11
X-Rspamd-Queue-Id: 8439F80008
X-Stat-Signature: rmugj89a4qpi5yxrb3ygtayu7afga7sp
X-Rspam-User: 
X-HE-Tag: 1745626283-662455
X-HE-Meta: U2FsdGVkX183A/bXE02PepMZ5d+iIgKR0Z+Cws93jjrDC/Xv29t0oEjzMxKc7eAgz7+xe4ib0LPxhIIl085eGVvAz/3o4+4+EQvyqcwjGm0kR4AO6n/VnSgrRFT8agr/bQqzUSDABu5XE/Ywn28Twp6UnoC5PxeLNjLj7bCE2W3U+lWys8SAp92g2By1yIqUGOY0jOHF2JzROrVh64JAFdYYBUvhzNvhgchvhf6kP5s1TvYlsMzNFIe0b1zWjhucnjzEW9icj0yztHQoBCL/Kkf3RrNK26oMMpTc1a2qD9bDEF+G5BK62o8hhNtB+Sz2cLP+iodkclY5/mZB4v09uHb0wPrDAGdmoQEpIMnXxU8FOs7FKA16QngXj1Lw9K/WE9mDBTQAt/x12fYppT0pcGe0oY+8/iNyfyzhiHUAPkUtVAN9sjg4t6E73rt5HQT9dDt29JQQiQW7L70RNv7W52/Xca5uayR5+BAx7YhfLxpmsFo5KpcsKtuUdov2PwooZj6K20IZsWOlTt9tnFAC0FGoJhE6TB9sbgsIoUFCo6vggqBeHl7CdpKTf4SZuVpAE01CqzLpFNjnCtSKjoMhL3hn6bIvOZ9zWNV9uTTNTzLgwdnE2mOiUt2Cb0akLHRMOm9LGY/SD7QRiSJk1mlwTH1qEpK6/sXqpACoqSy9KEsq6larK2k7Cu6/d5BSVTaYlsIdhPzmX3u3wBQ58b5Dg7F6BT3rbN/dcNqayQzkoZSmIsk0KSGcef+iMBw2LIZkoQ7/o9DNNxwvpuFwrB30ChZ7fcn7HGTLURVNb0/NcTYZIx7L/lzTfEPFkBoPHTY0uNujawK2T+uztRmO1DSCtjUxfpQZ7RFB15NJnI/FPKVsCR4rzTNkEZLfgthQgMAEDIHsUog7KJVRQY7OnTSTiW5vMQpsoc934OhAzIEUyGKv0yGObSFWJg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Introduce struct vm_struct::requested_size so that the requested
(re)allocation size is retained separately from the allocated area
size. This means that KASAN will correctly poison the correct spans
of requested bytes. This also means we can support growing the usable
portion of an allocation that can already be supported by the existing
area's existing allocation.

Reported-by: Erhard Furtner <erhard_f@mailbox.org>
Closes: https://lore.kernel.org/all/20250408192503.6149a816@outsider.home/
Fixes: 3ddc2fefe6f3 ("mm: vmalloc: implement vrealloc()")
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Danilo Krummrich <dakr@kernel.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Uladzislau Rezki <urezki@gmail.com>
Cc: <linux-mm@kvack.org>
---
 include/linux/vmalloc.h |  1 +
 mm/vmalloc.c            | 31 ++++++++++++++++++++++++-------
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
index 31e9ffd936e3..5ca8d4dd149d 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -61,6 +61,7 @@ struct vm_struct {
 	unsigned int		nr_pages;
 	phys_addr_t		phys_addr;
 	const void		*caller;
+	unsigned long		requested_size;
 };
 
 struct vmap_area {
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 3ed720a787ec..2d7511654831 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -1940,7 +1940,7 @@ static inline void setup_vmalloc_vm(struct vm_struct *vm,
 {
 	vm->flags = flags;
 	vm->addr = (void *)va->va_start;
-	vm->size = va_size(va);
+	vm->size = vm->requested_size = va_size(va);
 	vm->caller = caller;
 	va->vm = vm;
 }
@@ -3133,6 +3133,7 @@ struct vm_struct *__get_vm_area_node(unsigned long size,
 
 	area->flags = flags;
 	area->caller = caller;
+	area->requested_size = requested_size;
 
 	va = alloc_vmap_area(size, align, start, end, node, gfp_mask, 0, area);
 	if (IS_ERR(va)) {
@@ -4063,6 +4064,8 @@ EXPORT_SYMBOL(vzalloc_node_noprof);
  */
 void *vrealloc_noprof(const void *p, size_t size, gfp_t flags)
 {
+	struct vm_struct *vm = NULL;
+	size_t alloced_size = 0;
 	size_t old_size = 0;
 	void *n;
 
@@ -4072,15 +4075,17 @@ void *vrealloc_noprof(const void *p, size_t size, gfp_t flags)
 	}
 
 	if (p) {
-		struct vm_struct *vm;
-
 		vm = find_vm_area(p);
 		if (unlikely(!vm)) {
 			WARN(1, "Trying to vrealloc() nonexistent vm area (%p)\n", p);
 			return NULL;
 		}
 
-		old_size = get_vm_area_size(vm);
+		alloced_size = get_vm_area_size(vm);
+		old_size = vm->requested_size;
+		if (WARN(alloced_size < old_size,
+			 "vrealloc() has mismatched area vs requested sizes (%p)\n", p))
+			return NULL;
 	}
 
 	/*
@@ -4088,14 +4093,26 @@ void *vrealloc_noprof(const void *p, size_t size, gfp_t flags)
 	 * would be a good heuristic for when to shrink the vm_area?
 	 */
 	if (size <= old_size) {
-		/* Zero out spare memory. */
-		if (want_init_on_alloc(flags))
+		/* Zero out "freed" memory. */
+		if (want_init_on_free())
 			memset((void *)p + size, 0, old_size - size);
+		vm->requested_size = size;
 		kasan_poison_vmalloc(p + size, old_size - size);
-		kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL);
 		return (void *)p;
 	}
 
+	/*
+	 * We already have the bytes available in the allocation; use them.
+	 */
+	if (size <= alloced_size) {
+		kasan_unpoison_vmalloc(p + old_size, size - old_size,
+				       KASAN_VMALLOC_PROT_NORMAL);
+		/* Zero out "alloced" memory. */
+		if (want_init_on_alloc(flags))
+			memset((void *)p + old_size, 0, size - old_size);
+		vm->requested_size = size;
+	}
+
 	/* TODO: Grow the vm_area, i.e. allocate and map additional pages. */
 	n = __vmalloc_noprof(size, flags);
 	if (!n)
-- 
2.34.1