From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF51BC36010 for ; Fri, 11 Apr 2025 07:47:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BBB29280185; Fri, 11 Apr 2025 03:47:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B435128017D; Fri, 11 Apr 2025 03:47:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 995C9280185; Fri, 11 Apr 2025 03:47:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 7789B28017D for ; Fri, 11 Apr 2025 03:47:25 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 65EFE1220FC for ; Fri, 11 Apr 2025 07:47:25 +0000 (UTC) X-FDA: 83320982850.01.32E652F Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by imf21.hostedemail.com (Postfix) with ESMTP id 083261C0008 for ; Fri, 11 Apr 2025 07:47:22 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=3AzJ3xPt; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=Y3PEkJOF; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=3AzJ3xPt; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=Y3PEkJOF; spf=pass (imf21.hostedemail.com: domain of vbabka@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744357643; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=G6aNx8roFs3brDqtJz4qS5Ktvp9IrPY2jgp3xIHvb3U=; b=olo8sso+U0iXpAWGW6eh+KDwGJWDdKpQlkaH48WlgINMqAEV4hasxjr58dolrPAJk1ARqz kZKcp8LZW+V20GTdlITcUkx4xvaoS1vHDL14iG4UP9YtVXSRilktyYy1SbgNjEGQUrlj9V tkjjjUQdcunRLHyn62uX258olKoic3M= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744357643; a=rsa-sha256; cv=none; b=BzEvX7YkKoSHMpwslU3wTsEl90w+C6V90v4+VLlp4blZifPEBI+MzviQ3aYILurB993A32 h/nvNsj9ja2p9jA8hC3/hDQlZdzAswRM/6V+/cHM7RDICI5XP6dLzOEwUCzuHlyNgx82Lb tz7NpqZE38DIxTOaraQJdbRwIqEAbkc= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=3AzJ3xPt; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=Y3PEkJOF; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=3AzJ3xPt; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=Y3PEkJOF; spf=pass (imf21.hostedemail.com: domain of vbabka@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 3C0A821125; Fri, 11 Apr 2025 07:47:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1744357641; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=G6aNx8roFs3brDqtJz4qS5Ktvp9IrPY2jgp3xIHvb3U=; b=3AzJ3xPtXM9xl6A9NBybWV0Z+mdnzcsHM3ymLxCOl0O1rFgI1boQ3Vfk3y81515olX/b9Z GJBdnvEpB3+a3m0kDO3vuJdQE5DA2jzsbgtkvpVGdiDc4PlhNPKpsMAtYWbMeOov+guYmH f5rcCkufQ00ZcUrV+uQwWihxKDm1axY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1744357641; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=G6aNx8roFs3brDqtJz4qS5Ktvp9IrPY2jgp3xIHvb3U=; b=Y3PEkJOFMDbn2b/M6sYqxko+XqKRr4dhrdZkciCJqVDGy7i2TKbC4ulkk5BifBd82OpI+G WYDY7knV6nr0p2Dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1744357641; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=G6aNx8roFs3brDqtJz4qS5Ktvp9IrPY2jgp3xIHvb3U=; b=3AzJ3xPtXM9xl6A9NBybWV0Z+mdnzcsHM3ymLxCOl0O1rFgI1boQ3Vfk3y81515olX/b9Z GJBdnvEpB3+a3m0kDO3vuJdQE5DA2jzsbgtkvpVGdiDc4PlhNPKpsMAtYWbMeOov+guYmH f5rcCkufQ00ZcUrV+uQwWihxKDm1axY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1744357641; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=G6aNx8roFs3brDqtJz4qS5Ktvp9IrPY2jgp3xIHvb3U=; b=Y3PEkJOFMDbn2b/M6sYqxko+XqKRr4dhrdZkciCJqVDGy7i2TKbC4ulkk5BifBd82OpI+G WYDY7knV6nr0p2Dg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 013AB13886; Fri, 11 Apr 2025 07:47:20 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id Vax0OwjJ+GcJCAAAD6G6ig (envelope-from ); Fri, 11 Apr 2025 07:47:20 +0000 Message-ID: <472508e5-2b96-403b-9284-274c5bf587c9@suse.cz> Date: Fri, 11 Apr 2025 09:47:16 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] slab: Decouple slab_debug and no_hash_pointers Content-Language: en-US To: Kees Cook , Petr Mladek , Steven Rostedt Cc: Sergio Perez Gonzalez , Jonathan Corbet , Andy Shevchenko , Rasmus Villemoes , Sergey Senozhatsky , Andrew Morton , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Roman Gushchin , Harry Yoo , "Paul E. McKenney" , Randy Dunlap , Tamir Duberstein , Miguel Ojeda , Alice Ryhl , linux-doc@vger.kernel.org, linux-mm@kvack.org, Thomas Huth , "Borislav Petkov (AMD)" , Ard Biesheuvel , Greg Kroah-Hartman , Andreas Hindborg , Stephen Boyd , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org References: <20250410174428.work.488-kees@kernel.org> From: Vlastimil Babka In-Reply-To: <20250410174428.work.488-kees@kernel.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Action: no action X-Stat-Signature: x98cm1ykqndemg74e54zyorg83uq1cmf X-Rspam-User: X-Rspamd-Queue-Id: 083261C0008 X-Rspamd-Server: rspam08 X-HE-Tag: 1744357642-23562 X-HE-Meta: U2FsdGVkX1+L9AOsi3RfNaY0L+6wnN2RUtyTNP9VMLFURNtsaA+xqlz7p2O1IMtAFsNMJa8uqPSq6i1A8vjqkKz95gA2/hMwIp5iowGg2bUq52cC8Y5nSZejwa/0BetqSp7tqZvsC2H31ASYiIJYvqSYUSukdLTOjJQbs12WxQzoyRYzStYxjMcBx5Kq0R7el1hs/iTPfgkADEjz6/jE3evMH9UheHours5jKghA0IRRzuDeTsDIaxSSKA7chnLU68MqtP3WzYILeryPhx99CptnqRNCa7qZjAAR5GpmXiiFz10X9KSs8GwHpFXVk0kLFNFAQv6bmMNv8OM/3BkCmydyb5e5R9gBvvL+hZ1REgVvIL1ShKkqBXCdOweiKRrIpL35Gi73ONaLg/RddOTIPOUdGVtVywkInuEjYppewYg86I0nSLeuWrezIaFE3Rhd4FKL3p/mdoJZSqGTmU2aUWrb/Y3F1sKyxUjzPQQ+8GP5u7HrFrssKK9zQrD3GXRBkTqblTypZ0doqyvxY8n1w4uyQsBigKI5XwVxAx+seJBus9kdwf4EYR2LPejhABKfhvWrW7XysOZBgWO3OIo8qeaJulaflwe22O7lcEbqhQ/x9zZECu356iW11SBejF0Xvjz8BhAjGyt8syasHUAcIoaaJFjRK14ZDJHS9yLyliMEVjBioCeY7LovIt7kLtuktb+1OFZ8rSPA6gWSduMjSL3T68X8qCkVVk1EL3TcAqzVGKDFuwKFYxGuA6APJWsjAIrfvbm8DbDl2ZaHrVZvAHwdniSVeRS7ou7G+Ku7NmED1biWRGfAB/z3iZy9ERuE6NBQqPPjobE5RFE3qXltMnCAUjHzxEggogfLcbFWZ9WHGYY7ToAjWcoVMrSwDqoZcnfKrr2TnO2sCTufhw7cnCWAxsarkj3I9NQ8MkGbdbaWoHU7FJA6Fo91L301tdO3vQrE57S6twTAWZpF8ik ceq6TmWw bz725kuoJV4eHtbe3e/nzv6Tav/IrKe3IV1SOsoMxQd1Jw/yTSp6dQNE9hlTxWOrLRSmFM797Kpi91w/WidOeRA1vG/YfhjrwruGaW5hWM8f3b92+RDwx1Fo0J9GeViH65/jhjTjmArSmBJoSuCRm3SW11XXAv01ZkvnDiilRENDEVdLxw/9373QwyIN2CB/Ri5t4oKG+d5tfLeMv6NZX3p+EHM8k7JbYPZCuP+H1MCkBxEOkDRZ5EdGYOTq0oif6j9kjgp5WiU9yeqgBXoGTdf5TJPq3NqMAGVknK1Ll8NzNTzI+fAaDFl85jrVoP4aDWtWWV1SADFdRH8JMQTntgexozaIybS3w5S6yPVWD75FTQIVpm50nfZLKrqXMyJ0QE6nnhzYkfCj/0wIHy+zrBKImoQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 4/10/25 19:44, Kees Cook wrote: > Some system owners use slab_debug=FPZ (or similar) as a hardening option, > but do not want to be forced into having kernel addresses exposed due > to the implicit "no_hash_pointers" boot param setting.[1] > > Introduce the "hash_pointers" boot param, which defaults to "auto" > (the current behavior), but also includes "always" (forcing on hashing > even when "slab_debug=..." is defined), and "never". The existing > "no_hash_pointers" boot param becomes an alias for "hash_pointers=never". > > This makes it possible to boot with "slab_debug=FPZ hash_pointers=always". > > Link: https://github.com/KSPP/linux/issues/368 [1] > Fixes: 792702911f58 ("slub: force on no_hash_pointers when slub_debug is enabled") > Co-developed-by: Sergio Perez Gonzalez > Signed-off-by: Sergio Perez Gonzalez > Signed-off-by: Kees Cook I like how this makes things more generic. Perhaps there are more debug boot/config options that could tie into the hash_pointers=auto and are even more obvious than slab_debug in the sense that you would really only enable them in debugging/CI runs when you do not care about the info leaks but want as much useful debug info as possible (KASAN etc?). Given how this changes mostly printk code and is in fact only a small change to slab, I'll wait first if printk maintainers want to take this patch. In that case please add Acked-by: Vlastimil Babka Thanks!