From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF005C48BEB for ; Wed, 21 Feb 2024 23:29:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2953A6B0072; Wed, 21 Feb 2024 18:29:32 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 21D8B6B0074; Wed, 21 Feb 2024 18:29:32 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0E5FF6B0075; Wed, 21 Feb 2024 18:29:32 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id F1B556B0072 for ; Wed, 21 Feb 2024 18:29:31 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 6AA36C0517 for ; Wed, 21 Feb 2024 23:29:31 +0000 (UTC) X-FDA: 81817404942.04.56EBCF5 Received: from out-185.mta0.migadu.com (out-185.mta0.migadu.com [91.218.175.185]) by imf08.hostedemail.com (Postfix) with ESMTP id 8F4A016000F for ; Wed, 21 Feb 2024 23:29:29 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Lq+ly2y7; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf08.hostedemail.com: domain of kent.overstreet@linux.dev designates 91.218.175.185 as permitted sender) smtp.mailfrom=kent.overstreet@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708558169; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6hjF2SQllee7ug3mHeFW3uN8wvM2xkpGrw/6L+GvqAI=; b=OsmOnqO89RdbdKuABWKnfKwLxgrb0S9oCSOCeoLm51vAbFDn+L2ERZGObaLaHAWLPouR95 jXFw8iDMRA6eBriYMA5hU+gbUyZP6JkppVyY4wUC6sLUIPwsjyO30TyCqSJOXBH8lPGFu7 BsPa1Qj6vrO5L3WZCVy6G/y8wiMOJGc= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=Lq+ly2y7; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf08.hostedemail.com: domain of kent.overstreet@linux.dev designates 91.218.175.185 as permitted sender) smtp.mailfrom=kent.overstreet@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708558169; a=rsa-sha256; cv=none; b=C372RYjhYQK5GgbhSF6qKLcMMKZW5ig+YVhWEleFzXfny0FyO5Wj785/h2+EL4OZwWXi9d 73Ni+AS21efNlZVYpqpUUAgYFFUP7+W/w9wWpLTItasUxF0abnEyi1h6Mxo+3mw1lp3o6Q ijMFtRFtzC3pu7dB4EQYpiHX7eyISPc= Date: Wed, 21 Feb 2024 18:29:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1708558166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=6hjF2SQllee7ug3mHeFW3uN8wvM2xkpGrw/6L+GvqAI=; b=Lq+ly2y7ah6AgZEjrWQX8/IY+bYAY/Ak3A5hUtk/+rtO4t3TYNDPVCD+CvXmzOQkb6YHo7 7yI3N4yC5JmG7fb7Y9dHPG42OsUly1lTcqxUI6lMJfU5Uv30ghFpPF8KPSHsNaDtEzb/sY xXygOWJKr+1K2eQRLdil8O1/4jAKKis= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Kent Overstreet To: Kees Cook Cc: Suren Baghdasaryan , akpm@linux-foundation.org, mhocko@suse.com, vbabka@suse.cz, hannes@cmpxchg.org, roman.gushchin@linux.dev, mgorman@suse.de, dave@stgolabs.net, willy@infradead.org, liam.howlett@oracle.com, penguin-kernel@i-love.sakura.ne.jp, corbet@lwn.net, void@manifault.com, peterz@infradead.org, juri.lelli@redhat.com, catalin.marinas@arm.com, will@kernel.org, arnd@arndb.de, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, peterx@redhat.com, david@redhat.com, axboe@kernel.dk, mcgrof@kernel.org, masahiroy@kernel.org, nathan@kernel.org, dennis@kernel.org, tj@kernel.org, muchun.song@linux.dev, rppt@kernel.org, paulmck@kernel.org, pasha.tatashin@soleen.com, yosryahmed@google.com, yuzhao@google.com, dhowells@redhat.com, hughd@google.com, andreyknvl@gmail.com, ndesaulniers@google.com, vvvvvv@google.com, gregkh@linuxfoundation.org, ebiggers@google.com, ytcoode@gmail.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, bristot@redhat.com, vschneid@redhat.com, cl@linux.com, penberg@kernel.org, iamjoonsoo.kim@lge.com, 42.hyeyoo@gmail.com, glider@google.com, elver@google.com, dvyukov@google.com, shakeelb@google.com, songmuchun@bytedance.com, jbaron@akamai.com, rientjes@google.com, minchan@google.com, kaleshsingh@google.com, kernel-team@android.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, iommu@lists.linux.dev, linux-arch@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-modules@vger.kernel.org, kasan-dev@googlegroups.com, cgroups@vger.kernel.org Subject: Re: [PATCH v4 14/36] lib: add allocation tagging support for memory allocation profiling Message-ID: <4vwiwgsemga7vmahgwsikbsawjq5xfskdsssmjsfe5hn7k2alk@b6ig5v2pxe5i> References: <20240221194052.927623-1-surenb@google.com> <20240221194052.927623-15-surenb@google.com> <202402211449.401382D2AF@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202402211449.401382D2AF@keescook> X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: 8F4A016000F X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: cukepabeqygympu6hoxeas5rrj9ip38h X-HE-Tag: 1708558169-319031 X-HE-Meta: U2FsdGVkX1+xP+ZmZ5XNvVe+Mu3YJmL5rSv6UtnXSZ8vOV3ujJERN+llEKsQFGdW/5gHLFlLb12hENpMzTS/la1fqJT/u4ct3Qljus0MZ1xFZPfYC4gUP8GuBJXgcqKQkjD3lNKqwDlmQgK6oNTNHemOzziJgeNEb8iIzEZQv1ifVppUg2lEm3XZ/oDQgycpaXY8vqiV92AzXZ1G/MVybCVxz2S2Q3ipt/jWmsOhbcMAzVg/3Qu/nCBuJu4Rj+3Sh0sVLggbhSuN5nArJGwUwV33799tLJREZV1V+w8hDimuwiJa8MtB8B8pjFu+yynrMnpz6kCWaDQzWWUsLdJyFjgL6fTaebMsfomSJst1Ya63/z3s97hvPGLiRs9Kfa/9I80louYz55ZgmIgkm+3m1s4gnGw1KeuWfbcg7WUEBLKumVF4BOTCH6esfPxM4K/4ppDmbHYoD2l+u09aEzvZg+hC2XprSdeaqaafs/667ZEfBOlYXTjtSpOC6hzbGjuE8x0yW8aIg/Ano2Yz6leDMKkHOjr382OWprOR+rz9XWE9uFoW6KfJad6NAvhJ/pzGTU7+W4BBlqOwH8n/ehX/qS9d6TzG+8MZF4buaojTiVDz/2B2w4WzwOEqlZ4DycqJsgoWfPHKRcq77ZpsfBXP/KnH6+IiXRD5C1/KmYFakcLmTGM5nHdwDMmVrPZVXRGWTyTvBNJ4rHw7d3EMAPwVdiThw1PlJksxmRwStw477fbZd7OiW06MS2Iy2pD9NAMHCFVuC0QyNChlmD9O3jsO74FoTJKk5FD0z15X1KPscleqqHjcKhMR0Y8BSLtWRPJ7fkbrcU5ucOr+xwbHUF2UJGyT3fuNwsCtdZnD12P5K1TZ40SX8Ti7m974kpXfw1rLTVwwD8rYkKASbWOw2YB2x1x4GI07rbVsNhPFlsHWxsAYLFCnnN4VQsZ8pxIVNUwt0H5IUo74VcEC7Gscs/w g/Ujc/jc tApmROjYszVIXschSoQKbdpEovhp4KmYRGQcDqpBf0Igjsw3R/bFpOIETcjTT3cclfN4CefNxiUcDkSUpr21LEvqrBXJ0sIe6vt9UuViitvy+Pznv1paSzGn+Driu2MRsOcTCVjQKs+/gK2vaVBOXMMHYvpw2GDQseLby X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Feb 21, 2024 at 03:05:32PM -0800, Kees Cook wrote: > On Wed, Feb 21, 2024 at 11:40:27AM -0800, Suren Baghdasaryan wrote: > > [...] > > +struct alloc_tag { > > + struct codetag ct; > > + struct alloc_tag_counters __percpu *counters; > > +} __aligned(8); > > [...] > > +#define DEFINE_ALLOC_TAG(_alloc_tag) \ > > + static DEFINE_PER_CPU(struct alloc_tag_counters, _alloc_tag_cntr); \ > > + static struct alloc_tag _alloc_tag __used __aligned(8) \ > > + __section("alloc_tags") = { \ > > + .ct = CODE_TAG_INIT, \ > > + .counters = &_alloc_tag_cntr }; > > [...] > > +static inline struct alloc_tag *alloc_tag_save(struct alloc_tag *tag) > > +{ > > + swap(current->alloc_tag, tag); > > + return tag; > > +} > > Future security hardening improvement idea based on this infrastructure: > it should be possible to implement per-allocation-site kmem caches. For > example, we could create: > > struct alloc_details { > u32 flags; > union { > u32 size; /* not valid after __init completes */ > struct kmem_cache *cache; > }; > }; > > - add struct alloc_details to struct alloc_tag > - move the tags section into .ro_after_init > - extend alloc_hooks() to populate flags and size: > .flags = __builtin_constant_p(size) ? KMALLOC_ALLOCATE_FIXED > : KMALLOC_ALLOCATE_BUCKETS; > .size = __builtin_constant_p(size) ? size : SIZE_MAX; > - during kernel start or module init, walk the alloc_tag list > and create either a fixed-size kmem_cache or to allocate a > full set of kmalloc-buckets, and update the "cache" member. > - adjust kmalloc core routines to use current->alloc_tag->cache instead > of using the global buckets. > > This would get us fully separated allocations, producing better than > type-based levels of granularity, exceeding what we have currently with > CONFIG_RANDOM_KMALLOC_CACHES. > > Does this look possible, or am I misunderstanding something in the > infrastructure being created here? Definitely possible, but... would we want this? That would produce a _lot_ of kmem caches, and don't we already try to collapse those where possible to reduce internal fragmentation?