From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6371BC3600B for ; Thu, 27 Mar 2025 19:24:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 835F9280114; Thu, 27 Mar 2025 15:24:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7E49C2800FF; Thu, 27 Mar 2025 15:24:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6ACE9280114; Thu, 27 Mar 2025 15:24:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 4DA4C2800FF for ; Thu, 27 Mar 2025 15:24:30 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 6B776ABF90 for ; Thu, 27 Mar 2025 19:24:30 +0000 (UTC) X-FDA: 83268307500.30.170AA48 Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) by imf24.hostedemail.com (Postfix) with ESMTP id A5F7218000E for ; Thu, 27 Mar 2025 19:24:28 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=rOK+sknR; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of jannh@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1743103468; a=rsa-sha256; cv=none; b=vCCJ1wOTQhbbWgnlFq34fTA37M5FV0J8G6vSWKR5U074RmRR4cQE41Wz2LXpUGfsbwEsqa rNMmCf8y+rix5fUofECJgneE8m9P6aMOAzxih/2Xx4SxnSSOwFLTZM7bCzvjXvyYl6nAdz N3KE0n9Xt/V6jwbeOXanKL0GGek/4Zc= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=rOK+sknR; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of jannh@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=jannh@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1743103468; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EsU3H4aCybFj3CLx43rBcKbIVPlgG7MXqQJVjEO3KuQ=; b=Dtm4YRXKDfhphRcDh9bYZhtsnsWrpvMFmIH9Y+upbFxY4HR97Lw3HDoXZ8c/ZTOaBgr9eZ bRLKDSVFQCwvFWOqZNtG9otCj20PUmGErHYArwUP1W+XvlxKPniAXSi148G0MUWe/jiIvw UkBGu7M/mCq+LeNWTl/fNgB4Qf4TSSU= Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-5e5cbd8b19bso2713a12.1 for ; Thu, 27 Mar 2025 12:24:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1743103467; x=1743708267; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=EsU3H4aCybFj3CLx43rBcKbIVPlgG7MXqQJVjEO3KuQ=; b=rOK+sknRkUWsPRt+vynFkYY9zGB+pf88ZYW01eUv2muzHuREXI+RKWV9WoG/qem8kp 6jS4P98TgFA5UJPRQzW86dhQpF+1nKn4lpAb2vDluyc2EmStYJe5HW+mr5/eGygOdhA/ XF9oPENSqqIVjuaAhNQEpGCq20DnETrmigDNFruTYV0O/bc7lHTROsPwzADLe/OnWWt6 guJ9cnKyYPsDWvlUCEbL1zsTLar/WLwVbAwerKweP9c90LHukWkjbt/YSOdrt4NtzO4n L3qsFdtJLMhHTvFj34S4cvwFbWpzVpJoA9Otg/H2KB2bWen9K5PAJxWu8i+/eSDdDg+z 5pzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743103467; x=1743708267; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EsU3H4aCybFj3CLx43rBcKbIVPlgG7MXqQJVjEO3KuQ=; b=nsZyKofMYTji0AdZ6PIQrQkYp8AdUdafrTbuzjiaLlcMeMvSZFaOMb64OLqoGwivHc ztQu6EvHtccg/IekqzY9vgKukBbQ1vBBPv9S+iyFpPsTsZMy7JMne5O6c0tv3DmV6A88 ljsIP6CT12sp2xPOoyM7ZLqeVrz9ZXPQVhoMlcz9h1R/arIwCYhgVqREcFJevcf0Sl9X b+XFFCdRJEzzGQR9ZzhLBMQD76/BDQ2xnzf19HVEnp2PInahUdgvILKEKot+XZPOhmP0 qHVrNaDH92dhynveLlrlQQ2MWB4iEEkrOeCXCOhaZO0tqYqOtKGcxzHUcymZXzxm2Fym MQRw== X-Forwarded-Encrypted: i=1; AJvYcCVLovNlh8oUVBU0chG2F6qV1lVHq9Q2CsnVYuvDlYgLg4XKmr809nSPXaeLlGr9/byfVOnHmg06QQ==@kvack.org X-Gm-Message-State: AOJu0Ywh5w8W8r0gNO/v+XyFZKjc/LDr+Zmjp2EcP9VTfPIQfDbR8Zos wTKawrpfc3kRNY34eWzey1t3yjqnyw8U62iQ937QtRXqCaJgWO7HoHIioAA+yI3fCxVGMYxvSxS C5kcH6fIMPt9H6UgLbANTGVHmZwNTJU3dpJPL X-Gm-Gg: ASbGncvwUYBQTHzap1dkruuBH4iBN8M1f9UkyFFzTYN3mjxOy8UaLmy4ihKOSdWP4al M652RY+N7jUe93Fg0ku0pbodGry3qA8/eQjq9NyjjPqDPEfUXRNYqBLyfSXwS0EzpzSsB/P5/eZ hwOYpLloge6TwzbCMF/AmTU1bENTZsycjM2kh8B+TF4gBDZKejaB89tg== X-Google-Smtp-Source: AGHT+IGz2ptWnJMKCpVZRXSHC1BHv/EVsDD4zvp/wvpIFLl5pTpvPZXT6zLp1OS7qFkNx/ZO9sL+QD6VpMJEETNWsBc= X-Received: by 2002:aa7:c7c3:0:b0:5e5:c024:ec29 with SMTP id 4fb4d7f45d1cf-5edc24175a0mr19555a12.0.1743103466604; Thu, 27 Mar 2025 12:24:26 -0700 (PDT) MIME-Version: 1.0 References: <20250321202620.work.175-kees@kernel.org> <20250321204105.1898507-4-kees@kernel.org> <202503220003.FABF5E82D1@keescook> In-Reply-To: <202503220003.FABF5E82D1@keescook> From: Jann Horn Date: Thu, 27 Mar 2025 20:23:50 +0100 X-Gm-Features: AQ5f1JoZQZxm97U6uQ_soQO_EMulXCDu3MvlZ-E2JGUgvp9Lprl8N4F8RaVkeC0 Message-ID: Subject: Re: [PATCH 4/5] slab: Set freed variables to NULL by default To: Kees Cook Cc: Vlastimil Babka , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, Miguel Ojeda , Nathan Chancellor , Marco Elver , Nick Desaulniers , Przemek Kitszel , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: A5F7218000E X-Stat-Signature: gx9y6ikx75uhfzwfe8kt9e1cjiwxuort X-Rspam-User: X-Rspamd-Server: rspam06 X-HE-Tag: 1743103468-910913 X-HE-Meta: U2FsdGVkX1/764WtbUQpxSzvJEArmQ//B0biGi1dLJ4ut7qAleoKbddtmNNA4sQ4+20cnQ9BOaPCZUdeXVqZ8cXQEMjLnIe8zqjJUigTY1UOceUkdYuHkpQjmSemas38IH2QWhGlHll0amFb7XXZh4QU6N9epxxjyIEvqFldwLU+a40YWMSeXqIf1jAqSGm4+nnQbkBnwWD0IA8VPsNcBcUl47DnNl2/SnkB8Q0qCwudX0Ejw2gO0xE9jZ3MNjQfRXbuPMOJFEvbAWNOZtfMq2Ik5zXKgmuOe2/ZARnbrazEn/KUiEcqIlMxe01kBT/RGQkG85AKwawEADpEjoMp/IBBPogV73vSwq/kYhoD9VKcqY3FkeyEzCWAsQ36n/CfvHP92o1WQb3T5YoyXvkhwWEYINlE0S4qvVJmpVmcSBoX9/e+EH27mb9ThZeoD22W4u44vWRKC1o58vrpvNWepOA1XKoiSc9O9q32FdMUJOTVZ3Luw7rb1NW5iXtRCNhvRzUSDDLTBZ+NqtmIka59xTJM5AeQOkEbV/+oC+NENdBjLeDWc++V9d0FRC37o63vZp6N0+8HQhlxHapzJ1ILbTNpaTZaMkRfrqIyTgTIXlYt5T+WX2e+R8hcQuQH2W2G/+Y/utc+DJ5gmcqPhimgIOPP99+o0C4GRry/k6JNEubvRIBSW1LLMEyC8tECila6pwWCD8pGRqquPj1JaukeO5uuzXTLjFJYxxC43bZa3bPsij6RzV0bNdKWmqP3+v0XloMtPfrCDSqMaxW4LJnuuHcCxvkMqUZbHTOkAX0LTYECIahNpEDmNtFu2thGfWAcXf5pe30btjJVDdTairEoJq+44Y0dwXMJOF56soAwrWgprkQXYnpFc3Y0g2uNBOazizBoHZtnNBYy8/BNRq8Cpkxqd1sVttv4BVtvUn0AErDvXhz+Ux8Lhb52F/YQGw2MHXZdqlTlhAaP4PePwyT FK8QaBBr fn/pAAs/eXn26F18= X-Bogosity: Ham, tests=bogofilter, spamicity=0.024424, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Mar 22, 2025 at 8:18=E2=80=AFAM Kees Cook wrote: > On Sat, Mar 22, 2025 at 02:50:15AM +0100, Jann Horn wrote: > > On Fri, Mar 21, 2025 at 9:41=E2=80=AFPM Kees Cook wro= te: > > > To defang a subset of "dangling pointer" use-after-free flaws[1], tak= e the > > > address of any lvalues passed to kfree() and set them to NULL after > > > freeing. > > > > > > To do this manually, kfree_and_null() (and the "sensitive" variant) > > > are introduced. > > > > Unless callers of kfree() are allowed to rely on this behavior, we > > might want to have an option to use a poison value instead of NULL for > > this in debug builds. > > Sure -- we have many to choose from. Is there a specific one you think > would be good? Forgot to reply to this, sorry. No, I don't have a particular one in mind.