From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 69C7FC433F5
	for <linux-mm@archiver.kernel.org>; Mon, 28 Feb 2022 22:42:27 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id E823A8D0003; Mon, 28 Feb 2022 17:42:26 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E28958D0001; Mon, 28 Feb 2022 17:42:26 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D3FF08D0003; Mon, 28 Feb 2022 17:42:26 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (relay.a.hostedemail.com [64.99.140.24])
	by kanga.kvack.org (Postfix) with ESMTP id C772F8D0001
	for <linux-mm@kvack.org>; Mon, 28 Feb 2022 17:42:26 -0500 (EST)
Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay11.hostedemail.com (Postfix) with ESMTP id 99C1C8026A
	for <linux-mm@kvack.org>; Mon, 28 Feb 2022 22:42:26 +0000 (UTC)
X-FDA: 79193663892.14.8EAAF46
Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com [209.85.208.172])
	by imf03.hostedemail.com (Postfix) with ESMTP id 2CFEF20003
	for <linux-mm@kvack.org>; Mon, 28 Feb 2022 22:42:26 +0000 (UTC)
Received: by mail-lj1-f172.google.com with SMTP id r20so19491178ljj.1
        for <linux-mm@kvack.org>; Mon, 28 Feb 2022 14:42:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=izAQUggyP+5/oVhiuZDs8c+/hcOxRl41iBfO6/Va0lE=;
        b=gdhZ7E6qyVixQYbKXVG63vM2xxb0swnRwsBzKeIqWG+fvd2iqhAyhIGljd7cmjcZk+
         VR0ScDUTHEHFo886kC5m1yLaFtBCSaxGF8GxeWo+jc9QYY+zeoG6JzMqgBDKYVLOvOLh
         RDcjCrs31LKoUs+2CZ4lKeaBV+t9lou9IkWaXm01N/ieXDUWpXKj1+GKvYSSTn/ucwiQ
         xOQy2ZQ4KfSJOuJq6Dwvy59kumfzDJGCNtAzV9eaVqcqkKkDbvvh9EzYgF2XkstDB/44
         6af2uolk/7inaQ8fKQLIbomP/hHrh1kyhBCozZUGBlNhuQrEEX4Z8CusUwLIcUxSxIzt
         6ppg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=izAQUggyP+5/oVhiuZDs8c+/hcOxRl41iBfO6/Va0lE=;
        b=791SfaRBtG4SbfYdAMY0DKm5Pu7ul0/SW1moxAJPSv0gSgcLDtbeZVmtIKNt2nRvjD
         E/59NaxkSGp8cc65VfhGn5KvYKD3yRwnXxwbeNkajhICJ1+RWjvO8cTQrWefQuxVHHqL
         VQiYefQQtTQXMxMRx0DvO7L8ql2vknde1BzZOIdIPJuw75mRmNmsUQ+r78uOOcHwKZ7a
         LHI2Q3KcVMI4mXQDuebkOZITETrjjUldNSrHj3OrVwtuqc94OaUE6crQ/gufl9wxNTkZ
         wFKfoJSO4QFJOOaPFnvY+ZKejoV0keZMxG0BoTCR6GT4Jk3wjMjDXxQzQOHrLpizZqld
         Xt1Q==
X-Gm-Message-State: AOAM533CuLE5FggSmBAbZtTN7LOiUYv77G9h+nXHEFLEsN3H6XY86MWM
	4H40/lGheTYg9s3HLUJvIOC++uWHXB0wsrCsSGLDtw==
X-Google-Smtp-Source: ABdhPJzvQ1kr0rlRYJB1BEesLr5I7VO9esTcIjTZCi65uc18521AsP4dIy+Ihsbg2tS+cZ/NY2TvWS6w4S+ZilQ+PiA=
X-Received: by 2002:a2e:bf24:0:b0:246:801e:39d3 with SMTP id
 c36-20020a2ebf24000000b00246801e39d3mr8704495ljr.472.1646088144327; Mon, 28
 Feb 2022 14:42:24 -0800 (PST)
MIME-Version: 1.0
References: <20220225221625.3531852-1-keescook@chromium.org>
In-Reply-To: <20220225221625.3531852-1-keescook@chromium.org>
From: Nick Desaulniers <ndesaulniers@google.com>
Date: Mon, 28 Feb 2022 14:42:12 -0800
Message-ID: <CAKwvOdm5pRtyf8W2c4q_xt353Kp+BSsC7qo5OE6VOEfOLCOJZQ@mail.gmail.com>
Subject: Re: [PATCH] mm: Handle ksize() vs __alloc_size by forgetting size
To: Kees Cook <keescook@chromium.org>
Cc: llvm@lists.linux.dev, Marco Elver <elver@google.com>, 
	Pekka Enberg <penberg@kernel.org>, David Rientjes <rientjes@google.com>, 
	Joonsoo Kim <iamjoonsoo.kim@lge.com>, Andrew Morton <akpm@linux-foundation.org>, 
	Vlastimil Babka <vbabka@suse.cz>, linux-mm@kvack.org, stable@vger.kernel.org, 
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "Rafael J. Wysocki" <rafael@kernel.org>, 
	Christoph Lameter <cl@linux.com>, Nathan Chancellor <nathan@kernel.org>, Daniel Micay <danielmicay@gmail.com>, 
	linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Server: rspam10
X-Rspam-User: 
X-Stat-Signature: 4hnoqq4xssouj9dczgb9c34xgxskio3i
Authentication-Results: imf03.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=gdhZ7E6q;
	spf=pass (imf03.hostedemail.com: domain of ndesaulniers@google.com designates 209.85.208.172 as permitted sender) smtp.mailfrom=ndesaulniers@google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-Rspamd-Queue-Id: 2CFEF20003
X-HE-Tag: 1646088146-161349
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Feb 25, 2022 at 2:16 PM Kees Cook <keescook@chromium.org> wrote:
>
> diff --git a/include/linux/slab.h b/include/linux/slab.h
> index 37bde99b74af..a14f3bfa2f44 100644
> --- a/include/linux/slab.h
> +++ b/include/linux/slab.h
> @@ -182,8 +182,32 @@ int kmem_cache_shrink(struct kmem_cache *s);
>  void * __must_check krealloc(const void *objp, size_t new_size, gfp_t flags) __alloc_size(2);
>  void kfree(const void *objp);
>  void kfree_sensitive(const void *objp);
> +
> +/**
> + * ksize - get the actual amount of memory allocated for a given object
> + * @objp: Pointer to the object
> + *
> + * kmalloc may internally round up allocations and return more memory
> + * than requested. ksize() can be used to determine the actual amount of
> + * memory allocated. The caller may use this additional memory, even though
> + * a smaller amount of memory was initially specified with the kmalloc call.
> + * The caller must guarantee that objp points to a valid object previously
> + * allocated with either kmalloc() or kmem_cache_alloc(). The object
> + * must not be freed during the duration of the call.
> + *
> + * Return: size of the actual memory used by @objp in bytes
> + */
> +#define ksize(objp) ({                                                 \
> +       /*                                                              \
> +        * Getting the actual allocation size means the __alloc_size    \
> +        * hints are no longer valid, and the compiler needs to         \
> +        * forget about them.                                           \
> +        */                                                             \
> +       OPTIMIZER_HIDE_VAR(objp);                                       \
> +       _ksize(objp);                                                   \
> +})
>  size_t __ksize(const void *objp);
> -size_t ksize(const void *objp);
> +size_t _ksize(const void *objp);

If you wanted to discourage others from calling _ksize, you could hide
its declaration within the scope of statement expression within ksize:
https://godbolt.org/z/e4sd4nE6q
-- 
Thanks,
~Nick Desaulniers