From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40DA7C3DA49 for ; Thu, 18 Jul 2024 07:55:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BAC2F6B0095; Thu, 18 Jul 2024 03:55:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B5AC66B0096; Thu, 18 Jul 2024 03:55:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A21C26B0098; Thu, 18 Jul 2024 03:55:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 852836B0095 for ; Thu, 18 Jul 2024 03:55:30 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 314D0160DA7 for ; Thu, 18 Jul 2024 07:55:30 +0000 (UTC) X-FDA: 82352113620.24.6B7E12E Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) by imf08.hostedemail.com (Postfix) with ESMTP id 3C8DC16001F for ; Thu, 18 Jul 2024 07:55:27 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=VDCDQreS; spf=pass (imf08.hostedemail.com: domain of mhocko@suse.com designates 209.85.208.169 as permitted sender) smtp.mailfrom=mhocko@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721289308; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kEewEflFqICIpcs1593byWCZG0jEQHpOuSgxHsVOQB0=; b=1ZMBy+t413aRUmEVSfuS5gmlKfuVpfUO9gtcF0qjutMcbSaB1scRPiXy1PNnIrZ9GZSTbR XYMqwVXoVwMd2otnQ/BPcunGchHiUGbttqs2QtaFxLhfJhgC3FUfXurjG1CYkqr0qraonm KJo6pc9XiV3zO9Lz+lnXCbBkxxeEkhA= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=suse.com header.s=google header.b=VDCDQreS; spf=pass (imf08.hostedemail.com: domain of mhocko@suse.com designates 209.85.208.169 as permitted sender) smtp.mailfrom=mhocko@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721289308; a=rsa-sha256; cv=none; b=eSD1kneB+Rc1GnWReSAzbFnVX8jtyEwyjAMFqWlHX6PpbHNPZ0WkS6Qt5xi4kRIzJNy2tU iC6hsP4yuIk0RdxVQOX2cVdj/e9/vNYNMLVkdV45GnxFIBJx63DQS6LlitYnAH/9/2P2Z8 7hi51/9zp6rdL707XKAJxkOcDxp5E1o= Received: by mail-lj1-f169.google.com with SMTP id 38308e7fff4ca-2eecd2c6432so8255551fa.3 for ; Thu, 18 Jul 2024 00:55:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1721289326; x=1721894126; darn=kvack.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=kEewEflFqICIpcs1593byWCZG0jEQHpOuSgxHsVOQB0=; b=VDCDQreSZ24wr/jmYsuPO7leB/hICr+SsFAPnY6mPEePVLfWd+miT7u8iCkjfIsnnB 5x9L8vVqcNkKJAqAHnIkQeHTLDymcJYU2ViE6DnLv+llez/JSNMcpkrIwFm1YFCn2VgS +qEayZZXm5DNJdlyci0Y9/3XTzbpk3QFD2Gi5BosQGFpjHrdy9yKxsDRHSxcYP5Uy/yU mSf8/GKopS6ewUr4mcmX9c04BNPCTM2LdPYmewxYyisxNywm2gWKa9tD7VsK3KJHOL1Z vq9QjQMBM9jyb2PfzSHtyOc7LPiMCZBd2prQWoBYYU97ZJxgnrmxAvePPAcVKK878TnT GM5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721289326; x=1721894126; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kEewEflFqICIpcs1593byWCZG0jEQHpOuSgxHsVOQB0=; b=PVsDFuA+VjPZGxzwxE7oECmiq9wW7G4UaDpcgUhzujo+dVl61KnW8D0vgOZiJgu9lo iw/KrdkF3l9ZT1ElGvADL4gG61uQo3YsyyK+GvSVC2BYF0t97XnbtAQfjAKWtJyNl6oE C/HAY7MX5UIzPERcbjEE9LYgi+ZtrNBH5y4kO7o9xUydqnLU9n4/TXKthbNCaU5FjrLL K63hBeSzxdWmrTDRmpvspXavVfO6tDbZcqKUbjsr756S5TV1zEXI/AHyhPRbrQiCoc5W pvX6uwbKFq7i6KJil4Z2pKZTFbUyPMi0cy6DyaYofHwEvgt2AyvOvye/BoLDAxOnT3Hw 1ibQ== X-Forwarded-Encrypted: i=1; AJvYcCVtW2BDBTlwJpQ0nLDRJnknalFnptDuWAE0lRDzDXy8agysPB25OMszIFDwymsnv3FKI2f5Dw/0EI4KQ1PQJbl52EA= X-Gm-Message-State: AOJu0YwpBeUnoJGs9s7FWxBhLJl9x2b6IvBTg7yzn9yzqHeFSZYVs1TY 65Ewrl8mYmFTxUxoQQbDMCypLleqZs5sJRTV6fvmG+Pnym/C2OK9xLCLvU2vi8Q= X-Google-Smtp-Source: AGHT+IGnrsaqmrpI87X9cEa8X7fQ66WIywRkTvhD9JlKFBTFDv4+C6SWAVQnACkFeRpxNh5S5OWCbw== X-Received: by 2002:a05:651c:1050:b0:2ec:4d8a:785a with SMTP id 38308e7fff4ca-2ef05c55148mr12524261fa.4.1721289326531; Thu, 18 Jul 2024 00:55:26 -0700 (PDT) Received: from localhost (109-81-94-157.rct.o2.cz. [109.81.94.157]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a79bc7ff96esm528053266b.151.2024.07.18.00.54.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jul 2024 00:54:34 -0700 (PDT) Date: Thu, 18 Jul 2024 09:53:44 +0200 From: Michal Hocko To: Barry Song <21cnbao@gmail.com> Cc: akpm@linux-foundation.org, linux-mm@kvack.org, Barry Song , Uladzislau Rezki , Christoph Hellwig , Lorenzo Stoakes , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com> Subject: Re: [PATCH RFC] mm: warn potential return NULL for kmalloc_array and kvmalloc_array with __GFP_NOFAIL Message-ID: References: <20240717230025.77361-1-21cnbao@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 3C8DC16001F X-Stat-Signature: nqhnfdpb5xgu4i7yj4yt1ncp68tccpbd X-HE-Tag: 1721289327-776833 X-HE-Meta: U2FsdGVkX1+QMMJjEr66ScmIBOWfrvZDv8pA6sU6oHHijN/brkDc7/joUCMbZhwdMgBBBAyZlYz0QdZIk8m2s27+VnMbta4+hlI5IWJa+qK5pmtmx7tnOLTC2rycy/VuUeyjFIhYpCpeFqRjYzFVaX6aqsY0M7Frx/W5f0hCKll4e/yu3l9L5+c+9k31qORNaxSHdbaeRKxcO0b3DqUqGAYSA4CHXiY0IFu2W7EKaIUWUHGHE3AdfjbH9T8sr8Shc4bmrCnKazqjiZ6TT2VLp4pWGp2+9XsUZIHdmEePfnrdn2hD95e6iKSyJYo2K7CUpSjqRlXF5mUt0hv877Q9XW3HEmZkwzw2YOSgDJyJyshlRf3GKV1AEhrsBOXTqV5EUVijbGAyzQQ8yk/b1e1poBRPGkLAbPeVVE7EswyiEre89pQe7uknps0PiXn0qNG/BYfBiujVATWii/98MhKizw1J7FR7/q4nR25XufFg1F4BoVFhT2quSQ4Foury66MLc4n58u1ExbV9PAlNfYozh3OmFgwIvcG/IPf+avV604c3kBnHL8hEZ6HzJMr1XG6YgzA6ip+ThfZJ4CsG/Of49BQiVbpBMlGjUKyUVbqcC/MT72WzLo/QdT/juDbRRHN5h8lIyVCZI3mqKtHq9WYHjjX7KqFg/Ak0iOg4NKsqF+begjT0RrDirJ4Qn5f7nlsdWzYyInvndNqVe4J6m4onMqWmeIJL00Y8WJScxGjxTEoprWzDsezxNh4YKZxIL+Aq6fWvezsJVrP5n+uXbZQ6pcJ95SPzai+fKjzy+zQGT1tDcVXoDsErKr7xHwseKlTlpRh8ZzFVc5MPqPFvqnJiOSk8KhSwUDxf713v5tsYXIGA/sq3oZtFuS9Xp3p02F3B5/seL+LfzDIMSIlSkTU99tmoux69fQwbHc7tkPhNpuxoswpUe/d9Zxa8nrDPmFaZ4QjVmybEAecoA2ul/6N mqduT6Y4 BvysY+M9j1mWbymNHbE5BxShJAD02sztnbXjKtASlLRIQD8+un5vLHzpiDmn+8OWPxdumjgvVbakjqgMWJEtBdW1HvDYwqP/CF637eaiwIZHdaBBl1F/mBpfLa9qA34GiW8Vjjy+Zs0cpJAhYmeZRaO1pEi89+Vip1Eur2tWQEyGbnLhsZCewyENM7rNHtw+Ript+R8VLOhKQVzh+KRE+Nhg9veSs0I53zUNXZQm0AGWw4t8/o8WmQza4Yf35Y3DSW/PDkAOmrkBHEqUaqmBTtvbna2sbWEyCHPeoFY50Ih8Z2zhfZ4ICBB9bmDbkXLilfctZopB4gJ+SfBecVf1swFdqKVbCZsIL3iKuIODdGOrlg3yVZ02kmLtvG+WZNd0nS/M1DqweYZl0YwS9ffx3qS960iPvqEkaNRvmXh0q1sTWpx/QHdfhd3E2S2Cj+rEldzsHMaFMZRVIiCIapXGTUAmnZciQFSBx3+Hn6Y1Vpfy0I2o= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu 18-07-24 19:41:33, Barry Song wrote: > On Thu, Jul 18, 2024 at 7:27 PM Michal Hocko wrote: > > > > On Thu 18-07-24 19:22:37, Barry Song wrote: > > [...] > > > For future-proofing and security reasons, returning NULL for NOFAIL > > > still seems incorrect as the callers won't check the ret. If any future or > > > existing in-tree code has a potential bug which might be exploited by > > > hackers, for example > > > > > > ptr = kvmalloc_array(NOFAIL); > > > ptr->callback(); //ptr=NULL; > > > > > > callback could be a privilege escalation? > > > > Only if you allow to map zero page AFAIK. Nobody reasonable should be > > doing that. > > ptr->callback could be above /proc/sys/vm/mmap_min_addr ? Yes, it can of course but this would require quite a stretch to trigger, no? Look at this from a real life code POV. You are allocating an array of callbacks (or structure of callbacks). In order to have this exploitable you need to direct the first dereference above mmap_min_addr. If you really want to protect from a code like that then WARN_ON doesn't buy you anything because it will stop the exploit only when panic_on_warn. You would need BUG_ON as mentioned by Christoph. So the real question is, do you want to stop exploits or do you want to debug potentially incorrect but mostly harmless buggy code? -- Michal Hocko SUSE Labs