From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 72331C77B7F
	for <linux-mm@archiver.kernel.org>; Sun, 14 May 2023 09:30:19 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 7673B6B0071; Sun, 14 May 2023 05:30:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7169C6B0072; Sun, 14 May 2023 05:30:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5DE6F6B0074; Sun, 14 May 2023 05:30:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 4DA206B0071
	for <linux-mm@kvack.org>; Sun, 14 May 2023 05:30:18 -0400 (EDT)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 039E91A11CE
	for <linux-mm@kvack.org>; Sun, 14 May 2023 09:30:17 +0000 (UTC)
X-FDA: 80788339716.28.CA37CC0
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28])
	by imf18.hostedemail.com (Postfix) with ESMTP id DC6A11C0003
	for <linux-mm@kvack.org>; Sun, 14 May 2023 09:30:14 +0000 (UTC)
Authentication-Results: imf18.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=CTpsMPkb;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=SJgsbtU9;
	spf=pass (imf18.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.28 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1684056615;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=dHSZYYmiO6JSUTlgPd0JkN7TgOMKpr6vyTG9Hwy+Zzo=;
	b=1QA8UtKl9O5r4MJEFHd3KcS1vWyc9D9ztWOGnxokaEheoDEO8ScOH9Tj1ywPk7rnKyFJl+
	OfwbnZjucH2thUopTMZcY5ArFeaVOhTo2pcqUYTITal49JJw96j9Syeae6ficNMhICmtC5
	PGAEgZBRUWl2DDLwW1KgoL147iDbjVY=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684056615; a=rsa-sha256;
	cv=none;
	b=HfPwqg2B3l46OOKoUZXTcqhTuNLEdbto6ysLGSsM/OfNIrodsk4nERe8l7TuCaJqi387Fk
	PchYyt6vu6h147DQ+ATDFUZ3dPWU7EmufyM4M6d6bF1FWNci9F9NVIK8W6dprhAXBHrtwt
	llPXru5RADr/rgj9ndNyQ3md6lF4zPo=
ARC-Authentication-Results: i=1;
	imf18.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=CTpsMPkb;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=SJgsbtU9;
	spf=pass (imf18.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.28 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id 1CCB521FB9;
	Sun, 14 May 2023 09:30:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1684056613; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=dHSZYYmiO6JSUTlgPd0JkN7TgOMKpr6vyTG9Hwy+Zzo=;
	b=CTpsMPkbu+KTLlj7qn/aXMfbpi54eshjeH8xcgf1+nadUSMxP28eg4Nfz4wVFba5igv1iR
	WaRTj7xQSoUUFuLYm/3TWx23mqTbPoO0DetltCTar+yIibuMaNXD6HFJtpvr0Y9dm9mcuF
	TEXeOdPmW5AU0h3wj/rR0g3ZBwwENzk=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1684056613;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=dHSZYYmiO6JSUTlgPd0JkN7TgOMKpr6vyTG9Hwy+Zzo=;
	b=SJgsbtU9ve0LLJmy6hXTCPVFmUdu6F9PBYYtaUsOr8qn9AI5+hn5kKcc367zVHMvWUno1I
	gaQf9G4nN6C2OCBQ==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B35D8138F5;
	Sun, 14 May 2023 09:30:12 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
	by imap2.suse-dmz.suse.de with ESMTPSA
	id dzHeKiSqYGRbUwAAMHmgww
	(envelope-from <vbabka@suse.cz>); Sun, 14 May 2023 09:30:12 +0000
Message-ID: <b9331fe4-11c8-5323-e757-5cae3c1e2233@suse.cz>
Date: Sun, 14 May 2023 11:30:30 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.1
Subject: Re: [PATCH RFC v2] Randomized slab caches for kmalloc()
Content-Language: en-US
To: Gong Ruiqi <gongruiqi1@huawei.com>, Hyeonggon Yoo <42.hyeyoo@gmail.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
 linux-hardening@vger.kernel.org,
 Alexander Lobakin <aleksander.lobakin@intel.com>,
 kasan-dev@googlegroups.com, Wang Weiyang <wangweiyang2@huawei.com>,
 Xiu Jianfeng <xiujianfeng@huawei.com>, Christoph Lameter <cl@linux.com>,
 David Rientjes <rientjes@google.com>,
 Roman Gushchin <roman.gushchin@linux.dev>,
 Joonsoo Kim <iamjoonsoo.kim@lge.com>,
 Andrew Morton <akpm@linux-foundation.org>, Pekka Enberg
 <penberg@kernel.org>, Kees Cook <keescook@chromium.org>,
 Paul Moore <paul@paul-moore.com>, James Morris <jmorris@namei.org>,
 "Serge E. Hallyn" <serge@hallyn.com>,
 "Gustavo A. R. Silva" <gustavoars@kernel.org>
References: <20230508075507.1720950-1-gongruiqi1@huawei.com>
 <CAB=+i9QxWL6ENDz_r1jPbiZsTUj1EE3u-j0uP6y_MxFSM9RerQ@mail.gmail.com>
 <5f5a858a-7017-5424-0fa0-db3b79e5d95e@huawei.com>
From: Vlastimil Babka <vbabka@suse.cz>
In-Reply-To: <5f5a858a-7017-5424-0fa0-db3b79e5d95e@huawei.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Stat-Signature: mkdtmuagr4k9psfqhdyu1thui3j6bu7n
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: DC6A11C0003
X-Rspam-User: 
X-HE-Tag: 1684056614-865121
X-HE-Meta: U2FsdGVkX1/NZK0AQ+brfgfZffpNbOtvFuem+J8698R5RwFNcW1E6QJlLJtf8pZxnZXEQh0+1bT/tzOSOzDwp5w03fMxEf8eu+ehvNsbwY+VNsZRElqq6w/Qqz+m/nm4niBa00SBHQknImw9+3BLHwJ3cx7o5JPDtZjuxTtQjIaTgPVg0+P6Vk7eMCHlN0ZVFIfrMr1LTJFNmy9ZqDKFpZ1FIdBmyVWshbX5jwyk91xO1oChXuI8m0frLAUYkSunV9sMaSJ6nukdl8dQ/rW2A8oQ2BX/NJfFF25kGWTLtnD/NzcG37yht+54Rk0UQ9ZpVcK+XzSq+1R1obNxZFp44ZTwZTwTOS8QUEp2aQi6ncHiOModOo27rl5jhPXo0+ZZipKgb3Kr0qGxtCGP2KEGNsXh+2UOZ/jhsdasObUc2ewkv6zPEHKztqX2GVGnSAr85bRA9quxnJymw4+bb+VKQ86wMt9n/L4WVtzsOeYLSgUmLuqA4hX9yew7Lwx6BFrByNbSr4RAt1EhpxYojFyY/WR+qWHPDv1qTZg0Su3W6Lre7x6CmjB8avYLoj9v+q1t2oHTM/TKmUvOZc8V5E2MKkRU+YZAWxS6Y2mziah7+au9XX5zZuM7p6i68gFyaL/R4wwoQPePsup6G/i8GVkMz5gNv8XQYhsaxdZJMPh+R8oQ0fkPy0g4SZdy+RbmtRnKhdRFho0uOqml9BFPrDC5Gp9v0pW9FTvV29zIEAb7w0b1NCgDpQJYjbsIcG7ixNHzjhp8IhK5UsbL46dXrKEOSV6SrvMjirv3lD58myuay1huR4nFxU3NA12ra4PNDvrrWJlPoBzKRovkYORPicv04FvrFZK+v5gqcR/iyx4roqfYnD1j0sttQAZkiJLhJGC51aLqUNv61RoY/FLOYafQ8ASCnErUJWNyH5IYyo02G3R5cvs5wfzcke/kBSAvt3HR0nGFxXe+B+gjGPGPPrA
 QTOiGqLF
 OGebDKk8syyUgZXE8H+kF1YgyUYy9qq3j6kC2QJefYJJhWuGpPUN4cyBKv6/EtKKvD5V5ZMP0e4ZFvuCci+jno2D3kmcoeSPeqb7+vn7FDKj0Us22B6lGdhWfwXvu32HQ74nsQUyldejMVS0IgGEmb6XmWvDOii5oEUTZH8sWfDK8SyynMA1/9C2NKHgEkdtK8I3s+cNPrSCXMLi+c9uQ84YP8xnQHWHj6uKsu/vqxZA+v5nNDFVWtw93bf8V/f7TcnCOhA75NWy2HK/3YL9vrKbBa6CLbaggyhgVnr757Z20cZNcjLxLO3lhGDhovsRZckhKqTUPIplw4/gNoExCY7YYOO8hLGDh2GGkbbnsEkMvf2O5AwfXt8LTap2O8DZkArCQ
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 5/12/23 12:11, Gong Ruiqi wrote:
> 
> 
> On 2023/05/11 2:43, Hyeonggon Yoo wrote:
>> On Mon, May 8, 2023 at 12:53 AM GONG, Ruiqi <gongruiqi1@huawei.com> wrote:
>>>
> 
> [...]
> 
>>>
>>> The overhead of performance has been tested on a 40-core x86 server by
>>> comparing the results of `perf bench all` between the kernels with and
>>> without this patch based on the latest linux-next kernel, which shows
>>> minor difference. A subset of benchmarks are listed below:
>>>
>>
>> Please Cc maintainers/reviewers of corresponding subsystem in MAINTAINERS file.
> 
> Okay, I've appended maintainers/reviewers of linux-hardening and
> security subsystem to the Cc list.

I think they were CC'd on v1 but didn't respond yet. I thought maybe if
I run into Kees at OSS, I will ask him about it, but didn't happen.

As a slab maintainer I don't mind adding such things if they don't
complicate the code excessively, and have no overhead when configured
out. This one would seem to be acceptable at first glance, although
maybe the CONFIG space is too wide, and the amount of #defines in
slab_common.c is also large (maybe there's a way to make it more
concise, maybe not).

But I don't have enough insight into hardening to decide if it's a
useful mitigation that people would enable, so I'd hope for hardening
folks to advise on that. Similar situation with freelist hardening in
the past, which was even actively pushed by Kees, IIRC.