From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13A7AC2BD09 for ; Tue, 9 Jul 2024 06:58:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9E5F16B0083; Tue, 9 Jul 2024 02:58:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 993B16B009A; Tue, 9 Jul 2024 02:58:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 771D76B009B; Tue, 9 Jul 2024 02:58:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 541886B0083 for ; Tue, 9 Jul 2024 02:58:14 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id F073F16171A for ; Tue, 9 Jul 2024 06:58:13 +0000 (UTC) X-FDA: 82319310066.08.37FF8F9 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21]) by imf04.hostedemail.com (Postfix) with ESMTP id 5D5B440002 for ; Tue, 9 Jul 2024 06:58:09 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=dtaTe0sR; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf04.hostedemail.com: domain of przemyslaw.kitszel@intel.com designates 198.175.65.21 as permitted sender) smtp.mailfrom=przemyslaw.kitszel@intel.com; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720508256; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vMhaAlasTlFU9o78jv5j0Bdow7vQ+dT8HzaBXcCiJlQ=; b=YIezyX2iQKznLTW7/qGfcGf1mNW6VmFgyXhg0MVmYOFaiYisAO8ItLxORE837oJ9DzMvg6 94EJcg1FQbEI9w2VJ3Tp2LNK4CqiXi5znD0TQgUDp7bLf1ip+yxDj1Xek0SbMaoV/ji+jK fIV0R7dh92DwNOAEvxOelzJOiNbd7iU= ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1720508256; a=rsa-sha256; cv=fail; b=cDKz/YW6VR4EDRtnhYMoZzFOimRBi1Yy/8JfdTur+0u8RtCnc7WqB1IQ/ynLGWOagB8WWX Gn4yEG6E3Kjz5cRSUHNEUagZSALMNzpYY7ztdbiW1i4p/UpToOu/VS53OIqvUf9bpDSWOW i/hl5fuIZCdf6hFpMCeRNoBgJCBen1M= ARC-Authentication-Results: i=2; imf04.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=dtaTe0sR; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf04.hostedemail.com: domain of przemyslaw.kitszel@intel.com designates 198.175.65.21 as permitted sender) smtp.mailfrom=przemyslaw.kitszel@intel.com; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1720508290; x=1752044290; h=message-id:date:subject:to:cc:references:from: in-reply-to:content-transfer-encoding:mime-version; bh=VPxVzAL24dMX3syyAqYU+oKr2s7UnjA3zuU33rAdpA0=; b=dtaTe0sRKPO5kraVLR3W+m5/XjnPrW2UVnhvNAk45QBiAGrCPk36H366 k6+HzUCMfnx9Z5TVao05fzhHmU0k2sXRoKvn8jP8YGyC7QgxTDaCrMigw UhpcZyQUb/KIzyp2M6hvdfaIzh9U5GB0TXokpkXBkeoga5EyISSqi0xJ1 UT71hYiCbXGtT0DZ9feUvnPb1/97f43HlSliZxMJCtP2XcTkbFnCS3nM1 fAnmMp0HhboD8zAw168mPWOUEcgOcj18GaAgKzNe5HXFyQsvvPx9AqTEK IOZNi9sHqxNQ3Qc1n/zV+cjaA7m6npPbXPLmsGQYXPcniixunhtx5RJai A==; X-CSE-ConnectionGUID: pAx7m04HQL2O3HPh0TRmxQ== X-CSE-MsgGUID: u0EsA02LRXGxVSjSDE8ZWA== X-IronPort-AV: E=McAfee;i="6700,10204,11127"; a="17694304" X-IronPort-AV: E=Sophos;i="6.09,194,1716274800"; d="scan'208";a="17694304" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jul 2024 23:58:08 -0700 X-CSE-ConnectionGUID: nHnXh9Z0RHuD/OVfnnHCZA== X-CSE-MsgGUID: RnpuK8gDQhq3PbnF6S2B+g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.09,194,1716274800"; d="scan'208";a="85299654" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 Jul 2024 23:58:08 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 8 Jul 2024 23:58:06 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 8 Jul 2024 23:58:06 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39 via Frontend Transport; Mon, 8 Jul 2024 23:58:06 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.44) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Mon, 8 Jul 2024 23:58:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZYFq1c46zXDSFrAUQy94bTfb0m+W+dn5uJgr+jEoEHLnngaDwdO11z1pR6itWZWumvci6Livl3+Enq/Af+CVSjRdniYaJCGLeRF65dJaYC5iTu2dkz7UgFhYc+tKNP0eg6wHaQlpdsa21Cfb8hjnfVVp29LhFsL6+oA2D3MNsRPvwGonLnqh2sIxL0LMU4heIh9vLpA+pG73IKLLdo6wI/Oy9hEzycBfFDRfsCwe/pLhaLYEZ9GaWAdhPWglr99obBw2w2iS0kbBiGoRyC4ZcYB8onenOi4MOopkQ434dvvzvrPIe6uoBEpVP5DHKWD7LcjziXZsO3c0EBHjY38Iww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vMhaAlasTlFU9o78jv5j0Bdow7vQ+dT8HzaBXcCiJlQ=; b=E0CkiFJs+1agFfmxLk3KqcfNOSRe0fg82lpOrWrX8CFZ7s6AART1AynxcW8X07zwBNrEF+H8cPic4bL2OD48P3jLxn55xQ8FLeQHpTEkVvlFs+GBxnTS3VOW9WtwruM3WZylMmMYwD/A97qLafELmLR+5UcW4TbbFjrHqlKr6AFrM9X4DlMdoNDj56vsnEnt50Wfq1sZXh8kVzhzhAloQEvbHXoXL6pEROltmFx558+aIR0B5LtH5YwjjXVYOPS1KIwFCMpos5F5jHduX8nQhqDBUbJeNd+08n+YtE8lpu4Q4A1VPSznOU1TUzaM7AK9TDhZPxhfxgqlFdGaif+Dtw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MN6PR11MB8102.namprd11.prod.outlook.com (2603:10b6:208:46d::9) by CO1PR11MB5123.namprd11.prod.outlook.com (2603:10b6:303:94::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.19; Tue, 9 Jul 2024 06:58:04 +0000 Received: from MN6PR11MB8102.namprd11.prod.outlook.com ([fe80::15b2:ee05:2ae7:cfd6]) by MN6PR11MB8102.namprd11.prod.outlook.com ([fe80::15b2:ee05:2ae7:cfd6%7]) with mapi id 15.20.7741.033; Tue, 9 Jul 2024 06:58:04 +0000 Message-ID: Date: Tue, 9 Jul 2024 08:57:55 +0200 User-Agent: Mozilla Thunderbird Subject: Re: [RFC][PATCH 2/4] slab: Detect negative size values and saturate To: Kees Cook , Vlastimil Babka CC: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, , Jann Horn , Tony Luck , Nick Desaulniers , "Miguel Ojeda" , Marco Elver , Nathan Chancellor , Hao Luo , "Guilherme G. Piccoli" , Mark Rutland , Jakub Kicinski , Petr Pavlu , Alexander Lobakin , Tony Ambardar , , References: <20240708190924.work.846-kees@kernel.org> <20240708191840.335463-2-kees@kernel.org> From: Przemek Kitszel Content-Language: en-US In-Reply-To: <20240708191840.335463-2-kees@kernel.org> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: VI1PR0202CA0013.eurprd02.prod.outlook.com (2603:10a6:803:14::26) To MN6PR11MB8102.namprd11.prod.outlook.com (2603:10b6:208:46d::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MN6PR11MB8102:EE_|CO1PR11MB5123:EE_ X-MS-Office365-Filtering-Correlation-Id: fb332852-a8c9-440d-f4ab-08dc9fe47afc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|366016|1800799024|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?B?akxvQmhGTXhOYXdaOW9qTHN5MERpT2NqbEhyMkVIMCt1TVVqeTk1b0RYNy81?= =?utf-8?B?VEdiM1ZYV0hHSFk4M004Y0dySmpzaXJjb1NMT3hTWko1UmhoV1Z3bTFUaXhG?= =?utf-8?B?by96UUJCeHFvdzRzN0oza2dva2VGaDhhOUc2YXVIOGcvNkg0R3VhSjJxYkRB?= =?utf-8?B?c1cyaVc0SEhlU3FLSEV5OVBuM0Zxd3hub200Mmw1a2JGb0h0ZFFYNkZlVzJa?= =?utf-8?B?NW1IbmttNlBmWnJqZXc0c2RtRDlkbVoxTkh5RXluTnFVWkRoZUFWSlpCdENO?= =?utf-8?B?RXlsNFl4cjQyb3BSMzlPZjVlTjU4ZE01Zi9mRmQrcEkwb0F4T0VPM3R5V1Fz?= =?utf-8?B?enR6S2Rsa3hiMDgzR2crSTNzVmxMSnEwdEJUR0FHeVlOVFFEL3F6c3Y1QmhT?= =?utf-8?B?STBRRjBLMWdLNDlhUnlaa1VTQ2R5MnZGY0xRRXdaQnIzb1Y1Z0RWekEzSFJk?= =?utf-8?B?ZEVGZ2pQOCsvMXpGWFlPZ2dVd0RyUkxzTVVRemd0Qzhicm9mRFZQVngxNjJM?= =?utf-8?B?Z2p4K05IbGdkUDZZaDB3RXEvUFpvekxwdzZJRTZpcTJ0Z3U2Q3Ywc1ZadkVs?= =?utf-8?B?Tys2VnVVMFczdmFJTVJYZGxlai9mcHUrTVoyVXY2QkZrL1NIWWtjMzNnYmg2?= =?utf-8?B?ajh3WDZMNngzcWh5ajBuaFlOWnloTnByRmkzRlU2N3R4bmc4WDVHZFo4MWli?= =?utf-8?B?T3ltVWFDTmJ6d0NTeFBZdjYyWm1ibTloUC82Ty9zTEE5UHFhdDUrVmZhWUdV?= =?utf-8?B?UCtIa2E0UHFlK1B2VHF1S09nQ3IxZ3ZBSU1ta2hLYnNlbU1henlCSE56a2J4?= =?utf-8?B?N0E5Zi8vZktTWE1tTzNydmw5MlUyQ3ZBcU5qSU5SdjNWVEFTVCsxb2laaUk0?= =?utf-8?B?WDZzeEdHL2lVbWpGaGtoWWFaQXlxdlo5bUNQWEhKQ0drSWRxUWQ2SmZBSDBw?= =?utf-8?B?K1JOTWxqMXgzV2dFZURhVHh5b01zSnVkU2ZCejlmbzVla3N5VkIyem1ZdVJZ?= =?utf-8?B?VG5td1gvWEhGMFhZNUFkMEZpRWZFQ0ROanZFRlV4QmVPdjZqNEJlNFJHYzd6?= =?utf-8?B?enh4VFhaNEU4UzJyeGllTjh3MjJ6bnZTUXVWc0dDYU1YZWJtWWs4aVFnaXgz?= =?utf-8?B?cGh1NHl0U1dMdXM1NGtRU0cvSTJGYlJXOUxMNWhHRVFjRVBsMFZWWG9UNTNt?= =?utf-8?B?RHQwdXFXQXRuSnJOc0xpa3hRNnFCSUNCYWpXK3M3MUxQNXNuRFBpU3FYS1hZ?= =?utf-8?B?R2VoMVc4aXJmRFdVU3ZTQ2ltKzJkc25rZXBFQmRtOUFieGF6TzhuUDhXNlZV?= =?utf-8?B?TmRjQ2lJWWlRdFNValhTK3JwMHpXNG4vUjEwc3hObitMU3FydTdtYi8yY2Q4?= =?utf-8?B?WWF1U0tjZ3pWa0l3SmUzbklTVGxmS1ZSUDdTbnZuVzZ0KzUvT1lTNXlpZW0v?= =?utf-8?B?dlhCZngwUEkvSGNudXdHbzNsY2UvZWZhSkNBQkkzTnVDUjZSSU12UmhCUjFl?= =?utf-8?B?N2daVzI1V1RnQkh4eldzbWhmSGo2NEVmb29yMmU4c0k0SXVRRjJzdWpuOG9J?= =?utf-8?B?YnJKQllZTEM3eTdweWQyME1LYjhtcVpYRXhMSTZNVEJrVHFwZUFJeUJKdk9F?= =?utf-8?B?a3N3MUVodEZiSGRId1RyTzJEc0FOek05aXJiK0tjNVVKNGVXVVMxMW5QQS96?= =?utf-8?B?T0gzN0s1TVBFeWVCalJFZzRZRStnUzZkRjJHK3Y0TGFURENQMm55RDk1WUJ2?= =?utf-8?B?ZmNWOXU4b2tWeXlySEZqRmFnNlRTb1BGeG82ZmtWMzdFc2RUWnE1cVlsWG92?= =?utf-8?B?T21uNW5VRGRIOVFxaDUrUT09?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN6PR11MB8102.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(7416014)(366016)(1800799024)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NURhMFBuNUpHa3dHZXREN0xMYUo1VVA4Yy9vaFZUZWphSWZlRWkwRUpHM1I5?= =?utf-8?B?M1lpL1llc0REZGdUT0F3Q3FINC9CWWVaMHZOeFlBU2lkQ0taaExEelNpWW1a?= =?utf-8?B?am5JOENiaS9RMzNvSjR3WWVsaTdraDZzQmVHbkJvd05uZEREb1M5dFV2b1BO?= =?utf-8?B?NVo5U2huNUdxUGh4c2ZOMFZqcDYrUnlaRWxRcTVwQkducUJKZXgxcS9mV0hB?= =?utf-8?B?Q29rU282cDBiYURyWTVnYk5Da0FBYjN0Q291bHRTU0lqNmZKblhOM214ajdo?= =?utf-8?B?UEhlZlgxb09tVFRCWHhRMXAxeFl5bUZDcUJuSDdFUXM2U1c3OEFkVFo3NzIr?= =?utf-8?B?NytLaExXWmZZODZZbXh2TklLaEJNRUZRSkl3RWE5YXdwQ3FxYUZ4TjFjY2tC?= =?utf-8?B?ZzlldnB4dmV2cmVjYWZSQ2RVMjF4M1Nsd0szOUFiN1YvaVNlTjN4U28zYU5T?= =?utf-8?B?UXlVb1dQa2xQamJoVUxobGp0THg2NHVxQWxyV25ZRUJyU25tdlFVZHBycmdo?= =?utf-8?B?eWVSOEIzWGkzcVJhN0FJamJ2dDM3bkVZWXR1WW15Q2FXb0xPbVRMV1BQeTQv?= =?utf-8?B?amZmblpkeHYxQmVVZFlSalhTYzFhRzljUGh5U0RJY3lCR2hmdlFvWnFXSDNY?= =?utf-8?B?djJxS0RwbmRDcFd5UmJpeXRaUG5ieHdNOXR3OVhTT3hMU0xUL2VkSklhWHpF?= =?utf-8?B?YzBXUDQxaGkrWTFmdWppeXBaa1BRYUJvVndaM2NQRUorQ1BXTFc4d3o1d2xs?= =?utf-8?B?bXZ0Z2trZWN3bHpZb2ZLV1FtUW1uWXl0NUpGQ0YxSC82UmVrSU92NFZ2VHBa?= =?utf-8?B?YVc5bG1zbENadkg3MXg3aEJoSXJoeE5IdTZSeTB4amQxeVZqNmdqU1QyR1J1?= =?utf-8?B?aG5WZnBDR0RsM2FGYnVOSjFqS1FPWEQwNnk2clhwMHd5RlFTMHpGcTNWVGhJ?= =?utf-8?B?NU8rL0ltU3h5Q0JSTlN6QzZHNVAzbW5FaStYREdWT0kyN3VVWnFScjErNFdH?= =?utf-8?B?WXlYQ1dWT0hzL051Zlg1bzk4Y2w0d3R5N3JNSmg2K2ZoMEtZdERMQXVxU08w?= =?utf-8?B?bmJqbEZndFhXZldoVW1uUjBzOEt4ZDcxRllqUEtsYjhUcmYwSnBkcld5TGU3?= =?utf-8?B?MkNtOEZDekp6cUZOdVN3RE9qTzhiN1E3VWJ3ZW1QaDhNMjZVOEtNOGxZNEw2?= =?utf-8?B?bUUvaU4reSswUE9SUGRnS2R2NFNNVzV6cG5xbGxEUnRZMzVaR282QmY5QzhH?= =?utf-8?B?enJyVHFwNVU2VTBVSU4vYnNVSnU2bTRkaC9SY0NZUXdUanlRY1RrVWpabVJO?= =?utf-8?B?MUVtVFpSTm02MmVrWDNsREVhenVMdUlpdVRCdGgveGQ5dEpvR3R2Z21RWG90?= =?utf-8?B?RStIbldQRkJDRWNUT0R1d2pOcXlsK1RudXA5ZmpMYTBoTEtSS3N4blJNNkJM?= =?utf-8?B?QWpDN2gyVkF0S3FiNmJINVNzVmdZRXZGYU9uVys0U1NVWm0rSytnbk92bWhy?= =?utf-8?B?LzhwNWZCcTBoQVpVZVRLRUxQSDZXN1BwSmFMTFN6R1VwSTljYzhmN0l3UFVn?= =?utf-8?B?WEJVZHM1K2dPd3VVQzh2NzRjMzRZMWtuT1RSM1FBVExsMkZUK1JhcHdneEdN?= =?utf-8?B?Sk5SRVRVWXBwckFMZU0wTWFHbUVUZ255YngvVlV3NDc3OVQ4ZkJtek5Ob1Rh?= =?utf-8?B?VFdYRXJFNktMRXZ5REJrYlZFNTRXR01KOUVUVmZFWllWbTVybXBSVS85Z29B?= =?utf-8?B?TlM4VmlzKzVaS3JocHhGVGxmREU2LzdPWW5jZHR5UUU5MnFHZTFVd3lHNXVW?= =?utf-8?B?SHlRTmI1UERnejJlNStzaklES2gveUNSNFh4ODRjOU81NmY4SGsxb0Mwd2h1?= =?utf-8?B?TnJzMXVIOC9kbHZUQTNsWjFRZ2VZZEZjQUlHdDZ6QTllemc1NUZMWGlKWWF4?= =?utf-8?B?ckJIZjNmazN0OEIrWEJVWW1sZURzVjY3RE9la2d0SGFlby9ucVM1WWV4THFi?= =?utf-8?B?aW9PTG5qb1I5SHJNNnhIZld6SHhFT3V4NUt2blVrL1Z5Vm4zRUVqQVFnL081?= =?utf-8?B?S25uRU9oU0Y3elRkbzlFcVd1dDEwSTN2akg2Qkx2M0NiWmJFbEVnNlM0T3dX?= =?utf-8?B?VU9DcGJiTFBNOU9VQlg0by81TnN6K3VZdUJXTE9zT0xBY2g0UXJwSXMzMDM5?= =?utf-8?B?Vnc9PQ==?= X-MS-Exchange-CrossTenant-Network-Message-Id: fb332852-a8c9-440d-f4ab-08dc9fe47afc X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8102.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jul 2024 06:58:04.5564 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: zMgYSWQZdx3xCsn8lCQ7xJczKzawDD+EKGrmkSYvnMdgRZzD+O0E7UA//MoKjCbThE7ykLGaet1fszEa1IbIvhsSxGSQqWwv8duaQ4dr0FU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5123 X-OriginatorOrg: intel.com X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 5D5B440002 X-Stat-Signature: dk7jdo8ko7nd8m3kzef4p7yy9kjnw5og X-Rspam-User: X-HE-Tag: 1720508289-986662 X-HE-Meta: U2FsdGVkX19Tyidb0d0+62sHPYgcoguVT01WZLSOat7SUg/k2s3pzm2fT/Wd3u7p6w9K7Bns0ae3B2LELzdsrzGVRGd1HUSIrwnggMeI1YDNZHkPMQQfMLhrHlczGrUsR8fVrsOmx/abkxq8Ae2yoMYpfwgElJuEghZCu3xJhW3Una+FPFw95g04oQpLP+4N6jB2QnK63I+zNODsZt4qO5lSOFEYUkqrB4Sd1VYplxrrRVq+hbBscd+Ue5qyLvfhcJ+478qlyWPG9AZtId/+40rJ3Fl1awSHrOycbD6OVbwYUfru/EZQd0nwo2zMR4/i3L2+JVG2EBAYCZCUo+sVLTMY7w3kY/fAohUR3egLnOovPrE4uHp2od5pHIS0VNfSm1/AOteoC6gnonj/N13RtB1frYyaFBt8jfTUnVMBQPSAV34SRrFqnAuThhIrQ9HhS0C7mx6J1wztmfUjWWHNfoGV+uaAp+kSb1hpCs2p/Uw2GRZ71HsZDUe1OA+B19iAZ4zcX2a59xad0FhpMKZxtTjxaQdwulN2jo4S1gPR2jYMLTDsUfIVk4aLDs2YEyOSbn2/hwTqZ40WCotFp9W1oy2AN+nq8m8cdNuWynyVvNl6EeAHcagQlz1fFxB/lP5zigor2/06anC6w+NWU26sSF8oVTdlhRfdtD2uiF9r+/4J/iFdEXfIIfIoL+lkg+amjDboxYbUtRs3a/dZ0/hRhcQ8N2e3mIhROVIpgS3m6fWRd/4nY4e5LKule05KUN3aDACe7c25/dzxmcB3xuPldEe7ORvTdctO3pmZeyP4ZPW8/vEMGtNPLBsTDvzXclm0luxiXGouzCiYTwwHj3i1XVV97QjL/zS8ykitmKvhkq0JdfYI1A5JSvUzgq3i6bosSkLCl9baP0OOtY7+GXSKA3r0VW5/WdNBgULhXHwX+7qPTRYbst8uBxY2bgMCy8hDmaLFppsWBvlaEOfsvtE fqiYesNb l36Uw5ywLEcBKj6tIdfnEdt5PRmTOtAhsNfNFSO/AxrcSxkKeqS2zY39TYh2sYXVmHyRpQFudfwUZl1MHgTygkQiGC6TLZCDr6RR+cCCU/QkTmZPVqbydWz1lwIKjIxQMMzCdz9rug6Tcyea/k2a5F0kru28sN5QMWxPPsjvtTyXK5Ct7s9fdmCadLiI35ZrvuoHuJSA1LF6b95gr5XALnh17Z4wzNORiBj0jj+cIk/8UvyRlakaO635wW0Ze9yN+NTjndGxkkPos9XvFpJ8FAcEVLVUzkYFKSZWdKYt2g8r+zp2goUOJRk2ifrcfXeNnLlQsEYDevmUEaKhM+wHDt+2DcGv1cmP8aXUuXxKalYi4jPt/YBebnE7vTxbpoBRrFlWp2qd7wKSIwfsFjz3fZ4XhoBnrGGijh0HFkb4J87eNVeYTIllObmtovtU/IsHNa26+HM/GE7p9ZuMDEkXuSir5W9aMM55LWT1FmLVPWMbcLCbxYkG6zl9RpXLBSbawbJa9qpBJZAKROtPSOZhzB1lMsjpS+B5EIxjFjo7eGR5Ub6ig5rV6+fJVjgDehm54kUVjYI6NbNpHGAaSukn7zBWkIhdZcVVZ5eFEym9qtT7USCvDOKFovxm1Aca1cVvdK28sHucz5xnYyy8lbm2TD/VGALlCSDeqJFHBuPWLgvFWZ/4nSg24fBF39uDkbvrdtmAUCBoJEpcJLaQjc2PjCWQMhUfuzshyxyMrjAl9h4p2+uGr0oNQlTd6BB8neuG9LnmyBZI1Bo3bPIukaI3Eh2PXiQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 7/8/24 21:18, Kees Cook wrote: > The allocator will already reject giant sizes seen from negative size > arguments, so this commit mainly services as an example for initial > type-based filtering. The size argument is checked for negative values > in signed arguments, saturating any if found instead of passing them on. > > For example, now the size is checked: > > Before: > /* %rdi unchecked */ > 1eb: be c0 0c 00 00 mov $0xcc0,%esi > 1f0: e8 00 00 00 00 call 1f5 > 1f1: R_X86_64_PLT32 __kmalloc_noprof-0x4 > > After: > 6d0: 48 63 c7 movslq %edi,%rax > 6d3: 85 ff test %edi,%edi > 6d5: be c0 0c 00 00 mov $0xcc0,%esi > 6da: 48 c7 c2 ff ff ff ff mov $0xffffffffffffffff,%rdx > 6e1: 48 0f 49 d0 cmovns %rax,%rdx > 6e5: 48 89 d7 mov %rdx,%rdi > 6e8: e8 00 00 00 00 call 6ed > 6e9: R_X86_64_PLT32 __kmalloc_noprof-0x4 > > Signed-off-by: Kees Cook > --- > Cc: Christoph Lameter > Cc: Pekka Enberg > Cc: David Rientjes > Cc: Joonsoo Kim > Cc: Andrew Morton > Cc: Vlastimil Babka > Cc: Roman Gushchin > Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> > Cc: linux-mm@kvack.org > --- > include/linux/slab.h | 19 ++++++++++++++++++- > 1 file changed, 18 insertions(+), 1 deletion(-) > > diff --git a/include/linux/slab.h b/include/linux/slab.h > index d99afce36098..7353756cbec6 100644 > --- a/include/linux/slab.h > +++ b/include/linux/slab.h > @@ -684,7 +684,24 @@ static __always_inline __alloc_size(1) void *kmalloc_noprof(size_t size, gfp_t f > } > return __kmalloc_noprof(size, flags); > } > -#define kmalloc(...) alloc_hooks(kmalloc_noprof(__VA_ARGS__)) > +#define kmalloc_sized(...) alloc_hooks(kmalloc_noprof(__VA_ARGS__)) > + > +#define __size_force_positive(x) \ > + ({ \ > + typeof(__force_integral_expr(x)) __forced_val = \ > + __force_integral_expr(x); \ > + __forced_val < 0 ? SIZE_MAX : __forced_val; \ > + }) > + > +#define kmalloc(p, gfp) _Generic((p), \ > + unsigned char: kmalloc_sized(__force_integral_expr(p), gfp), \ > + unsigned short: kmalloc_sized(__force_integral_expr(p), gfp), \ > + unsigned int: kmalloc_sized(__force_integral_expr(p), gfp), \ > + unsigned long: kmalloc_sized(__force_integral_expr(p), gfp), \ > + signed char: kmalloc_sized(__size_force_positive(p), gfp), \ > + signed short: kmalloc_sized(__size_force_positive(p), gfp), \ > + signed int: kmalloc_sized(__size_force_positive(p), gfp), \ > + signed long: kmalloc_sized(__size_force_positive(p), gfp)) I like this idea and series very much, thank you! What about bool? What about long long? (by this commit one will get a rather easy to parse compile error, but the next one will obscure it a bit) Consider the following correct (albeit somewhat weird) code: /* header */ char *state; /* .c impl, init part */ bool needs_state = some_expr(); state = kmalloc(needs_state, GFP_KERNEL); /* .c, other part */ if (ZERO_OR_NULL_PTR(state)) return _EARLY; *state = state_machine_action(*state); > > #define kmem_buckets_alloc(_b, _size, _flags) \ > alloc_hooks(__kmalloc_node_noprof(PASS_BUCKET_PARAMS(_size, _b), _flags, NUMA_NO_NODE))