mempool: Use kmalloc_size_roundup() to match ksize() usage

Message ID 20221018090323.never.897-kees@kernel.org
State New
Headers
Series mempool: Use kmalloc_size_roundup() to match ksize() usage |

Commit Message

Kees Cook Oct. 18, 2022, 9:03 a.m. UTC
  Round up allocations with kmalloc_size_roundup() so that mempool's use
of ksize() is always accurate and no special handling of the memory is
needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE.

Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-mm@kvack.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 mm/mempool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
  

Comments

Andrew Morton Oct. 18, 2022, 10:51 p.m. UTC | #1
On Tue, 18 Oct 2022 02:03:29 -0700 Kees Cook <keescook@chromium.org> wrote:

> Round up allocations with kmalloc_size_roundup() so that mempool's use
> of ksize() is always accurate and no special handling of the memory is
> needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE.

Confused.  If the special handling is not needed, why doesn't the patch
removed the no longer needed special handling?

> 
> diff --git a/mm/mempool.c b/mm/mempool.c
> index 96488b13a1ef..0f3107b28e6b 100644
> --- a/mm/mempool.c
> +++ b/mm/mempool.c
> @@ -526,7 +526,7 @@ EXPORT_SYMBOL(mempool_free_slab);
>   */
>  void *mempool_kmalloc(gfp_t gfp_mask, void *pool_data)
>  {
> -	size_t size = (size_t)pool_data;
> +	size_t size = kmalloc_size_roundup((size_t)pool_data);
>  	return kmalloc(size, gfp_mask);
>  }
>  EXPORT_SYMBOL(mempool_kmalloc);
> -- 
> 2.34.1
  
Kees Cook Oct. 19, 2022, 5:37 a.m. UTC | #2
On Tue, Oct 18, 2022 at 03:51:37PM -0700, Andrew Morton wrote:
> On Tue, 18 Oct 2022 02:03:29 -0700 Kees Cook <keescook@chromium.org> wrote:
> 
> > Round up allocations with kmalloc_size_roundup() so that mempool's use
> > of ksize() is always accurate and no special handling of the memory is
> > needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE.
> 
> Confused.  If the special handling is not needed, why doesn't the patch
> removed the no longer needed special handling?

The special handling is in the ksize() implementation, so it can't be
removed[1] until all the ksize()-affected users are updated to see their
true allocation sizes first.

[1] https://lore.kernel.org/lkml/20220923202822.2667581-16-keescook@chromium.org/
  
Vlastimil Babka (SUSE) Oct. 24, 2022, 6:03 p.m. UTC | #3
On 10/19/22 07:37, Kees Cook wrote:
> On Tue, Oct 18, 2022 at 03:51:37PM -0700, Andrew Morton wrote:
>> On Tue, 18 Oct 2022 02:03:29 -0700 Kees Cook <keescook@chromium.org> wrote:
>> 
>> > Round up allocations with kmalloc_size_roundup() so that mempool's use
>> > of ksize() is always accurate and no special handling of the memory is
>> > needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE.
>> 
>> Confused.  If the special handling is not needed, why doesn't the patch
>> removed the no longer needed special handling?
> 
> The special handling is in the ksize() implementation, so it can't be
> removed[1] until all the ksize()-affected users are updated to see their
> true allocation sizes first.
> 
> [1] https://lore.kernel.org/lkml/20220923202822.2667581-16-keescook@chromium.org/

But in the previous version I was wondering if we can just stop doing
ksize()-like poison handling in mempool completely, if no mempool consumers
call ksize() to expand their use of the allocated objects. You seemed to
agree but this version is uncahnged?

https://lore.kernel.org/all/f4fc52c4-7c18-1d76-0c7a-4058ea2486b9@suse.cz/
  
Kees Cook Oct. 25, 2022, 10:55 p.m. UTC | #4
On Mon, Oct 24, 2022 at 08:03:34PM +0200, Vlastimil Babka (SUSE) wrote:
> On 10/19/22 07:37, Kees Cook wrote:
> > On Tue, Oct 18, 2022 at 03:51:37PM -0700, Andrew Morton wrote:
> >> On Tue, 18 Oct 2022 02:03:29 -0700 Kees Cook <keescook@chromium.org> wrote:
> >> 
> >> > Round up allocations with kmalloc_size_roundup() so that mempool's use
> >> > of ksize() is always accurate and no special handling of the memory is
> >> > needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE.
> >> 
> >> Confused.  If the special handling is not needed, why doesn't the patch
> >> removed the no longer needed special handling?
> > 
> > The special handling is in the ksize() implementation, so it can't be
> > removed[1] until all the ksize()-affected users are updated to see their
> > true allocation sizes first.
> > 
> > [1] https://lore.kernel.org/lkml/20220923202822.2667581-16-keescook@chromium.org/
> 
> But in the previous version I was wondering if we can just stop doing
> ksize()-like poison handling in mempool completely, if no mempool consumers
> call ksize() to expand their use of the allocated objects. You seemed to
> agree but this version is uncahnged?
> 
> https://lore.kernel.org/all/f4fc52c4-7c18-1d76-0c7a-4058ea2486b9@suse.cz/

Oops, yes. This failed to get on my TODO list. New version coming!
  

Patch

diff --git a/mm/mempool.c b/mm/mempool.c
index 96488b13a1ef..0f3107b28e6b 100644
--- a/mm/mempool.c
+++ b/mm/mempool.c
@@ -526,7 +526,7 @@  EXPORT_SYMBOL(mempool_free_slab);
  */
 void *mempool_kmalloc(gfp_t gfp_mask, void *pool_data)
 {
-	size_t size = (size_t)pool_data;
+	size_t size = kmalloc_size_roundup((size_t)pool_data);
 	return kmalloc(size, gfp_mask);
 }
 EXPORT_SYMBOL(mempool_kmalloc);