Re: [PATCH v3] mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB

[Andrey Ryabinin]

On 06/17/2016 05:27 PM, Alexander Potapenko wrote:
> On Wed, Jun 15, 2016 at 6:50 PM, Andrey Ryabinin
> <aryabinin@xxxxxxxxxxxxx> wrote:
>>
>>
>> On 06/15/2016 06:26 PM, Alexander Potapenko wrote:
>>> For KASAN builds:
>>>  - switch SLUB allocator to using stackdepot instead of storing the
>>>    allocation/deallocation stacks in the objects;
>>>  - define SLAB_RED_ZONE, SLAB_POISON, SLAB_STORE_USER to zero,
>>>    effectively disabling these debug features, as they're redundant in
>>>    the presence of KASAN;
>>
>> So, why we forbid these? If user wants to set these, why not? If you don't want it, just don't turn them on, that's it.
> SLAB_RED_ZONE simply doesn't work with KASAN.

Why? This sounds like a bug.

> With additional efforts it may work, but I don't think we really need
> that. Extra red zones will just bloat the heap, and won't give any
> interesting signal except "someone corrupted this object from
> non-instrumented code".
> SLAB_POISON doesn't crash on simple tests, but I am not sure there are
> no corner cases which I haven't checked, so I thought it's safer to
> disable it.
> As I said before, we can make SLAB_STORE_USER use stackdepot in a
> later CL, thus we disable it now.
> 

This doesn't explain why we need this. What's the problem you are trying to solve by this? And why it is ok to silently ignore user requests?
You think that these options are redundant, I get it. Well, then just don't turn them on.
But, when a user requests for something, he expects that such request will be fulfilled, not just ignored.

>> And sometimes POISON/REDZONE might be actually useful. KASAN doesn't catch everything,
>> e.g. corruption may happen in assembly code, or DMA by  some device.
>>
>>