Re: [RFC/PATCH RESEND -next 14/21] mm: slub: kasan: disable kasan when touching unaccessible memory

From: Andrey Ryabinin
Date: Tue Jul 15 2014 - 11:08:43 EST

Next message: Johannes Weiner: "Re: [patch 13/13] mm: memcontrol: rewrite uncharge API"
Previous message: Greg KH: "Re: [PATCH V4 5/6] staging: vt6556: Cleanup indentation on statements"
In reply to: Christoph Lameter: "Re: [RFC/PATCH RESEND -next 14/21] mm: slub: kasan: disable kasan when touching unaccessible memory"
Next in thread: Andrey Ryabinin: "[RFC/PATCH RESEND -next 18/21] arm: mm: reserve shadow memory for kasan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/15/14 18:26, Christoph Lameter wrote:
> On Tue, 15 Jul 2014, Joonsoo Kim wrote:
>
>>> I think putting disable/enable only where we strictly need them might be a problem for future maintenance of slub.
>>> If someone is going to add a new function call somewhere, he must ensure that it this call won't be a problem
>>> for kasan.
>>
>> I don't agree with this.
>>
>> If someone is going to add a slab_pad_check() in other places in
>> slub.c, we should disable/enable kasan there, too. This looks same
>> maintenance problem to me. Putting disable/enable only where we
>> strictly need at least ensures that we don't need to care when using
>> slub internal functions.
>>
>> And, if memchr_inv() is problem, I think that you also need to add hook
>> into validate_slab_cache().
>>
>> validate_slab_cache() -> validate_slab_slab() -> validate_slab() ->
>> check_object() -> check_bytes_and_report() -> memchr_inv()
>
> I think adding disable/enable is good because it separates the payload
> access from metadata accesses. This may be useful for future checkers.
> Maybe call it something different so that this is more generic.
>
> metadata_access_enable()
>
> metadata_access_disable()
>
> ?
>
It sounds like a good idea to me. However in this patch, besides from protecting metadata accesses,
this calls also used in setup_objects for wrapping ctor call. It used there because all pages in allocate_slab
are poisoned, so at the time when ctors are called all object's memory marked as poisoned.

I think this could be solved by removing kasan_alloc_slab_pages() hook form allocate_slab() and adding
kasan_slab_free() hook after ctor call.
But I guess in that case padding at the end of slab will be unpoisoined.

> Maybe someone else has a better idea?
>
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Johannes Weiner: "Re: [patch 13/13] mm: memcontrol: rewrite uncharge API"
Previous message: Greg KH: "Re: [PATCH V4 5/6] staging: vt6556: Cleanup indentation on statements"
In reply to: Christoph Lameter: "Re: [RFC/PATCH RESEND -next 14/21] mm: slub: kasan: disable kasan when touching unaccessible memory"
Next in thread: Andrey Ryabinin: "[RFC/PATCH RESEND -next 18/21] arm: mm: reserve shadow memory for kasan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]