From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18488CA9EAD for ; Sun, 20 Oct 2019 15:38:48 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id CAB6021929 for ; Sun, 20 Oct 2019 15:38:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="PfhdEfvC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CAB6021929 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 433B48E0006; Sun, 20 Oct 2019 11:38:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3E3088E0003; Sun, 20 Oct 2019 11:38:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 31F5F8E0006; Sun, 20 Oct 2019 11:38:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0124.hostedemail.com [216.40.44.124]) by kanga.kvack.org (Postfix) with ESMTP id 0AB7D8E0003 for ; Sun, 20 Oct 2019 11:38:47 -0400 (EDT) Received: from smtpin07.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with SMTP id 8000E8249980 for ; Sun, 20 Oct 2019 15:38:46 +0000 (UTC) X-FDA: 76064570652.07.rock93_86c8fe8fcd25a X-HE-Tag: rock93_86c8fe8fcd25a X-Filterd-Recvd-Size: 4554 Received: from mail-ot1-f66.google.com (mail-ot1-f66.google.com [209.85.210.66]) by imf39.hostedemail.com (Postfix) with ESMTP for ; Sun, 20 Oct 2019 15:38:46 +0000 (UTC) Received: by mail-ot1-f66.google.com with SMTP id 89so8898967oth.13 for ; Sun, 20 Oct 2019 08:38:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mRKy+IWzvzoLPClP3yhD30q6JByK0BPaIiWb8PRJQAo=; b=PfhdEfvCMBof5ZUzcbAPFqLfkObIBPJip8RLrfEuFDZ/WqGtCEFg9Pmu3ytQ9uJaaq IIHXOkUADJoEq3ZY38zOSt5IOFVADL4vla5A5x2pD/RGlMJN+PjtlHe6CwtcvTwkExBE GnCb5qIKASGZo8dULKxhd70mxPNRaLnsxqDNkVagXFhXj2myO/+fmO/0ZK9tDodZA1SU 0h8YfxemV3asDpFXP2z28W5e/pxywWqUSr6sCYEqg1YaHqpTrLNq2d98i+6ZcklSBuh7 40NsXAQtIATlpGedjj8H+KaZzDbXPP7u2pI2/phWADy6UJPjsYKlajCLfdDVr8OryiWR pxSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mRKy+IWzvzoLPClP3yhD30q6JByK0BPaIiWb8PRJQAo=; b=HQgKz08wNhuvEODJ551CFDi7IrkuULEQBczJ5r7d3gOtyULZEMd41eZ4yUE7FSKVdK 8HpzsnUQcdSHW/OU5nsCw16jhXjEEfXR/PH+7bxSxh1gJf0XJb9ZfKnjAF1l5WusEG7d 0iOnFhBfc2VPmK4fDBwD7WJES4wXK1KWYvcEbwQZCXbrzZAG5dSlT8rPm2BjmzMMwx5t nsJ3mgS+rHqM044gvy+J/6onN4e5URLTwT2EjAtYl2IHeFAuOrS/CSRdt8FmAwJc7/dD c1ZSQiytAKjAibwEP6s/eI/Xr6sCLnLo4mxNjo2uFNnaCxZrEXB9jAb6ddh55wg8jKBX 7+QA== X-Gm-Message-State: APjAAAUHKEfl3IWHjeDiDUF9I0V/i9mtfDrGgRU76cpde6NhTUFLaP7o yteIWCTGFwHKmjxE+g1hM9ETcxWuhJHN8nqNvVGs5Q== X-Google-Smtp-Source: APXvYqxg1PG73Cc6ECoXvluBvp1fUYof2t+xr75WXa6OJ/A1CqQonms20lyXd0D9udZkKxOPeXQGh+w13z7UlOtUjuc= X-Received: by 2002:a05:6830:10cc:: with SMTP id z12mr15593442oto.110.1571585925113; Sun, 20 Oct 2019 08:38:45 -0700 (PDT) MIME-Version: 1.0 References: <20191010103151.7708-1-mayhs11saini@gmail.com> In-Reply-To: <20191010103151.7708-1-mayhs11saini@gmail.com> From: Jann Horn Date: Sun, 20 Oct 2019 17:38:18 +0200 Message-ID: Subject: Re: [PATCH] slab: Redefine ZERO_SIZE_PTR to include ERR_PTR range To: Shyam Saini Cc: Linux-MM , Kernel Hardening , Matthew Wilcox , Christopher Lameter , Kees Cook Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Oct 10, 2019 at 12:32 PM Shyam Saini wrote: > Currently kfree does not accept ERR_PTR range so redefine ZERO_SIZE_PTR > to include this and also change ZERO_OR_NULL_PTR macro to check this new > range. With this change kfree will skip and behave as no-ops when ERR_PTR > is passed. > > This will help error related to ERR_PTR stand out better. What do you mean by "stand out better"? To me it sounds like before, the kernel would probably blow up in some way if you passed an error pointer into kfree(), and with this change, it will silently ignore it instead, right? If you actually wanted this kind of error to stand out, wouldn't it make more sense to add something like "if (WARN_ON(IS_ERR(x))) return;" to the implementations of kfree()? I would prefer that, since "kfree()" probably indicates that someone messed up their error handling jumps. > After this, we don't need to reset any ERR_PTR variable to NULL before > being passed to any kfree or related wrappers calls, as everything would > be handled by ZERO_SIZE_PTR itself. With the caveat that you still can't do it in code that might be stable-backported, otherwise it will blow up occasionally in the rare case where the error path is hit? [...] > +#define ZERO_SIZE_PTR \ > +({ \ > + BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\ > + (void *)(-MAX_ERRNO-1L); \ > +}) > + > +#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= \ > + (unsigned long)ZERO_SIZE_PTR - 1) If you do go through with this change, you'll probably want to adjust the message in check_bogus_address() - "null address" really isn't an appropriate error message for an address near the end of the address space.