linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 0/2] igb: Proactively round up to kmalloc bucket size
@ 2022-10-18  9:25 Kees Cook
  2022-10-18  9:25 ` [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated Kees Cook
                   ` (2 more replies)
  0 siblings, 3 replies; 11+ messages in thread
From: Kees Cook @ 2022-10-18  9:25 UTC (permalink / raw)
  To: Ruhl, Michael J
  Cc: Kees Cook, Jesse Brandeburg, Tony Nguyen, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, linux-kernel,
	intel-wired-lan, netdev, linux-hardening

Hi,

In preparation for removing the "silently change allocation size"
users of ksize(), explicitly round up all q_vector allocations so that
allocations can be correctly compared to ksize().

Before that, fix a potential Use After Free under memory pressure.

Thanks,

-Kees

v3; split UAF fix from bucket rounding.
v2: https://lore.kernel.org/lkml/20220923202822.2667581-7-keescook@chromium.org/

Kees Cook (2):
  igb: Do not free q_vector unless new one was allocated
  igb: Proactively round up to kmalloc bucket size

 drivers/net/ethernet/intel/igb/igb_main.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

-- 
2.34.1


^ permalink raw reply	[flat|nested] 11+ messages in thread
* [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated
  2022-10-18  9:25 [PATCH v3 0/2] igb: Proactively round up to kmalloc bucket size Kees Cook
@ 2022-10-18  9:25 ` Kees Cook
  2022-10-18 12:20   ` Ruhl, Michael J
  2022-10-29  3:29   ` [Intel-wired-lan] " G, GurucharanX
  2022-10-18  9:25 ` [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size Kees Cook
  2022-10-18 10:09 ` [PATCH v3 0/2] " Kees Cook
  2 siblings, 2 replies; 11+ messages in thread
From: Kees Cook @ 2022-10-18  9:25 UTC (permalink / raw)
  To: Ruhl, Michael J
  Cc: Kees Cook, Jesse Brandeburg, Tony Nguyen, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, linux-hardening

Avoid potential use-after-free condition under memory pressure. If the
kzalloc() fails, q_vector will be freed but left in the original
adapter->q_vector[v_idx] array position.

Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index f8e32833226c..6256855d0f62 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -1202,8 +1202,12 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
 	if (!q_vector) {
 		q_vector = kzalloc(size, GFP_KERNEL);
 	} else if (size > ksize(q_vector)) {
-		kfree_rcu(q_vector, rcu);
-		q_vector = kzalloc(size, GFP_KERNEL);
+		struct igb_q_vector *new_q_vector;
+
+		new_q_vector = kzalloc(size, GFP_KERNEL);
+		if (new_q_vector)
+			kfree_rcu(q_vector, rcu);
+		q_vector = new_q_vector;
 	} else {
 		memset(q_vector, 0, size);
 	}
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
  2022-10-18  9:25 [PATCH v3 0/2] igb: Proactively round up to kmalloc bucket size Kees Cook
  2022-10-18  9:25 ` [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated Kees Cook
@ 2022-10-18  9:25 ` Kees Cook
  2022-10-29  3:17   ` Kees Cook
  2022-10-29  3:30   ` [Intel-wired-lan] " G, GurucharanX
  2022-10-18 10:09 ` [PATCH v3 0/2] " Kees Cook
  2 siblings, 2 replies; 11+ messages in thread
From: Kees Cook @ 2022-10-18  9:25 UTC (permalink / raw)
  To: Ruhl, Michael J
  Cc: Kees Cook, Jesse Brandeburg, Tony Nguyen, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, linux-hardening

In preparation for removing the "silently change allocation size"
users of ksize(), explicitly round up all q_vector allocations so that
allocations can be correctly compared to ksize().

Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: intel-wired-lan@lists.osuosl.org
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 6256855d0f62..7a3a41dc0276 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -1195,7 +1195,7 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
 		return -ENOMEM;
 
 	ring_count = txr_count + rxr_count;
-	size = struct_size(q_vector, ring, ring_count);
+	size = kmalloc_size_roundup(struct_size(q_vector, ring, ring_count));
 
 	/* allocate q_vector and rings */
 	q_vector = adapter->q_vector[v_idx];
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 11+ messages in thread
* Re: [PATCH v3 0/2] igb: Proactively round up to kmalloc bucket size
  2022-10-18  9:25 [PATCH v3 0/2] igb: Proactively round up to kmalloc bucket size Kees Cook
  2022-10-18  9:25 ` [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated Kees Cook
  2022-10-18  9:25 ` [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size Kees Cook
@ 2022-10-18 10:09 ` Kees Cook
  2 siblings, 0 replies; 11+ messages in thread
From: Kees Cook @ 2022-10-18 10:09 UTC (permalink / raw)
  To: Michael J Ruhl
  Cc: Jesse Brandeburg, Tony Nguyen, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, linux-kernel, intel-wired-lan,
	netdev, linux-hardening

On Tue, Oct 18, 2022 at 02:25:23AM -0700, Kees Cook wrote:
> Kees Cook (2):
>   igb: Do not free q_vector unless new one was allocated
>   igb: Proactively round up to kmalloc bucket size
> 
>  drivers/net/ethernet/intel/igb/igb_main.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)

Ugh, yay for my MUA vs commas. Sorry for any future typo bounce spam. :(

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 11+ messages in thread
* RE: [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated
  2022-10-18  9:25 ` [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated Kees Cook
@ 2022-10-18 12:20   ` Ruhl, Michael J
  2022-10-29  3:29   ` [Intel-wired-lan] " G, GurucharanX
  1 sibling, 0 replies; 11+ messages in thread
From: Ruhl, Michael J @ 2022-10-18 12:20 UTC (permalink / raw)
  To: Kees Cook, Ruhl
  Cc: Brandeburg, Jesse, Nguyen, Anthony L, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, linux-hardening

>-----Original Message-----
>From: Kees Cook <keescook@chromium.org>
>Sent: Tuesday, October 18, 2022 5:25 AM
>To: Ruhl@www.outflux.net; Ruhl, Michael J <michael.j.ruhl@intel.com>
>Cc: Kees Cook <keescook@chromium.org>; Brandeburg, Jesse
><jesse.brandeburg@intel.com>; Nguyen, Anthony L
><anthony.l.nguyen@intel.com>; David S. Miller <davem@davemloft.net>;
>Eric Dumazet <edumazet@google.com>; Jakub Kicinski <kuba@kernel.org>;
>Paolo Abeni <pabeni@redhat.com>; intel-wired-lan@lists.osuosl.org;
>netdev@vger.kernel.org; linux-kernel@vger.kernel.org; linux-
>hardening@vger.kernel.org
>Subject: [PATCH v3 1/2] igb: Do not free q_vector unless new one was
>allocated
>
>Avoid potential use-after-free condition under memory pressure. If the
>kzalloc() fails, q_vector will be freed but left in the original
>adapter->q_vector[v_idx] array position.
>
>Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
>Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
>Cc: "David S. Miller" <davem@davemloft.net>
>Cc: Eric Dumazet <edumazet@google.com>
>Cc: Jakub Kicinski <kuba@kernel.org>
>Cc: Paolo Abeni <pabeni@redhat.com>
>Cc: intel-wired-lan@lists.osuosl.org
>Cc: netdev@vger.kernel.org
>Signed-off-by: Kees Cook <keescook@chromium.org>
>---
> drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
>diff --git a/drivers/net/ethernet/intel/igb/igb_main.c
>b/drivers/net/ethernet/intel/igb/igb_main.c
>index f8e32833226c..6256855d0f62 100644
>--- a/drivers/net/ethernet/intel/igb/igb_main.c
>+++ b/drivers/net/ethernet/intel/igb/igb_main.c
>@@ -1202,8 +1202,12 @@ static int igb_alloc_q_vector(struct igb_adapter
>*adapter,
> 	if (!q_vector) {
> 		q_vector = kzalloc(size, GFP_KERNEL);
> 	} else if (size > ksize(q_vector)) {
>-		kfree_rcu(q_vector, rcu);
>-		q_vector = kzalloc(size, GFP_KERNEL);
>+		struct igb_q_vector *new_q_vector;
>+
>+		new_q_vector = kzalloc(size, GFP_KERNEL);
>+		if (new_q_vector)
>+			kfree_rcu(q_vector, rcu);
>+		q_vector = new_q_vector;

Ok, that makes more sense to me.

Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>

Mike


> 	} else {
> 		memset(q_vector, 0, size);
> 	}
>--
>2.34.1


^ permalink raw reply	[flat|nested] 11+ messages in thread
* Re: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
  2022-10-18  9:25 ` [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size Kees Cook
@ 2022-10-29  3:17   ` Kees Cook
  2022-10-31 20:42     ` Ruhl, Michael J
  2022-10-29  3:30   ` [Intel-wired-lan] " G, GurucharanX
  1 sibling, 1 reply; 11+ messages in thread
From: Kees Cook @ 2022-10-29  3:17 UTC (permalink / raw)
  To: Ruhl, Michael J
  Cc: Jesse Brandeburg, Tony Nguyen, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni, intel-wired-lan, netdev,
	linux-kernel, linux-hardening

On Tue, Oct 18, 2022 at 02:25:25AM -0700, Kees Cook wrote:
> In preparation for removing the "silently change allocation size"
> users of ksize(), explicitly round up all q_vector allocations so that
> allocations can be correctly compared to ksize().
>
> Signed-off-by: Kees Cook <keescook@chromium.org>

Hi! Any feedback on this part of the patch pair?

> ---
>  drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
> index 6256855d0f62..7a3a41dc0276 100644
> --- a/drivers/net/ethernet/intel/igb/igb_main.c
> +++ b/drivers/net/ethernet/intel/igb/igb_main.c
> @@ -1195,7 +1195,7 @@ static int igb_alloc_q_vector(struct igb_adapter *adapter,
>  		return -ENOMEM;
>  
>  	ring_count = txr_count + rxr_count;
> -	size = struct_size(q_vector, ring, ring_count);
> +	size = kmalloc_size_roundup(struct_size(q_vector, ring, ring_count));
>  
>  	/* allocate q_vector and rings */
>  	q_vector = adapter->q_vector[v_idx];

Thanks! :)

-Kees

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 11+ messages in thread
* RE: [Intel-wired-lan] [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated
  2022-10-18  9:25 ` [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated Kees Cook
  2022-10-18 12:20   ` Ruhl, Michael J
@ 2022-10-29  3:29   ` G, GurucharanX
  1 sibling, 0 replies; 11+ messages in thread
From: G, GurucharanX @ 2022-10-29  3:29 UTC (permalink / raw)
  To: Kees Cook, Ruhl, Ruhl, Michael J
  Cc: intel-wired-lan, linux-kernel, Eric Dumazet, linux-hardening,
	netdev, Jakub Kicinski, Paolo Abeni, David S. Miller



> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf Of
> Kees Cook
> Sent: Tuesday, October 18, 2022 2:55 PM
> To: Ruhl@www.outflux.net; Ruhl, Michael J <michael.j.ruhl@intel.com>
> Cc: Kees Cook <keescook@chromium.org>; intel-wired-lan@lists.osuosl.org;
> linux-kernel@vger.kernel.org; Eric Dumazet <edumazet@google.com>;
> linux-hardening@vger.kernel.org; netdev@vger.kernel.org; Jakub Kicinski
> <kuba@kernel.org>; Paolo Abeni <pabeni@redhat.com>; David S. Miller
> <davem@davemloft.net>
> Subject: [Intel-wired-lan] [PATCH v3 1/2] igb: Do not free q_vector unless
> new one was allocated
> 
> Avoid potential use-after-free condition under memory pressure. If the
> kzalloc() fails, q_vector will be freed but left in the original
> adapter->q_vector[v_idx] array position.
> 
> Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
> Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: intel-wired-lan@lists.osuosl.org
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  drivers/net/ethernet/intel/igb/igb_main.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 

Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)

^ permalink raw reply	[flat|nested] 11+ messages in thread
* RE: [Intel-wired-lan] [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
  2022-10-18  9:25 ` [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size Kees Cook
  2022-10-29  3:17   ` Kees Cook
@ 2022-10-29  3:30   ` G, GurucharanX
  1 sibling, 0 replies; 11+ messages in thread
From: G, GurucharanX @ 2022-10-29  3:30 UTC (permalink / raw)
  To: Kees Cook, Ruhl, Ruhl, Michael J
  Cc: intel-wired-lan, linux-kernel, Eric Dumazet, linux-hardening,
	netdev, Jakub Kicinski, Paolo Abeni, David S. Miller



> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf Of
> Kees Cook
> Sent: Tuesday, October 18, 2022 2:55 PM
> To: Ruhl@www.outflux.net; Ruhl, Michael J <michael.j.ruhl@intel.com>
> Cc: Kees Cook <keescook@chromium.org>; intel-wired-lan@lists.osuosl.org;
> linux-kernel@vger.kernel.org; Eric Dumazet <edumazet@google.com>;
> linux-hardening@vger.kernel.org; netdev@vger.kernel.org; Jakub Kicinski
> <kuba@kernel.org>; Paolo Abeni <pabeni@redhat.com>; David S. Miller
> <davem@davemloft.net>
> Subject: [Intel-wired-lan] [PATCH v3 2/2] igb: Proactively round up to kmalloc
> bucket size
> 
> In preparation for removing the "silently change allocation size"
> users of ksize(), explicitly round up all q_vector allocations so that allocations
> can be correctly compared to ksize().
> 
> Cc: Jesse Brandeburg <jesse.brandeburg@intel.com>
> Cc: Tony Nguyen <anthony.l.nguyen@intel.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: intel-wired-lan@lists.osuosl.org
> Cc: netdev@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 

Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)

^ permalink raw reply	[flat|nested] 11+ messages in thread
* RE: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
  2022-10-29  3:17   ` Kees Cook
@ 2022-10-31 20:42     ` Ruhl, Michael J
  2022-11-01 21:37       ` Kees Cook
  0 siblings, 1 reply; 11+ messages in thread
From: Ruhl, Michael J @ 2022-10-31 20:42 UTC (permalink / raw)
  To: Kees Cook
  Cc: Brandeburg, Jesse, Nguyen, Anthony L, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, linux-hardening

>-----Original Message-----
>From: Kees Cook <keescook@chromium.org>
>Sent: Friday, October 28, 2022 11:18 PM
>To: Ruhl, Michael J <michael.j.ruhl@intel.com>
>Cc: Brandeburg, Jesse <jesse.brandeburg@intel.com>; Nguyen, Anthony L
><anthony.l.nguyen@intel.com>; David S. Miller <davem@davemloft.net>;
>Eric Dumazet <edumazet@google.com>; Jakub Kicinski <kuba@kernel.org>;
>Paolo Abeni <pabeni@redhat.com>; intel-wired-lan@lists.osuosl.org;
>netdev@vger.kernel.org; linux-kernel@vger.kernel.org; linux-
>hardening@vger.kernel.org
>Subject: Re: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
>
>On Tue, Oct 18, 2022 at 02:25:25AM -0700, Kees Cook wrote:
>> In preparation for removing the "silently change allocation size"
>> users of ksize(), explicitly round up all q_vector allocations so that
>> allocations can be correctly compared to ksize().
>>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>
>Hi! Any feedback on this part of the patch pair?
>
>> ---
>>  drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/ethernet/intel/igb/igb_main.c
>b/drivers/net/ethernet/intel/igb/igb_main.c
>> index 6256855d0f62..7a3a41dc0276 100644
>> --- a/drivers/net/ethernet/intel/igb/igb_main.c
>> +++ b/drivers/net/ethernet/intel/igb/igb_main.c
>> @@ -1195,7 +1195,7 @@ static int igb_alloc_q_vector(struct igb_adapter
>*adapter,
>>  		return -ENOMEM;
>>
>>  	ring_count = txr_count + rxr_count;
>> -	size = struct_size(q_vector, ring, ring_count);
>> +	size = kmalloc_size_roundup(struct_size(q_vector, ring, ring_count));
>>
>>  	/* allocate q_vector and rings */
>>  	q_vector = adapter->q_vector[v_idx];

Hi Kees,

Looking at the size usage (from elixir), I see:

--
	if (!q_vector) {
		q_vector = kzalloc(size, GFP_KERNEL);
	} else if (size > ksize(q_vector)) {
		kfree_rcu(q_vector, rcu);
		q_vector = kzalloc(size, GFP_KERNEL);
	} else {
		memset(q_vector, 0, size);
	}
--

If the size is rounded up, will the (size > ksize()) check ever be true?

I.e. have you eliminated this check (and maybe getting rid of the need for first patch?)?

Thanks,

Mike


>
>Thanks! :)
>
>-Kees
>
>--
>Kees Cook

^ permalink raw reply	[flat|nested] 11+ messages in thread
* Re: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
  2022-10-31 20:42     ` Ruhl, Michael J
@ 2022-11-01 21:37       ` Kees Cook
  2022-11-02 14:12         ` Ruhl, Michael J
  0 siblings, 1 reply; 11+ messages in thread
From: Kees Cook @ 2022-11-01 21:37 UTC (permalink / raw)
  To: Ruhl, Michael J
  Cc: Brandeburg, Jesse, Nguyen, Anthony L, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, linux-hardening

On Mon, Oct 31, 2022 at 08:42:36PM +0000, Ruhl, Michael J wrote:
> Looking at the size usage (from elixir), I see:
> 
> --
> 	if (!q_vector) {
> 		q_vector = kzalloc(size, GFP_KERNEL);
> 	} else if (size > ksize(q_vector)) {
> 		kfree_rcu(q_vector, rcu);
> 		q_vector = kzalloc(size, GFP_KERNEL);
> 	} else {
> 		memset(q_vector, 0, size);
> 	}
> --
> 
> If the size is rounded up, will the (size > ksize()) check ever be true?
> 
> I.e. have you eliminated this check (and maybe getting rid of the need for first patch?)?

Hi!

It looked like igb_alloc_q_vector() was designed to be called multiple
times on the same q_vector (i.e. to grow its allocation size over time).
So for that case, yes, the "size > ksize(q_vector)" check is needed. If
it's only ever called once (which is hard for me to tell), then no. (And
if "no", why was the alloc/free case even there in the first place?)

-Kees

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 11+ messages in thread
* RE: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
  2022-11-01 21:37       ` Kees Cook
@ 2022-11-02 14:12         ` Ruhl, Michael J
  0 siblings, 0 replies; 11+ messages in thread
From: Ruhl, Michael J @ 2022-11-02 14:12 UTC (permalink / raw)
  To: Kees Cook
  Cc: Brandeburg, Jesse, Nguyen, Anthony L, David S. Miller,
	Eric Dumazet, Jakub Kicinski, Paolo Abeni, intel-wired-lan,
	netdev, linux-kernel, linux-hardening

>-----Original Message-----
>From: Kees Cook <keescook@chromium.org>
>Sent: Tuesday, November 1, 2022 5:37 PM
>To: Ruhl, Michael J <michael.j.ruhl@intel.com>
>Cc: Brandeburg, Jesse <jesse.brandeburg@intel.com>; Nguyen, Anthony L
><anthony.l.nguyen@intel.com>; David S. Miller <davem@davemloft.net>;
>Eric Dumazet <edumazet@google.com>; Jakub Kicinski <kuba@kernel.org>;
>Paolo Abeni <pabeni@redhat.com>; intel-wired-lan@lists.osuosl.org;
>netdev@vger.kernel.org; linux-kernel@vger.kernel.org; linux-
>hardening@vger.kernel.org
>Subject: Re: [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size
>
>On Mon, Oct 31, 2022 at 08:42:36PM +0000, Ruhl, Michael J wrote:
>> Looking at the size usage (from elixir), I see:
>>
>> --
>> 	if (!q_vector) {
>> 		q_vector = kzalloc(size, GFP_KERNEL);
>> 	} else if (size > ksize(q_vector)) {
>> 		kfree_rcu(q_vector, rcu);
>> 		q_vector = kzalloc(size, GFP_KERNEL);
>> 	} else {
>> 		memset(q_vector, 0, size);
>> 	}
>> --
>>
>> If the size is rounded up, will the (size > ksize()) check ever be true?
>>
>> I.e. have you eliminated this check (and maybe getting rid of the need for
>first patch?)?
>
>Hi!
>
>It looked like igb_alloc_q_vector() was designed to be called multiple
>times on the same q_vector (i.e. to grow its allocation size over time).
>So for that case, yes, the "size > ksize(q_vector)" check is needed. If
>it's only ever called once (which is hard for me to tell), then no. (And
>if "no", why was the alloc/free case even there in the first place?)

Ahh, Ok, I missed the fact that size is based on ring_count.  When I saw
the "struct_size" I assumed that size would be the same every time and
missed this point.

So can vary over time, and this ksize check is needed.

With that in mind these patches look good to me.

Reviewed-by: Michael J. Ruhl <michael.j.ruhl@intel.com>

Mike

>-Kees
>
>--
>Kees Cook

^ permalink raw reply	[flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-11-02 14:22 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-18  9:25 [PATCH v3 0/2] igb: Proactively round up to kmalloc bucket size Kees Cook
2022-10-18  9:25 ` [PATCH v3 1/2] igb: Do not free q_vector unless new one was allocated Kees Cook
2022-10-18 12:20   ` Ruhl, Michael J
2022-10-29  3:29   ` [Intel-wired-lan] " G, GurucharanX
2022-10-18  9:25 ` [PATCH v3 2/2] igb: Proactively round up to kmalloc bucket size Kees Cook
2022-10-29  3:17   ` Kees Cook
2022-10-31 20:42     ` Ruhl, Michael J
2022-11-01 21:37       ` Kees Cook
2022-11-02 14:12         ` Ruhl, Michael J
2022-10-29  3:30   ` [Intel-wired-lan] " G, GurucharanX
2022-10-18 10:09 ` [PATCH v3 0/2] " Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).