[RFC,0/5] slab: Allocate and use per-call-site caches

Message ID	20240809072532.work.266-kees@kernel.org (mailing list archive)
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 009E0175D2C; Fri, 9 Aug 2024 07:33:09 +0000 (UTC) From: Kees Cook <kees@kernel.org> To: Vlastimil Babka <vbabka@suse.cz> Cc: Kees Cook <kees@kernel.org>, Suren Baghdasaryan <surenb@google.com>, Kent Overstreet <kent.overstreet@linux.dev>, "GONG, Ruiqi" <gongruiqi@huaweicloud.com>, Jann Horn <jannh@google.com>, Matteo Rizzo <matteorizzo@google.com>, jvoisin <julien.voisin@dustri.org>, Xiu Jianfeng <xiujianfeng@huawei.com>, Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>, David Rientjes <rientjes@google.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>, Andrew Morton <akpm@linux-foundation.org>, Roman Gushchin <roman.gushchin@linux.dev>, Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Subject: [RFC][PATCH 0/5] slab: Allocate and use per-call-site caches Date: Fri, 9 Aug 2024 00:33:01 -0700 Message-Id: <20240809072532.work.266-kees@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	slab: Allocate and use per-call-site caches \| expand [RFC,0/5] slab: Allocate and use per-call-site caches [1/5] slab: Introduce kmem_buckets_destroy() [2/5] codetag: Run module_load hooks for builtin codetags [3/5] codetag: Introduce codetag_early_walk() [4/5] alloc_tag: Track fixed vs dynamic sized kmalloc calls [5/5] slab: Allocate and use per-call-site caches

Message ID

20240809072532.work.266-kees@kernel.org (mailing list archive)

Headers

From: Kees Cook <kees@kernel.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Kees Cook <kees@kernel.org>,
	Suren Baghdasaryan <surenb@google.com>,
	Kent Overstreet <kent.overstreet@linux.dev>,
	"GONG, Ruiqi" <gongruiqi@huaweicloud.com>,
	Jann Horn <jannh@google.com>,
	Matteo Rizzo <matteorizzo@google.com>,
	jvoisin <julien.voisin@dustri.org>,
	Xiu Jianfeng <xiujianfeng@huawei.com>,
	Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Subject: [RFC][PATCH 0/5] slab: Allocate and use per-call-site caches
Date: Fri,  9 Aug 2024 00:33:01 -0700
Message-Id: <20240809072532.work.266-kees@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

slab: Allocate and use per-call-site caches | expand

Message

Kees Cook Aug. 9, 2024, 7:33 a.m. UTC

Hi,

Here's my current progress on using per-call-site kmalloc caches (instead
of KMALLOC_NORMAL), as a defense against the common heap-grooming attacks
that construct malicious objects in the same cache as a target object.

I'd like to get feedback on the general approach before I continue with
it. I've noted in the later patches what additional improvements I'd
like to make. The first 3 patches are relatively small infrastructure
changes.

Thanks!

-Kees

Kees Cook (5):
  slab: Introduce kmem_buckets_destroy()
  codetag: Run module_load hooks for builtin codetags
  codetag: Introduce codetag_early_walk()
  alloc_tag: Track fixed vs dynamic sized kmalloc calls
  slab: Allocate and use per-call-site caches

 include/linux/alloc_tag.h |  38 +++++++++--
 include/linux/codetag.h   |   2 +
 include/linux/slab.h      |  17 ++---
 lib/alloc_tag.c           | 129 +++++++++++++++++++++++++++++++++++---
 lib/codetag.c             |  21 +++++--
 mm/Kconfig                |  25 ++++++++
 mm/slab_common.c          |  18 +++++-
 mm/slub.c                 |  31 ++++++++-
 8 files changed, 253 insertions(+), 28 deletions(-)