License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 15:07:57 +01:00
/* SPDX-License-Identifier: GPL-2.0 */
2012-07-06 15:25:11 -05:00
# ifndef MM_SLAB_H
# define MM_SLAB_H
/*
* Internal slab definitions
*/
2014-10-09 15:26:00 -07:00
# ifdef CONFIG_SLOB
/*
* Common fields provided in kmem_cache by all slab allocators
* This struct is either used directly by the allocator ( SLOB )
* or the allocator must include definitions for all fields
* provided in kmem_cache_common in their definition of kmem_cache .
*
* Once we can do anonymous structs ( C11 standard ) we could put a
* anonymous struct definition in these allocators so that the
* separate allocations in the kmem_cache structure of SLAB and
* SLUB is no longer needed .
*/
struct kmem_cache {
unsigned int object_size ; /* The original size of the object */
unsigned int size ; /* The aligned/padded/added on size */
unsigned int align ; /* Alignment as calculated */
2017-11-15 17:32:18 -08:00
slab_flags_t flags ; /* Active flags on the slab */
2018-04-05 16:21:31 -07:00
unsigned int useroffset ; /* Usercopy region offset */
unsigned int usersize ; /* Usercopy region size */
2014-10-09 15:26:00 -07:00
const char * name ; /* Slab name for sysfs */
int refcount ; /* Use counter */
void ( * ctor ) ( void * ) ; /* Called on object slot creation */
struct list_head list ; /* List of all slab caches on the system */
} ;
# endif /* CONFIG_SLOB */
# ifdef CONFIG_SLAB
# include <linux/slab_def.h>
# endif
# ifdef CONFIG_SLUB
# include <linux/slub_def.h>
# endif
# include <linux/memcontrol.h>
2016-03-15 14:53:35 -07:00
# include <linux/fault-inject.h>
# include <linux/kasan.h>
# include <linux/kmemleak.h>
2016-07-26 15:21:56 -07:00
# include <linux/random.h>
2017-03-03 10:13:38 +01:00
# include <linux/sched/mm.h>
2014-10-09 15:26:00 -07:00
2012-07-06 15:25:11 -05:00
/*
* State of the slab allocator .
*
* This is used to describe the states of the allocator during bootup .
* Allocators use this to gradually bootstrap themselves . Most allocators
* have the problem that the structures used for managing slab caches are
* allocated from slab caches themselves .
*/
enum slab_state {
DOWN , /* No slab functionality yet */
PARTIAL , /* SLUB: kmem_cache_node available */
2013-01-10 19:14:19 +00:00
PARTIAL_NODE , /* SLAB: kmalloc size for node struct available */
2012-07-06 15:25:11 -05:00
UP , /* Slab caches usable but not all extras yet */
FULL /* Everything is working */
} ;
extern enum slab_state slab_state ;
2012-07-06 15:25:12 -05:00
/* The slab cache mutex protects the management structures during changes */
extern struct mutex slab_mutex ;
2012-09-05 00:20:33 +00:00
/* The list of all slab caches on the system */
2012-07-06 15:25:12 -05:00
extern struct list_head slab_caches ;
2012-09-05 00:20:33 +00:00
/* The slab cache that manages slab cache information */
extern struct kmem_cache * kmem_cache ;
2017-02-22 15:41:05 -08:00
/* A table of kmalloc cache names and sizes */
extern const struct kmalloc_info_struct {
mm, slab: make kmalloc_info[] contain all types of names
Patch series "mm, slab: Make kmalloc_info[] contain all types of names", v6.
There are three types of kmalloc, KMALLOC_NORMAL, KMALLOC_RECLAIM
and KMALLOC_DMA.
The name of KMALLOC_NORMAL is contained in kmalloc_info[].name,
but the names of KMALLOC_RECLAIM and KMALLOC_DMA are dynamically
generated by kmalloc_cache_name().
Patch1 predefines the names of all types of kmalloc to save
the time spent dynamically generating names.
These changes make sense, and the time spent by new_kmalloc_cache()
has been reduced by approximately 36.3%.
Time spent by new_kmalloc_cache()
(CPU cycles)
5.3-rc7 66264
5.3-rc7+patch 42188
This patch (of 3):
There are three types of kmalloc, KMALLOC_NORMAL, KMALLOC_RECLAIM and
KMALLOC_DMA.
The name of KMALLOC_NORMAL is contained in kmalloc_info[].name, but the
names of KMALLOC_RECLAIM and KMALLOC_DMA are dynamically generated by
kmalloc_cache_name().
This patch predefines the names of all types of kmalloc to save the time
spent dynamically generating names.
Besides, remove the kmalloc_cache_name() that is no longer used.
Link: http://lkml.kernel.org/r/1569241648-26908-2-git-send-email-lpf.vector@gmail.com
Signed-off-by: Pengfei Li <lpf.vector@gmail.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Roman Gushchin <guro@fb.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-11-30 17:49:21 -08:00
const char * name [ NR_KMALLOC_TYPES ] ;
2018-04-05 16:20:29 -07:00
unsigned int size ;
2017-02-22 15:41:05 -08:00
} kmalloc_info [ ] ;
2013-01-10 19:12:17 +00:00
# ifndef CONFIG_SLOB
/* Kmalloc array related functions */
2015-06-24 16:55:57 -07:00
void setup_kmalloc_cache_index_table ( void ) ;
2017-11-15 17:32:18 -08:00
void create_kmalloc_caches ( slab_flags_t ) ;
2013-01-10 19:14:19 +00:00
/* Find the kmalloc slab corresponding for a certain size */
struct kmem_cache * kmalloc_slab ( size_t , gfp_t ) ;
2013-01-10 19:12:17 +00:00
# endif
2020-08-06 23:18:28 -07:00
gfp_t kmalloc_fix_flags ( gfp_t flags ) ;
2013-01-10 19:12:17 +00:00
2012-09-05 00:20:33 +00:00
/* Functions provided by the slab allocators */
2017-11-15 17:32:18 -08:00
int __kmem_cache_create ( struct kmem_cache * , slab_flags_t flags ) ;
2012-07-06 15:25:11 -05:00
2018-04-05 16:20:29 -07:00
struct kmem_cache * create_kmalloc_cache ( const char * name , unsigned int size ,
slab_flags_t flags , unsigned int useroffset ,
unsigned int usersize ) ;
2012-11-28 16:23:07 +00:00
extern void create_boot_cache ( struct kmem_cache * , const char * name ,
2018-04-05 16:20:33 -07:00
unsigned int size , slab_flags_t flags ,
unsigned int useroffset , unsigned int usersize ) ;
2012-11-28 16:23:07 +00:00
2014-10-09 15:26:22 -07:00
int slab_unmergeable ( struct kmem_cache * s ) ;
2018-04-05 16:20:37 -07:00
struct kmem_cache * find_mergeable ( unsigned size , unsigned align ,
2017-11-15 17:32:18 -08:00
slab_flags_t flags , const char * name , void ( * ctor ) ( void * ) ) ;
2014-10-09 15:26:24 -07:00
# ifndef CONFIG_SLOB
2012-12-18 14:22:34 -08:00
struct kmem_cache *
2018-04-05 16:20:37 -07:00
__kmem_cache_alias ( const char * name , unsigned int size , unsigned int align ,
2017-11-15 17:32:18 -08:00
slab_flags_t flags , void ( * ctor ) ( void * ) ) ;
2014-10-09 15:26:22 -07:00
2018-04-05 16:21:24 -07:00
slab_flags_t kmem_cache_flags ( unsigned int object_size ,
2021-02-24 12:00:58 -08:00
slab_flags_t flags , const char * name ) ;
2012-09-05 00:18:32 +00:00
# else
2012-12-18 14:22:34 -08:00
static inline struct kmem_cache *
2018-04-05 16:20:37 -07:00
__kmem_cache_alias ( const char * name , unsigned int size , unsigned int align ,
2017-11-15 17:32:18 -08:00
slab_flags_t flags , void ( * ctor ) ( void * ) )
2012-09-05 00:18:32 +00:00
{ return NULL ; }
2014-10-09 15:26:22 -07:00
2018-04-05 16:21:24 -07:00
static inline slab_flags_t kmem_cache_flags ( unsigned int object_size ,
2021-02-24 12:00:58 -08:00
slab_flags_t flags , const char * name )
2014-10-09 15:26:22 -07:00
{
return flags ;
}
2012-09-05 00:18:32 +00:00
# endif
2012-10-17 15:36:51 +04:00
/* Legal flag mask for kmem_cache_create(), for various configurations */
mm: add support for kmem caches in DMA32 zone
Patch series "iommu/io-pgtable-arm-v7s: Use DMA32 zone for page tables",
v6.
This is a followup to the discussion in [1], [2].
IOMMUs using ARMv7 short-descriptor format require page tables (level 1
and 2) to be allocated within the first 4GB of RAM, even on 64-bit
systems.
For L1 tables that are bigger than a page, we can just use
__get_free_pages with GFP_DMA32 (on arm64 systems only, arm would still
use GFP_DMA).
For L2 tables that only take 1KB, it would be a waste to allocate a full
page, so we considered 3 approaches:
1. This series, adding support for GFP_DMA32 slab caches.
2. genalloc, which requires pre-allocating the maximum number of L2 page
tables (4096, so 4MB of memory).
3. page_frag, which is not very memory-efficient as it is unable to reuse
freed fragments until the whole page is freed. [3]
This series is the most memory-efficient approach.
stable@ note:
We confirmed that this is a regression, and IOMMU errors happen on 4.19
and linux-next/master on MT8173 (elm, Acer Chromebook R13). The issue
most likely starts from commit ad67f5a6545f ("arm64: replace ZONE_DMA
with ZONE_DMA32"), i.e. 4.15, and presumably breaks a number of Mediatek
platforms (and maybe others?).
[1] https://lists.linuxfoundation.org/pipermail/iommu/2018-November/030876.html
[2] https://lists.linuxfoundation.org/pipermail/iommu/2018-December/031696.html
[3] https://patchwork.codeaurora.org/patch/671639/
This patch (of 3):
IOMMUs using ARMv7 short-descriptor format require page tables to be
allocated within the first 4GB of RAM, even on 64-bit systems. On arm64,
this is done by passing GFP_DMA32 flag to memory allocation functions.
For IOMMU L2 tables that only take 1KB, it would be a waste to allocate
a full page using get_free_pages, so we considered 3 approaches:
1. This patch, adding support for GFP_DMA32 slab caches.
2. genalloc, which requires pre-allocating the maximum number of L2
page tables (4096, so 4MB of memory).
3. page_frag, which is not very memory-efficient as it is unable
to reuse freed fragments until the whole page is freed.
This change makes it possible to create a custom cache in DMA32 zone using
kmem_cache_create, then allocate memory using kmem_cache_alloc.
We do not create a DMA32 kmalloc cache array, as there are currently no
users of kmalloc(..., GFP_DMA32). These calls will continue to trigger a
warning, as we keep GFP_DMA32 in GFP_SLAB_BUG_MASK.
This implies that calls to kmem_cache_*alloc on a SLAB_CACHE_DMA32
kmem_cache must _not_ use GFP_DMA32 (it is anyway redundant and
unnecessary).
Link: http://lkml.kernel.org/r/20181210011504.122604-2-drinkcat@chromium.org
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Will Deacon <will.deacon@arm.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Sasha Levin <Alexander.Levin@microsoft.com>
Cc: Huaisheng Ye <yehs1@lenovo.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Yong Wu <yong.wu@mediatek.com>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Cc: Tomasz Figa <tfiga@google.com>
Cc: Yingjoe Chen <yingjoe.chen@mediatek.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Hsin-Yi Wang <hsinyi@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-28 20:43:42 -07:00
# define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | \
SLAB_CACHE_DMA32 | SLAB_PANIC | \
2017-01-18 02:53:44 -08:00
SLAB_TYPESAFE_BY_RCU | SLAB_DEBUG_OBJECTS )
2012-10-17 15:36:51 +04:00
# if defined(CONFIG_DEBUG_SLAB)
# define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
# elif defined(CONFIG_SLUB_DEBUG)
# define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
2016-03-15 14:55:06 -07:00
SLAB_TRACE | SLAB_CONSISTENCY_CHECKS )
2012-10-17 15:36:51 +04:00
# else
# define SLAB_DEBUG_FLAGS (0)
# endif
# if defined(CONFIG_SLAB)
# define SLAB_CACHE_FLAGS (SLAB_MEM_SPREAD | SLAB_NOLEAKTRACE | \
2016-01-14 15:18:15 -08:00
SLAB_RECLAIM_ACCOUNT | SLAB_TEMPORARY | \
2017-11-15 17:35:54 -08:00
SLAB_ACCOUNT )
2012-10-17 15:36:51 +04:00
# elif defined(CONFIG_SLUB)
# define SLAB_CACHE_FLAGS (SLAB_NOLEAKTRACE | SLAB_RECLAIM_ACCOUNT | \
2017-11-15 17:35:54 -08:00
SLAB_TEMPORARY | SLAB_ACCOUNT )
2012-10-17 15:36:51 +04:00
# else
# define SLAB_CACHE_FLAGS (0)
# endif
2016-12-12 16:41:38 -08:00
/* Common flags available with current configuration */
2012-10-17 15:36:51 +04:00
# define CACHE_CREATE_MASK (SLAB_CORE_FLAGS | SLAB_DEBUG_FLAGS | SLAB_CACHE_FLAGS)
2016-12-12 16:41:38 -08:00
/* Common flags permitted for kmem_cache_create */
# define SLAB_FLAGS_PERMITTED (SLAB_CORE_FLAGS | \
SLAB_RED_ZONE | \
SLAB_POISON | \
SLAB_STORE_USER | \
SLAB_TRACE | \
SLAB_CONSISTENCY_CHECKS | \
SLAB_MEM_SPREAD | \
SLAB_NOLEAKTRACE | \
SLAB_RECLAIM_ACCOUNT | \
SLAB_TEMPORARY | \
SLAB_ACCOUNT )
2018-04-05 16:21:57 -07:00
bool __kmem_cache_empty ( struct kmem_cache * ) ;
2012-09-04 23:18:33 +00:00
int __kmem_cache_shutdown ( struct kmem_cache * ) ;
2016-02-17 13:11:37 -08:00
void __kmem_cache_release ( struct kmem_cache * ) ;
2017-02-22 15:41:27 -08:00
int __kmem_cache_shrink ( struct kmem_cache * ) ;
2014-05-06 12:50:08 -07:00
void slab_kmem_cache_release ( struct kmem_cache * ) ;
2012-09-04 23:18:33 +00:00
2012-10-19 18:20:25 +04:00
struct seq_file ;
struct file ;
2012-10-19 18:20:27 +04:00
struct slabinfo {
unsigned long active_objs ;
unsigned long num_objs ;
unsigned long active_slabs ;
unsigned long num_slabs ;
unsigned long shared_avail ;
unsigned int limit ;
unsigned int batchcount ;
unsigned int shared ;
unsigned int objects_per_slab ;
unsigned int cache_order ;
} ;
void get_slabinfo ( struct kmem_cache * s , struct slabinfo * sinfo ) ;
void slabinfo_show_stats ( struct seq_file * m , struct kmem_cache * s ) ;
2012-10-19 18:20:25 +04:00
ssize_t slabinfo_write ( struct file * file , const char __user * buffer ,
size_t count , loff_t * ppos ) ;
2012-12-18 14:22:27 -08:00
2015-09-04 15:45:34 -07:00
/*
* Generic implementation of bulk operations
* These are useful for situations in which the allocator cannot
2016-03-15 14:54:03 -07:00
* perform optimizations . In that case segments of the object listed
2015-09-04 15:45:34 -07:00
* may be allocated or freed using these operations .
*/
void __kmem_cache_free_bulk ( struct kmem_cache * , size_t , void * * ) ;
2015-11-20 15:57:58 -08:00
int __kmem_cache_alloc_bulk ( struct kmem_cache * , gfp_t , size_t , void * * ) ;
2015-09-04 15:45:34 -07:00
2020-12-14 19:06:24 -08:00
static inline enum node_stat_item cache_vmstat_idx ( struct kmem_cache * s )
2019-07-11 20:56:16 -07:00
{
return ( s - > flags & SLAB_RECLAIM_ACCOUNT ) ?
2020-08-06 23:20:39 -07:00
NR_SLAB_RECLAIMABLE_B : NR_SLAB_UNRECLAIMABLE_B ;
2019-07-11 20:56:16 -07:00
}
2020-08-06 23:19:05 -07:00
# ifdef CONFIG_SLUB_DEBUG
# ifdef CONFIG_SLUB_DEBUG_ON
DECLARE_STATIC_KEY_TRUE ( slub_debug_enabled ) ;
# else
DECLARE_STATIC_KEY_FALSE ( slub_debug_enabled ) ;
# endif
extern void print_tracking ( struct kmem_cache * s , void * object ) ;
# else
static inline void print_tracking ( struct kmem_cache * s , void * object )
{
}
# endif
/*
* Returns true if any of the specified slub_debug flags is enabled for the
* cache . Use only for flags parsed by setup_slub_debug ( ) as it also enables
* the static key .
*/
static inline bool kmem_cache_debug_flags ( struct kmem_cache * s , slab_flags_t flags )
{
# ifdef CONFIG_SLUB_DEBUG
VM_WARN_ON_ONCE ( ! ( flags & SLAB_DEBUG_FLAGS ) ) ;
if ( static_branch_unlikely ( & slub_debug_enabled ) )
return s - > flags & flags ;
# endif
return false ;
}
2018-08-17 15:47:25 -07:00
# ifdef CONFIG_MEMCG_KMEM
2020-08-06 23:21:27 -07:00
int memcg_alloc_page_obj_cgroups ( struct page * page , struct kmem_cache * s ,
2021-02-24 12:03:11 -08:00
gfp_t gfp , bool new_page ) ;
2020-08-06 23:20:52 -07:00
static inline void memcg_free_page_obj_cgroups ( struct page * page )
{
2020-12-01 13:58:28 -08:00
kfree ( page_objcgs ( page ) ) ;
mm: memcontrol: Use helpers to read page's memcg data
Patch series "mm: allow mapping accounted kernel pages to userspace", v6.
Currently a non-slab kernel page which has been charged to a memory cgroup
can't be mapped to userspace. The underlying reason is simple: PageKmemcg
flag is defined as a page type (like buddy, offline, etc), so it takes a
bit from a page->mapped counter. Pages with a type set can't be mapped to
userspace.
But in general the kmemcg flag has nothing to do with mapping to
userspace. It only means that the page has been accounted by the page
allocator, so it has to be properly uncharged on release.
Some bpf maps are mapping the vmalloc-based memory to userspace, and their
memory can't be accounted because of this implementation detail.
This patchset removes this limitation by moving the PageKmemcg flag into
one of the free bits of the page->mem_cgroup pointer. Also it formalizes
accesses to the page->mem_cgroup and page->obj_cgroups using new helpers,
adds several checks and removes a couple of obsolete functions. As the
result the code became more robust with fewer open-coded bit tricks.
This patch (of 4):
Currently there are many open-coded reads of the page->mem_cgroup pointer,
as well as a couple of read helpers, which are barely used.
It creates an obstacle on a way to reuse some bits of the pointer for
storing additional bits of information. In fact, we already do this for
slab pages, where the last bit indicates that a pointer has an attached
vector of objcg pointers instead of a regular memcg pointer.
This commits uses 2 existing helpers and introduces a new helper to
converts all read sides to calls of these helpers:
struct mem_cgroup *page_memcg(struct page *page);
struct mem_cgroup *page_memcg_rcu(struct page *page);
struct mem_cgroup *page_memcg_check(struct page *page);
page_memcg_check() is intended to be used in cases when the page can be a
slab page and have a memcg pointer pointing at objcg vector. It does
check the lowest bit, and if set, returns NULL. page_memcg() contains a
VM_BUG_ON_PAGE() check for the page not being a slab page.
To make sure nobody uses a direct access, struct page's
mem_cgroup/obj_cgroups is converted to unsigned long memcg_data.
Signed-off-by: Roman Gushchin <guro@fb.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Shakeel Butt <shakeelb@google.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Link: https://lkml.kernel.org/r/20201027001657.3398190-1-guro@fb.com
Link: https://lkml.kernel.org/r/20201027001657.3398190-2-guro@fb.com
Link: https://lore.kernel.org/bpf/20201201215900.3569844-2-guro@fb.com
2020-12-01 13:58:27 -08:00
page - > memcg_data = 0 ;
2020-08-06 23:20:52 -07:00
}
2020-08-06 23:20:59 -07:00
static inline size_t obj_full_size ( struct kmem_cache * s )
{
/*
* For each accounted object there is an extra space which is used
* to store obj_cgroup membership . Charge it too .
*/
return s - > size + sizeof ( struct obj_cgroup * ) ;
}
2020-12-05 22:14:45 -08:00
/*
* Returns false if the allocation should fail .
*/
static inline bool memcg_slab_pre_alloc_hook ( struct kmem_cache * s ,
struct obj_cgroup * * objcgp ,
size_t objects , gfp_t flags )
2020-08-06 23:20:59 -07:00
{
2020-08-06 23:21:10 -07:00
struct obj_cgroup * objcg ;
2020-12-05 22:14:45 -08:00
if ( ! memcg_kmem_enabled ( ) )
return true ;
if ( ! ( flags & __GFP_ACCOUNT ) & & ! ( s - > flags & SLAB_ACCOUNT ) )
return true ;
2020-08-06 23:21:10 -07:00
objcg = get_obj_cgroup_from_current ( ) ;
if ( ! objcg )
2020-12-05 22:14:45 -08:00
return true ;
2020-08-06 23:21:10 -07:00
if ( obj_cgroup_charge ( objcg , flags , objects * obj_full_size ( s ) ) ) {
obj_cgroup_put ( objcg ) ;
2020-12-05 22:14:45 -08:00
return false ;
2020-08-06 23:20:59 -07:00
}
2020-12-05 22:14:45 -08:00
* objcgp = objcg ;
return true ;
2020-08-06 23:20:59 -07:00
}
static inline void mod_objcg_state ( struct obj_cgroup * objcg ,
struct pglist_data * pgdat ,
2020-12-14 19:06:24 -08:00
enum node_stat_item idx , int nr )
2020-08-06 23:20:59 -07:00
{
struct mem_cgroup * memcg ;
struct lruvec * lruvec ;
rcu_read_lock ( ) ;
memcg = obj_cgroup_memcg ( objcg ) ;
lruvec = mem_cgroup_lruvec ( memcg , pgdat ) ;
mod_memcg_lruvec_state ( lruvec , idx , nr ) ;
rcu_read_unlock ( ) ;
}
2020-08-06 23:20:56 -07:00
static inline void memcg_slab_post_alloc_hook ( struct kmem_cache * s ,
struct obj_cgroup * objcg ,
2020-08-06 23:21:27 -07:00
gfp_t flags , size_t size ,
void * * p )
2020-08-06 23:20:56 -07:00
{
struct page * page ;
unsigned long off ;
size_t i ;
2020-12-05 22:14:45 -08:00
if ( ! memcg_kmem_enabled ( ) | | ! objcg )
2020-08-06 23:21:27 -07:00
return ;
flags & = ~ __GFP_ACCOUNT ;
2020-08-06 23:20:56 -07:00
for ( i = 0 ; i < size ; i + + ) {
if ( likely ( p [ i ] ) ) {
page = virt_to_head_page ( p [ i ] ) ;
2020-08-06 23:21:27 -07:00
2020-12-01 13:58:28 -08:00
if ( ! page_objcgs ( page ) & &
2021-02-24 12:03:11 -08:00
memcg_alloc_page_obj_cgroups ( page , s , flags ,
false ) ) {
2020-08-06 23:21:27 -07:00
obj_cgroup_uncharge ( objcg , obj_full_size ( s ) ) ;
continue ;
}
2020-08-06 23:20:56 -07:00
off = obj_to_index ( s , page , p [ i ] ) ;
obj_cgroup_get ( objcg ) ;
2020-12-01 13:58:28 -08:00
page_objcgs ( page ) [ off ] = objcg ;
2020-08-06 23:20:59 -07:00
mod_objcg_state ( objcg , page_pgdat ( page ) ,
cache_vmstat_idx ( s ) , obj_full_size ( s ) ) ;
} else {
obj_cgroup_uncharge ( objcg , obj_full_size ( s ) ) ;
2020-08-06 23:20:56 -07:00
}
}
obj_cgroup_put ( objcg ) ;
}
2020-10-13 16:53:09 -07:00
static inline void memcg_slab_free_hook ( struct kmem_cache * s_orig ,
void * * p , int objects )
2020-08-06 23:20:56 -07:00
{
2020-10-13 16:53:09 -07:00
struct kmem_cache * s ;
2020-12-01 13:58:28 -08:00
struct obj_cgroup * * objcgs ;
2020-08-06 23:20:56 -07:00
struct obj_cgroup * objcg ;
2020-10-13 16:53:09 -07:00
struct page * page ;
2020-08-06 23:20:56 -07:00
unsigned int off ;
2020-10-13 16:53:09 -07:00
int i ;
2020-08-06 23:20:56 -07:00
2020-08-06 23:21:27 -07:00
if ( ! memcg_kmem_enabled ( ) )
return ;
2020-10-13 16:53:09 -07:00
for ( i = 0 ; i < objects ; i + + ) {
if ( unlikely ( ! p [ i ] ) )
continue ;
2020-08-06 23:20:56 -07:00
2020-10-13 16:53:09 -07:00
page = virt_to_head_page ( p [ i ] ) ;
2020-12-01 13:58:28 -08:00
objcgs = page_objcgs ( page ) ;
if ( ! objcgs )
2020-10-13 16:53:09 -07:00
continue ;
2020-08-06 23:20:59 -07:00
2020-10-13 16:53:09 -07:00
if ( ! s_orig )
s = page - > slab_cache ;
else
s = s_orig ;
2020-08-06 23:21:27 -07:00
2020-10-13 16:53:09 -07:00
off = obj_to_index ( s , page , p [ i ] ) ;
2020-12-01 13:58:28 -08:00
objcg = objcgs [ off ] ;
2020-10-13 16:53:09 -07:00
if ( ! objcg )
continue ;
2020-08-06 23:20:59 -07:00
2020-12-01 13:58:28 -08:00
objcgs [ off ] = NULL ;
2020-10-13 16:53:09 -07:00
obj_cgroup_uncharge ( objcg , obj_full_size ( s ) ) ;
mod_objcg_state ( objcg , page_pgdat ( page ) , cache_vmstat_idx ( s ) ,
- obj_full_size ( s ) ) ;
obj_cgroup_put ( objcg ) ;
}
2020-08-06 23:20:56 -07:00
}
2018-08-17 15:47:25 -07:00
# else /* CONFIG_MEMCG_KMEM */
2020-08-06 23:21:10 -07:00
static inline struct mem_cgroup * memcg_from_slab_obj ( void * ptr )
2019-07-11 20:56:31 -07:00
{
return NULL ;
}
2020-08-06 23:20:52 -07:00
static inline int memcg_alloc_page_obj_cgroups ( struct page * page ,
2021-02-24 12:03:11 -08:00
struct kmem_cache * s , gfp_t gfp ,
bool new_page )
2020-08-06 23:20:52 -07:00
{
return 0 ;
}
static inline void memcg_free_page_obj_cgroups ( struct page * page )
{
}
2020-12-05 22:14:45 -08:00
static inline bool memcg_slab_pre_alloc_hook ( struct kmem_cache * s ,
struct obj_cgroup * * objcgp ,
size_t objects , gfp_t flags )
2020-08-06 23:20:59 -07:00
{
2020-12-05 22:14:45 -08:00
return true ;
2020-08-06 23:20:59 -07:00
}
2020-08-06 23:20:56 -07:00
static inline void memcg_slab_post_alloc_hook ( struct kmem_cache * s ,
struct obj_cgroup * objcg ,
2020-08-06 23:21:27 -07:00
gfp_t flags , size_t size ,
void * * p )
2020-08-06 23:20:56 -07:00
{
}
2020-10-13 16:53:09 -07:00
static inline void memcg_slab_free_hook ( struct kmem_cache * s ,
void * * p , int objects )
2020-08-06 23:20:56 -07:00
{
}
2018-08-17 15:47:25 -07:00
# endif /* CONFIG_MEMCG_KMEM */
2012-12-18 14:22:46 -08:00
2019-07-11 20:53:26 -07:00
static inline struct kmem_cache * virt_to_cache ( const void * obj )
{
struct page * page ;
page = virt_to_head_page ( obj ) ;
if ( WARN_ONCE ( ! PageSlab ( page ) , " %s: Object is not a Slab page! \n " ,
__func__ ) )
return NULL ;
return page - > slab_cache ;
}
2020-08-06 23:21:44 -07:00
static __always_inline void account_slab_page ( struct page * page , int order ,
2021-02-24 12:03:11 -08:00
struct kmem_cache * s ,
gfp_t gfp )
2019-07-11 20:56:16 -07:00
{
2021-02-24 12:03:11 -08:00
if ( memcg_kmem_enabled ( ) & & ( s - > flags & SLAB_ACCOUNT ) )
memcg_alloc_page_obj_cgroups ( page , s , gfp , true ) ;
2020-08-06 23:20:59 -07:00
mod_node_page_state ( page_pgdat ( page ) , cache_vmstat_idx ( s ) ,
PAGE_SIZE < < order ) ;
2019-07-11 20:56:16 -07:00
}
2020-08-06 23:21:44 -07:00
static __always_inline void unaccount_slab_page ( struct page * page , int order ,
struct kmem_cache * s )
2019-07-11 20:56:16 -07:00
{
2020-08-06 23:21:27 -07:00
if ( memcg_kmem_enabled ( ) )
2020-08-06 23:20:59 -07:00
memcg_free_page_obj_cgroups ( page ) ;
2020-08-06 23:21:10 -07:00
2020-08-06 23:20:59 -07:00
mod_node_page_state ( page_pgdat ( page ) , cache_vmstat_idx ( s ) ,
- ( PAGE_SIZE < < order ) ) ;
2019-07-11 20:56:16 -07:00
}
2020-08-06 23:19:05 -07:00
static inline struct kmem_cache * cache_from_obj ( struct kmem_cache * s , void * x )
{
struct kmem_cache * cachep ;
if ( ! IS_ENABLED ( CONFIG_SLAB_FREELIST_HARDENED ) & &
! kmem_cache_debug_flags ( s , SLAB_CONSISTENCY_CHECKS ) )
return s ;
cachep = virt_to_cache ( x ) ;
2020-08-06 23:21:27 -07:00
if ( WARN ( cachep & & cachep ! = s ,
2020-08-06 23:19:05 -07:00
" %s: Wrong slab cache. %s but object is from %s \n " ,
__func__ , s - > name , cachep - > name ) )
print_tracking ( cachep , x ) ;
return cachep ;
}
2016-03-15 14:53:35 -07:00
static inline size_t slab_ksize ( const struct kmem_cache * s )
{
# ifndef CONFIG_SLUB
return s - > object_size ;
# else /* CONFIG_SLUB */
# ifdef CONFIG_SLUB_DEBUG
/*
* Debugging requires use of the padding between object
* and whatever may come after it .
*/
if ( s - > flags & ( SLAB_RED_ZONE | SLAB_POISON ) )
return s - > object_size ;
# endif
2016-07-28 15:49:07 -07:00
if ( s - > flags & SLAB_KASAN )
return s - > object_size ;
2016-03-15 14:53:35 -07:00
/*
* If we have the need to store the freelist pointer
* back there or track user information then we can
* only use the space before that information .
*/
2017-01-18 02:53:44 -08:00
if ( s - > flags & ( SLAB_TYPESAFE_BY_RCU | SLAB_STORE_USER ) )
2016-03-15 14:53:35 -07:00
return s - > inuse ;
/*
* Else we can use all the padding etc for the allocation
*/
return s - > size ;
# endif
}
static inline struct kmem_cache * slab_pre_alloc_hook ( struct kmem_cache * s ,
2020-08-06 23:20:56 -07:00
struct obj_cgroup * * objcgp ,
size_t size , gfp_t flags )
2016-03-15 14:53:35 -07:00
{
flags & = gfp_allowed_mask ;
2017-03-03 10:13:38 +01:00
2020-12-14 19:08:34 -08:00
might_alloc ( flags ) ;
2016-03-15 14:53:35 -07:00
2016-03-15 14:53:38 -07:00
if ( should_failslab ( s , flags ) )
2016-03-15 14:53:35 -07:00
return NULL ;
2020-12-05 22:14:45 -08:00
if ( ! memcg_slab_pre_alloc_hook ( s , objcgp , size , flags ) )
return NULL ;
2016-07-26 15:24:21 -07:00
return s ;
2016-03-15 14:53:35 -07:00
}
2020-08-06 23:20:56 -07:00
static inline void slab_post_alloc_hook ( struct kmem_cache * s ,
2021-04-29 23:00:06 -07:00
struct obj_cgroup * objcg , gfp_t flags ,
size_t size , void * * p , bool init )
2016-03-15 14:53:35 -07:00
{
size_t i ;
flags & = gfp_allowed_mask ;
2021-04-29 23:00:06 -07:00
/*
* As memory initialization might be integrated into KASAN ,
* kasan_slab_alloc and initialization memset must be
* kept together to avoid discrepancies in behavior .
*
* As p [ i ] might get tagged , memset and kmemleak hook come after KASAN .
*/
2016-03-15 14:53:35 -07:00
for ( i = 0 ; i < size ; i + + ) {
2021-04-29 23:00:06 -07:00
p [ i ] = kasan_slab_alloc ( s , p [ i ] , flags , init ) ;
if ( p [ i ] & & init & & ! kasan_has_integrated_init ( ) )
memset ( p [ i ] , 0 , s - > object_size ) ;
2019-02-20 22:19:11 -08:00
kmemleak_alloc_recursive ( p [ i ] , s - > object_size , 1 ,
2016-03-15 14:53:35 -07:00
s - > flags , flags ) ;
}
2016-07-26 15:24:21 -07:00
2020-12-05 22:14:45 -08:00
memcg_slab_post_alloc_hook ( s , objcg , flags , size , p ) ;
2016-03-15 14:53:35 -07:00
}
2014-08-06 16:04:07 -07:00
# ifndef CONFIG_SLOB
2013-01-10 19:14:19 +00:00
/*
* The slab lists for all objects .
*/
struct kmem_cache_node {
spinlock_t list_lock ;
# ifdef CONFIG_SLAB
struct list_head slabs_partial ; /* partial list first, better asm code */
struct list_head slabs_full ;
struct list_head slabs_free ;
2016-12-12 16:41:44 -08:00
unsigned long total_slabs ; /* length of all slab lists */
unsigned long free_slabs ; /* length of free slab list only */
2013-01-10 19:14:19 +00:00
unsigned long free_objects ;
unsigned int free_limit ;
unsigned int colour_next ; /* Per-node cache coloring */
struct array_cache * shared ; /* shared per node */
2014-08-06 16:04:29 -07:00
struct alien_cache * * alien ; /* on other nodes */
2013-01-10 19:14:19 +00:00
unsigned long next_reap ; /* updated without locking */
int free_touched ; /* updated without locking */
# endif
# ifdef CONFIG_SLUB
unsigned long nr_partial ;
struct list_head partial ;
# ifdef CONFIG_SLUB_DEBUG
atomic_long_t nr_slabs ;
atomic_long_t total_objects ;
struct list_head full ;
# endif
# endif
} ;
2013-07-04 08:33:23 +08:00
2014-08-06 16:04:07 -07:00
static inline struct kmem_cache_node * get_node ( struct kmem_cache * s , int node )
{
return s - > node [ node ] ;
}
/*
* Iterator over all nodes . The body will be executed for each node that has
* a kmem_cache_node structure allocated ( which is true for all online nodes )
*/
# define for_each_kmem_cache_node(__s, __node, __n) \
2014-10-09 15:26:20 -07:00
for ( __node = 0 ; __node < nr_node_ids ; __node + + ) \
if ( ( __n = get_node ( __s , __node ) ) )
2014-08-06 16:04:07 -07:00
# endif
2014-12-10 15:42:16 -08:00
void * slab_start ( struct seq_file * m , loff_t * pos ) ;
2013-07-08 08:08:28 +08:00
void * slab_next ( struct seq_file * m , void * p , loff_t * pos ) ;
void slab_stop ( struct seq_file * m , void * p ) ;
2014-12-10 15:44:19 -08:00
int memcg_slab_show ( struct seq_file * m , void * p ) ;
2014-08-06 16:04:14 -07:00
2017-11-15 17:32:07 -08:00
# if defined(CONFIG_SLAB) || defined(CONFIG_SLUB_DEBUG)
void dump_unreclaimable_slab ( void ) ;
# else
static inline void dump_unreclaimable_slab ( void )
{
}
# endif
mm: kasan: initial memory quarantine implementation
Quarantine isolates freed objects in a separate queue. The objects are
returned to the allocator later, which helps to detect use-after-free
errors.
When the object is freed, its state changes from KASAN_STATE_ALLOC to
KASAN_STATE_QUARANTINE. The object is poisoned and put into quarantine
instead of being returned to the allocator, therefore every subsequent
access to that object triggers a KASAN error, and the error handler is
able to say where the object has been allocated and deallocated.
When it's time for the object to leave quarantine, its state becomes
KASAN_STATE_FREE and it's returned to the allocator. From now on the
allocator may reuse it for another allocation. Before that happens,
it's still possible to detect a use-after free on that object (it
retains the allocation/deallocation stacks).
When the allocator reuses this object, the shadow is unpoisoned and old
allocation/deallocation stacks are wiped. Therefore a use of this
object, even an incorrect one, won't trigger ASan warning.
Without the quarantine, it's not guaranteed that the objects aren't
reused immediately, that's why the probability of catching a
use-after-free is lower than with quarantine in place.
Quarantine isolates freed objects in a separate queue. The objects are
returned to the allocator later, which helps to detect use-after-free
errors.
Freed objects are first added to per-cpu quarantine queues. When a
cache is destroyed or memory shrinking is requested, the objects are
moved into the global quarantine queue. Whenever a kmalloc call allows
memory reclaiming, the oldest objects are popped out of the global queue
until the total size of objects in quarantine is less than 3/4 of the
maximum quarantine size (which is a fraction of installed physical
memory).
As long as an object remains in the quarantine, KASAN is able to report
accesses to it, so the chance of reporting a use-after-free is
increased. Once the object leaves quarantine, the allocator may reuse
it, in which case the object is unpoisoned and KASAN can't detect
incorrect accesses to it.
Right now quarantine support is only enabled in SLAB allocator.
Unification of KASAN features in SLAB and SLUB will be done later.
This patch is based on the "mm: kasan: quarantine" patch originally
prepared by Dmitry Chernenkov. A number of improvements have been
suggested by Andrey Ryabinin.
[glider@google.com: v9]
Link: http://lkml.kernel.org/r/1462987130-144092-1-git-send-email-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Andrey Konovalov <adech.fo@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Konstantin Serebryany <kcc@google.com>
Cc: Dmitry Chernenkov <dmitryc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-05-20 16:59:11 -07:00
void ___cache_free ( struct kmem_cache * cache , void * x , unsigned long addr ) ;
2016-07-26 15:21:56 -07:00
# ifdef CONFIG_SLAB_FREELIST_RANDOM
int cache_random_seq_create ( struct kmem_cache * cachep , unsigned int count ,
gfp_t gfp ) ;
void cache_random_seq_destroy ( struct kmem_cache * cachep ) ;
# else
static inline int cache_random_seq_create ( struct kmem_cache * cachep ,
unsigned int count , gfp_t gfp )
{
return 0 ;
}
static inline void cache_random_seq_destroy ( struct kmem_cache * cachep ) { }
# endif /* CONFIG_SLAB_FREELIST_RANDOM */
mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Patch series "add init_on_alloc/init_on_free boot options", v10.
Provide init_on_alloc and init_on_free boot options.
These are aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic.
Enabling either of the options guarantees that the memory returned by the
page allocator and SL[AU]B is initialized with zeroes. SLOB allocator
isn't supported at the moment, as its emulation of kmem caches complicates
handling of SLAB_TYPESAFE_BY_RCU caches correctly.
Enabling init_on_free also guarantees that pages and heap objects are
initialized right after they're freed, so it won't be possible to access
stale data by using a dangling pointer.
As suggested by Michal Hocko, right now we don't let the heap users to
disable initialization for certain allocations. There's not enough
evidence that doing so can speed up real-life cases, and introducing ways
to opt-out may result in things going out of control.
This patch (of 2):
The new options are needed to prevent possible information leaks and make
control-flow bugs that depend on uninitialized values more deterministic.
This is expected to be on-by-default on Android and Chrome OS. And it
gives the opportunity for anyone else to use it under distros too via the
boot args. (The init_on_free feature is regularly requested by folks
where memory forensics is included in their threat models.)
init_on_alloc=1 makes the kernel initialize newly allocated pages and heap
objects with zeroes. Initialization is done at allocation time at the
places where checks for __GFP_ZERO are performed.
init_on_free=1 makes the kernel initialize freed pages and heap objects
with zeroes upon their deletion. This helps to ensure sensitive data
doesn't leak via use-after-free accesses.
Both init_on_alloc=1 and init_on_free=1 guarantee that the allocator
returns zeroed memory. The two exceptions are slab caches with
constructors and SLAB_TYPESAFE_BY_RCU flag. Those are never
zero-initialized to preserve their semantics.
Both init_on_alloc and init_on_free default to zero, but those defaults
can be overridden with CONFIG_INIT_ON_ALLOC_DEFAULT_ON and
CONFIG_INIT_ON_FREE_DEFAULT_ON.
If either SLUB poisoning or page poisoning is enabled, those options take
precedence over init_on_alloc and init_on_free: initialization is only
applied to unpoisoned allocations.
Slowdown for the new features compared to init_on_free=0, init_on_alloc=0:
hackbench, init_on_free=1: +7.62% sys time (st.err 0.74%)
hackbench, init_on_alloc=1: +7.75% sys time (st.err 2.14%)
Linux build with -j12, init_on_free=1: +8.38% wall time (st.err 0.39%)
Linux build with -j12, init_on_free=1: +24.42% sys time (st.err 0.52%)
Linux build with -j12, init_on_alloc=1: -0.13% wall time (st.err 0.42%)
Linux build with -j12, init_on_alloc=1: +0.57% sys time (st.err 0.40%)
The slowdown for init_on_free=0, init_on_alloc=0 compared to the baseline
is within the standard error.
The new features are also going to pave the way for hardware memory
tagging (e.g. arm64's MTE), which will require both on_alloc and on_free
hooks to set the tags for heap objects. With MTE, tagging will have the
same cost as memory initialization.
Although init_on_free is rather costly, there are paranoid use-cases where
in-memory data lifetime is desired to be minimized. There are various
arguments for/against the realism of the associated threat models, but
given that we'll need the infrastructure for MTE anyway, and there are
people who want wipe-on-free behavior no matter what the performance cost,
it seems reasonable to include it in this series.
[glider@google.com: v8]
Link: http://lkml.kernel.org/r/20190626121943.131390-2-glider@google.com
[glider@google.com: v9]
Link: http://lkml.kernel.org/r/20190627130316.254309-2-glider@google.com
[glider@google.com: v10]
Link: http://lkml.kernel.org/r/20190628093131.199499-2-glider@google.com
Link: http://lkml.kernel.org/r/20190617151050.92663-2-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Michal Hocko <mhocko@suse.cz> [page and dmapool parts
Acked-by: James Morris <jamorris@linux.microsoft.com>]
Cc: Christoph Lameter <cl@linux.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Sandeep Patil <sspatil@android.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Jann Horn <jannh@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-11 20:59:19 -07:00
static inline bool slab_want_init_on_alloc ( gfp_t flags , struct kmem_cache * c )
{
2021-04-01 16:23:43 -07:00
if ( static_branch_maybe ( CONFIG_INIT_ON_ALLOC_DEFAULT_ON ,
& init_on_alloc ) ) {
mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Patch series "add init_on_alloc/init_on_free boot options", v10.
Provide init_on_alloc and init_on_free boot options.
These are aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic.
Enabling either of the options guarantees that the memory returned by the
page allocator and SL[AU]B is initialized with zeroes. SLOB allocator
isn't supported at the moment, as its emulation of kmem caches complicates
handling of SLAB_TYPESAFE_BY_RCU caches correctly.
Enabling init_on_free also guarantees that pages and heap objects are
initialized right after they're freed, so it won't be possible to access
stale data by using a dangling pointer.
As suggested by Michal Hocko, right now we don't let the heap users to
disable initialization for certain allocations. There's not enough
evidence that doing so can speed up real-life cases, and introducing ways
to opt-out may result in things going out of control.
This patch (of 2):
The new options are needed to prevent possible information leaks and make
control-flow bugs that depend on uninitialized values more deterministic.
This is expected to be on-by-default on Android and Chrome OS. And it
gives the opportunity for anyone else to use it under distros too via the
boot args. (The init_on_free feature is regularly requested by folks
where memory forensics is included in their threat models.)
init_on_alloc=1 makes the kernel initialize newly allocated pages and heap
objects with zeroes. Initialization is done at allocation time at the
places where checks for __GFP_ZERO are performed.
init_on_free=1 makes the kernel initialize freed pages and heap objects
with zeroes upon their deletion. This helps to ensure sensitive data
doesn't leak via use-after-free accesses.
Both init_on_alloc=1 and init_on_free=1 guarantee that the allocator
returns zeroed memory. The two exceptions are slab caches with
constructors and SLAB_TYPESAFE_BY_RCU flag. Those are never
zero-initialized to preserve their semantics.
Both init_on_alloc and init_on_free default to zero, but those defaults
can be overridden with CONFIG_INIT_ON_ALLOC_DEFAULT_ON and
CONFIG_INIT_ON_FREE_DEFAULT_ON.
If either SLUB poisoning or page poisoning is enabled, those options take
precedence over init_on_alloc and init_on_free: initialization is only
applied to unpoisoned allocations.
Slowdown for the new features compared to init_on_free=0, init_on_alloc=0:
hackbench, init_on_free=1: +7.62% sys time (st.err 0.74%)
hackbench, init_on_alloc=1: +7.75% sys time (st.err 2.14%)
Linux build with -j12, init_on_free=1: +8.38% wall time (st.err 0.39%)
Linux build with -j12, init_on_free=1: +24.42% sys time (st.err 0.52%)
Linux build with -j12, init_on_alloc=1: -0.13% wall time (st.err 0.42%)
Linux build with -j12, init_on_alloc=1: +0.57% sys time (st.err 0.40%)
The slowdown for init_on_free=0, init_on_alloc=0 compared to the baseline
is within the standard error.
The new features are also going to pave the way for hardware memory
tagging (e.g. arm64's MTE), which will require both on_alloc and on_free
hooks to set the tags for heap objects. With MTE, tagging will have the
same cost as memory initialization.
Although init_on_free is rather costly, there are paranoid use-cases where
in-memory data lifetime is desired to be minimized. There are various
arguments for/against the realism of the associated threat models, but
given that we'll need the infrastructure for MTE anyway, and there are
people who want wipe-on-free behavior no matter what the performance cost,
it seems reasonable to include it in this series.
[glider@google.com: v8]
Link: http://lkml.kernel.org/r/20190626121943.131390-2-glider@google.com
[glider@google.com: v9]
Link: http://lkml.kernel.org/r/20190627130316.254309-2-glider@google.com
[glider@google.com: v10]
Link: http://lkml.kernel.org/r/20190628093131.199499-2-glider@google.com
Link: http://lkml.kernel.org/r/20190617151050.92663-2-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Michal Hocko <mhocko@suse.cz> [page and dmapool parts
Acked-by: James Morris <jamorris@linux.microsoft.com>]
Cc: Christoph Lameter <cl@linux.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Sandeep Patil <sspatil@android.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Jann Horn <jannh@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-11 20:59:19 -07:00
if ( c - > ctor )
return false ;
if ( c - > flags & ( SLAB_TYPESAFE_BY_RCU | SLAB_POISON ) )
return flags & __GFP_ZERO ;
return true ;
}
return flags & __GFP_ZERO ;
}
static inline bool slab_want_init_on_free ( struct kmem_cache * c )
{
2021-04-01 16:23:43 -07:00
if ( static_branch_maybe ( CONFIG_INIT_ON_FREE_DEFAULT_ON ,
& init_on_free ) )
mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Patch series "add init_on_alloc/init_on_free boot options", v10.
Provide init_on_alloc and init_on_free boot options.
These are aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic.
Enabling either of the options guarantees that the memory returned by the
page allocator and SL[AU]B is initialized with zeroes. SLOB allocator
isn't supported at the moment, as its emulation of kmem caches complicates
handling of SLAB_TYPESAFE_BY_RCU caches correctly.
Enabling init_on_free also guarantees that pages and heap objects are
initialized right after they're freed, so it won't be possible to access
stale data by using a dangling pointer.
As suggested by Michal Hocko, right now we don't let the heap users to
disable initialization for certain allocations. There's not enough
evidence that doing so can speed up real-life cases, and introducing ways
to opt-out may result in things going out of control.
This patch (of 2):
The new options are needed to prevent possible information leaks and make
control-flow bugs that depend on uninitialized values more deterministic.
This is expected to be on-by-default on Android and Chrome OS. And it
gives the opportunity for anyone else to use it under distros too via the
boot args. (The init_on_free feature is regularly requested by folks
where memory forensics is included in their threat models.)
init_on_alloc=1 makes the kernel initialize newly allocated pages and heap
objects with zeroes. Initialization is done at allocation time at the
places where checks for __GFP_ZERO are performed.
init_on_free=1 makes the kernel initialize freed pages and heap objects
with zeroes upon their deletion. This helps to ensure sensitive data
doesn't leak via use-after-free accesses.
Both init_on_alloc=1 and init_on_free=1 guarantee that the allocator
returns zeroed memory. The two exceptions are slab caches with
constructors and SLAB_TYPESAFE_BY_RCU flag. Those are never
zero-initialized to preserve their semantics.
Both init_on_alloc and init_on_free default to zero, but those defaults
can be overridden with CONFIG_INIT_ON_ALLOC_DEFAULT_ON and
CONFIG_INIT_ON_FREE_DEFAULT_ON.
If either SLUB poisoning or page poisoning is enabled, those options take
precedence over init_on_alloc and init_on_free: initialization is only
applied to unpoisoned allocations.
Slowdown for the new features compared to init_on_free=0, init_on_alloc=0:
hackbench, init_on_free=1: +7.62% sys time (st.err 0.74%)
hackbench, init_on_alloc=1: +7.75% sys time (st.err 2.14%)
Linux build with -j12, init_on_free=1: +8.38% wall time (st.err 0.39%)
Linux build with -j12, init_on_free=1: +24.42% sys time (st.err 0.52%)
Linux build with -j12, init_on_alloc=1: -0.13% wall time (st.err 0.42%)
Linux build with -j12, init_on_alloc=1: +0.57% sys time (st.err 0.40%)
The slowdown for init_on_free=0, init_on_alloc=0 compared to the baseline
is within the standard error.
The new features are also going to pave the way for hardware memory
tagging (e.g. arm64's MTE), which will require both on_alloc and on_free
hooks to set the tags for heap objects. With MTE, tagging will have the
same cost as memory initialization.
Although init_on_free is rather costly, there are paranoid use-cases where
in-memory data lifetime is desired to be minimized. There are various
arguments for/against the realism of the associated threat models, but
given that we'll need the infrastructure for MTE anyway, and there are
people who want wipe-on-free behavior no matter what the performance cost,
it seems reasonable to include it in this series.
[glider@google.com: v8]
Link: http://lkml.kernel.org/r/20190626121943.131390-2-glider@google.com
[glider@google.com: v9]
Link: http://lkml.kernel.org/r/20190627130316.254309-2-glider@google.com
[glider@google.com: v10]
Link: http://lkml.kernel.org/r/20190628093131.199499-2-glider@google.com
Link: http://lkml.kernel.org/r/20190617151050.92663-2-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Michal Hocko <mhocko@suse.cz> [page and dmapool parts
Acked-by: James Morris <jamorris@linux.microsoft.com>]
Cc: Christoph Lameter <cl@linux.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Sandeep Patil <sspatil@android.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Jann Horn <jannh@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-07-11 20:59:19 -07:00
return ! ( c - > ctor | |
( c - > flags & ( SLAB_TYPESAFE_BY_RCU | SLAB_POISON ) ) ) ;
return false ;
}
2021-01-07 13:46:11 -08:00
# ifdef CONFIG_PRINTK
mm: Add mem_dump_obj() to print source of memory block
There are kernel facilities such as per-CPU reference counts that give
error messages in generic handlers or callbacks, whose messages are
unenlightening. In the case of per-CPU reference-count underflow, this
is not a problem when creating a new use of this facility because in that
case the bug is almost certainly in the code implementing that new use.
However, trouble arises when deploying across many systems, which might
exercise corner cases that were not seen during development and testing.
Here, it would be really nice to get some kind of hint as to which of
several uses the underflow was caused by.
This commit therefore exposes a mem_dump_obj() function that takes
a pointer to memory (which must still be allocated if it has been
dynamically allocated) and prints available information on where that
memory came from. This pointer can reference the middle of the block as
well as the beginning of the block, as needed by things like RCU callback
functions and timer handlers that might not know where the beginning of
the memory block is. These functions and handlers can use mem_dump_obj()
to print out better hints as to where the problem might lie.
The information printed can depend on kernel configuration. For example,
the allocation return address can be printed only for slab and slub,
and even then only when the necessary debug has been enabled. For slab,
build with CONFIG_DEBUG_SLAB=y, and either use sizes with ample space
to the next power of two or use the SLAB_STORE_USER when creating the
kmem_cache structure. For slub, build with CONFIG_SLUB_DEBUG=y and
boot with slub_debug=U, or pass SLAB_STORE_USER to kmem_cache_create()
if more focused use is desired. Also for slub, use CONFIG_STACKTRACE
to enable printing of the allocation-time stack trace.
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: <linux-mm@kvack.org>
Reported-by: Andrii Nakryiko <andrii@kernel.org>
[ paulmck: Convert to printing and change names per Joonsoo Kim. ]
[ paulmck: Move slab definition per Stephen Rothwell and kbuild test robot. ]
[ paulmck: Handle CONFIG_MMU=n case where vmalloc() is kmalloc(). ]
[ paulmck: Apply Vlastimil Babka feedback on slab.c kmem_provenance(). ]
[ paulmck: Extract more info from !SLUB_DEBUG per Joonsoo Kim. ]
[ paulmck: Explicitly check for small pointers per Naresh Kamboju. ]
Acked-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
2020-12-07 17:41:02 -08:00
# define KS_ADDRS_COUNT 16
struct kmem_obj_info {
void * kp_ptr ;
struct page * kp_page ;
void * kp_objp ;
unsigned long kp_data_offset ;
struct kmem_cache * kp_slab_cache ;
void * kp_ret ;
void * kp_stack [ KS_ADDRS_COUNT ] ;
} ;
void kmem_obj_info ( struct kmem_obj_info * kpp , void * object , struct page * page ) ;
2021-01-07 13:46:11 -08:00
# endif
mm: Add mem_dump_obj() to print source of memory block
There are kernel facilities such as per-CPU reference counts that give
error messages in generic handlers or callbacks, whose messages are
unenlightening. In the case of per-CPU reference-count underflow, this
is not a problem when creating a new use of this facility because in that
case the bug is almost certainly in the code implementing that new use.
However, trouble arises when deploying across many systems, which might
exercise corner cases that were not seen during development and testing.
Here, it would be really nice to get some kind of hint as to which of
several uses the underflow was caused by.
This commit therefore exposes a mem_dump_obj() function that takes
a pointer to memory (which must still be allocated if it has been
dynamically allocated) and prints available information on where that
memory came from. This pointer can reference the middle of the block as
well as the beginning of the block, as needed by things like RCU callback
functions and timer handlers that might not know where the beginning of
the memory block is. These functions and handlers can use mem_dump_obj()
to print out better hints as to where the problem might lie.
The information printed can depend on kernel configuration. For example,
the allocation return address can be printed only for slab and slub,
and even then only when the necessary debug has been enabled. For slab,
build with CONFIG_DEBUG_SLAB=y, and either use sizes with ample space
to the next power of two or use the SLAB_STORE_USER when creating the
kmem_cache structure. For slub, build with CONFIG_SLUB_DEBUG=y and
boot with slub_debug=U, or pass SLAB_STORE_USER to kmem_cache_create()
if more focused use is desired. Also for slub, use CONFIG_STACKTRACE
to enable printing of the allocation-time stack trace.
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: <linux-mm@kvack.org>
Reported-by: Andrii Nakryiko <andrii@kernel.org>
[ paulmck: Convert to printing and change names per Joonsoo Kim. ]
[ paulmck: Move slab definition per Stephen Rothwell and kbuild test robot. ]
[ paulmck: Handle CONFIG_MMU=n case where vmalloc() is kmalloc(). ]
[ paulmck: Apply Vlastimil Babka feedback on slab.c kmem_provenance(). ]
[ paulmck: Extract more info from !SLUB_DEBUG per Joonsoo Kim. ]
[ paulmck: Explicitly check for small pointers per Naresh Kamboju. ]
Acked-by: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
2020-12-07 17:41:02 -08:00
2014-08-06 16:04:14 -07:00
# endif /* MM_SLAB_H */