On Wed, Sep 04, 2024 at 07:16:07PM GMT, Mike Rapoport wrote:
> On Wed, Sep 04, 2024 at 05:48:31PM +0200, Christian Brauner wrote:
> > On Wed, Sep 04, 2024 at 06:16:16PM GMT, Mike Rapoport wrote:
> > > On Tue, Sep 03, 2024 at 04:20:43PM +0200, Christian Brauner wrote:
> > > > Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
> > > > ---
> > > > include/linux/slab.h | 21 ++++++++++++++++
> > > > mm/slab_common.c | 67 +++++++++++++++++++++++++++++++++++++++-------------
> > > > 2 files changed, 72 insertions(+), 16 deletions(-)
> > > >
> > > > diff --git a/include/linux/slab.h b/include/linux/slab.h
> > > > index 5b2da2cf31a8..79d8c8bca4a4 100644
> > > > --- a/include/linux/slab.h
> > > > +++ b/include/linux/slab.h
> > > > @@ -240,6 +240,27 @@ struct mem_cgroup;
> > > > */
> > > > bool slab_is_available(void);
> > > >
> > > > +/**
> > > > + * @align: The required alignment for the objects.
> > > > + * @useroffset: Usercopy region offset
> > > > + * @usersize: Usercopy region size
> > > > + * @freeptr_offset: Custom offset for the free pointer in RCU caches
> > > > + * @use_freeptr_offset: Whether a @freeptr_offset is used
> > > > + * @ctor: A constructor for the objects.
> > > > + */
> > > > +struct kmem_cache_args {
> > > > + unsigned int align;
> > > > + unsigned int useroffset;
> > > > + unsigned int usersize;
> > > > + unsigned int freeptr_offset;
> > > > + bool use_freeptr_offset;
> > > > + void (*ctor)(void *);
> > > > +};
> > > > +
> > > > +struct kmem_cache *__kmem_cache_create_args(const char *name,
> > > > + unsigned int object_size,
> > > > + struct kmem_cache_args *args,
> > > > + slab_flags_t flags);
> > > > struct kmem_cache *kmem_cache_create(const char *name, unsigned int size,
> > > > unsigned int align, slab_flags_t flags,
> > > > void (*ctor)(void *));
> > > > diff --git a/mm/slab_common.c b/mm/slab_common.c
> > > > index 91e0e36e4379..0f13c045b8d1 100644
> > > > --- a/mm/slab_common.c
> > > > +++ b/mm/slab_common.c
> > > > @@ -248,14 +248,24 @@ static struct kmem_cache *create_cache(const char *name,
> > > > return ERR_PTR(err);
> > > > }
> > > >
> > > > -static struct kmem_cache *
> > > > -do_kmem_cache_create_usercopy(const char *name,
> > > > - unsigned int size, unsigned int freeptr_offset,
> > > > - unsigned int align, slab_flags_t flags,
> > > > - unsigned int useroffset, unsigned int usersize,
> > > > - void (*ctor)(void *))
> > > > +/**
> > > > + * __kmem_cache_create_args - Create a kmem cache
> > > > + * @name: A string which is used in /proc/slabinfo to identify this cache.
> > > > + * @object_size: The size of objects to be created in this cache.
> > > > + * @args: Arguments for the cache creation (see struct kmem_cache_args).
> > > > + * @flags: See %SLAB_* flags for an explanation of individual @flags.
> > > > + *
> > > > + * Cannot be called within a interrupt, but can be interrupted.
> > > > + *
> > > > + * Return: a pointer to the cache on success, NULL on failure.
> > > > + */
> > > > +struct kmem_cache *__kmem_cache_create_args(const char *name,
> > > > + unsigned int object_size,
> > > > + struct kmem_cache_args *args,
> > > > + slab_flags_t flags)
> > > > {
> > > > struct kmem_cache *s = NULL;
> > > > + unsigned int freeptr_offset = UINT_MAX;
> > > > const char *cache_name;
> > > > int err;
> > > >
> > > > @@ -275,7 +285,7 @@ do_kmem_cache_create_usercopy(const char *name,
> > > >
> > > > mutex_lock(&slab_mutex);
> > > >
> > > > - err = kmem_cache_sanity_check(name, size);
> > > > + err = kmem_cache_sanity_check(name, object_size);
> > > > if (err) {
> > > > goto out_unlock;
> > > > }
> > > > @@ -296,12 +306,14 @@ do_kmem_cache_create_usercopy(const char *name,
> > > >
> > > > /* Fail closed on bad usersize of useroffset values. */
> > > > if (!IS_ENABLED(CONFIG_HARDENED_USERCOPY) ||
> > > > - WARN_ON(!usersize && useroffset) ||
> > > > - WARN_ON(size < usersize || size - usersize < useroffset))
> > > > - usersize = useroffset = 0;
> > > > -
> > > > - if (!usersize)
> > > > - s = __kmem_cache_alias(name, size, align, flags, ctor);
> > > > + WARN_ON(!args->usersize && args->useroffset) ||
> > > > + WARN_ON(object_size < args->usersize ||
> > > > + object_size - args->usersize < args->useroffset))
> > > > + args->usersize = args->useroffset = 0;
> > > > +
> > > > + if (!args->usersize)
> > > > + s = __kmem_cache_alias(name, object_size, args->align, flags,
> > > > + args->ctor);
> > >
> > > Sorry I missed it in the previous review, but nothing guaranties that
> > > nobody will call kmem_cache_create_args with args != NULL.
> > >
> > > I think there should be a check for args != NULL and a substitution of args
> > > with defaults if it actually was NULL.
> >
> > I think that callers that pass NULL should all be switched to
> > KMEM_CACHE() and passing NULL should simply not be supported. And the
> > few callers that need some very special alignment need to pass struct
> > kmem_cache_args anyway. So there should never be a need to pass NULL.
>
> But you can't guarantee that some random driver won't call
>
> __kmem_cache_create_args("name", size, NULL, flags);
>
> At least we'd need
>
> if (!args)
> return -EINVAL;
Calling __kmem_cache_create_args() directly is a bug. That's why it's __*().
And we don't check for non-NULL @name either. In fact we almost never do
such checks.
Plus, if someone did:
kmem_cache_create("foo", sizeof(foo), NULL, flags);
they'd get a compile time error due to _Generic().
