lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C52A307.7080002@canonical.com>
Date:	Fri, 30 Jul 2010 03:01:43 -0700
From:	John Johansen <john.johansen@...onical.com>
To:	Pekka Enberg <penberg@...helsinki.fi>
CC:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	Nick Piggin <npiggin@...e.de>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Andrew Morton <akpm@...ux-foundation.org>, xiaosuo@...il.com,
	laijs@...fujitsu.com
Subject: Re: [PATCH 01/13] AppArmor: misc. base functions and defines

On 07/30/2010 02:20 AM, Pekka Enberg wrote:
> On Fri, Jul 30, 2010 at 12:47 AM, John Johansen
> <john.johansen@...onical.com> wrote:
>> +/**
>> + * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
>> + * @size: size of allocation
>> + *
>> + * Return: allocated buffer or NULL if failed
>> + *
>> + * It is possible that policy being loaded from the user is larger than
>> + * what can be allocated by kmalloc, in those cases fall back to vmalloc.
>> + */
>> +void *kvmalloc(size_t size)
>> +{
>> +       void *buffer = NULL;
>> +
>> +       if (size == 0)
>> +               return NULL;
>> +
>> +       /* do not attempt kmalloc if we need more than 16 pages at once */
>> +       if (size <= (16*PAGE_SIZE))
>> +               buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
> 
> 16 pages is a lot of memory for 64 K pages. What's the purpose of
yes it is, and I don't expect it will every allocate that much, though it
will occassionally with large policies do allocations larger than 16*4K.
The figure here is some what arbitrary, and I would certainly be willing
to shrink it.  Basically it is there to put a clamp on allocating precious
physically contiguous memory.

> GFP_NOIO here? vmalloc() will do GFP_KERNEL allocations anyway.
> 
yep, and it used to be GFP_KERNEL too, looking back GFP_NOIO happend when
poking at a bug where apparmor was trigger a IO when it was allocating its
memory.  Turned out the bug wasn't apparmor related just being triggered
while apparmor was loading policy, but the GFP_NOIO flag stuck here.
I am more than willing to flip it back.

>> +       if (!buffer) {
>> +               /* see kvfree for why size must be at least work_struct size
>> +                * when allocated via vmalloc
>> +                */
>> +               if (size < sizeof(struct work_struct))
>> +                       size = sizeof(struct work_struct);
>> +               buffer = vmalloc(size);
>> +       }
>> +       return buffer;
>> +}
> 
> Please don't hide this into apparmor internals. People have invented
> this function in the past so maybe it's time to put it in mm/util.c?
>
sure, I would be more than willing to replace this with a generic
system fn.  The last attempt I saw at adding generic routines of this
nature was here
http://www.spinics.net/lists/linux-fsdevel/msg31407.html

>> +
>> +/**
>> + * do_vfree - workqueue routine for freeing vmalloced memory
>> + * @work: data to be freed
>> + *
>> + * The work_struct is overlaid to the data being freed, as at the point
>> + * the work is scheduled the data is no longer valid, be its freeing
>> + * needs to be delayed until safe.
>> + */
>> +static void do_vfree(struct work_struct *work)
>> +{
>> +       vfree(work);
>> +}
>> +
>> +/**
>> + * kvfree - free an allocation do by kvmalloc
>> + * @buffer: buffer to free (MAYBE_NULL)
>> + *
>> + * Free a buffer allocated by kvmalloc
>> + */
>> +void kvfree(void *buffer)
>> +{
>> +       if (is_vmalloc_addr(buffer)) {
>> +               /* Data is no longer valid so just use the allocated space
>> +                * as the work_struct
>> +                */
>> +               struct work_struct *work = (struct work_struct *) buffer;
>> +               INIT_WORK(work, do_vfree);
>> +               schedule_work(work);
> 
> I don't understand this part here. Is it needed for interrupt contexts
> or does vfree() sleep somewhere? If it's for the former, I think we
> can just add a comment saying that kvmalloc/kvfree is not safe from
> interrupt context and remove the schedule_work() parts here.
> 
vfree can sleep, and skipping the schedule_work parts won't work for
apparmor as many of these allocations are being freed via rcu callbacks
as most of our object life cycles are dependent on cred refcounting.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ