lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <c486a1cf98a8b9ad093270543e8d2007@gmail.com>
Date: Mon, 28 Oct 2024 13:04:10 +0100
From: matteomartelli3@...il.com
To: linux-kernel@...r.kernel.org
Cc: Peter Zijlstra <peterz@...radead.org>, Jonathan Cameron <jic23@...nel.org>, Marc Gonzalez <marc.w.gonzalez@...e.fr>, Peter Rosin <peda@...ntia.se>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Joe Perches <joe@...ches.com>, Rafael J. Wysocki <rafael@...nel.org>, linux-iio@...r.kernel.org
Subject: iio, syfs, devres: devm_kmalloc not aligned to pow2 size argument

Hi everyone,

I found an issue that might interest iio, sysfs and devres, about a
particular usage of devm_kmalloc() for buffers that later pass through
sysfs_emit() or sysfs_emit_at(). These sysfs helpers require the output
buffer to be PAGE_SIZE aligned since commit 2efc459d06f1 ("sysfs: Add
sysfs_emit and sysfs_emit_at to format sysfs output"). Such requirement
is satisfied when kmalloc(PAGE_SIZE, ...) is used but not when
devm_kmalloc(PAGE_SIZE,...) is used as it actually returns a pointer to
a buffer located after the devres metadata and thus aligned to
PAGE_SIZE+sizeof(struct devres).

Specifically, I came across this issue during some testing of the
pac1921 iio driver together with the iio-mux iio consumer driver, which
allocates a page sized buffer to copy the ext_info of the producer
pac1921 iio producer driver. To fill the buffer, the latter calls
iio_format_value(), and so sysfs_emit_at() which fails due to the buffer
not being page aligned. This pattern seems common for many iio drivers
which fill the ext_info attributes through sysfs_emit*() helpers, likely
necessary as they are exposed on sysfs.

I could reproduce the same error behavior with a minimal dummy char
device driver completely unrelated to iio. I will share the entire dummy
driver code if needed but essentially this is the only interesting part:

	data->info_buf = devm_kzalloc(data->dev, PAGE_SIZE, GFP_KERNEL);
	if (!data->info_buf)
		return -ENOMEM;

	if (offset_in_page(data->info_buf))
		pr_err("dummy_test: buf not page algined\n");

When running this, the error message is printed out for the reason above.

I am not sure whether this should be addressed in the users of
devm_kmalloc() or in the devres implementation itself. I would say that
it would be more clear if devm_kmalloc() would return the pointer to the
size aligned buffer, as it would also comply to the following kmalloc
requirement (introduced in [1]):

The address of a chunk allocated with `kmalloc` is aligned to at least
ARCH_KMALLOC_MINALIGN bytes. For sizes of power of two bytes, the
alignment is also guaranteed to be at least to the respective size.

To do so I was thinking to try to move the devres metadata after the
data buffer, so that the latter would directly correspond to pointer
returned by kmalloc. I then found out that it had been already suggested
previously to address a memory optimization [2]. Thus I am reporting the
issue before submitting any patch as some discussions might be helpful
first.

I am sending this to who I think might be interested based on previous
related activity. Feel free to extend the cc list if needed.

[1]: https://lore.kernel.org/all/20190826111627.7505-3-vbabka@suse.cz/
[2]: https://lore.kernel.org/all/20191220140655.GN2827@hirez.programming.kicks-ass.net/

Best regard,
Matteo Martelli

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ