LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Igor Stoppa <igor.stoppa@gmail.com>
To: mhocko@kernel.org, akpm@linux-foundation.org,
	keescook@chromium.org, linux-mm@kvack.org,
	kernel-hardening@lists.openwall.com,
	linux-security-module@vger.kernel.org
Cc: willy@infradead.org, labbott@redhat.com,
	linux-kernel@vger.kernel.org, igor.stoppa@huawei.com
Subject: [PATCH 0/3] linux-next: mm: hardening: Track genalloc allocations
Date: Sun, 29 Apr 2018 06:45:39 +0400	[thread overview]
Message-ID: <20180429024542.19475-1-igor.stoppa@huawei.com> (raw)

This patchset was created as part of an older version of pmalloc, however
it has value per-se, as it hardens the memory management for the generic
allocator genalloc.

Genalloc does not currently track the size of the allocations it hands out.

Either by mistake, or due to an attack, it is possible that more memory
than what was initially allocated is freed, leaving behind dangling
pointers, ready for an use-after-free attack.

With this patch, genalloc becomes capable of tracking the size of each
allocation it has handed out, when it's time to free it.

It can either verify that the size received, when free is invoked, is
correct, or it can decide autonomously how much memory to free, if the
value received for the size parameter is 0.

These patches are proposed for beign merged into linux-next, to verify
that they do not introduce regressions, by comparing the value received
from the callers of the free function with the internal tracking.

Later on, the "size" parameter can be dropped, and each caller can be
adjusted accordingly.

Signed-off-by: Igor Stoppa <igor.stoppa@huawei.com>

Igor Stoppa (3):
  genalloc: track beginning of allocations
  Add label and license to genalloc.rst
  genalloc: selftest

 Documentation/core-api/genalloc.rst |   4 +
 include/linux/genalloc.h            | 112 +++---
 init/main.c                         |   2 +
 lib/Kconfig                         |  15 +
 lib/Makefile                        |   1 +
 lib/genalloc.c                      | 742 ++++++++++++++++++++++++++----------
 lib/test_genalloc.c                 | 410 ++++++++++++++++++++
 7 files changed, 1031 insertions(+), 255 deletions(-)
 create mode 100644 lib/test_genalloc.c

-- 
2.14.1

             reply	other threads:[~2018-04-29  2:45 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-29  2:45 Igor Stoppa [this message]
2018-04-29  2:45 ` [PATCH 1/3] genalloc: track beginning of allocations Igor Stoppa
2018-04-29  2:45 ` [PATCH 2/3] Add label and license to genalloc.rst Igor Stoppa
2018-04-29  2:45 ` [PATCH 3/3] genalloc: selftest Igor Stoppa
2018-04-29  3:36   ` Randy Dunlap
2018-04-29 22:39     ` Igor Stoppa
2018-04-30  2:14   ` kbuild test robot
2018-04-30  4:04   ` kbuild test robot
2018-04-29  3:09 ` [PATCH 0/3] linux-next: mm: hardening: Track genalloc allocations Matthew Wilcox
2018-04-29 16:39   ` Igor Stoppa
2018-04-29 16:41     ` Igor Stoppa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180429024542.19475-1-igor.stoppa@huawei.com \
    --to=igor.stoppa@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=igor.stoppa@huawei.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=labbott@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mhocko@kernel.org \
    --cc=willy@infradead.org \
    --subject='Re: [PATCH 0/3] linux-next: mm: hardening: Track genalloc allocations' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).