[RFC] Tagging of vmalloc pages for supporting the pmalloc allocator
Igor Stoppa
igor.stoppa at huawei.com
Tue Aug 8 12:59:36 UTC 2017
On 07/08/17 22:12, Jerome Glisse wrote:
> On Mon, Aug 07, 2017 at 05:13:00PM +0300, Igor Stoppa wrote:
[...]
>> I have an updated version of the old proposal:
>>
>> * put a magic number in the private field, during initialization of
>> pmalloc pages
>>
>> * during hardened usercopy verification, when I have to assess if a page
>> is of pmalloc type, compare the private field against the magic number
>>
>> * if and only if the private field matches the magic number, then invoke
>> find_vm_area(), so that the slowness affects only a possibly limited
>> amount of false positives.
>
> This all sounds good to me.
ok, I still have one doubt wrt defining the flag.
Where should I do it?
vmalloc.h has the following:
/* bits in flags of vmalloc's vm_struct below */
#define VM_IOREMAP 0x00000001 /* ioremap() and friends
*/
#define VM_ALLOC 0x00000002 /* vmalloc() */
#define VM_MAP 0x00000004 /* vmap()ed pages */
#define VM_USERMAP 0x00000008 /* suitable for
remap_vmalloc_range
*/
#define VM_UNINITIALIZED 0x00000020 /* vm_struct is not
fully initialized */
#define VM_NO_GUARD 0x00000040 /* don't add guard page
*/
#define VM_KASAN 0x00000080 /* has allocated kasan
shadow memory */
/* bits [20..32] reserved for arch specific ioremap internals */
I am tempted to add
#define VM_PMALLOC 0x00000100
But would it be acceptable, to mention pmalloc into vmalloc?
Should I name it VM_PRIVATE bit, instead?
Using VM_PRIVATE would avoid contaminating vmalloc with something that
depends on it (like VM_PMALLOC would do).
But using VM_PRIVATE will likely add tracking issues, if someone else
wants to use the same bit and it's not clear who is the user, if any.
Unless it's acceptable to check the private field in the page struct.
It would bear the pmalloc magic number.
I'm thinking to use a pointer to one of pmalloc data items, as signature.
--
igor
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list