On Wed, Aug 17, 2016 at 2:55 PM, Linus Torvalds <[email protected]> wrote: > On Wed, Aug 17, 2016 at 2:50 PM, Kees Cook <[email protected]> wrote: >> On Wed, Aug 17, 2016 at 2:45 PM, Linus Torvalds >>> >>> Networking does, but seems to use __GFP_COMP, at least in the one case >>> I checked (skbuff). >> >> Was this allocation really through kmalloc? > > The networking one I looked at, no. But they do __GFP_COMP. > > The task struct allocation generally is (alloc_task_struct_node()), > but as Rik pointed out, SLOB doesn't actually necessarily do the slab > book-keeping for multi-page allocations.
Perhaps I can just ifdef the multi-page checks with CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR. That way a SLOB build still has basic bounds checking (which was my intention with that config), and non-SLOB builds still get multi-page checking. -Kees -- Kees Cook Nexus Security
