The use of the kmemdup_nul()-family of allocations are explicitly for allocating NUL terminated strings, so these would be best separated from typed allocations, as they are their own set of arbitrarily sized allocations. They are not as risky as userspace controlled allocations, but these would be good to separate as well.
# grep memdup_nul /proc/slabinfo | cut -c-25 memdup_nul-8k 0 memdup_nul-4k 0 memdup_nul-2k 0 memdup_nul-1k 0 memdup_nul-512 28 memdup_nul-256 0 memdup_nul-192 60 memdup_nul-128 60 memdup_nul-96 60 memdup_nul-64 180 memdup_nul-32 960 memdup_nul-16 1860 memdup_nul-8 1980 Suggested-by: Harry Yoo <[email protected]> Signed-off-by: Kees Cook <[email protected]> --- Cc: Vlastimil Babka <[email protected]> Cc: Marco Elver <[email protected]> Cc: Andrew Morton <[email protected]> Cc: David Hildenbrand <[email protected]> Cc: Lorenzo Stoakes <[email protected]> Cc: "Liam R. Howlett" <[email protected]> Cc: Mike Rapoport <[email protected]> Cc: Suren Baghdasaryan <[email protected]> Cc: Michal Hocko <[email protected]> Cc: <[email protected]> --- mm/util.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/mm/util.c b/mm/util.c index 3cc949a0b7ed..419269bb53da 100644 --- a/mm/util.c +++ b/mm/util.c @@ -34,6 +34,9 @@ #include "internal.h" #include "swap.h" +static kmem_buckets *user_buckets __ro_after_init; +static kmem_buckets *nul_buckets __ro_after_init; + /** * kfree_const - conditionally free memory * @x: pointer to the memory @@ -61,7 +64,7 @@ static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp) char *buf; /* '+1' for the NUL terminator */ - buf = kmalloc_track_caller(len + 1, gfp); + buf = kmem_buckets_alloc_track_caller(nul_buckets, len + 1, gfp); if (!buf) return NULL; @@ -195,15 +198,14 @@ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp) } EXPORT_SYMBOL(kmemdup_nul); -static kmem_buckets *user_buckets __ro_after_init; - -static int __init init_user_buckets(void) +static int __init init_buckets(void) { user_buckets = kmem_buckets_create("memdup_user", 0, 0, INT_MAX, NULL); + nul_buckets = kmem_buckets_create("memdup_nul", 0, 0, INT_MAX, NULL); return 0; } -subsys_initcall(init_user_buckets); +subsys_initcall(init_buckets); /** * memdup_user - duplicate memory region from user space -- 2.34.1
