mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 12:57:53 +00:00
31639fd6ce
With the introduction of stack depot evictions, each stack record is now
fixed size, so that future reuse after an eviction can safely store
differently sized stack traces. In all cases that do not make use of
evictions, this wastes lots of space.
Fix it by re-introducing variable size stack records (up to the max
allowed size) for entries that will never be evicted. We know if an entry
will never be evicted if the flag STACK_DEPOT_FLAG_GET is not provided,
since a later stack_depot_put() attempt is undefined behavior.
With my current kernel config that enables KASAN and also SLUB owner
tracking, I observe (after a kernel boot) a whopping reduction of 296
stack depot pools, which translates into 4736 KiB saved. The savings here
are from SLUB owner tracking only, because KASAN generic mode still uses
refcounting.
Before:
pools: 893
allocations: 29841
frees: 6524
in_use: 23317
freelist_size: 3454
After:
pools: 597
refcounted_allocations: 17547
refcounted_frees: 6477
refcounted_in_use: 11070
freelist_size: 3497
persistent_count: 12163
persistent_bytes: 1717008
[elver@google.com: fix -Wstringop-overflow warning]
Link: https://lore.kernel.org/all/20240201135747.18eca98e@canb.auug.org.au/
Link: https://lkml.kernel.org/r/20240201090434.1762340-1-elver@google.com
Link: https://lore.kernel.org/all/CABXGCsOzpRPZGg23QqJAzKnqkZPKzvieeg=W7sgjgi3q0pBo0g@mail.gmail.com/
Link: https://lkml.kernel.org/r/20240129100708.39460-1-elver@google.com
Link: https://lore.kernel.org/all/CABXGCsOzpRPZGg23QqJAzKnqkZPKzvieeg=W7sgjgi3q0pBo0g@mail.gmail.com/
Fixes: 108be8def4 ("lib/stackdepot: allow users to evict stack traces")
Signed-off-by: Marco Elver <elver@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Tested-by: Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
98 lines
3 KiB
C
98 lines
3 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_POISON_H
|
|
#define _LINUX_POISON_H
|
|
|
|
/********** include/linux/list.h **********/
|
|
|
|
/*
|
|
* Architectures might want to move the poison pointer offset
|
|
* into some well-recognized area such as 0xdead000000000000,
|
|
* that is also not mappable by user-space exploits:
|
|
*/
|
|
#ifdef CONFIG_ILLEGAL_POINTER_VALUE
|
|
# define POISON_POINTER_DELTA _AC(CONFIG_ILLEGAL_POINTER_VALUE, UL)
|
|
#else
|
|
# define POISON_POINTER_DELTA 0
|
|
#endif
|
|
|
|
/*
|
|
* These are non-NULL pointers that will result in page faults
|
|
* under normal circumstances, used to verify that nobody uses
|
|
* non-initialized list entries.
|
|
*/
|
|
#define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA)
|
|
#define LIST_POISON2 ((void *) 0x122 + POISON_POINTER_DELTA)
|
|
|
|
/********** include/linux/timer.h **********/
|
|
#define TIMER_ENTRY_STATIC ((void *) 0x300 + POISON_POINTER_DELTA)
|
|
|
|
/********** mm/page_poison.c **********/
|
|
#define PAGE_POISON 0xaa
|
|
|
|
/********** mm/page_alloc.c ************/
|
|
|
|
#define TAIL_MAPPING ((void *) 0x400 + POISON_POINTER_DELTA)
|
|
|
|
/********** mm/slab.c **********/
|
|
/*
|
|
* Magic nums for obj red zoning.
|
|
* Placed in the first word before and the first word after an obj.
|
|
*/
|
|
#define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */
|
|
#define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */
|
|
|
|
#define SLUB_RED_INACTIVE 0xbb
|
|
#define SLUB_RED_ACTIVE 0xcc
|
|
|
|
/* ...and for poisoning */
|
|
#define POISON_INUSE 0x5a /* for use-uninitialised poisoning */
|
|
#define POISON_FREE 0x6b /* for use-after-free poisoning */
|
|
#define POISON_END 0xa5 /* end-byte of poisoning */
|
|
|
|
/********** arch/$ARCH/mm/init.c **********/
|
|
#define POISON_FREE_INITMEM 0xcc
|
|
|
|
/********** arch/ia64/hp/common/sba_iommu.c **********/
|
|
/*
|
|
* arch/ia64/hp/common/sba_iommu.c uses a 16-byte poison string with a
|
|
* value of "SBAIOMMU POISON\0" for spill-over poisoning.
|
|
*/
|
|
|
|
/********** fs/jbd/journal.c **********/
|
|
#define JBD_POISON_FREE 0x5b
|
|
#define JBD2_POISON_FREE 0x5c
|
|
|
|
/********** drivers/base/dmapool.c **********/
|
|
#define POOL_POISON_FREED 0xa7 /* !inuse */
|
|
#define POOL_POISON_ALLOCATED 0xa9 /* !initted */
|
|
|
|
/********** drivers/atm/ **********/
|
|
#define ATM_POISON_FREE 0x12
|
|
#define ATM_POISON 0xdeadbeef
|
|
|
|
/********** kernel/mutexes **********/
|
|
#define MUTEX_DEBUG_INIT 0x11
|
|
#define MUTEX_DEBUG_FREE 0x22
|
|
#define MUTEX_POISON_WW_CTX ((void *) 0x500 + POISON_POINTER_DELTA)
|
|
|
|
/********** security/ **********/
|
|
#define KEY_DESTROY 0xbd
|
|
|
|
/********** net/core/page_pool.c **********/
|
|
#define PP_SIGNATURE (0x40 + POISON_POINTER_DELTA)
|
|
|
|
/********** net/core/skbuff.c **********/
|
|
#define SKB_LIST_POISON_NEXT ((void *)(0x800 + POISON_POINTER_DELTA))
|
|
/********** net/ **********/
|
|
#define NET_PTR_POISON ((void *)(0x801 + POISON_POINTER_DELTA))
|
|
|
|
/********** kernel/bpf/ **********/
|
|
#define BPF_PTR_POISON ((void *)(0xeB9FUL + POISON_POINTER_DELTA))
|
|
|
|
/********** VFS **********/
|
|
#define VFS_PTR_POISON ((void *)(0xF5 + POISON_POINTER_DELTA))
|
|
|
|
/********** lib/stackdepot.c **********/
|
|
#define STACK_DEPOT_POISON ((void *)(0xD390 + POISON_POINTER_DELTA))
|
|
|
|
#endif
|