Merge branch 'slab/for-6.6/random_kmalloc' into slab/for-next

#define PCPU_BITMAP_BLOCK_BITS		(PCPU_BITMAP_BLOCK_SIZE >>	\

					 PCPU_MIN_ALLOC_SHIFT)

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

#define PERCPU_DYNAMIC_SIZE_SHIFT      12

#else

#define PERCPU_DYNAMIC_SIZE_SHIFT      10

#endif

/*

 * Percpu allocator can serve percpu allocations before slab is

 * initialized which allows slab to depend on the percpu allocator.

 * for this.  Keep PERCPU_DYNAMIC_RESERVE equal to or larger than

 * PERCPU_DYNAMIC_EARLY_SIZE.

 */

#define PERCPU_DYNAMIC_EARLY_SIZE	(20 << 10)

#define PERCPU_DYNAMIC_EARLY_SIZE	(20 << PERCPU_DYNAMIC_SIZE_SHIFT)

/*

 * PERCPU_DYNAMIC_RESERVE indicates the amount of free area to piggy

 * intelligent way to determine this would be nice.

 */

#if BITS_PER_LONG > 32

#define PERCPU_DYNAMIC_RESERVE		(28 << 10)

#define PERCPU_DYNAMIC_RESERVE		(28 << PERCPU_DYNAMIC_SIZE_SHIFT)

#else

#define PERCPU_DYNAMIC_RESERVE		(20 << 10)

#define PERCPU_DYNAMIC_RESERVE		(20 << PERCPU_DYNAMIC_SIZE_SHIFT)

#endif

extern void *pcpu_base_addr;

#include <linux/workqueue.h>

#include <linux/percpu-refcount.h>

#include <linux/cleanup.h>

#include <linux/hash.h>

/*

#define SLAB_OBJ_MIN_SIZE      (KMALLOC_MIN_SIZE < 16 ? \

                               (KMALLOC_MIN_SIZE) : 16)

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

#define RANDOM_KMALLOC_CACHES_NR	15 // # of cache copies

#else

#define RANDOM_KMALLOC_CACHES_NR	0

#endif

/*

 * Whenever changing this, take care of that kmalloc_type() and

 * create_kmalloc_caches() still work as intended.

#ifndef CONFIG_MEMCG_KMEM

	KMALLOC_CGROUP = KMALLOC_NORMAL,

#endif

	KMALLOC_RANDOM_START = KMALLOC_NORMAL,

	KMALLOC_RANDOM_END = KMALLOC_RANDOM_START + RANDOM_KMALLOC_CACHES_NR,

#ifdef CONFIG_SLUB_TINY

	KMALLOC_RECLAIM = KMALLOC_NORMAL,

#else

	(IS_ENABLED(CONFIG_ZONE_DMA)   ? __GFP_DMA : 0) |	\

	(IS_ENABLED(CONFIG_MEMCG_KMEM) ? __GFP_ACCOUNT : 0))

static __always_inline enum kmalloc_cache_type kmalloc_type(gfp_t flags)

extern unsigned long random_kmalloc_seed;

static __always_inline enum kmalloc_cache_type kmalloc_type(gfp_t flags, unsigned long caller)

{

	/*

	 * The most common case is KMALLOC_NORMAL, so test for it

	 * with a single branch for all the relevant flags.

	 */

	if (likely((flags & KMALLOC_NOT_NORMAL_BITS) == 0))

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

		/* RANDOM_KMALLOC_CACHES_NR (=15) copies + the KMALLOC_NORMAL */

		return KMALLOC_RANDOM_START + hash_64(caller ^ random_kmalloc_seed,

						      ilog2(RANDOM_KMALLOC_CACHES_NR + 1));

#else

		return KMALLOC_NORMAL;

#endif

	/*

	 * At least one of the flags has to be set. Their priorities in

		index = kmalloc_index(size);

		return kmalloc_trace(

				kmalloc_caches[kmalloc_type(flags)][index],

				kmalloc_caches[kmalloc_type(flags, _RET_IP_)][index],

				flags, size);

	}

	return __kmalloc(size, flags);

		index = kmalloc_index(size);

		return kmalloc_node_trace(

				kmalloc_caches[kmalloc_type(flags)][index],

				kmalloc_caches[kmalloc_type(flags, _RET_IP_)][index],

				flags, node, size);

	}

	return __kmalloc_node(size, flags, node);

	  which requires the taking of locks that may cause latency spikes.

	  Typically one would choose no for a realtime system.

config RANDOM_KMALLOC_CACHES

	default n

	depends on SLUB && !SLUB_TINY

	bool "Randomize slab caches for normal kmalloc"

	help

	  A hardening feature that creates multiple copies of slab caches for

	  normal kmalloc allocation and makes kmalloc randomly pick one based

	  on code address, which makes the attackers more difficult to spray

	  vulnerable memory objects on the heap for the purpose of exploiting

	  memory vulnerabilities.

	  Currently the number of copies is set to 16, a reasonably large value

	  that effectively diverges the memory objects allocated for different

	  subsystems or modules into different caches, at the expense of a

	  limited degree of memory and CPU overhead that relates to hardware and

	  system workload.

endmenu # SLAB allocator options

config SHUFFLE_PAGE_ALLOCATOR

static inline size_t kmalloc_cache_alignment(size_t size)

{

	return kmalloc_caches[kmalloc_type(GFP_KERNEL)][__kmalloc_index(size, false)]->align;

	/* just to get ->align so no need to pass in the real caller */

	enum kmalloc_cache_type type = kmalloc_type(GFP_KERNEL, 0);

	return kmalloc_caches[type][__kmalloc_index(size, false)]->align;

}

/* Must always inline to match stack trace against caller. */

		if (is_kfence_address(alloc)) {

			struct slab *slab = virt_to_slab(alloc);

			enum kmalloc_cache_type type = kmalloc_type(GFP_KERNEL, _RET_IP_);

			struct kmem_cache *s = test_cache ?:

					kmalloc_caches[kmalloc_type(GFP_KERNEL)][__kmalloc_index(size, false)];

					kmalloc_caches[type][__kmalloc_index(size, false)];

			/*

			 * Verify that various helpers return the right values

			if (freelist_size > KMALLOC_MAX_CACHE_SIZE) {

				freelist_cache_size = PAGE_SIZE << get_order(freelist_size);

			} else {

				freelist_cache = kmalloc_slab(freelist_size, 0u);

				freelist_cache = kmalloc_slab(freelist_size, 0u, _RET_IP_);

				if (!freelist_cache)

					continue;

				freelist_cache_size = freelist_cache->size;