1. Patchew
  2. linux
  3. View series

[PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()

Kees Cook posted 1 patch 3 days, 6 hours ago 
mm/util.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
[PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()
Posted by Kees Cook 3 days, 6 hours ago 
The use of the kmemdup_nul()-family of allocations are explicitly for
allocating NUL terminated strings, so these would be best separated from
typed allocations, as they are their own set of arbitrarily sized
allocations. They are not as risky as userspace controlled allocations,
but these would be good to separate as well.

  # grep memdup_nul /proc/slabinfo | cut -c-25
  memdup_nul-8k          0
  memdup_nul-4k          0
  memdup_nul-2k          0
  memdup_nul-1k          0
  memdup_nul-512        28
  memdup_nul-256         0
  memdup_nul-192        60
  memdup_nul-128        60
  memdup_nul-96         60
  memdup_nul-64        180
  memdup_nul-32        960
  memdup_nul-16       1860
  memdup_nul-8        1980

Suggested-by: Harry Yoo <harry@kernel.org>
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Vlastimil Babka <vbabka@kernel.org>
Cc: Marco Elver <elver@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: David Hildenbrand <david@kernel.org>
Cc: Lorenzo Stoakes <ljs@kernel.org>
Cc: "Liam R. Howlett" <liam@infradead.org>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: <linux-mm@kvack.org>
---
 mm/util.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/mm/util.c b/mm/util.c
index 3cc949a0b7ed..419269bb53da 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -34,6 +34,9 @@
 #include "internal.h"
 #include "swap.h"
 
+static kmem_buckets *user_buckets __ro_after_init;
+static kmem_buckets *nul_buckets __ro_after_init;
+
 /**
  * kfree_const - conditionally free memory
  * @x: pointer to the memory
@@ -61,7 +64,7 @@ static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp)
 	char *buf;
 
 	/* '+1' for the NUL terminator */
-	buf = kmalloc_track_caller(len + 1, gfp);
+	buf = kmem_buckets_alloc_track_caller(nul_buckets, len + 1, gfp);
 	if (!buf)
 		return NULL;
 
@@ -195,15 +198,14 @@ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp)
 }
 EXPORT_SYMBOL(kmemdup_nul);
 
-static kmem_buckets *user_buckets __ro_after_init;
-
-static int __init init_user_buckets(void)
+static int __init init_buckets(void)
 {
 	user_buckets = kmem_buckets_create("memdup_user", 0, 0, INT_MAX, NULL);
+	nul_buckets = kmem_buckets_create("memdup_nul", 0, 0, INT_MAX, NULL);
 
 	return 0;
 }
-subsys_initcall(init_user_buckets);
+subsys_initcall(init_buckets);
 
 /**
  * memdup_user - duplicate memory region from user space
-- 
2.34.1
Re: [PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()
Posted by kernel test robot 3 days, 1 hour ago 
Hi Kees,

kernel test robot noticed the following build warnings:

[auto build test WARNING on akpm-mm/mm-everything]

url:    https://github.com/intel-lab-lkp/linux/commits/Kees-Cook/mm-util-Use-kmalloc-buckets-for-kmemdup_nul/20260521-204404
base:   https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link:    https://lore.kernel.org/r/20260521124026.work.036-kees%40kernel.org
patch subject: [PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()
config: s390-allnoconfig (https://download.01.org/0day-ci/archive/20260522/202605220158.VO5WnXl7-lkp@intel.com/config)
compiler: clang version 23.0.0git (https://github.com/llvm/llvm-project 5bac06718f502014fade905512f1d26d578a18f3)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260522/202605220158.VO5WnXl7-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202605220158.VO5WnXl7-lkp@intel.com/

All warnings (new ones prefixed by >>):

   mm/util.c:37:22: warning: variable 'user_buckets' set but not used [-Wunused-but-set-global]
      37 | static kmem_buckets *user_buckets __ro_after_init;
         |                      ^
>> mm/util.c:38:22: warning: variable 'nul_buckets' set but not used [-Wunused-but-set-global]
      38 | static kmem_buckets *nul_buckets __ro_after_init;
         |                      ^
   2 warnings generated.


vim +/nul_buckets +38 mm/util.c

    36	
  > 37	static kmem_buckets *user_buckets __ro_after_init;
  > 38	static kmem_buckets *nul_buckets __ro_after_init;
    39	

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Re: [PATCH] mm/util: Use kmalloc buckets for kmemdup_nul()
Posted by Marco Elver 3 days, 6 hours ago 
On Thu, 21 May 2026 at 14:40, Kees Cook <kees@kernel.org> wrote:
>
> The use of the kmemdup_nul()-family of allocations are explicitly for
> allocating NUL terminated strings, so these would be best separated from
> typed allocations, as they are their own set of arbitrarily sized
> allocations. They are not as risky as userspace controlled allocations,
> but these would be good to separate as well.
>
>   # grep memdup_nul /proc/slabinfo | cut -c-25
>   memdup_nul-8k          0
>   memdup_nul-4k          0
>   memdup_nul-2k          0
>   memdup_nul-1k          0
>   memdup_nul-512        28
>   memdup_nul-256         0
>   memdup_nul-192        60
>   memdup_nul-128        60
>   memdup_nul-96         60
>   memdup_nul-64        180
>   memdup_nul-32        960
>   memdup_nul-16       1860
>   memdup_nul-8        1980
>
> Suggested-by: Harry Yoo <harry@kernel.org>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> Cc: Vlastimil Babka <vbabka@kernel.org>
> Cc: Marco Elver <elver@google.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: David Hildenbrand <david@kernel.org>
> Cc: Lorenzo Stoakes <ljs@kernel.org>
> Cc: "Liam R. Howlett" <liam@infradead.org>
> Cc: Mike Rapoport <rppt@kernel.org>
> Cc: Suren Baghdasaryan <surenb@google.com>
> Cc: Michal Hocko <mhocko@suse.com>
> Cc: <linux-mm@kvack.org>

Acked-by: Marco Elver <elver@google.com>

> ---
>  mm/util.c | 12 +++++++-----
>  1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/mm/util.c b/mm/util.c
> index 3cc949a0b7ed..419269bb53da 100644
> --- a/mm/util.c
> +++ b/mm/util.c
> @@ -34,6 +34,9 @@
>  #include "internal.h"
>  #include "swap.h"
>
> +static kmem_buckets *user_buckets __ro_after_init;
> +static kmem_buckets *nul_buckets __ro_after_init;
> +
>  /**
>   * kfree_const - conditionally free memory
>   * @x: pointer to the memory
> @@ -61,7 +64,7 @@ static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp)
>         char *buf;
>
>         /* '+1' for the NUL terminator */
> -       buf = kmalloc_track_caller(len + 1, gfp);
> +       buf = kmem_buckets_alloc_track_caller(nul_buckets, len + 1, gfp);
>         if (!buf)
>                 return NULL;
>
> @@ -195,15 +198,14 @@ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp)
>  }
>  EXPORT_SYMBOL(kmemdup_nul);
>
> -static kmem_buckets *user_buckets __ro_after_init;
> -
> -static int __init init_user_buckets(void)
> +static int __init init_buckets(void)
>  {
>         user_buckets = kmem_buckets_create("memdup_user", 0, 0, INT_MAX, NULL);
> +       nul_buckets = kmem_buckets_create("memdup_nul", 0, 0, INT_MAX, NULL);
>
>         return 0;
>  }
> -subsys_initcall(init_user_buckets);
> +subsys_initcall(init_buckets);
>
>  /**
>   * memdup_user - duplicate memory region from user space
> --
> 2.34.1
>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.