| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Apr 2024 14:30:55 -0700
From: Suren Baghdasaryan <surenb@...gle.com>
To: Kent Overstreet <kent.overstreet@...ux.dev>
Cc: Kees Cook <keescook@...omium.org>, Catalin Marinas <catalin.marinas@....com>,
Andrew Morton <akpm@...ux-foundation.org>, Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>, David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>, Vlastimil Babka <vbabka@...e.cz>,
Roman Gushchin <roman.gushchin@...ux.dev>, Hyeonggon Yoo <42.hyeyoo@...il.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] mm/slub: Avoid recursive loop with kmemleak
On Thu, Apr 25, 2024 at 2:09 PM Kent Overstreet
<kent.overstreet@...ux.dev> wrote:
>
> On Thu, Apr 25, 2024 at 01:55:23PM -0700, Kees Cook wrote:
> > The system will immediate fill up stack and crash when both
> > CONFIG_DEBUG_KMEMLEAK and CONFIG_MEM_ALLOC_PROFILING are enabled.
> > Avoid allocation tagging of kmemleak caches, otherwise recursive
> > allocation tracking occurs.
> >
> > Fixes: 279bb991b4d9 ("mm/slab: add allocation accounting into slab allocation and free paths")
> > Signed-off-by: Kees Cook <keescook@...omium.org>
> > ---
> > Cc: Suren Baghdasaryan <surenb@...gle.com>
> > Cc: Kent Overstreet <kent.overstreet@...ux.dev>
> > Cc: Catalin Marinas <catalin.marinas@....com>
> > Cc: Andrew Morton <akpm@...ux-foundation.org>
> > Cc: Christoph Lameter <cl@...ux.com>
> > Cc: Pekka Enberg <penberg@...nel.org>
> > Cc: David Rientjes <rientjes@...gle.com>
> > Cc: Joonsoo Kim <iamjoonsoo.kim@....com>
> > Cc: Vlastimil Babka <vbabka@...e.cz>
> > Cc: Roman Gushchin <roman.gushchin@...ux.dev>
> > Cc: Hyeonggon Yoo <42.hyeyoo@...il.com>
> > Cc: linux-mm@...ck.org
> > ---
> > mm/kmemleak.c | 4 ++--
> > mm/slub.c | 2 +-
> > 2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> > index c55c2cbb6837..fdcf01f62202 100644
> > --- a/mm/kmemleak.c
> > +++ b/mm/kmemleak.c
> > @@ -463,7 +463,7 @@ static struct kmemleak_object *mem_pool_alloc(gfp_t gfp)
> >
> > /* try the slab allocator first */
> > if (object_cache) {
> > - object = kmem_cache_alloc(object_cache, gfp_kmemleak_mask(gfp));
> > + object = kmem_cache_alloc_noprof(object_cache, gfp_kmemleak_mask(gfp));
>
> What do these get accounted to, or does this now pop a warning with
> CONFIG_MEM_ALLOC_PROFILING_DEBUG?
Thanks for the fix, Kees!
I'll look into this recursion more closely to see if there is a better
way to break it. As a stopgap measure seems ok to me. I also think
it's unlikely that one would use both tracking mechanisms on the same
system.
>
> > if (object)
> > return object;
> > }
> > @@ -947,7 +947,7 @@ static void add_scan_area(unsigned long ptr, size_t size, gfp_t gfp)
> > untagged_objp = (unsigned long)kasan_reset_tag((void *)object->pointer);
> >
> > if (scan_area_cache)
> > - area = kmem_cache_alloc(scan_area_cache, gfp_kmemleak_mask(gfp));
> > + area = kmem_cache_alloc_noprof(scan_area_cache, gfp_kmemleak_mask(gfp));
> >
> > raw_spin_lock_irqsave(&object->lock, flags);
> > if (!area) {
> > diff --git a/mm/slub.c b/mm/slub.c
> > index a94a0507e19c..9ae032ed17ed 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -2016,7 +2016,7 @@ prepare_slab_obj_exts_hook(struct kmem_cache *s, gfp_t flags, void *p)
> > if (!p)
> > return NULL;
> >
> > - if (s->flags & SLAB_NO_OBJ_EXT)
> > + if (s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE))
> > return NULL;
> >
> > if (flags & __GFP_NO_OBJ_EXT)
> > --
> > 2.34.1
> >
Powered by blists - more mailing lists