| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Feb 2017 07:41:13 -0800
From: Thomas Garnier <thgarnie@...gle.com>
To: Sean Rees <sean@...fax.org>
Cc: Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linux-MM <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] mm/slub: Fix random_seq offset destruction
On Tue, Feb 7, 2017 at 6:07 AM, Sean Rees <sean@...fax.org> wrote:
> Bailout early from init_cache_random_seq if s->random_seq is already
> initialised. This prevents destroying the previously computed random_seq
> offsets later in the function.
>
> If the offsets are destroyed, then shuffle_freelist will truncate
> page->freelist to just the first object (orphaning the rest).
>
> This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551.
>
> Signed-off-by: Sean Rees <sean@...fax.org>
Please add:
Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization")
> ---
> mm/slub.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 7aa6f43..7ec0a96 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -1422,6 +1422,10 @@ static int init_cache_random_seq(struct kmem_cache *s)
> int err;
> unsigned long i, count = oo_objects(s->oo);
>
> + /* Bailout if already initialised */
> + if (s->random_seq)
> + return 0;
> +
> err = cache_random_seq_create(s, count, GFP_KERNEL);
> if (err) {
> pr_err("SLUB: Unable to initialize free list for %s\n",
> --
> 2.9.3
>
Otherwise, looks good to me.
Reviewed-by: Thomas Garnier <thgarnie@...gle.com>
--
Thomas
Powered by blists - more mailing lists