lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 Oct 2008 14:51:57 -0500 From: Matt Mackall <mpm@...enic.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>, Christoph Lameter <cl@...ux-foundation.org>, linux-mm <linux-mm@...ck.org>, Nick Piggin <nickpiggin@...oo.com.au>, Ingo Molnar <mingo@...e.hu>, linux-kernel <linux-kernel@...r.kernel.org>, akpm <akpm@...uxfoundation.org>, Pekka J Enberg <penberg@...helsinki.fi> Subject: Re: [BUG] SLOB's krealloc() seems bust On Tue, 2008-10-07 at 11:18 -0700, Linus Torvalds wrote: > > On Tue, 7 Oct 2008, Peter Zijlstra wrote: > > > On Tue, 2008-10-07 at 10:57 -0700, Linus Torvalds wrote: > > > > > Peter - can you check with that > > > > > > > if (slob_page(sp)) > > > > - return ((slob_t *)block - 1)->units + SLOB_UNIT; > > > > + return (((slob_t *)block - 1)->units - 1) * SLOB_UNIT; > > > > > > thing using > > > > > > - return ((slob_t *)block - 1)->units + SLOB_UNIT; > > > + return ((slob_t *)block - 1)->units * SLOB_UNIT; > > > > > > instead? > > > > went splat on the second run... > > Well, that makes it simple. I'll take Matt's patch as being "tested", and > somebody can hopefully explain where the extra unit comes from later. Ok, I think we've gotten to the bottom of this. Here's an incremental patch that doesn't work by dumb luck. Please apply. SLOB: fix bogus ksize calculation fix This fixes the previous fix, which was completely wrong on closer inspection. This version has been manually tested with a user-space test harness and generates sane values. A nearly identical patch has been boot-tested. The problem arose from changing how kmalloc/kfree handled alignment padding without updating ksize to match. This brings it in sync. Signed-off-by: Matt Mackall <mpm@...enic.com> diff -r 3dd2424d4c32 -r 73d55a1b6c10 mm/slob.c --- a/mm/slob.c Tue Oct 07 23:00:11 2008 +0000 +++ b/mm/slob.c Wed Oct 08 14:48:45 2008 -0500 @@ -514,9 +514,11 @@ return 0; sp = (struct slob_page *)virt_to_page(block); - if (slob_page(sp)) - return (((slob_t *)block - 1)->units - 1) * SLOB_UNIT; - else + if (slob_page(sp)) { + int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); + unsigned int *m = (unsigned int *)(block - align); + return SLOB_UNITS(*m) * SLOB_UNIT; + } else return sp->page.private; } -- Mathematics is the supreme nostalgia of our time. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists