| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1248846946.17395.59.camel@pasglop>
Date: Wed, 29 Jul 2009 15:55:46 +1000
From: Benjamin Herrenschmidt <benh@...nel.crashing.org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: torvalds@...ux-foundation.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, Pekka Enberg <penberg@...helsinki.fi>
Subject: Re: [PATCH] mm: Make it easier to catch NULL cache names
On Tue, 2009-07-28 at 17:06 -0700, Andrew Morton wrote:
> On Tue, 28 Jul 2009 14:11:29 +1000
> Benjamin Herrenschmidt <benh@...nel.crashing.org> wrote:
>
> > Right now, if you inadvertently pass NULL to kmem_cache_create() at boot
> > time, it crashes much later after boot somewhere deep inside sysfs which
> > makes it very non obvious to figure out what's going on.
>
> That must have been a pretty dumb piece of kernel code. It's a bit
> questionable (IMO) whether we need to cater for really exceptional
> bugs. But whatever.
:-)
It was an array of caches created from something like an enum and the
array of names got out of sync :-)
> slab used to have a check (__get_user) to see whether the ->name field
> was still readable. This was to detect the case where the slab cache
> was created from a kernel module and the module forgot to remove the
> cache at rmmod-time. Subsequent reads of /proc/slabinfo would
> confusingly go splat. The check seems to have been removed (from
> slab.c, at least). If it is still there then it should be applied
> consistently and across all slab versions. In which case that check
> would make your patch arguably-unneeded. But it seems to have got
> itself zapped.
That sounds like a better idea. However, it looks like we create sysfs
things and pass that pointer down to sysfs nowadays, so that's going to
blow up somewhere in the guts of sysfs unless we duplicate the string.
The advantage of duplicating the string would also be that we could
blow up right away if it's NULL :-)
Cheers,
Ben.
> > Signed-off-by: Benjamin Herrenschmidt <benh@...nel.crashing.org>
> > ---
> >
> > Yes, I did hit that :-) Something in ppc land using an array of caches
> > and got the names array out of sync with changes to the list of indices.
> >
> > mm/slub.c | 3 +++
> > 1 files changed, 3 insertions(+), 0 deletions(-)
> >
> > diff --git a/mm/slub.c b/mm/slub.c
> > index b9f1491..e31fbe6 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -3292,6 +3292,9 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
> > {
> > struct kmem_cache *s;
> >
> > + if (WARN_ON(!name))
> > + return NULL;
> > +
> > down_write(&slub_lock);
> > s = find_mergeable(size, align, flags, name, ctor);
> > if (s) {
>
> Let's see:
>
> slab.c: goes BUG
> slob.c: will apparently go oops at some later time
> slqb.c: does dump_stack(), returns NULL from kmem_cache_create()
> slub.c: does WARN(), returns NULL from kmem_cache_create()
>
>
> I think I'll apply the patch, cc Pekka then run away.
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@...ck.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@...ck.org"> email@...ck.org </a>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists