lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.00.1111221052130.28197@router.home>
Date:	Tue, 22 Nov 2011 10:53:06 -0600 (CST)
From:	Christoph Lameter <cl@...ux.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
cc:	Markus Trippelsdorf <markus@...ppelsdorf.de>,
	Christian Kujau <lists@...dbynature.de>,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	"Alex,Shi" <alex.shi@...el.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	Pekka Enberg <penberg@...nel.org>,
	Matt Mackall <mpm@...enic.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Tejun Heo <tj@...nel.org>
Subject: slub: Lockout validation scans during freeing of object

A bit heavy handed locking but this should do the trick.

Subject: slub: Lockout validation scans during freeing of object

Slab validation can run right now while the slab free paths prepare
the redzone fields etc around the objects in preparation of the
actual freeing of the object. This can lead to false positives.

Take the node lock unconditionally during free so that the validation
can examine objects without them being disturbed by freeing operations.

Signed-off-by: Christoph Lameter <cl@...ux.com>

---
 mm/slub.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

Index: linux-2.6/mm/slub.c
===================================================================
--- linux-2.6.orig/mm/slub.c	2011-11-22 10:42:19.000000000 -0600
+++ linux-2.6/mm/slub.c	2011-11-22 10:44:34.000000000 -0600
@@ -2391,8 +2391,15 @@ static void __slab_free(struct kmem_cach

 	stat(s, FREE_SLOWPATH);

-	if (kmem_cache_debug(s) && !free_debug_processing(s, page, x, addr))
-		return;
+	if (kmem_cache_debug(s)) {
+
+		/* Lock out any concurrent validate_slab calls */
+		n = get_node(s, page_to_nid(page));
+		spin_lock_irqsave(&n->list_lock, flags);
+
+		if (!free_debug_processing(s, page, x, addr))
+			goto out;
+	}

 	do {
 		prior = page->freelist;
@@ -2471,6 +2478,7 @@ static void __slab_free(struct kmem_cach
 			stat(s, FREE_ADD_PARTIAL);
 		}
 	}
+out:
 	spin_unlock_irqrestore(&n->list_lock, flags);
 	return;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ