| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Mar 2013 15:03:26 +0100
From: Castet Matthieu <matthieu.castet@...rot.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] slab : allow SLAB_RED_ZONE and SLAB_STORE_USER to work on arm
On Mon, Jan 21, 2013 at 10:56 AM, Matthieu CASTET
<matthieu.castet@...rot.com> wrote:
> The current slab code only allow to put redzone( and user store) info if "buffer
> alignment(ralign) <= __alignof__(unsigned long long)". This was done because we
> want to keep the buffer aligned for user even after adding redzone at the
> beginning of the buffer (the user store is stored after user buffer) [1]
>
> But instead of disabling this feature when "ralign > __alignof__(unsigned long
> long)", we can force the alignment by allocating ralign before user buffer.
>
> This is done by setting ralign in obj_offset when "ralign > __alignof__(unsigned
> long long)" and keeping the old behavior when "ralign <= __alignof__(unsigned
> long long)" (we set sizeof(unsigned long long)).
>
> The 5c5e3b33b7cb959a401f823707bee006caadd76e commit wasn't handling "ralign <=
> __alignof__(unsigned long long)", that's why it broked some configuration.
>
> This was tested on omap3 (ralign is 64 and __alignof__(unsigned long long) is 8)
>
> [1]
> /*
> * memory layout of objects:
> * 0 : objp
> * 0 .. cachep->obj_offset - BYTES_PER_WORD - 1: padding. This ensures that
> * the end of an object is aligned with the end of the real
> * allocation. Catches writes behind the end of the allocation.
> * cachep->obj_offset - BYTES_PER_WORD .. cachep->obj_offset - 1:
> * redzone word.
> * cachep->obj_offset: The real object.
> * cachep->buffer_size - 2* BYTES_PER_WORD: redzone word [BYTES_PER_WORD long]
> * cachep->buffer_size - 1* BYTES_PER_WORD: last caller address
> * [BYTES_PER_WORD long]
> */
Ping,
Thanks,
Matthieu
>
> Signed-off-by: Matthieu Castet <matthieu.castet@...rot.com>
> CC: Russell King <rmk@....linux.org.uk>
> CC: Pekka Enberg <penberg@...helsinki.fi>
> ---
> mm/slab.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/mm/slab.c b/mm/slab.c
> index e7667a3..d2380d9 100644
> --- a/mm/slab.c
> +++ b/mm/slab.c
> @@ -2392,9 +2392,6 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
> if (ralign < cachep->align) {
> ralign = cachep->align;
> }
> - /* disable debug if necessary */
> - if (ralign > __alignof__(unsigned long long))
> - flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
> /*
> * 4) Store it.
> */
> @@ -2414,8 +2411,9 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
> */
> if (flags & SLAB_RED_ZONE) {
> /* add space for red zone words */
> - cachep->obj_offset += sizeof(unsigned long long);
> - size += 2 * sizeof(unsigned long long);
> + int offset = max(ralign, sizeof(unsigned long long));
> + cachep->obj_offset += offset;
> + size += offset + sizeof(unsigned long long);
> }
> if (flags & SLAB_STORE_USER) {
> /* user store requires one word storage behind the end of
> --
> 1.7.10.4
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists