| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2015 15:50:59 -0700 (PDT)
From: David Rientjes <rientjes@...gle.com>
To: Andrey Ryabinin <ryabinin.a.a@...il.com>
cc: Andrew Morton <akpm@...ux-foundation.org>,
Dave Kleikamp <shaggy@...nel.org>,
Christoph Hellwig <hch@....de>,
Sebastian Ott <sebott@...ux.vnet.ibm.com>,
Mikulas Patocka <mpatocka@...hat.com>,
Catalin Marinas <catalin.marinas@....com>,
LKML <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
jfs-discussion@...ts.sourceforge.net
Subject: Re: [patch v2 4/4] mm, mempool: poison elements backed by page
allocator
On Thu, 26 Mar 2015, Andrey Ryabinin wrote:
> > +static void check_element(mempool_t *pool, void *element)
> > +{
> > + /* Mempools backed by slab allocator */
> > + if (pool->free == mempool_free_slab || pool->free == mempool_kfree)
> > + __check_element(pool, element, ksize(element));
> > +
> > + /* Mempools backed by page allocator */
> > + if (pool->free == mempool_free_pages) {
> > + int order = (int)(long)pool->pool_data;
> > + void *addr = page_address(element);
> > +
> > + __check_element(pool, addr, 1UL << (PAGE_SHIFT + order));
> > }
> > }
> >
> > -static void poison_slab_element(mempool_t *pool, void *element)
> > +static void __poison_element(void *element, size_t size)
> > {
> > - if (pool->alloc == mempool_alloc_slab ||
> > - pool->alloc == mempool_kmalloc) {
> > - size_t size = ksize(element);
> > - u8 *obj = element;
> > + u8 *obj = element;
> > +
> > + memset(obj, POISON_FREE, size - 1);
> > + obj[size - 1] = POISON_END;
> > +}
> > +
> > +static void poison_element(mempool_t *pool, void *element)
> > +{
> > + /* Mempools backed by slab allocator */
> > + if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc)
> > + __poison_element(element, ksize(element));
> > +
> > + /* Mempools backed by page allocator */
> > + if (pool->alloc == mempool_alloc_pages) {
> > + int order = (int)(long)pool->pool_data;
> > + void *addr = page_address(element);
> >
> > - memset(obj, POISON_FREE, size - 1);
> > - obj[size - 1] = POISON_END;
> > + __poison_element(addr, 1UL << (PAGE_SHIFT + order));
>
> I think, it would be better to use kernel_map_pages() here and in
> check_element().
Hmm, interesting suggestion.
> This implies that poison_element()/check_element() has to be moved out of
> CONFIG_DEBUG_SLAB || CONFIG_SLUB_DEBUG_ON ifdef (keeping only slab
> poisoning under this ifdef).
The mempool poisoning introduced here is really its own poisoning built on
top of whatever the mempool allocator is. Otherwise, it would have called
into the slab subsystem to do the poisoning and include any allocated
space beyond the object size itself. Mempool poisoning is agnostic to the
underlying memory just like the chain of elements is, mempools don't even
store size.
We don't have a need to set PAGE_EXT_DEBUG_POISON on these pages sitting
in the reserved pool, nor do we have a need to do kmap_atomic() since it's
already mapped and must be mapped to be on the reserved pool, which is
handled by mempool_free().
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists