| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <891a7635-9074-d320-9571-74f584401f01@redhat.com>
Date: Mon, 27 Apr 2020 09:18:36 -0400
From: Waiman Long <longman@...hat.com>
To: Matthew Wilcox <willy@...radead.org>
Cc: Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, Changbin Du <changbin.du@...il.com>
Subject: Re: [PATCH] mm/slub: Fix incorrect checkings of s->offset
On 4/27/20 8:38 AM, Matthew Wilcox wrote:
> On Sun, Apr 26, 2020 at 10:02:12PM -0400, Waiman Long wrote:
>> In a couple of places in the slub memory allocator, the code uses
>> "s->offset" as a check to see if the free pointer is put right after the
>> object. That check is no longer true with commit 3202fa62fb43 ("slub:
>> relocate freelist pointer to middle of object").
>>
>> As a result, echoing "1" into the validate sysfs file, e.g. of dentry,
>> may cause a bunch of "Freepointer corrupt" error reports to appear with
>> the system in panic afterwards.
>>
>> To fix it, use the check "s->offset == s->inuse" instead.
> I think a little refactoring would make this more clear.
>
> unsigned int track_offset(const struct kmem_cache *s)
> {
> return s->inuse + (s->offset == s->inuse) ? sizeof(void *) : 0;
> }
Yes, that was what I am thinking of doing in v2.
Thanks,
Longman
Powered by blists - more mailing lists