| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b4d05ff7-0fe2-67d8-f2a7-6d0c2ab19408@redhat.com>
Date: Mon, 27 Apr 2020 09:29:41 -0400
From: Waiman Long <longman@...hat.com>
To: Matthew Wilcox <willy@...radead.org>
Cc: Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, Changbin Du <changbin.du@...il.com>
Subject: Re: [PATCH] mm/slub: Fix incorrect checkings of s->offset
On 4/27/20 9:18 AM, Waiman Long wrote:
> On 4/27/20 8:38 AM, Matthew Wilcox wrote:
>> On Sun, Apr 26, 2020 at 10:02:12PM -0400, Waiman Long wrote:
>>> In a couple of places in the slub memory allocator, the code uses
>>> "s->offset" as a check to see if the free pointer is put right after
>>> the
>>> object. That check is no longer true with commit 3202fa62fb43 ("slub:
>>> relocate freelist pointer to middle of object").
>>>
>>> As a result, echoing "1" into the validate sysfs file, e.g. of dentry,
>>> may cause a bunch of "Freepointer corrupt" error reports to appear with
>>> the system in panic afterwards.
>>>
>>> To fix it, use the check "s->offset == s->inuse" instead.
>> I think a little refactoring would make this more clear.
>>
>> unsigned int track_offset(const struct kmem_cache *s)
>> {
>> return s->inuse + (s->offset == s->inuse) ? sizeof(void *) : 0;
>> }
>
> Yes, that was what I am thinking of doing in v2.
BTW, "+" has a higher priority than "?:". So we need a parenthesis
around "?:".
Cheers,
Longman
Powered by blists - more mailing lists