| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7530523e-749c-dac7-f6ab-f52dcb20ecb9@redhat.com>
Date: Wed, 29 Apr 2020 09:55:21 -0400
From: Waiman Long <longman@...hat.com>
To: Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Changbin Du <changbin.du@...il.com>,
Matthew Wilcox <willy@...radead.org>,
Markus Elfring <Markus.Elfring@....de>
Subject: Re: [PATCH v3] mm/slub: Fix incorrect interpretation of s->offset
On 4/29/20 9:53 AM, Waiman Long wrote:
> In a couple of places in the slub memory allocator, the code uses
> "s->offset" as a check to see if the free pointer is put right after the
> object. That check is no longer true with commit 3202fa62fb43 ("slub:
> relocate freelist pointer to middle of object").
>
> As a result, echoing "1" into the validate sysfs file, e.g. of dentry,
> may cause a bunch of "Freepointer corrupt" error reports like the
> following to appear with the system in panic afterwards.
>
> [ 38.579769] =============================================================================
> [ 38.580845] BUG dentry(666:pmcd.service) (Tainted: G B): Freepointer corrupt
> [ 38.581948] -----------------------------------------------------------------------------
>
> To fix it, use the check "s->offset == s->inuse" in the new helper
Sorry, forgot to change the commit log to ">=". Anyway, this is a
serious bug that needs to be fixed before v5.7 is released.
Cheers,
Longman
Powered by blists - more mailing lists