| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 Sep 2022 00:58:56 +0200
From: "Vlastimil Babka (SUSE)" <vbabka@...nel.org>
To: Marion & Christophe JAILLET <christophe.jaillet@...adoo.fr>,
Chao Yu <chao@...nel.org>, linux-mm@...ck.org
Cc: akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
Chao Yu <chao.yu@...o.com>, muchun.song@...ux.dev
Subject: Re: [PATCH] mm/slub: fix to return errno if kmalloc() fails
On 9/13/22 07:26, Marion & Christophe JAILLET wrote:
>
> Le 13/09/2022 à 05:42, Chao Yu a écrit :
>> On 2022/9/10 0:47, Christophe JAILLET wrote:
>>> Le 30/08/2022 à 16:10, Chao Yu a écrit :
>>>> From: Chao Yu <chao.yu@...o.com>
>>>>
>>>> In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to
>>>> out-of-memory, if it fails, return errno correctly rather than
>>>> triggering panic via BUG_ON();
>>>>
>>>> kernel BUG at mm/slub.c:5893!
>>>> Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
>>>>
>>>> Call trace:
> [...]
>>>>
>>>> Cc: <stable@...nel.org>
>>>> Reported-by: syzbot+81684812ea68216e08c5@...kaller.appspotmail.com
>>>> Signed-off-by: Chao Yu <chao.yu@...o.com>
>>>> ---
>>>> mm/slub.c | 5 ++++-
>>>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/mm/slub.c b/mm/slub.c
>>>> index 862dbd9af4f5..e6f3727b9ad2 100644
>>>> --- a/mm/slub.c
>>>> +++ b/mm/slub.c
>>>> @@ -5890,7 +5890,8 @@ static char *create_unique_id(struct kmem_cache *s)
>>>> char *name = kmalloc(ID_STR_LENGTH, GFP_KERNEL);
>>>
>>> Hi,
>>>
>>> looks that ID_STR_LENGTH could even be reduced to 32 or 16.
>>>
>>> The 2nd BUG_ON at the end of the function could certainly be just removed
>>> as well or remplaced by a:
>>> if (p > name + ID_STR_LENGTH - 1) {
>>> kfree(name);
>>> return -E<something>;
>>> }
>>
>> Hi Christophe, Vlastimil,
>>
>> Should I include this in v3? or may be in another patch?
>
> Hi,
>
> My own preference would be for 3 patches.
>
> Yours, as-is.
> It fixes a specific issue spotted by syzbot.
Yeah and it's already in git.
> Another one for removing a BUG_ON() (that, IIUC can't happen!)
> Mostly a clean-up or a good practice in order to remove BUG_ON() from the
> kernel we it can be handled another way.
>
> Eventually a 3rd one for reducing ID_STR_LENGTH.
> I guess that it is safe to reduce it to 32 or 16, but the impact on RL would
> be so small, that I wonder if it worth proposing it.
Agree. Doing 2+3 in the same patch would be OK with me too.
Powered by blists - more mailing lists