| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yz5zyRK1XfKfFITD@hyeyoo>
Date: Thu, 6 Oct 2022 15:20:57 +0900
From: Hyeonggon Yoo <42.hyeyoo@...il.com>
To: Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Vlastimil Babka <vbabka@...e.cz>,
Roman Gushchin <roman.gushchin@...ux.dev>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm: slub: remove dead and buggy code from
sysfs_slab_add()
On Mon, Oct 03, 2022 at 11:38:30AM +0200, Rasmus Villemoes wrote:
> On 03/10/2022 09.02, Hyeonggon Yoo wrote:
> > On Fri, Sep 30, 2022 at 10:47:42AM +0200, Rasmus Villemoes wrote:
> >> The function sysfs_slab_add() has two callers:
> >>
> >> One is slab_sysfs_init(), which first initializes slab_kset, and only
> >> when that succeeds sets slab_state to FULL, and then proceeds to call
> >> sysfs_slab_add() for all previously created slabs.
> >>
> >> The other is __kmem_cache_create(), but only after a
> >>
> >> if (slab_state <= UP)
> >> return 0;
> >>
> >> check.
> >>
> >> So in other words, sysfs_slab_add() is never called without
> >> slab_kset (aka the return value of cache_kset()) being non-NULL.
> >>
> >> And this is just as well, because if we ever did take this path and
> >> called kobject_init(&s->kobj), and then later when called again from
> >> slab_sysfs_init() would end up calling kobject_init_and_add(), we
> >> would hit
> >>
> >> if (kobj->state_initialized) {
> >> /* do not error out as sometimes we can recover */
> >> pr_err("kobject (%p): tried to init an initialized object, something is seriously wrong.\n",
> >> dump_stack();
> >> }
> >>
> >> in kobject.c.
> >>
> >> Signed-off-by: Rasmus Villemoes <linux@...musvillemoes.dk>
> >> ---
> >> mm/slub.c | 5 -----
> >> 1 file changed, 5 deletions(-)
> >>
> >> diff --git a/mm/slub.c b/mm/slub.c
> >> index 4b98dff9be8e..04a7f75a7b1f 100644
> >> --- a/mm/slub.c
> >> +++ b/mm/slub.c
> >> @@ -5937,11 +5937,6 @@ static int sysfs_slab_add(struct kmem_cache *s)
> >> struct kset *kset = cache_kset(s);
> >> int unmergeable = slab_unmergeable(s);
> >>
> >> - if (!kset) {
> >> - kobject_init(&s->kobj, &slab_ktype);
> >> - return 0;
> >> - }
> >> -
> >> if (!unmergeable && disable_higher_order_debug &&
> >> (slub_debug & DEBUG_METADATA_FLAGS))
> >> unmergeable = 1;
> >> --
> >> 2.37.2
> >
> > I assumed that it's hit when SLUB failed to initialize slab_kset in
> > slab_sysfs_init(). (Yeah, it is too unlikely, though....)
>
> No, it is not, because if the creation of slab_kset fails,
> slab_sysfs_init() returns early, and hence slab_state never transitions
> to FULL.
Yeah, you are right ;-) I misread that.
> I don't see anywhere else where slab_state could become FULL
> (of course in slab.c and slob.c, but those are not built when slub.c
> is), so I do believe my analysis in the commit log is correct.
Right.
> > And obviously it's a bug if sysfs_slab_add() is called early than
> > slab_sysfs_init().
>
> Yes, and that's already what the existing slab_state check guards.
>
> Rasmus
Looks good to me,
Reviewed-by: Hyeonggon Yoo <42.hyeyoo@...il.com>
Thanks!
--
Thanks,
Hyeonggon
Powered by blists - more mailing lists