lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 23 Jan 2023 11:04:18 -0600
From:   George Prekas <george@...abrica.net>
To:     linux-kernel@...r.kernel.org, linux-mm@...ck.org
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Christoph Lameter <cl@...ux.com>,
        Pekka Enberg <penberg@...nel.org>,
        David Rientjes <rientjes@...gle.com>,
        Joonsoo Kim <iamjoonsoo.kim@....com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Roman Gushchin <roman.gushchin@...ux.dev>,
        Hyeonggon Yoo <42.hyeyoo@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "Liam R. Howlett" <Liam.Howlett@...cle.com>,
        Fenghua Yu <fenghua.yu@...el.com>,
        Andrei Vagin <avagin@...il.com>,
        George Prekas <george@...abrica.net>
Subject: [PATCH 8/9] mm: kmemleak: erase page->freelist in slab_destroy

slab_destroy frees the allocated memory pointed by page->freelist. It
should also erase the reference to it. Otherwise, when the memory is
reused for another object, kmemleak will find the stale pointer and
erroneously increase the reference count of the new object. That will
lead to undetected memory leaks.

Signed-off-by: George Prekas <george@...abrica.net>
---
 mm/slab.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/slab.c b/mm/slab.c
index aa5eb725ee9c..12acce274502 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -1625,8 +1625,10 @@ static void slab_destroy(struct kmem_cache *cachep, struct slab *slab)
 	 * From now on, we don't use freelist
 	 * although actual page can be freed in rcu context
 	 */
-	if (OFF_SLAB(cachep))
+	if (OFF_SLAB(cachep)) {
 		kfree(freelist);
+		kmemleak_erase(&slab->freelist);
+	}
 }
 
 /*
-- 
2.37.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ