| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c22e1d58-e16f-fde5-cee7-c13dedbe1656@linux.dev>
Date: Tue, 21 Mar 2023 15:04:46 +0800
From: Muchun Song <muchun.song@...ux.dev>
To: Peng Zhang <zhangpeng.00@...edance.com>
Cc: kasan-dev@...glegroups.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, dvyukov@...gle.com,
roman.gushchin@...ux.dev, jannh@...gle.com, sjpark@...zon.de,
akpm@...ux-foundation.org, elver@...gle.com, glider@...gle.com,
Muchun Song <songmuchun@...edance.com>
Subject: Re: [PATCH] mm: kfence: fix PG_slab and memcg_data clearing
On 2023/3/21 12:14, Peng Zhang wrote:
>
> 在 2023/3/20 11:00, Muchun Song 写道:
>> It does not reset PG_slab and memcg_data when KFENCE fails to initialize
>> kfence pool at runtime. It is reporting a "Bad page state" message when
>> kfence pool is freed to buddy. The checking of whether it is a compound
>> head page seems unnecessary sicne we already guarantee this when
>> allocating
>> kfence pool, removing the check to simplify the code.
>>
>> Fixes: 0ce20dd84089 ("mm: add Kernel Electric-Fence infrastructure")
>> Fixes: 8f0b36497303 ("mm: kfence: fix objcgs vector allocation")
>> Signed-off-by: Muchun Song <songmuchun@...edance.com>
>> ---
>> mm/kfence/core.c | 30 +++++++++++++++---------------
>> 1 file changed, 15 insertions(+), 15 deletions(-)
>>
>> diff --git a/mm/kfence/core.c b/mm/kfence/core.c
>> index 79c94ee55f97..d66092dd187c 100644
>> --- a/mm/kfence/core.c
>> +++ b/mm/kfence/core.c
>> @@ -561,10 +561,6 @@ static unsigned long kfence_init_pool(void)
>> if (!i || (i % 2))
>> continue;
>> - /* Verify we do not have a compound head page. */
>> - if (WARN_ON(compound_head(&pages[i]) != &pages[i]))
>> - return addr;
>> -
>> __folio_set_slab(slab_folio(slab));
>> #ifdef CONFIG_MEMCG
>> slab->memcg_data = (unsigned long)&kfence_metadata[i / 2 -
>> 1].objcg |
>> @@ -597,12 +593,26 @@ static unsigned long kfence_init_pool(void)
>> /* Protect the right redzone. */
>> if (unlikely(!kfence_protect(addr + PAGE_SIZE)))
>> - return addr;
>> + goto reset_slab;
>> addr += 2 * PAGE_SIZE;
>> }
>> return 0;
>> +
>> +reset_slab:
>> + for (i = 0; i < KFENCE_POOL_SIZE / PAGE_SIZE; i++) {
>> + struct slab *slab = page_slab(&pages[i]);
>> +
>> + if (!i || (i % 2))
>> + continue;
>> +#ifdef CONFIG_MEMCG
>> + slab->memcg_data = 0;
>> +#endif
>> + __folio_clear_slab(slab_folio(slab));
>> + }
> Can this loop be simplified to this?
>
> for (i = 2; i < KFENCE_POOL_SIZE / PAGE_SIZE; i+=2) {
> struct slab *slab = page_slab(&pages[i]);
> #ifdef CONFIG_MEMCG
> slab->memcg_data = 0;
> #endif
> __folio_clear_slab(slab_folio(slab));
> }
>
It's a good simplification. The loop setting Pg_slab before this
also can be simplified in the same way. However, I choose a
consistent way to fix this bug. I'd like to send a separate
simplification patch to simplify both two loops instead of
in a bugfix patch.
Thanks.
Powered by blists - more mailing lists