| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Jul 2023 09:57:15 -0400
From: "Liam R. Howlett" <Liam.Howlett@...cle.com>
To: Peng Zhang <zhangpeng.00@...edance.com>
Cc: akpm@...ux-foundation.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, maple-tree@...ts.infradead.org
Subject: Re: [RESEND PATCH 3/8] maple_tree: make mas_validate_gaps() to check
metadata
* Peng Zhang <zhangpeng.00@...edance.com> [230710 05:44]:
>
>
> 在 2023/7/7 22:45, Liam R. Howlett 写道:
> > * Peng Zhang <zhangpeng.00@...edance.com> [230707 06:11]:
> > > Make mas_validate_gaps() check whether the offset in the metadata points
> > > to the largest gap. By the way, simplify this function.
> > >
> > > Signed-off-by: Peng Zhang <zhangpeng.00@...edance.com>
> > > ---
> > > lib/maple_tree.c | 68 +++++++++++++++++++++++-------------------------
> > > 1 file changed, 33 insertions(+), 35 deletions(-)
> > >
> > > diff --git a/lib/maple_tree.c b/lib/maple_tree.c
> > > index 6a8982146338..1fe8b6a787dd 100644
> > > --- a/lib/maple_tree.c
> > > +++ b/lib/maple_tree.c
> > > @@ -6983,15 +6983,16 @@ EXPORT_SYMBOL_GPL(mt_dump);
> > > static void mas_validate_gaps(struct ma_state *mas)
> > > {
> > > struct maple_enode *mte = mas->node;
> > > - struct maple_node *p_mn;
> > > + struct maple_node *p_mn, *node = mte_to_node(mte);
> > > + enum maple_type mt = mte_node_type(mas->node);
> > > unsigned long gap = 0, max_gap = 0;
> > > unsigned long p_end, p_start = mas->min;
> > > - unsigned char p_slot;
> > > + unsigned char p_slot, offset;
> > > unsigned long *gaps = NULL;
> > > - unsigned long *pivots = ma_pivots(mte_to_node(mte), mte_node_type(mte));
> > > + unsigned long *pivots = ma_pivots(node, mt);
> > > int i;
> > > - if (ma_is_dense(mte_node_type(mte))) {
> > > + if (ma_is_dense(mt)) {
> > > for (i = 0; i < mt_slot_count(mte); i++) {
> > > if (mas_get_slot(mas, i)) {
> > > if (gap > max_gap)
> > > @@ -7004,52 +7005,51 @@ static void mas_validate_gaps(struct ma_state *mas)
> > > goto counted;
> > > }
> > > - gaps = ma_gaps(mte_to_node(mte), mte_node_type(mte));
> > > + gaps = ma_gaps(node, mt);
> > > for (i = 0; i < mt_slot_count(mte); i++) {
> > > - p_end = mas_logical_pivot(mas, pivots, i, mte_node_type(mte));
> > > + p_end = mas_logical_pivot(mas, pivots, i, mt);
> > > if (!gaps) {
> > > - if (mas_get_slot(mas, i)) {
> > > - gap = 0;
> > > - goto not_empty;
> > > - }
> > > -
> > > - gap += p_end - p_start + 1;
> > > + if (!mas_get_slot(mas, i))
> > > + gap = p_end - p_start + 1;
> > > } else {
> > > void *entry = mas_get_slot(mas, i);
> > > gap = gaps[i];
> > > - if (!entry) {
> > > - if (gap != p_end - p_start + 1) {
> > > - pr_err("%p[%u] -> %p %lu != %lu - %lu + 1\n",
> > > - mas_mn(mas), i,
> > > - mas_get_slot(mas, i), gap,
> > > - p_end, p_start);
> > > - mt_dump(mas->tree, mt_dump_hex);
> > > -
> > > - MT_BUG_ON(mas->tree,
> > > - gap != p_end - p_start + 1);
> > > - }
> > > - } else {
> > > - if (gap > p_end - p_start + 1) {
> > > - pr_err("%p[%u] %lu >= %lu - %lu + 1 (%lu)\n",
> > > - mas_mn(mas), i, gap, p_end, p_start,
> > > - p_end - p_start + 1);
> > > - MT_BUG_ON(mas->tree,
> > > - gap > p_end - p_start + 1);
> > > - }
> > > + MT_BUG_ON(mas->tree, !entry);
> > > +
> > > + if (gap > p_end - p_start + 1) {
> > > + pr_err("%p[%u] %lu >= %lu - %lu + 1 (%lu)\n",
> > > + mas_mn(mas), i, gap, p_end, p_start,
> > > + p_end - p_start + 1);
> > > + MT_BUG_ON(mas->tree,
> > > + gap > p_end - p_start + 1);
> >
> > Your change above points out that we are not verifying all gaps are zero
> > in non-leaf nodes after p_end >= mas->max. If we don't have a 'no gap'
> > indicator then this may be an issue, or maybe it already is an issue?
> If we don't have a 'no gap' indicator, why is there an issue? Are you
> worried that meta_gap is wrongly pointing to the gap after the node
> limit? If so we can verify that meta_gap points to a gap within the node
> limit.
I'm saying we aren't checking that gaps beyond the node limit are zero.
I wasn't concerned about the meta_gap pointing beyond the node limit,
but it would probably be a good check too.
> >
> > > }
> > > }
> > > if (gap > max_gap)
> > > max_gap = gap;
> > > -not_empty:
> > > +
> > > p_start = p_end + 1;
> > > if (p_end >= mas->max)
> > > break;
> > > }
> > > counted:
> > > + if (mt == maple_arange_64) {
> >
> > We could loop through the remainder of the gaps here pretty easily.
> In this way, it can be verified that the gaps after the node limit are
> 0.
Yes, I think that's a good idea. I don't believe we have a check for
this anywhere.
>
> >
> > > + offset = ma_meta_gap(node, mt);
> > > + if (offset > mt_slots[mt]) {
> > > + pr_err("gap offset %p[%u] is invalid\n", node, offset);
> > > + MT_BUG_ON(mas->tree, 1);
> > > + }
> > > +
> > > + if (gaps[offset] != max_gap) {
> > > + pr_err("gap %p[%u] is not the largest gap %lu\n",
> > > + node, offset, max_gap);
> > > + MT_BUG_ON(mas->tree, 1);
> > > + }
> > > + }
> > > +
> > > if (mte_is_root(mte))
> > > return;
> > > @@ -7059,10 +7059,8 @@ static void mas_validate_gaps(struct ma_state *mas)
> > > if (ma_gaps(p_mn, mas_parent_type(mas, mte))[p_slot] != max_gap) {
> > > pr_err("gap %p[%u] != %lu\n", p_mn, p_slot, max_gap);
> > > mt_dump(mas->tree, mt_dump_hex);
> > > + MT_BUG_ON(mas->tree, 1);
> > > }
> > > -
> > > - MT_BUG_ON(mas->tree,
> > > - ma_gaps(p_mn, mas_parent_type(mas, mte))[p_slot] != max_gap);
> > > }
> > > static void mas_validate_parent_slot(struct ma_state *mas)
> > > --
> > > 2.20.1
> > >
> > >
> > > --
> > > maple-tree mailing list
> > > maple-tree@...ts.infradead.org
> > > https://lists.infradead.org/mailman/listinfo/maple-tree
Powered by blists - more mailing lists