| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8a08b7aa-ce1f-4b3d-abb5-cf3191474725@suse.cz>
Date: Thu, 3 Aug 2023 12:34:57 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: thunder.leizhen@...weicloud.com, Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Roman Gushchin <roman.gushchin@...ux.dev>,
Hyeonggon Yoo <42.hyeyoo@...il.com>, linux-mm@...ck.org,
"Paul E . McKenney" <paulmck@...nel.org>,
Frederic Weisbecker <frederic@...nel.org>,
Neeraj Upadhyay <quic_neeraju@...cinc.com>,
Joel Fernandes <joel@...lfernandes.org>,
Josh Triplett <josh@...htriplett.org>,
Boqun Feng <boqun.feng@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Lai Jiangshan <jiangshanlai@...il.com>,
Zqiang <qiang.zhang1211@...il.com>, rcu@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Zhen Lei <thunder.leizhen@...wei.com>
Subject: Re: [PATCH v5 3/3] mm: Dump the memory of slab object in
kmem_dump_obj()
On 8/3/23 12:17, thunder.leizhen@...weicloud.com wrote:
> From: Zhen Lei <thunder.leizhen@...wei.com>
>
> The contents of the slab object may contain some magic words and other
> useful information that may be helpful in locating problems such as
> memory corruption and use-after-free.
>
> To avoid print flooding, dump up to "16 * sizeof(int) = 64" bytes
> centered on argument 'ojbect'.
>
> For example:
> slab kmalloc-64 start ffff4043802d8b40 pointer offset 24 size 64
> [8b40]: 12345678 00000000 8092d000 ffff8000
> [8b50]: 00101000 00000000 8199ee00 ffff4043
> [8b60]: 00000000 00000000 00000000 00000100
> [8b70]: 00000000 9abcdef0 a8744de4 ffffc7fe
>
> Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
> ---
> mm/slab_common.c | 30 +++++++++++++++++++++++++++---
> 1 file changed, 27 insertions(+), 3 deletions(-)
>
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index ee6ed6dd7ba9fa5..0232de9a3b29cf5 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -553,7 +553,7 @@ static void kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *
> bool kmem_dump_obj(void *object)
> {
> char *cp = IS_ENABLED(CONFIG_MMU) ? "" : "/vmalloc";
> - int i;
> + int i, object_size = 0;
> struct slab *slab;
> unsigned long ptroffset;
> struct kmem_obj_info kp = { };
> @@ -580,12 +580,36 @@ bool kmem_dump_obj(void *object)
> ptroffset = ((char *)object - (char *)kp.kp_objp) - kp.kp_data_offset;
> pr_cont(" pointer offset %lu", ptroffset);
> }
> - if (kp.kp_slab_cache && kp.kp_slab_cache->object_size)
> - pr_cont(" size %u", kp.kp_slab_cache->object_size);
> + if (kp.kp_slab_cache && kp.kp_slab_cache->object_size) {
> + object_size = kp.kp_slab_cache->object_size;
> + pr_cont(" size %u", object_size);
> + }
> if (kp.kp_ret)
> pr_cont(" allocated at %pS\n", kp.kp_ret);
> else
> pr_cont("\n");
> +
> + /* Dump a small piece of memory centered on 'object' */
> + if (kp.kp_objp && object_size) {
> + int *p = object, n = 16;
> +
> + p += n / 2;
> + if ((void *)p > kp.kp_objp + object_size)
> + p = kp.kp_objp + object_size;
> +
> + p -= n;
> + if ((void *)p < kp.kp_objp)
> + p = kp.kp_objp;
> +
> + n = min_t(int, object_size / sizeof(int), n);
> + for (i = 0; i < n; i++, p++) {
> + if (i % 4 == 0)
> + pr_info("[%04lx]:", 0xffff & (unsigned long)p);
> + pr_cont(" %08x", *p);
> + }
> + pr_cont("\n");
There's a print_hex_dump() for this, see how it's used from e.g. __dump_page().
> + }
> +
> for (i = 0; i < ARRAY_SIZE(kp.kp_stack); i++) {
> if (!kp.kp_stack[i])
> break;
Powered by blists - more mailing lists