lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8a08b7aa-ce1f-4b3d-abb5-cf3191474725@suse.cz>
Date:   Thu, 3 Aug 2023 12:34:57 +0200
From:   Vlastimil Babka <vbabka@...e.cz>
To:     thunder.leizhen@...weicloud.com, Christoph Lameter <cl@...ux.com>,
        Pekka Enberg <penberg@...nel.org>,
        David Rientjes <rientjes@...gle.com>,
        Joonsoo Kim <iamjoonsoo.kim@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Roman Gushchin <roman.gushchin@...ux.dev>,
        Hyeonggon Yoo <42.hyeyoo@...il.com>, linux-mm@...ck.org,
        "Paul E . McKenney" <paulmck@...nel.org>,
        Frederic Weisbecker <frederic@...nel.org>,
        Neeraj Upadhyay <quic_neeraju@...cinc.com>,
        Joel Fernandes <joel@...lfernandes.org>,
        Josh Triplett <josh@...htriplett.org>,
        Boqun Feng <boqun.feng@...il.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
        Lai Jiangshan <jiangshanlai@...il.com>,
        Zqiang <qiang.zhang1211@...il.com>, rcu@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     Zhen Lei <thunder.leizhen@...wei.com>
Subject: Re: [PATCH v5 3/3] mm: Dump the memory of slab object in
 kmem_dump_obj()

On 8/3/23 12:17, thunder.leizhen@...weicloud.com wrote:
> From: Zhen Lei <thunder.leizhen@...wei.com>
> 
> The contents of the slab object may contain some magic words and other
> useful information that may be helpful in locating problems such as
> memory corruption and use-after-free.
> 
> To avoid print flooding, dump up to "16 * sizeof(int) = 64" bytes
> centered on argument 'ojbect'.
> 
> For example:
> slab kmalloc-64 start ffff4043802d8b40 pointer offset 24 size 64
> [8b40]: 12345678 00000000 8092d000 ffff8000
> [8b50]: 00101000 00000000 8199ee00 ffff4043
> [8b60]: 00000000 00000000 00000000 00000100
> [8b70]: 00000000 9abcdef0 a8744de4 ffffc7fe
> 
> Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
> ---
>  mm/slab_common.c | 30 +++++++++++++++++++++++++++---
>  1 file changed, 27 insertions(+), 3 deletions(-)
> 
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index ee6ed6dd7ba9fa5..0232de9a3b29cf5 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -553,7 +553,7 @@ static void kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *
>  bool kmem_dump_obj(void *object)
>  {
>  	char *cp = IS_ENABLED(CONFIG_MMU) ? "" : "/vmalloc";
> -	int i;
> +	int i, object_size = 0;
>  	struct slab *slab;
>  	unsigned long ptroffset;
>  	struct kmem_obj_info kp = { };
> @@ -580,12 +580,36 @@ bool kmem_dump_obj(void *object)
>  		ptroffset = ((char *)object - (char *)kp.kp_objp) - kp.kp_data_offset;
>  		pr_cont(" pointer offset %lu", ptroffset);
>  	}
> -	if (kp.kp_slab_cache && kp.kp_slab_cache->object_size)
> -		pr_cont(" size %u", kp.kp_slab_cache->object_size);
> +	if (kp.kp_slab_cache && kp.kp_slab_cache->object_size) {
> +		object_size = kp.kp_slab_cache->object_size;
> +		pr_cont(" size %u", object_size);
> +	}
>  	if (kp.kp_ret)
>  		pr_cont(" allocated at %pS\n", kp.kp_ret);
>  	else
>  		pr_cont("\n");
> +
> +	/* Dump a small piece of memory centered on 'object' */
> +	if (kp.kp_objp && object_size) {
> +		int *p = object, n = 16;
> +
> +		p += n / 2;
> +		if ((void *)p > kp.kp_objp + object_size)
> +			p = kp.kp_objp + object_size;
> +
> +		p -= n;
> +		if ((void *)p < kp.kp_objp)
> +			p = kp.kp_objp;
> +
> +		n = min_t(int, object_size / sizeof(int), n);
> +		for (i = 0; i < n; i++, p++) {
> +			if (i % 4 == 0)
> +				pr_info("[%04lx]:", 0xffff & (unsigned long)p);
> +			pr_cont(" %08x", *p);
> +		}
> +		pr_cont("\n");

There's a print_hex_dump() for this, see how it's used from e.g. __dump_page().


> +	}
> +
>  	for (i = 0; i < ARRAY_SIZE(kp.kp_stack); i++) {
>  		if (!kp.kp_stack[i])
>  			break;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ