| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Aug 2023 09:44:25 +0800
From: "Leizhen (ThunderTown)" <thunder.leizhen@...weicloud.com>
To: Vlastimil Babka <vbabka@...e.cz>, Christoph Lameter <cl@...ux.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Roman Gushchin <roman.gushchin@...ux.dev>,
Hyeonggon Yoo <42.hyeyoo@...il.com>, linux-mm@...ck.org,
"Paul E . McKenney" <paulmck@...nel.org>,
Frederic Weisbecker <frederic@...nel.org>,
Neeraj Upadhyay <quic_neeraju@...cinc.com>,
Joel Fernandes <joel@...lfernandes.org>,
Josh Triplett <josh@...htriplett.org>,
Boqun Feng <boqun.feng@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Lai Jiangshan <jiangshanlai@...il.com>,
Zqiang <qiang.zhang1211@...il.com>, rcu@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Zhen Lei <thunder.leizhen@...wei.com>
Subject: Re: [PATCH v5 3/3] mm: Dump the memory of slab object in
kmem_dump_obj()
On 2023/8/3 18:34, Vlastimil Babka wrote:
> On 8/3/23 12:17, thunder.leizhen@...weicloud.com wrote:
>> From: Zhen Lei <thunder.leizhen@...wei.com>
>>
>> The contents of the slab object may contain some magic words and other
>> useful information that may be helpful in locating problems such as
>> memory corruption and use-after-free.
>>
>> To avoid print flooding, dump up to "16 * sizeof(int) = 64" bytes
>> centered on argument 'ojbect'.
>>
>> For example:
>> slab kmalloc-64 start ffff4043802d8b40 pointer offset 24 size 64
>> [8b40]: 12345678 00000000 8092d000 ffff8000
>> [8b50]: 00101000 00000000 8199ee00 ffff4043
>> [8b60]: 00000000 00000000 00000000 00000100
>> [8b70]: 00000000 9abcdef0 a8744de4 ffffc7fe
>>
>> Signed-off-by: Zhen Lei <thunder.leizhen@...wei.com>
>> ---
>> mm/slab_common.c | 30 +++++++++++++++++++++++++++---
>> 1 file changed, 27 insertions(+), 3 deletions(-)
>>
>> diff --git a/mm/slab_common.c b/mm/slab_common.c
>> index ee6ed6dd7ba9fa5..0232de9a3b29cf5 100644
>> --- a/mm/slab_common.c
>> +++ b/mm/slab_common.c
>> @@ -553,7 +553,7 @@ static void kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *
>> bool kmem_dump_obj(void *object)
>> {
>> char *cp = IS_ENABLED(CONFIG_MMU) ? "" : "/vmalloc";
>> - int i;
>> + int i, object_size = 0;
>> struct slab *slab;
>> unsigned long ptroffset;
>> struct kmem_obj_info kp = { };
>> @@ -580,12 +580,36 @@ bool kmem_dump_obj(void *object)
>> ptroffset = ((char *)object - (char *)kp.kp_objp) - kp.kp_data_offset;
>> pr_cont(" pointer offset %lu", ptroffset);
>> }
>> - if (kp.kp_slab_cache && kp.kp_slab_cache->object_size)
>> - pr_cont(" size %u", kp.kp_slab_cache->object_size);
>> + if (kp.kp_slab_cache && kp.kp_slab_cache->object_size) {
>> + object_size = kp.kp_slab_cache->object_size;
>> + pr_cont(" size %u", object_size);
>> + }
>> if (kp.kp_ret)
>> pr_cont(" allocated at %pS\n", kp.kp_ret);
>> else
>> pr_cont("\n");
>> +
>> + /* Dump a small piece of memory centered on 'object' */
>> + if (kp.kp_objp && object_size) {
>> + int *p = object, n = 16;
>> +
>> + p += n / 2;
>> + if ((void *)p > kp.kp_objp + object_size)
>> + p = kp.kp_objp + object_size;
>> +
>> + p -= n;
>> + if ((void *)p < kp.kp_objp)
>> + p = kp.kp_objp;
>> +
>> + n = min_t(int, object_size / sizeof(int), n);
>> + for (i = 0; i < n; i++, p++) {
>> + if (i % 4 == 0)
>> + pr_info("[%04lx]:", 0xffff & (unsigned long)p);
>> + pr_cont(" %08x", *p);
>> + }
>> + pr_cont("\n");
>
> There's a print_hex_dump() for this, see how it's used from e.g. __dump_page().
Thank you very much. The code has suddenly been a lot simpler.
However, print_hex_dump() can be further enhanced, I will add a patch, let's
discuss it together.
>
>
>> + }
>> +
>> for (i = 0; i < ARRAY_SIZE(kp.kp_stack); i++) {
>> if (!kp.kp_stack[i])
>> break;
>
> .
>
--
Regards,
Zhen Lei
Powered by blists - more mailing lists