lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1f785dc2-15c1-930c-4f10-6210fca38f37@gentwo.org>
Date: Mon, 7 Oct 2024 08:57:03 -0700 (PDT)
From: "Christoph Lameter (Ampere)" <cl@...two.org>
To: "yuan.gao" <yuan.gao@...oud.cn>
cc: penberg@...nel.org, rientjes@...gle.com, iamjoonsoo.kim@....com, 
    akpm@...ux-foundation.org, vbabka@...e.cz, roman.gushchin@...ux.dev, 
    42.hyeyoo@...il.com, linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list   

On Sun, 6 Oct 2024, yuan.gao wrote:

> If allocated object failed in alloc_consistency_checks, all objects of
> the slab will be marked as used, and then the slab will be removed from
> the partial list.

Yea so the intend is to isolate the corrupted slab page. There could be
more corrupted data on the page.

> When an object belonging to the slab got freed later, the remove_full()
> function is called. Because the slab is neither on the partial list nor
> on the full list, it eventually lead to a list corruption.

Right. The full list is used in the debug case.

> So we need to add the slab to full list in this case.

That would mean to put the slab with corrupted memory back in circulation.

I guess we would need some check to avoid handling list operations on a
slab page that was removed from the lists because of metadata corruption.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ