lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c4a55668-dfdf-42f3-89b7-eb9c5ded4c81@suse.cz>
Date: Fri, 18 Oct 2024 11:51:49 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: Feng Tang <feng.tang@...el.com>, Andrew Morton
 <akpm@...ux-foundation.org>, Christoph Lameter <cl@...ux.com>,
 Pekka Enberg <penberg@...nel.org>, David Rientjes <rientjes@...gle.com>,
 Joonsoo Kim <iamjoonsoo.kim@....com>,
 Roman Gushchin <roman.gushchin@...ux.dev>,
 Hyeonggon Yoo <42.hyeyoo@...il.com>, Andrey Konovalov
 <andreyknvl@...il.com>, Marco Elver <elver@...gle.com>,
 Alexander Potapenko <glider@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>,
 Danilo Krummrich <dakr@...nel.org>, Narasimhan.V@....com
Cc: linux-mm@...ck.org, kasan-dev@...glegroups.com,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 0/3] mm/slub: Improve data handling of krealloc() when
 orig_size is enabled

On 10/16/24 17:41, Feng Tang wrote:
> Danilo Krummrich's patch [1] raised one problem about krealloc() that
> its caller doesn't pass the old request size, say the object is 64
> bytes kmalloc one, but caller originally only requested 48 bytes. Then
> when krealloc() shrinks or grows in the same object, or allocate a new
> bigger object, it lacks this 'original size' information to do accurate
> data preserving or zeroing (when __GFP_ZERO is set).
> 
> Thus with slub debug redzone and object tracking enabled, parts of the
> object after krealloc() might contain redzone data instead of zeroes,
> which is violating the __GFP_ZERO guarantees. Good thing is in this
> case, kmalloc caches do have this 'orig_size' feature, which could be
> used to improve the situation here.
> 
> To make the 'orig_size' accurate, we adjust some kasan/slub meta data
> handling. Also add a slub kunit test case for krealloc().
> 
> Many thanks to syzbot and V, Narasimhan for detecting issues of the
> v2 patches.
> 
> This is again linux-slab tree's 'for-6.13/fixes' branch

Thanks, added there.

Vlastimil

> [1]. https://lore.kernel.org/lkml/20240812223707.32049-1-dakr@kernel.org/
> 
> Thanks,
> Feng
> 
> Changelog:
> 
>   Since v2:
>   * Fix NULL pointer issue related to big kmalloc object which has
>     no associated slab (V, Narasimhan, syzbot)
>   * Fix issue related handling for kfence allocated object (syzbot,
>     Marco Elver)
>   * drop the 0001 and 0003 patch whch have been merged to slab tree
> 
>   Since v1:
>   * Drop the patch changing generic kunit code from this patchset,
>     and will send it separately.
>   * Separate the krealloc moving form slab_common.c to slub.c to a 
>     new patch for better review (Danilo/Vlastimil)
>   * Improve commit log and comments (Vlastimil/Danilo) 
>   * Rework the kunit test case to remove its dependency over
>     slub_debug (which is incomplete in v1) (Vlastimil)
>   * Add ack and review tag from developers.
> 
> 
> 
> Feng Tang (3):
>   mm/slub: Consider kfence case for get_orig_size()
>   mm/slub: Improve redzone check and zeroing for krealloc()
>   mm/slub, kunit: Add testcase for krealloc redzone and zeroing
> 
>  lib/slub_kunit.c | 42 +++++++++++++++++++++++
>  mm/slub.c        | 87 +++++++++++++++++++++++++++++++++++-------------
>  2 files changed, 105 insertions(+), 24 deletions(-)
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ