| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <rp5x24bqoaiopfnbjee2f3n7nrg4vh6mt2j4ewutjj42n6dmn7@exl7zdf7pvwx>
Date: Tue, 6 May 2025 13:25:58 +0900
From: Sergey Senozhatsky <senozhatsky@...omium.org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Minchan Kim <minchan@...nel.org>, Yosry Ahmed <yosry.ahmed@...ux.dev>,
Vitaly Wool <vitaly.wool@...sulko.se>, linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Igor Belousov <igor.b@...dev.am>, stable@...r.kernel.org,
Sergey Senozhatsky <senozhatsky@...omium.org>
Subject: Re: [PATCH] zsmalloc: don't underflow size calculation in
zs_obj_write()
On (25/05/04 20:00), Sergey Senozhatsky wrote:
> Do not mix class->size and object size during offsets/sizes
> calculation in zs_obj_write(). Size classes can merge into
> clusters, based on objects-per-zspage and pages-per-zspage
> characteristics, so some size classes can store objects
> smaller than class->size. This becomes problematic when
> object size is much smaller than class->size - we can determine
> that object spans two physical pages, because we use a larger
> class->size for this, while the actual object is much smaller
> and fits one physical page, so there is nothing to write to
> the second page and memcpy() size calculation underflows.
>
> We always know the exact size in bytes of the object
> that we are about to write (store), so use it instead of
> class->size.
I think it's
Fixes: 44f76413496e ("zsmalloc: introduce new object mapping API")
Powered by blists - more mailing lists