| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <602c7814-e063-4472-b8a8-6c463e1f8e26@suse.cz> Date: Mon, 25 Aug 2025 17:22:00 +0200 From: Vlastimil Babka <vbabka@...e.cz> To: liqiong <liqiong@...china.com>, Christoph Lameter <cl@...two.org>, David Rientjes <rientjes@...gle.com>, Andrew Morton <akpm@...ux-foundation.org> Cc: Harry Yoo <harry.yoo@...cle.com>, linux-kernel@...r.kernel.org, stable@...r.kernel.org, Matthew Wilcox <willy@...radead.org> Subject: Re: [PATCH v6] mm/slub: avoid accessing metadata when pointer is invalid in object_err() On 8/5/25 03:24, liqiong wrote: > > > 在 2025/8/4 23:19, Vlastimil Babka 写道: >> On 8/4/25 04:57, Li Qiong wrote: >>> object_err() reports details of an object for further debugging, such as >>> the freelist pointer, redzone, etc. However, if the pointer is invalid, >>> attempting to access object metadata can lead to a crash since it does >>> not point to a valid object. >>> >>> In case the pointer is NULL or check_valid_pointer() returns false for >>> the pointer, only print the pointer value and skip accessing metadata. >> We should explain that this is not theoretical so justify the stable cc, so >> I would add: >> >> One known path to the crash is when alloc_consistency_checks() determines >> the pointer to the allocated object is invalid beause of a freelist >> corruption, and calls object_err() to report it. The debug code should >> report and handle the corruption gracefully and not crash in the process. >> >> If you agree, I can do this when picking up the patch after merge window, no >> need to resend. > > Agree, thanks. Merged to -next, thanks.
Powered by blists - more mailing lists