lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz>
Date: Mon, 15 Sep 2025 15:55:07 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: "Matthew Wilcox (Oracle)" <willy@...radead.org>
Cc: Harry Yoo <harry.yoo@...cle.com>, Christoph Lameter <cl@...two.org>, 
 David Rientjes <rientjes@...gle.com>, 
 Roman Gushchin <roman.gushchin@...ux.dev>, 
 Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org, 
 linux-kernel@...r.kernel.org, Vlastimil Babka <vbabka@...e.cz>
Subject: [PATCH v2 0/6] slab: struct slab pointer validation improvements

See below for v2 changelog. I'm going to apply to slab/for-next

This tries to combine the goals of the first 4 patches from Matthew's
series [1] with points raised during review by Christoph and myself.
Patch 4 from [1] is taken as patch 1 here. In other cases the struct
slab pointer validation is better to move to a place where it can be
performed before touching any of the struct slab fields, rather than
removing it completely.

Further we wrap the validation in a function validate_slab_ptr() and
make the impementation use struct page instead of struct folio to be
compatible with the rest of the series [1]. With further changes towards
memdesc the implementation can change accordingly, if it will still make
sense.

The summary is that we validate pointers from the node partial list when
allocating from it or when validation is triggered from sysfs. When
freeing, we always obtain the slab pointer in a way that the page type
is tested in the process, so we don't need to validate.

Based on:
https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/log/?h=slab/for-6.18/fixes

[1] https://lore.kernel.org/all/20250910115507.1991829-1-willy@infradead.org/

Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
---
Changes in v2:
- Restore remove_partial() in patch 5 (thanks to Harry)
- Add R-b's from Harry
- Change validate_slab_ptr() from static to static inline.
- In patch 5, wrap check added to alloc_single_from_partial() in #ifdef
  SLUB_DEBUG due to using slab_err() (thanks to lkp report).
- Also in patch 5, move validate_slab_ptr() under SLUB_DEBUG as it
  becomes an unused function otherwise and W=1 CC=clang complains
- Verify no warnings/errors at every step with W=1 CC=clang and
  SLUB_DEBUG either enabled or disabled.
- Link to v1: https://patch.msgid.link/20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz

---
Matthew Wilcox (Oracle) (1):
      slab: Remove dead code in free_consistency_checks()

Vlastimil Babka (5):
      slab: wrap debug slab validation in validate_slab_ptr()
      slab: move validate_slab_ptr() from check_slab() to its callers
      slab: move validate_slab_ptr() from alloc_consistency_checks() to its caller
      slab: validate slab before using it in alloc_single_from_partial()
      slab: don't validate slab pointer in free_debug_processing()

 mm/slub.c | 62 ++++++++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 40 insertions(+), 22 deletions(-)
---
base-commit: 41534d499e50e23571d6b9960498777d93f817ce
change-id: 20250911-slub-slab-validation-0e4f559b0a1d

Best regards,
-- 
Vlastimil Babka <vbabka@...e.cz>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ