lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAJuCfpG+bgLj6-GKNs7K0vRi7PsQvayTvwfyd+tFSnDY3muDGw@mail.gmail.com>
Date: Tue, 28 Oct 2025 20:22:51 -0700
From: Suren Baghdasaryan <surenb@...gle.com>
To: Hao Ge <hao.ge@...ux.dev>
Cc: Vlastimil Babka <vbabka@...e.cz>, Andrew Morton <akpm@...ux-foundation.org>, 
	Christoph Lameter <cl@...two.org>, David Rientjes <rientjes@...gle.com>, 
	Roman Gushchin <roman.gushchin@...ux.dev>, Harry Yoo <harry.yoo@...cle.com>, 
	Shakeel Butt <shakeel.butt@...ux.dev>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, 
	Hao Ge <gehao@...inos.cn>, stable@...r.kernel.org
Subject: Re: [PATCH v2] codetag: debug: handle existing CODETAG_EMPTY in
 mark_objexts_empty for slabobj_ext

On Tue, Oct 28, 2025 at 6:44 PM Hao Ge <hao.ge@...ux.dev> wrote:
>
> From: Hao Ge <gehao@...inos.cn>
>
> When alloc_slab_obj_exts() fails and then later succeeds in allocating
> a slab extension vector, it calls handle_failed_objexts_alloc() to
> mark all objects in the vector as empty. As a result all objects in
> this slab (slabA) will have their extensions set to CODETAG_EMPTY.
> Later on if this slabA is used to allocate a slabobj_ext vector for
> another slab (slabB), we end up with the slabB->obj_exts pointing to a
> slabobj_ext vector that itself has a non-NULL slabobj_ext equal to
> CODETAG_EMPTY. When slabB gets freed, free_slab_obj_exts() is called
> to free slabB->obj_exts vector. free_slab_obj_exts() calls
> mark_objexts_empty(slabB->obj_exts) which will generate a warning
> because it expects slabobj_ext vectors to have a NULL obj_ext, not
> CODETAG_EMPTY.
>
> Modify mark_objexts_empty() to skip the warning and setting the
> obj_ext value if it's already set to CODETAG_EMPTY.
>
> Fixes: 09c46563ff6d ("codetag: debug: introduce OBJEXTS_ALLOC_FAIL to mark failed slab_ext allocations")
> Cc: <stable@...r.kernel.org>
> Signed-off-by: Hao Ge <gehao@...inos.cn>

Reviewed-by: Suren Baghdasaryan <surenb@...gle.com>

> ---
> v2: Update the commit message and code comments for greater accuracy,
>     incorporating Suren's suggestions.
>     Thanks for Suren's help.
> ---
>  mm/slub.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index d4367f25b20d..589c596163c4 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -2046,7 +2046,11 @@ static inline void mark_objexts_empty(struct slabobj_ext *obj_exts)
>         if (slab_exts) {
>                 unsigned int offs = obj_to_index(obj_exts_slab->slab_cache,
>                                                  obj_exts_slab, obj_exts);
> -               /* codetag should be NULL */
> +
> +               if (unlikely(is_codetag_empty(&slab_exts[offs].ref)))
> +                       return;
> +
> +               /* codetag should be NULL here */
>                 WARN_ON(slab_exts[offs].ref.ct);
>                 set_codetag_empty(&slab_exts[offs].ref);
>         }
> --
> 2.25.1
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ