lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aQNc6hCN56LfJGw1@e129823.arm.com>
Date: Thu, 30 Oct 2025 12:41:14 +0000
From: Yeoreum Yun <yeoreum.yun@....com>
To: Harry Yoo <harry.yoo@...cle.com>
Cc: Andrey Ryabinin <ryabinin.a.a@...il.com>, akpm@...ux-foundation.org,
	vbabka@...e.cz, andreyknvl@...il.com, cl@...ux.com,
	dvyukov@...gle.com, glider@...gle.com, hannes@...xchg.org,
	linux-mm@...ck.org, mhocko@...nel.org, muchun.song@...ux.dev,
	rientjes@...gle.com, roman.gushchin@...ux.dev,
	shakeel.butt@...ux.dev, surenb@...gle.com,
	vincenzo.frascino@....com, tytso@....edu, adilger.kernel@...ger.ca,
	linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH V3 7/7] mm/slab: place slabobj_ext metadata in unused
 space within s->size

Hi Harry,
> On Wed, Oct 29, 2025 at 07:19:29PM +0100, Andrey Ryabinin wrote:
> >
> >
> > On 10/27/25 1:28 PM, Harry Yoo wrote:
> >
> > >  			slab->obj_exts |= MEMCG_DATA_OBJEXTS;
> > >  		slab_set_stride(slab, sizeof(struct slabobj_ext));
> > > +	} else if (obj_exts_in_object(s)) {
> > > +		unsigned int offset = obj_exts_offset_in_object(s);
> > > +
> > > +		slab->obj_exts = (unsigned long)slab_address(slab);
> > > +		slab->obj_exts += s->red_left_pad;
> > > +		slab->obj_exts += obj_exts_offset_in_object(s);
> > > +		if (IS_ENABLED(CONFIG_MEMCG))
> > > +			slab->obj_exts |= MEMCG_DATA_OBJEXTS;
> > > +		slab_set_stride(slab, s->size);
> > > +
> > > +		for_each_object(addr, s, slab_address(slab), slab->objects) {
> > > +			kasan_unpoison_range(addr + offset,
> > > +					     sizeof(struct slabobj_ext));
> >
> > Is this leftover from previous version? Otherwise I don't get why we unpoison this.
>
> Oh god, yes! Thanks for catching. Will fix in the next version.
>

Not only this, there would be possible case for WARN_ON() in the
kasan_unpoison_range() for unaligned address with KASAN_GRANULE_SIZE
when:
    - No debug information.
    - object size = 24 byte.
    - align  = 32 bytes.
    - sizeof(struct slabobj_ext) = 8 (CONFIG_MEMCG=y && CONFIG_MEM_ALLOC_PROFILING=n)
    - using KASAN_HW_TAG (KASAN_GRANULE_SIZE = 16 bytes).

Thanks.

--
Sincerely,
Yeoreum Yun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ