Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp353405rdb; Sat, 30 Sep 2023 07:06:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFawSfMs9HIaf+/Y0Vh2iWt9z9pFXqhQkGGjasRXOM2gFgdljDMHFC8/FFN8oL0qW3jrNLt X-Received: by 2002:a17:902:e881:b0:1c7:36ff:1feb with SMTP id w1-20020a170902e88100b001c736ff1febmr12225101plg.17.1696082786633; Sat, 30 Sep 2023 07:06:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696082786; cv=none; d=google.com; s=arc-20160816; b=N8SKiD3li42CsOwRZb2Whmms7sHHfilFDUlBnBcVcmi/PeNPZNtf8hLno536RXH3F6 5Wg+9RUq3u9n/JWKtjGl9sgRUmRgzs5jUVKHukVYfQefnzygI2QCf0i6ovKaZgvT3yWf j6vSV92V/fCH8Vdoa10M8HaNjxz+EFMfGibqNFvtSRbuA+bg4fFI6vZMmlwcM1xFDfsB 0wOlETHv9Z6LEH1+5QSS3LY3IGVyYunFATfZXR31/dmGWQgUJCt+b1cl9yw7yIgeGQRm xiQCy/qCe9K3IypiWECUd/oaMoZpPbd6mDxbWvRw4qGvwArWykz9IrV2QtSRihWDfPOq zc7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=fJo83pwx4y7gaRZ8bey8OSQgDQ8Tv3HF9f55YMBadbY=; fh=OwwHo5J54kmGtDFD7lUbi1kUYB2K6PuCggMbuSLjVHg=; b=pgmCXuhwdQDz+vFYnODtuPZbvFSYhEJowXH0cf09jL2izReuoXu7hk25NTVS+O7kz8 u/UmbTe3CCpfARu2MqrjF7Uf0xrFYSe5v0IbIdv6rQTDppfEDqj9zI+4X/OKeV+gUfPf R+loGiu1w8Oa9NPB8cst9cLR3ln02TnhW9j1odty+6EopGoy3hYz1+HURR1Vgjic/BbT dlgmo7HtagRG5HxfSmATxwadiNcbAckL22mB+mvUnCV5PKj8V6/emeuSJ36VG3j//QqC EDEZxNv++1Py/in0r9zI1olrc4XKAQcOpnl6/Cm/xtZGqtXfV6n28p2FSBS2hJ3ISYPs 93ng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=aP39uq4x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id p16-20020a170902e75000b001c3e500e6d4si24658514plf.344.2023.09.30.07.06.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 Sep 2023 07:06:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=aP39uq4x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 8DDFF812D222; Sat, 30 Sep 2023 04:05:20 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234080AbjI3LER (ORCPT + 99 others); Sat, 30 Sep 2023 07:04:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233237AbjI3LEP (ORCPT ); Sat, 30 Sep 2023 07:04:15 -0400 Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com [IPv6:2607:f8b0:4864:20::e32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 723C0CA; Sat, 30 Sep 2023 04:04:13 -0700 (PDT) Received: by mail-vs1-xe32.google.com with SMTP id ada2fe7eead31-4526c6579afso1096302137.0; Sat, 30 Sep 2023 04:04:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696071852; x=1696676652; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=fJo83pwx4y7gaRZ8bey8OSQgDQ8Tv3HF9f55YMBadbY=; b=aP39uq4xPESzyElD1xyo5SmtwAiJ1LP5/dqlMERS2bF7kLP/CTgoOYcUsR9EPFdmsZ n0Huf8YvLlUJ6K/y0QC2sntpMWXgTExpZ8AEMCpleaGqwR89LxkQVLLcNZG8hfxr2jQo N1SPm0CpvBcyk1pRCEfouwElfvgBnsQLsqbwMj17NHIMGXYNbCMSPVIVjUNmyIePiHS+ U+nTQowuoxjha4hRQEqSftHLx9D3ynspzNc5BvsNZ2nAMUpcUNiJC7mE9zUOAJ8ausGv xIqqs5lDYKRqxjxPTR0Uca4SPlTNjtcDM8xAssurtN+8lRH7VCDMAMmt2FBK5bYn6lbo GkAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696071852; x=1696676652; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fJo83pwx4y7gaRZ8bey8OSQgDQ8Tv3HF9f55YMBadbY=; b=a7GlLy76iBo7tg+zuE5jaCFnmkO/FhFbPKLkrXYg9Dy3N9f+iYCA62zAXutPyx1zmw E/jWj1fOviPoZmZIMs9eLMgmbvtV91qGbmewbuzB5pkNjcxuv7Zy460mpvt1/fr4PyIr 0BYVXXOEIqLGWkNXeovXuxvaRpWHGI+jI7oOxcps6Ht7UZUMJFUeipapBZAxQwrZAtmd kJbQg/60sHGygMFWHJUMccbJ9k7Wfuvs1tVyRrksV2rDdgUfxJPA6pUR4Bg9mNzvL1RJ 5fVWvgYVXP7odKXpWToGI9HdW9DhRq4HPb1q0dHGDVniXbRalW/QXBT6KNKuMkU1HjWJ /h+g== X-Gm-Message-State: AOJu0YzSbIBQKusMqRlqDEhyXGUu+DhLFzgaWOgO/tD+O1ANACLTDsnZ 7zHj18KE+gnQSAaEneWTvdt+Zt30mA1iX92U/Jw= X-Received: by 2002:a05:6102:5587:b0:452:6cea:89b7 with SMTP id dc7-20020a056102558700b004526cea89b7mr3719924vsb.14.1696071852334; Sat, 30 Sep 2023 04:04:12 -0700 (PDT) MIME-Version: 1.0 References: <20230915105933.495735-1-matteorizzo@google.com> <20230915105933.495735-2-matteorizzo@google.com> In-Reply-To: <20230915105933.495735-2-matteorizzo@google.com> From: Hyeonggon Yoo <42.hyeyoo@gmail.com> Date: Sat, 30 Sep 2023 20:04:00 +0900 Message-ID: Subject: Re: [RFC PATCH 01/14] mm/slub: don't try to dereference invalid freepointers To: Matteo Rizzo Cc: cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, vbabka@suse.cz, roman.gushchin@linux.dev, keescook@chromium.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, corbet@lwn.net, luto@kernel.org, peterz@infradead.org, jannh@google.com, evn@google.com, poprdi@google.com, jordyzomer@google.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HK_RANDOM_ENVFROM, HK_RANDOM_FROM,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sat, 30 Sep 2023 04:05:20 -0700 (PDT) On Fri, Sep 15, 2023 at 7:59=E2=80=AFPM Matteo Rizzo wrote: > > slab_free_freelist_hook tries to read a freelist pointer from the > current object even when freeing a single object. This is invalid > because single objects don't actually contain a freelist pointer when > they're freed and the memory contains other data. This causes problems > for checking the integrity of freelist in get_freepointer. > > Signed-off-by: Matteo Rizzo > --- > mm/slub.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/mm/slub.c b/mm/slub.c > index f7940048138c..a7dae207c2d2 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -1820,7 +1820,9 @@ static inline bool slab_free_freelist_hook(struct k= mem_cache *s, > > do { > object =3D next; > - next =3D get_freepointer(s, object); > + /* Single objects don't actually contain a freepointer */ > + if (object !=3D old_tail) > + next =3D get_freepointer(s, object); > > /* If object's reuse doesn't have to be delayed */ > if (!slab_free_hook(s, object, slab_want_init_on_free(s))= ) { > -- > 2.42.0.459.ge4e396fd5e-goog > Looks good to me, Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>