From: Alexander Potapenko <glider@google.com>
To: dvyukov@google.com, kcc@google.com, aryabinin@virtuozzo.com,
adech.fo@gmail.com, cl@linux.com, akpm@linux-foundation.org,
rostedt@goodmis.org, js1304@gmail.com, iamjoonsoo.kim@lge.com,
kuthonuzo.luruo@hpe.com
Cc: kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org
Subject: [PATCH v8 1/3] mm, kasan: account for object redzone in SLUB's nearest_obj()
Date: Thu, 28 Jul 2016 17:31:17 +0200 [thread overview]
Message-ID: <1469719879-11761-2-git-send-email-glider@google.com> (raw)
In-Reply-To: <1469719879-11761-1-git-send-email-glider@google.com>
When looking up the nearest SLUB object for a given address, correctly
calculate its offset if SLAB_RED_ZONE is enabled for that cache.
Previously, when KASAN had detected an error on an object from a cache
with SLAB_RED_ZONE set, the actual start address of the object was
miscalculated, which led to random stacks having been reported.
Fixes: 7ed2f9e663854db ("mm, kasan: SLAB support")
Signed-off-by: Alexander Potapenko <glider@google.com>
---
v8: - Updated the patch description
---
include/linux/slub_def.h | 10 ++++++----
mm/slub.c | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
index 5624c1f..cf501cf 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
@@ -119,15 +119,17 @@ static inline void sysfs_slab_remove(struct kmem_cache *s)
void object_err(struct kmem_cache *s, struct page *page,
u8 *object, char *reason);
+void *fixup_red_left(struct kmem_cache *s, void *p);
+
static inline void *nearest_obj(struct kmem_cache *cache, struct page *page,
void *x) {
void *object = x - (x - page_address(page)) % cache->size;
void *last_object = page_address(page) +
(page->objects - 1) * cache->size;
- if (unlikely(object > last_object))
- return last_object;
- else
- return object;
+ void *result = (unlikely(object > last_object)) ? last_object : object;
+
+ result = fixup_red_left(cache, result);
+ return result;
}
#endif /* _LINUX_SLUB_DEF_H */
diff --git a/mm/slub.c b/mm/slub.c
index f9da871..1cdde1a 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -124,7 +124,7 @@ static inline int kmem_cache_debug(struct kmem_cache *s)
#endif
}
-static inline void *fixup_red_left(struct kmem_cache *s, void *p)
+inline void *fixup_red_left(struct kmem_cache *s, void *p)
{
if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE)
p += s->red_left_pad;
--
2.8.0.rc3.226.g39d4020
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Alexander Potapenko <glider@google.com>
To: dvyukov@google.com, kcc@google.com, aryabinin@virtuozzo.com,
adech.fo@gmail.com, cl@linux.com, akpm@linux-foundation.org,
rostedt@goodmis.org, js1304@gmail.com, iamjoonsoo.kim@lge.com,
kuthonuzo.luruo@hpe.com
Cc: kasan-dev@googlegroups.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org
Subject: [PATCH v8 1/3] mm, kasan: account for object redzone in SLUB's nearest_obj()
Date: Thu, 28 Jul 2016 17:31:17 +0200 [thread overview]
Message-ID: <1469719879-11761-2-git-send-email-glider@google.com> (raw)
In-Reply-To: <1469719879-11761-1-git-send-email-glider@google.com>
When looking up the nearest SLUB object for a given address, correctly
calculate its offset if SLAB_RED_ZONE is enabled for that cache.
Previously, when KASAN had detected an error on an object from a cache
with SLAB_RED_ZONE set, the actual start address of the object was
miscalculated, which led to random stacks having been reported.
Fixes: 7ed2f9e663854db ("mm, kasan: SLAB support")
Signed-off-by: Alexander Potapenko <glider@google.com>
---
v8: - Updated the patch description
---
include/linux/slub_def.h | 10 ++++++----
mm/slub.c | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
index 5624c1f..cf501cf 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
@@ -119,15 +119,17 @@ static inline void sysfs_slab_remove(struct kmem_cache *s)
void object_err(struct kmem_cache *s, struct page *page,
u8 *object, char *reason);
+void *fixup_red_left(struct kmem_cache *s, void *p);
+
static inline void *nearest_obj(struct kmem_cache *cache, struct page *page,
void *x) {
void *object = x - (x - page_address(page)) % cache->size;
void *last_object = page_address(page) +
(page->objects - 1) * cache->size;
- if (unlikely(object > last_object))
- return last_object;
- else
- return object;
+ void *result = (unlikely(object > last_object)) ? last_object : object;
+
+ result = fixup_red_left(cache, result);
+ return result;
}
#endif /* _LINUX_SLUB_DEF_H */
diff --git a/mm/slub.c b/mm/slub.c
index f9da871..1cdde1a 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -124,7 +124,7 @@ static inline int kmem_cache_debug(struct kmem_cache *s)
#endif
}
-static inline void *fixup_red_left(struct kmem_cache *s, void *p)
+inline void *fixup_red_left(struct kmem_cache *s, void *p)
{
if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE)
p += s->red_left_pad;
--
2.8.0.rc3.226.g39d4020
next prev parent reply other threads:[~2016-07-28 15:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-28 15:31 [PATCH v8 0/3] mm, kasan: stackdepot and quarantine for SLUB Alexander Potapenko
2016-07-28 15:31 ` Alexander Potapenko
2016-07-28 15:31 ` Alexander Potapenko [this message]
2016-07-28 15:31 ` [PATCH v8 1/3] mm, kasan: account for object redzone in SLUB's nearest_obj() Alexander Potapenko
2016-07-28 15:31 ` [PATCH v8 2/3] mm, kasan: align free_meta_offset on sizeof(void*) Alexander Potapenko
2016-07-28 15:31 ` Alexander Potapenko
2016-08-01 14:55 ` Andrey Ryabinin
2016-08-01 14:55 ` Andrey Ryabinin
2016-08-01 14:56 ` Alexander Potapenko
2016-08-01 14:56 ` Alexander Potapenko
2016-08-01 15:11 ` Andrey Ryabinin
2016-08-01 15:11 ` Andrey Ryabinin
2016-08-01 15:27 ` Alexander Potapenko
2016-08-01 15:27 ` Alexander Potapenko
2016-07-28 15:31 ` [PATCH v8 3/3] mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB Alexander Potapenko
2016-07-28 15:31 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1469719879-11761-2-git-send-email-glider@google.com \
--to=glider@google.com \
--cc=adech.fo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=aryabinin@virtuozzo.com \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=js1304@gmail.com \
--cc=kasan-dev@googlegroups.com \
--cc=kcc@google.com \
--cc=kuthonuzo.luruo@hpe.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.