From: Harry Yoo <harry.yoo@oracle.com>
To: Li Qiong <liqiong@nfschina.com>
Cc: Christoph Lameter <cl@gentwo.org>,
David Rientjes <rientjes@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>,
Roman Gushchin <roman.gushchin@linux.dev>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH v5] mm/slub: avoid accessing metadata when pointer is invalid in object_err()
Date: Mon, 4 Aug 2025 11:35:57 +0900 [thread overview]
Message-ID: <aJAcjcBOcKCDPwjY@hyeyoo> (raw)
In-Reply-To: <aJAaE9Bqb3eSHBX9@hyeyoo>
On Mon, Aug 04, 2025 at 11:25:23AM +0900, Harry Yoo wrote:
> On Mon, Aug 04, 2025 at 09:46:25AM +0800, Li Qiong wrote:
> > object_err() reports details of an object for further debugging, such as
> > the freelist pointer, redzone, etc. However, if the pointer is invalid,
> > attempting to access object metadata can lead to a crash since it does
> > not point to a valid object.
> >
> > In case check_valid_pointer() returns false for the pointer, only print
> > the pointer value and skip accessing metadata.
> >
> > Fixes: 81819f0fc828 ("SLUB core")
> > Cc: <stable@vger.kernel.org>
> > Signed-off-by: Li Qiong <liqiong@nfschina.com>
> > ---
> > v2:
> > - rephrase the commit message, add comment for object_err().
> > v3:
> > - check object pointer in object_err().
> > v4:
> > - restore changes in alloc_consistency_checks().
> > v5:
> > - rephrase message, fix code style.
> > ---
>
> Looks good to me,
> Reviewed-by: Harry Yoo <harry.yoo@oracle.com>
>
> --
> Cheers,
> Harry / Hyeonggon
>
> > mm/slub.c | 7 ++++++-
> > 1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/mm/slub.c b/mm/slub.c
> > index 31e11ef256f9..b3eff1476c85 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -1104,7 +1104,12 @@ static void object_err(struct kmem_cache *s, struct slab *slab,
> > return;
> >
> > slab_bug(s, reason);
> > - print_trailer(s, slab, object);
> > + if (!check_valid_pointer(s, slab, object)) {
Wait, hold on. check_valid_pointer() returns true when object == NULL.
the condition should be (!object || !check_valid_pointer())?
> > + print_slab_info(slab);
> > + pr_err("Invalid pointer 0x%p\n", object);
> > + } else {
> > + print_trailer(s, slab, object);
> > + }
> > add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
> >
> > WARN_ON(1);
> > --
> > 2.30.2
--
Cheers,
Harry / Hyeonggon
next prev parent reply other threads:[~2025-08-04 2:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-04 1:46 [PATCH v5] mm/slub: avoid accessing metadata when pointer is invalid in object_err() Li Qiong
2025-08-04 2:25 ` Harry Yoo
2025-08-04 2:35 ` Harry Yoo [this message]
2025-08-04 2:43 ` liqiong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJAcjcBOcKCDPwjY@hyeyoo \
--to=harry.yoo@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=cl@gentwo.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=liqiong@nfschina.com \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=stable@vger.kernel.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.