iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/mm
History
Waiman Long 00519f4da8 mm/slub: fix incorrect interpretation of s->offset 
[ Upstream commit cbfc35a48609ceac978791e3ab9dde0c01f8cb20 ]

In a couple of places in the slub memory allocator, the code uses
"s->offset" as a check to see if the free pointer is put right after the
object.  That check is no longer true with commit 3202fa62fb43 ("slub:
relocate freelist pointer to middle of object").

As a result, echoing "1" into the validate sysfs file, e.g.  of dentry,
may cause a bunch of "Freepointer corrupt" error reports like the
following to appear with the system in panic afterwards.

  =============================================================================
  BUG dentry(666:pmcd.service) (Tainted: G    B): Freepointer corrupt
  -----------------------------------------------------------------------------

To fix it, use the check "s->offset == s->inuse" in the new helper
function freeptr_outside_object() instead.  Also add another helper
function get_info_end() to return the end of info block (inuse + free
pointer if not overlapping with object).

Fixes: 3202fa62fb43 ("slub: relocate freelist pointer to middle of object")
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Rafael Aquini <aquini@redhat.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Vitaly Nikolenko <vnik@duasynt.com>
Cc: Silvio Cesare <silvio.cesare@gmail.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Markus Elfring <Markus.Elfring@web.de>
Cc: Changbin Du <changbin.du@gmail.com>
Link: http://lkml.kernel.org/r/20200429135328.26976-1-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-10-01 13:17:59 +02:00
..
kasan
kasan: disable branch tracing for core runtime
2020-05-27 17:46:48 +02:00
backing-dev.c
bdi: add a ->dev_name field to struct backing_dev_info
2020-05-14 07:58:30 +02:00
balloon_compaction.c
mm/balloon_compaction: suppress allocation warnings
2019-09-04 07:42:01 -04:00
cleancache.c
Driver Core and debugfs changes for 5.3-rc1
2019-07-12 12:24:03 -07:00
cma_debug.c
mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
2019-05-14 09:47:45 -07:00
cma.c
cma: don't quit at first error when activating reserved areas
2020-09-03 11:26:51 +02:00
cma.h
compaction.c
mm, compaction: make capture control handling safe wrt interrupts
2020-07-09 09:37:57 +02:00
debug_page_ref.c
debug.c
mm/debug.c: always print flags in dump_page()
2020-03-05 16:43:51 +01:00
dmapool.c
mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
2019-07-12 11:05:46 -07:00
early_ioremap.c
fadvise.c
fs: Export generic_fadvise()
2019-08-30 22:43:58 -07:00
failslab.c
mm/failslab.c: by default, do not fail allocations with direct reclaim only
2019-07-12 11:05:43 -07:00
filemap.c
mm/filemap.c: clear page error before actual read
2020-10-01 13:17:53 +02:00
frame_vector.c
mm: untag user pointers in get_vaddr_frames
2019-09-25 17:51:41 -07:00
frontswap.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 482
2019-06-19 17:09:52 +02:00
gup_benchmark.c
mm/gup: fix memory leak in __gup_benchmark_ioctl
2020-01-09 10:20:00 +01:00
gup.c
gup: document and work around "COW can break either way" issue
2020-06-17 16:40:30 +02:00
highmem.c
mm: convert totalram_pages and totalhigh_pages variables to atomic
2018-12-28 12:11:47 -08:00
hmm.c
pagewalk: separate function pointers from iterator data
2019-09-07 04:28:04 -03:00
huge_memory.c
mm/thp: fix __split_huge_pmd_locked() for migration PMD
2020-09-26 18:03:11 +02:00
hugetlb_cgroup.c
mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
2019-11-15 18:34:00 -08:00
hugetlb.c
mm/hugetlb: fix a race between hugetlb sysctl handlers
2020-09-09 19:12:37 +02:00
hwpoison-inject.c
hwpoison-inject: no need to check return value of debugfs_create functions
2019-06-03 15:39:40 +02:00
init-mm.c
mm/init-mm.c: include <linux/mman.h> for vm_committed_as_batch
2019-10-19 06:32:32 -04:00
internal.h
mm: drop mmap_sem before calling balance_dirty_pages() in write fault
2020-01-09 10:19:55 +01:00
interval_tree.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 248
2019-06-19 17:09:08 +02:00
Kconfig
mm,thp: add read-only THP support for (non-shmem) FS
2019-09-24 15:54:11 -07:00
Kconfig.debug
mm, page_owner, debug_pagealloc: save and dump freeing stack trace
2019-09-24 15:54:08 -07:00
khugepaged.c
mm/khugepaged.c: fix khugepaged's request size in collapse_file
2020-09-09 19:12:37 +02:00
kmemleak-test.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 333
2019-06-05 17:37:06 +02:00
kmemleak.c
mm/kmemleak.c: use address-of operator on section symbols
2020-10-01 13:17:53 +02:00
ksm.c
mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
2020-04-29 16:33:15 +02:00
list_lru.c
mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages
2019-07-12 11:05:44 -07:00
maccess.c
uaccess: Add non-pagefault user-space write function
2020-01-17 19:48:40 +01:00
madvise.c
mm: madvise: fix vma user-after-free
2020-09-09 19:12:36 +02:00
Makefile
mm: silence -Woverride-init/initializer-overrides
2019-09-24 15:54:10 -07:00
memblock.c
mm: memblock: do not enforce current limit for memblock_phys* family
2019-10-19 06:32:32 -04:00
memcontrol.c
mm/memcg: fix refcount error while moving and swapping
2020-07-29 10:18:43 +02:00
memfd.c
mm: page cache: store only head pages in i_pages
2019-09-24 15:54:08 -07:00
memory_hotplug.c
mm/memory_hotplug: drain per-cpu pages again during memory offline
2020-09-23 12:40:47 +02:00
memory-failure.c
mm/memory-failure.c: don't access uninitialized memmaps in memory_failure()
2019-10-19 06:32:31 -04:00
memory.c
mm: avoid data corruption on CoW fault into PFN-mapped VMA
2020-10-01 13:17:39 +02:00
mempolicy.c
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
2020-04-08 09:08:47 +02:00
mempool.c
docs/core-api/mm: fix return value descriptions in mm/
2019-03-05 21:07:20 -08:00
memremap.c
mm/memory_hotplug: shrink zones when offlining memory
2020-01-09 10:19:56 +01:00
memtest.c
migrate.c
mm: move_pages: report the number of non-attempted pages
2020-02-11 04:35:13 -08:00
mincore.c
mm: untag user pointers passed to memory syscalls
2019-09-25 17:51:41 -07:00
mlock.c
mm: untag user pointers passed to memory syscalls
2019-09-25 17:51:41 -07:00
mm_init.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
mmap.c
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
2020-10-01 13:17:54 +02:00
mmu_context.c
mm: fix kthread_use_mm() vs TLB invalidate
2020-09-03 11:26:51 +02:00
mmu_gather.c
mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush
2020-02-11 04:35:42 -08:00
mmu_notifier.c
mm/mmu_notifiers: use the right return code for WARN_ON
2019-11-06 08:47:50 -08:00
mmzone.c
mprotect.c
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa
2020-03-12 13:00:19 +01:00
mremap.c
mm: Fix mremap not considering huge pmd devmap
2020-06-07 13:18:46 +02:00
msync.c
mm: untag user pointers passed to memory syscalls
2019-09-25 17:51:41 -07:00
nommu.c
x86/mm: split vmalloc_sync_all()
2020-03-25 08:25:58 +01:00
oom_kill.c
mm/oom: fix pgtables units mismatch in Killed process message
2020-01-09 10:19:57 +01:00
page_alloc.c
mm, page_alloc: fix core hung in free_pcppages_bulk()
2020-08-26 10:40:51 +02:00
page_counter.c
mm/page_counter.c: fix protection usage propagation
2020-08-21 13:05:27 +02:00
page_ext.c
mm, page_owner: fix off-by-one error in __set_page_owner_handle()
2019-10-14 15:04:00 -07:00
page_idle.c
mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
2019-06-29 16:43:45 +08:00
page_io.c
mm/page_io.c: do not free shared swap slots
2019-11-15 18:34:00 -08:00
page_isolation.c
mm/memory_hotplug: drain per-cpu pages again during memory offline
2020-09-23 12:40:47 +02:00
page_owner.c
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
2019-10-19 06:32:31 -04:00
page_poison.c
mm/page_poison.c: fix a typo in a comment
2019-09-24 15:54:08 -07:00
page_vma_mapped.c
mm: introduce page_size()
2019-09-24 15:54:08 -07:00
page-writeback.c
mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
2020-01-23 08:22:41 +01:00
pagewalk.c
mm: pagewalk: fix termination condition in walk_pte_range()
2020-10-01 13:17:30 +02:00
percpu-internal.h
percpu: convert chunk hints to be based on pcpu_block_md
2019-03-13 12:25:31 -07:00
percpu-km.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
percpu-stats.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
percpu-vm.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428
2019-06-05 17:37:16 +02:00
percpu.c
percpu: fix first chunk size calculation for populated bitmap
2020-09-23 12:40:45 +02:00
pgtable-generic.c
x86/mm: Page size aware flush_tlb_mm_range()
2018-10-09 16:51:11 +02:00
process_vm_access.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
readahead.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
rmap.c
mm: include <linux/huge_mm.h> for is_vma_temporary_stack
2019-10-19 06:32:32 -04:00
rodata_test.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
shmem.c
shmem: fix possible deadlocks on shmlock_user_lock
2020-05-20 08:20:03 +02:00
shuffle.c
mm/shuffle: don't move pages between zones and don't read garbage memmaps
2020-09-03 11:26:51 +02:00
shuffle.h
mm: maintain randomization of page free lists
2019-05-14 19:52:48 -07:00
slab_common.c
mm: memcg/slab: fix memory leak at non-root kmem_cache destroy
2020-07-29 10:18:44 +02:00
slab.c
mm, debug_pagealloc: don't rely on static keys too early
2020-01-23 08:22:40 +01:00
slab.h
mm: slab: make page_cgroup_ino() to recognize non-compound slab pages properly
2019-11-06 08:47:50 -08:00
slob.c
mm, sl[aou]b: guarantee natural alignment for kmalloc(power-of-two)
2019-10-07 15:47:20 -07:00
slub.c
mm/slub: fix incorrect interpretation of s->offset
2020-10-01 13:17:59 +02:00
sparse-vmemmap.c
mm/sparsemem: convert kmalloc_section_memmap() to populate_section_memmap()
2019-07-18 17:08:07 -07:00
sparse.c
mm/sparse: fix kernel crash with pfn_section_valid check
2020-04-01 11:02:03 +02:00
swap_cgroup.c
swap_slots.c
mm, swap, get_swap_pages: use entry_size instead of cluster in parameter
2018-08-22 10:52:44 -07:00
swap_state.c
mm: fix swap cache node allocation mask
2020-07-09 09:37:49 +02:00
swap.c
mm: introduce MADV_COLD
2019-09-25 17:51:41 -07:00
swapfile.c
mm/swapfile: fix data races in try_to_unuse()
2020-10-01 13:17:53 +02:00
truncate.c
mm/thp: allow dropping THP from page cache
2019-10-19 06:32:33 -04:00
usercopy.c
usercopy: Avoid HIGHMEM pfn warning
2019-09-17 15:20:17 -07:00
userfaultfd.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499
2019-06-19 17:09:53 +02:00
util.c
mm: add kvfree_sensitive() for freeing sensitive data objects
2020-06-17 16:40:23 +02:00
vmacache.c
mm: get rid of vmacache_flush_all() entirely
2018-09-13 15:18:04 -10:00
vmalloc.c
mm/vunmap: add cond_resched() in vunmap_pmd_range
2020-09-03 11:26:52 +02:00
vmpressure.c
mm/vmpressure.c: fix a signedness bug in vmpressure_register_event()
2019-10-07 15:47:19 -07:00
vmscan.c
mm/vmscan.c: fix data races using kswapd_classzone_idx
2020-10-01 13:17:53 +02:00
vmstat.c
mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo
2019-11-06 08:47:50 -08:00
workingset.c
mm: workingset: fix vmstat counters for shadow nodes
2019-08-13 16:06:52 -07:00
z3fold.c
mm/z3fold.c: claim page in the beginning of free
2019-10-07 15:47:19 -07:00
zbud.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
zpool.c
zpool: add malloc_support_movable to zpool_driver
2019-09-24 15:54:12 -07:00
zsmalloc.c
mm/zsmalloc.c: fix the migrated zspage statistics.
2020-01-09 10:19:56 +01:00
zswap.c
zswap: do not map same object twice
2019-09-24 15:54:12 -07:00