From: Christoph Lameter <cl@linux.com> To: Mikulas Patocka <mpatocka@redhat.com> Cc: Pekka Enberg <penberg@kernel.org>, David Rientjes <rientjes@google.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>, Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Alasdair G. Kergon" <agk@redhat.com>, Mike Snitzer <msnitzer@redhat.com>, Milan Broz <gmazyland@gmail.com>, kkolasa@winsoft.pl, dm-devel@redhat.com Subject: Re: [PATCH] slab: implement kmalloc guard Date: Mon, 8 Sep 2014 09:36:38 -0500 (CDT) [thread overview] Message-ID: <alpine.DEB.2.11.1409080932490.20388@gentwo.org> (raw) In-Reply-To: <alpine.LRH.2.02.1409051833510.9790@file01.intranet.prod.int.rdu2.redhat.com> On Fri, 5 Sep 2014, Mikulas Patocka wrote: > This patch adds a new option DEBUG_KMALLOC that makes it possible to > detect writes beyond the end of space allocated with kmalloc. Normally, > the kmalloc function rounds the size to the next power of two (there is > exception to this rule - sizes 96 and 192). Slab debugging detects only > writes beyond the end of the slab object, it is unable to detect writes > beyond the end of kmallocated size that fit into the slab object. > > The motivation for this patch was this: There was 6 year old bug in > dm-crypt (d49ec52ff6ddcda178fc2476a109cf1bd1fa19ed) where the driver would > write beyond the end of kmallocated space, but the bug went undetected > because the write would fit into the power-of-two-sized slab object. Only > recent changes to dm-crypt made the bug show up. There is similar problem > in the nx-crypto driver in the function nx_crypto_ctx_init - again, > because kmalloc rounds the size up to the next power of two, this bug went > undetected. The problem with the kmalloc array for debugging is inded that it is only for powers of two for efficiency purposes. In the debug situation we may not have the need for that efficiency. Maybe simply creating kmalloc arrays for each size will do the trick? > This patch works for slab, slub and slob subsystems. The end of slab block > can be found out with ksize (this patch renames it to __ksize). At the end > of the block, we put a structure kmalloc_guard. This structure contains a > magic number and a real size of the block - the exact size given to We already have a redzone structure to check for writes over the end of the object. Lets use that.
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Lameter <cl@linux.com> To: Mikulas Patocka <mpatocka@redhat.com> Cc: Pekka Enberg <penberg@kernel.org>, David Rientjes <rientjes@google.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>, Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Alasdair G. Kergon" <agk@redhat.com>, Mike Snitzer <msnitzer@redhat.com>, Milan Broz <gmazyland@gmail.com>, kkolasa@winsoft.pl, dm-devel@redhat.com Subject: Re: [PATCH] slab: implement kmalloc guard Date: Mon, 8 Sep 2014 09:36:38 -0500 (CDT) [thread overview] Message-ID: <alpine.DEB.2.11.1409080932490.20388@gentwo.org> (raw) In-Reply-To: <alpine.LRH.2.02.1409051833510.9790@file01.intranet.prod.int.rdu2.redhat.com> On Fri, 5 Sep 2014, Mikulas Patocka wrote: > This patch adds a new option DEBUG_KMALLOC that makes it possible to > detect writes beyond the end of space allocated with kmalloc. Normally, > the kmalloc function rounds the size to the next power of two (there is > exception to this rule - sizes 96 and 192). Slab debugging detects only > writes beyond the end of the slab object, it is unable to detect writes > beyond the end of kmallocated size that fit into the slab object. > > The motivation for this patch was this: There was 6 year old bug in > dm-crypt (d49ec52ff6ddcda178fc2476a109cf1bd1fa19ed) where the driver would > write beyond the end of kmallocated space, but the bug went undetected > because the write would fit into the power-of-two-sized slab object. Only > recent changes to dm-crypt made the bug show up. There is similar problem > in the nx-crypto driver in the function nx_crypto_ctx_init - again, > because kmalloc rounds the size up to the next power of two, this bug went > undetected. The problem with the kmalloc array for debugging is inded that it is only for powers of two for efficiency purposes. In the debug situation we may not have the need for that efficiency. Maybe simply creating kmalloc arrays for each size will do the trick? > This patch works for slab, slub and slob subsystems. The end of slab block > can be found out with ksize (this patch renames it to __ksize). At the end > of the block, we put a structure kmalloc_guard. This structure contains a > magic number and a real size of the block - the exact size given to We already have a redzone structure to check for writes over the end of the object. Lets use that. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2014-09-08 14:36 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2014-09-05 22:54 [PATCH] slab: implement kmalloc guard Mikulas Patocka 2014-09-05 22:54 ` Mikulas Patocka 2014-09-08 14:36 ` Christoph Lameter [this message] 2014-09-08 14:36 ` Christoph Lameter 2014-09-08 14:46 ` Mikulas Patocka 2014-09-08 14:46 ` Mikulas Patocka 2014-09-08 16:10 ` Christoph Lameter 2014-09-08 16:10 ` Christoph Lameter 2014-09-12 2:32 ` Mikulas Patocka 2014-09-12 2:32 ` Mikulas Patocka 2014-09-15 2:11 ` Joonsoo Kim 2014-09-15 2:11 ` Joonsoo Kim 2014-10-16 14:55 ` Mikulas Patocka 2014-10-16 14:55 ` Mikulas Patocka
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=alpine.DEB.2.11.1409080932490.20388@gentwo.org \ --to=cl@linux.com \ --cc=agk@redhat.com \ --cc=akpm@linux-foundation.org \ --cc=dm-devel@redhat.com \ --cc=gmazyland@gmail.com \ --cc=iamjoonsoo.kim@lge.com \ --cc=kkolasa@winsoft.pl \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=mpatocka@redhat.com \ --cc=msnitzer@redhat.com \ --cc=penberg@kernel.org \ --cc=rientjes@google.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.