linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mm/slub: Fix random_seq offset destruction
@ 2017-02-07 14:07 Sean Rees
  2017-02-07 15:41 ` Thomas Garnier
  0 siblings, 1 reply; 3+ messages in thread
From: Sean Rees @ 2017-02-07 14:07 UTC (permalink / raw)
  To: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
	Andrew Morton
  Cc: linux-mm, linux-kernel, thgarnie, Sean Rees

Bailout early from init_cache_random_seq if s->random_seq is already
initialised. This prevents destroying the previously computed random_seq
offsets later in the function.

If the offsets are destroyed, then shuffle_freelist will truncate
page->freelist to just the first object (orphaning the rest).

This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551.

Signed-off-by: Sean Rees <sean@erifax.org>
---
 mm/slub.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/mm/slub.c b/mm/slub.c
index 7aa6f43..7ec0a96 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1422,6 +1422,10 @@ static int init_cache_random_seq(struct kmem_cache *s)
 	int err;
 	unsigned long i, count = oo_objects(s->oo);
 
+	/* Bailout if already initialised */
+	if (s->random_seq)
+		return 0;
+
 	err = cache_random_seq_create(s, count, GFP_KERNEL);
 	if (err) {
 		pr_err("SLUB: Unable to initialize free list for %s\n",
-- 
2.9.3

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] mm/slub: Fix random_seq offset destruction
  2017-02-07 14:07 [PATCH] mm/slub: Fix random_seq offset destruction Sean Rees
@ 2017-02-07 15:41 ` Thomas Garnier
  2017-02-07 21:49   ` Andrew Morton
  0 siblings, 1 reply; 3+ messages in thread
From: Thomas Garnier @ 2017-02-07 15:41 UTC (permalink / raw)
  To: Sean Rees
  Cc: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
	Andrew Morton, Linux-MM, LKML

On Tue, Feb 7, 2017 at 6:07 AM, Sean Rees <sean@erifax.org> wrote:
> Bailout early from init_cache_random_seq if s->random_seq is already
> initialised. This prevents destroying the previously computed random_seq
> offsets later in the function.
>
> If the offsets are destroyed, then shuffle_freelist will truncate
> page->freelist to just the first object (orphaning the rest).
>
> This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551.
>
> Signed-off-by: Sean Rees <sean@erifax.org>

Please add:

Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization")

> ---
>  mm/slub.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 7aa6f43..7ec0a96 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -1422,6 +1422,10 @@ static int init_cache_random_seq(struct kmem_cache *s)
>         int err;
>         unsigned long i, count = oo_objects(s->oo);
>
> +       /* Bailout if already initialised */
> +       if (s->random_seq)
> +               return 0;
> +
>         err = cache_random_seq_create(s, count, GFP_KERNEL);
>         if (err) {
>                 pr_err("SLUB: Unable to initialize free list for %s\n",
> --
> 2.9.3
>

Otherwise, looks good to me.

Reviewed-by: Thomas Garnier <thgarnie@google.com>

-- 
Thomas

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] mm/slub: Fix random_seq offset destruction
  2017-02-07 15:41 ` Thomas Garnier
@ 2017-02-07 21:49   ` Andrew Morton
  0 siblings, 0 replies; 3+ messages in thread
From: Andrew Morton @ 2017-02-07 21:49 UTC (permalink / raw)
  To: Thomas Garnier
  Cc: Sean Rees, Christoph Lameter, Pekka Enberg, David Rientjes,
	Joonsoo Kim, Linux-MM, LKML

On Tue, 7 Feb 2017 07:41:13 -0800 Thomas Garnier <thgarnie@google.com> wrote:

> On Tue, Feb 7, 2017 at 6:07 AM, Sean Rees <sean@erifax.org> wrote:
> > Bailout early from init_cache_random_seq if s->random_seq is already
> > initialised. This prevents destroying the previously computed random_seq
> > offsets later in the function.
> >
> > If the offsets are destroyed, then shuffle_freelist will truncate
> > page->freelist to just the first object (orphaning the rest).
> >
> > This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551.
> >
> > Signed-off-by: Sean Rees <sean@erifax.org>
> 
> Please add:
> 
> Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization")

I also added

Reported-by: <userwithuid@gmail.com>
Cc: <stable@vger.kernel.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-07 21:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-07 14:07 [PATCH] mm/slub: Fix random_seq offset destruction Sean Rees
2017-02-07 15:41 ` Thomas Garnier
2017-02-07 21:49   ` Andrew Morton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).