* [PATCH] mm/slub: Fix random_seq offset destruction
@ 2017-02-07 14:07 Sean Rees
2017-02-07 15:41 ` Thomas Garnier
0 siblings, 1 reply; 3+ messages in thread
From: Sean Rees @ 2017-02-07 14:07 UTC (permalink / raw)
To: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
Andrew Morton
Cc: linux-mm, linux-kernel, thgarnie, Sean Rees
Bailout early from init_cache_random_seq if s->random_seq is already
initialised. This prevents destroying the previously computed random_seq
offsets later in the function.
If the offsets are destroyed, then shuffle_freelist will truncate
page->freelist to just the first object (orphaning the rest).
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551.
Signed-off-by: Sean Rees <sean@erifax.org>
---
mm/slub.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/mm/slub.c b/mm/slub.c
index 7aa6f43..7ec0a96 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1422,6 +1422,10 @@ static int init_cache_random_seq(struct kmem_cache *s)
int err;
unsigned long i, count = oo_objects(s->oo);
+ /* Bailout if already initialised */
+ if (s->random_seq)
+ return 0;
+
err = cache_random_seq_create(s, count, GFP_KERNEL);
if (err) {
pr_err("SLUB: Unable to initialize free list for %s\n",
--
2.9.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mm/slub: Fix random_seq offset destruction
2017-02-07 14:07 [PATCH] mm/slub: Fix random_seq offset destruction Sean Rees
@ 2017-02-07 15:41 ` Thomas Garnier
2017-02-07 21:49 ` Andrew Morton
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Garnier @ 2017-02-07 15:41 UTC (permalink / raw)
To: Sean Rees
Cc: Christoph Lameter, Pekka Enberg, David Rientjes, Joonsoo Kim,
Andrew Morton, Linux-MM, LKML
On Tue, Feb 7, 2017 at 6:07 AM, Sean Rees <sean@erifax.org> wrote:
> Bailout early from init_cache_random_seq if s->random_seq is already
> initialised. This prevents destroying the previously computed random_seq
> offsets later in the function.
>
> If the offsets are destroyed, then shuffle_freelist will truncate
> page->freelist to just the first object (orphaning the rest).
>
> This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551.
>
> Signed-off-by: Sean Rees <sean@erifax.org>
Please add:
Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization")
> ---
> mm/slub.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 7aa6f43..7ec0a96 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -1422,6 +1422,10 @@ static int init_cache_random_seq(struct kmem_cache *s)
> int err;
> unsigned long i, count = oo_objects(s->oo);
>
> + /* Bailout if already initialised */
> + if (s->random_seq)
> + return 0;
> +
> err = cache_random_seq_create(s, count, GFP_KERNEL);
> if (err) {
> pr_err("SLUB: Unable to initialize free list for %s\n",
> --
> 2.9.3
>
Otherwise, looks good to me.
Reviewed-by: Thomas Garnier <thgarnie@google.com>
--
Thomas
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] mm/slub: Fix random_seq offset destruction
2017-02-07 15:41 ` Thomas Garnier
@ 2017-02-07 21:49 ` Andrew Morton
0 siblings, 0 replies; 3+ messages in thread
From: Andrew Morton @ 2017-02-07 21:49 UTC (permalink / raw)
To: Thomas Garnier
Cc: Sean Rees, Christoph Lameter, Pekka Enberg, David Rientjes,
Joonsoo Kim, Linux-MM, LKML
On Tue, 7 Feb 2017 07:41:13 -0800 Thomas Garnier <thgarnie@google.com> wrote:
> On Tue, Feb 7, 2017 at 6:07 AM, Sean Rees <sean@erifax.org> wrote:
> > Bailout early from init_cache_random_seq if s->random_seq is already
> > initialised. This prevents destroying the previously computed random_seq
> > offsets later in the function.
> >
> > If the offsets are destroyed, then shuffle_freelist will truncate
> > page->freelist to just the first object (orphaning the rest).
> >
> > This fixes https://bugzilla.kernel.org/show_bug.cgi?id=177551.
> >
> > Signed-off-by: Sean Rees <sean@erifax.org>
>
> Please add:
>
> Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization")
I also added
Reported-by: <userwithuid@gmail.com>
Cc: <stable@vger.kernel.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-07 21:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-07 14:07 [PATCH] mm/slub: Fix random_seq offset destruction Sean Rees
2017-02-07 15:41 ` Thomas Garnier
2017-02-07 21:49 ` Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).