* [PATCH] mm/slub.c: re-randomize random_seq if necessary
@ 2019-01-09 9:06 Peng Wang
2019-01-09 12:13 ` Matthew Wilcox
0 siblings, 1 reply; 3+ messages in thread
From: Peng Wang @ 2019-01-09 9:06 UTC (permalink / raw)
To: cl, penberg, rientjes, iamjoonsoo.kim, akpm
Cc: linux-mm, linux-kernel, Peng Wang
calculate_sizes() could be called in several places
like (red_zone/poison/order/store_user)_store() while
random_seq remains unchanged.
If random_seq is not NULL in calculate_sizes(), re-randomize it.
Signed-off-by: Peng Wang <rocking@whu.edu.cn>
---
mm/slub.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/mm/slub.c b/mm/slub.c
index 1e3d0ec4e200..2a9d18019545 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3583,6 +3583,15 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
if (oo_objects(s->oo) > oo_objects(s->max))
s->max = s->oo;
+#ifdef CONFIG_SLAB_FREELIST_RANDOM
+ if (unlikely(s->random_seq)) {
+ kfree(s->random_seq);
+ s->random_seq = NULL;
+ if (init_cache_random_seq(s))
+ return 0;
+ }
+#endif
+
return !!oo_objects(s->oo);
}
--
2.19.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mm/slub.c: re-randomize random_seq if necessary
2019-01-09 9:06 [PATCH] mm/slub.c: re-randomize random_seq if necessary Peng Wang
@ 2019-01-09 12:13 ` Matthew Wilcox
2019-01-09 15:24 ` Peng Wang
0 siblings, 1 reply; 3+ messages in thread
From: Matthew Wilcox @ 2019-01-09 12:13 UTC (permalink / raw)
To: Peng Wang
Cc: cl, penberg, rientjes, iamjoonsoo.kim, akpm, linux-mm, linux-kernel
On Wed, Jan 09, 2019 at 05:06:27PM +0800, Peng Wang wrote:
> calculate_sizes() could be called in several places
> like (red_zone/poison/order/store_user)_store() while
> random_seq remains unchanged.
>
> If random_seq is not NULL in calculate_sizes(), re-randomize it.
Why do we want to re-randomise the slab at these points?
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [PATCH] mm/slub.c: re-randomize random_seq if necessary
2019-01-09 12:13 ` Matthew Wilcox
@ 2019-01-09 15:24 ` Peng Wang
0 siblings, 0 replies; 3+ messages in thread
From: Peng Wang @ 2019-01-09 15:24 UTC (permalink / raw)
To: 'Matthew Wilcox'
Cc: cl, penberg, rientjes, iamjoonsoo.kim, akpm, linux-mm, linux-kernel
On Wednesday, January 9, 2019 8:14 PM, Matthew Wilcox wrote:
> On Wed, Jan 09, 2019 at 05:06:27PM +0800, Peng Wang wrote:
> > calculate_sizes() could be called in several places
> > like (red_zone/poison/order/store_user)_store() while
> > random_seq remains unchanged.
> >
> > If random_seq is not NULL in calculate_sizes(), re-randomize it.
>
> Why do we want to re-randomise the slab at these points?
At these points, s->size might change,
but random_seq still use the old size and not updated.
When doing shuffle_freelist() in allocat_slab(),
old next object offset would be used.
idx = s->random_seq[*pos];
One possible case:
s->size gets smaller, then number of objects in a slab gets bigger.
The size of s->random_seq array should be bigger but not updated.
In next_freelist_entry(), *pos might exceed the s->random_seq.
When we get zero value from s->random_seq[*pos] twice after exceeding,
BUG_ON(object == fp) would be triggered in set_freepointer().
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-01-09 15:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-09 9:06 [PATCH] mm/slub.c: re-randomize random_seq if necessary Peng Wang
2019-01-09 12:13 ` Matthew Wilcox
2019-01-09 15:24 ` Peng Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).