[Devel] [PATCH RHEL7 COMMIT] slub_debug: fail allocation on a bad freelist pointer

Wed, 11 Sep 2024 07:15:43 -0700 

The commit is pushed to "branch-rh7-3.10.0-1160.119.1.vz7.224.x-ovz" and will 
appear at g...@bitbucket.org:openvz/vzkernel.git
after rh7-3.10.0-1160.119.1.vz7.224.2
------>
commit 7ce13bd7449c9d411ae3376dfd432e35b14a75cc
Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Date:   Wed Jul 3 16:11:58 2024 +0800

    slub_debug: fail allocation on a bad freelist pointer
    
    We saw crashes where slub percpu freelist was corrupted, this may catch
    the problem earlier where we first time see bad freelist, and suppress
    further corruption.
    
    This is enabled with 'slub_debug=F'.
    
    https://virtuozzo.atlassian.net/browse/PSBM-155867
    
    Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
---
 mm/slub.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/mm/slub.c b/mm/slub.c
index 7633fd7ffa8d..630d39a0d63f 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1095,6 +1095,19 @@ static void setup_object_debug(struct kmem_cache *s, 
struct page *page,
        init_tracking(s, object);
 }
 
+static inline int alloc_valid_pointer_check(struct kmem_cache *s,
+                                           struct page *page, void *object)
+{
+       if (s->flags & SLAB_CONSISTENCY_CHECKS &&
+           !check_valid_pointer(s, page, object)) {
+               if (printk_ratelimit())
+                       object_err(s, page, object, "Freelist Pointer 
corrupted");
+               return 0;
+       }
+
+       return 1;
+}
+
 static inline int alloc_consistency_checks(struct kmem_cache *s, struct page 
*page,
                                        void *object)
 {
@@ -1353,6 +1366,10 @@ static unsigned long kmem_cache_flags(unsigned long 
object_size,
 static inline void setup_object_debug(struct kmem_cache *s,
                        struct page *page, void *object) {}
 
+static inline int alloc_valid_pointer_check(struct kmem_cache *s,
+                                           struct page *page,
+                                           void *object) { return 0; }
+
 static inline int alloc_debug_processing(struct kmem_cache *s,
        struct page *page, void *object, unsigned long addr) { return 0; }
 
@@ -2527,6 +2544,10 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t 
gfpflags, int node,
         * That page must be frozen for per cpu allocations to work.
         */
        VM_BUG_ON(!c->page->frozen);
+
+       if (kmem_cache_debug(s) && !alloc_valid_pointer_check(s, c->page, 
freelist))
+               return NULL;
+
        c->freelist = get_freepointer(s, freelist);
        c->tid = next_tid(c->tid);
        return freelist;
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to