From: Hyeonggon Yoo <42.hyeyoo@gmail.com>
To: linux-mm@kvack.org
Cc: Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>, Marco Elver <elver@google.com>,
Matthew WilCox <willy@infradead.org>,
Roman Gushchin <roman.gushchin@linux.dev>,
linux-kernel@vger.kernel.org, 42.hyeyoo@gmail.com
Subject: [RFC PATCH v1 15/15] mm/sl[au]b: check if large object is valid in __ksize()
Date: Tue, 8 Mar 2022 11:41:42 +0000 [thread overview]
Message-ID: <20220308114142.1744229-16-42.hyeyoo@gmail.com> (raw)
In-Reply-To: <20220308114142.1744229-1-42.hyeyoo@gmail.com>
__ksize() returns size of objects allocated from slab allocator.
When invalid object is passed to __ksize(), returning zero
prevents further memory corruption and makes caller be able to
check if there is an error.
If address of large object is not beginning of folio or size of
the folio is too small, it must be invalid. Return zero in such cases.
Suggested-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
---
mm/slab_common.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/mm/slab_common.c b/mm/slab_common.c
index 07ed382ed5a9..acb1d27fc9e3 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -986,8 +986,12 @@ size_t __ksize(const void *object)
folio = virt_to_folio(object);
- if (unlikely(!folio_test_slab(folio)))
+ if (unlikely(!folio_test_slab(folio))) {
+ if (object != folio_address(folio) ||
+ folio_size(folio) <= KMALLOC_MAX_CACHE_SIZE)
+ return 0;
return folio_size(folio);
+ }
return slab_ksize(folio_slab(folio)->slab_cache);
}
--
2.33.1
next prev parent reply other threads:[~2022-03-08 11:43 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-08 11:41 [RFC PATCH v1 00/15] common kmalloc subsystem on SLAB/SLUB Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 01/15] mm/slab: cleanup slab_alloc() and slab_alloc_node() Hyeonggon Yoo
2022-03-23 15:28 ` Vlastimil Babka
2022-03-24 11:06 ` Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 02/15] mm/sl[auo]b: remove CONFIG_NUMA ifdefs for common functions Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 03/15] mm/sl[au]b: remove CONFIG_TRACING ifdefs for tracing functions Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 04/15] mm/sl[auo]b: fold kmalloc_order() into kmalloc_large() Hyeonggon Yoo
2022-03-24 16:27 ` Vlastimil Babka
2022-03-08 11:41 ` [RFC PATCH v1 05/15] mm/slub: move kmalloc_large_node() to slab_common.c Hyeonggon Yoo
2022-03-24 17:22 ` Vlastimil Babka
2022-03-08 11:41 ` [RFC PATCH v1 06/15] mm/slab_common: cleanup kmalloc_large() Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 07/15] mm/sl[au]b: kmalloc_node: pass large requests to page allocator Hyeonggon Yoo
2022-03-24 17:36 ` Vlastimil Babka
2022-03-08 11:41 ` [RFC PATCH v1 08/15] mm/sl[auo]b: cleanup kmalloc() Hyeonggon Yoo
2022-03-24 17:43 ` Vlastimil Babka
2022-03-24 17:46 ` Vlastimil Babka
2022-04-22 12:46 ` Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 09/15] mm/slab: kmalloc: pass requests larger than order-1 page to page allocator Hyeonggon Yoo
2022-03-24 18:08 ` Vlastimil Babka
2022-04-22 12:40 ` Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 10/15] mm/sl[auo]b: print cache name in tracepoints Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 11/15] mm/sl[auo]b: use same tracepoint in kmalloc and normal caches Hyeonggon Yoo
2022-03-25 17:13 ` Vlastimil Babka
2022-04-22 12:57 ` Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 12/15] mm/sl[au]b: generalize kmalloc subsystem Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 13/15] mm/sl[au]b: remove kmem_cache_alloc_node_trace() Hyeonggon Yoo
2022-03-08 11:41 ` [RFC PATCH v1 14/15] mm/sl[auo]b: move definition of __ksize() to mm/slab.h Hyeonggon Yoo
2022-03-08 11:41 ` Hyeonggon Yoo [this message]
2022-03-24 9:59 ` [RFC PATCH v1 15/15] mm/sl[au]b: check if large object is valid in __ksize() Hyeonggon Yoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308114142.1744229-16-42.hyeyoo@gmail.com \
--to=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=elver@google.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox