[PATCH v2 23/23] mm/sl[au]b: check if large object is valid in __ksize()

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Hyeonggon Yoo <42.hyeyoo@gmail.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Marco Elver <elver@google.com>,
	Matthew WilCox <willy@infradead.org>,
	Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 23/23] mm/sl[au]b: check if large object is valid in __ksize()
Date: Thu, 14 Apr 2022 17:57:27 +0900	[thread overview]
Message-ID: <20220414085727.643099-24-42.hyeyoo@gmail.com> (raw)
In-Reply-To: <20220414085727.643099-1-42.hyeyoo@gmail.com>

__ksize() returns size of objects allocated from slab allocator.
When invalid object is passed to __ksize(), returning zero
prevents further memory corruption and makes caller be able to
check if there is an error.

If address of large object is not beginning of folio or size of
the folio is too small, it must be invalid. Return zero in such cases.

Suggested-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
---
 mm/slab_common.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mm/slab_common.c b/mm/slab_common.c
index 8facade42bdd..a14f9990b159 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -994,8 +994,12 @@ size_t __ksize(const void *object)
 
 	folio = virt_to_folio(object);
 
-	if (unlikely(!folio_test_slab(folio)))
+	if (unlikely(!folio_test_slab(folio))) {
+		if (object != folio_address(folio) ||
+				folio_size(folio) <= KMALLOC_MAX_CACHE_SIZE)
+			return 0;
 		return folio_size(folio);
+	}
 
 	return slab_ksize(folio_slab(folio)->slab_cache);
 }
-- 
2.32.0

next prev parent reply	other threads:[~2022-04-14  9:00 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-14  8:57 [PATCH v2 00/23] common kmalloc for SLUB and SLAB v2 Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 01/23] mm/slab: move NUMA-related code to __do_cache_alloc() Hyeonggon Yoo
2022-04-22 18:04   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 02/23] mm/slab: cleanup slab_alloc() and slab_alloc_node() Hyeonggon Yoo
2022-04-25 14:05   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 03/23] mm/slab_common: remove CONFIG_NUMA ifdefs for common kmalloc functions Hyeonggon Yoo
2022-04-25 14:41   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 04/23] mm/slab_common: cleanup kmalloc_track_caller() Hyeonggon Yoo
2022-04-25 15:05   ` Vlastimil Babka
2022-04-26 15:49   ` Vlastimil Babka
2022-04-30 11:44     ` Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 05/23] mm/slab_common: cleanup __kmalloc() Hyeonggon Yoo
2022-04-26 16:02   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 06/23] mm/sl[auo]b: fold kmalloc_order_trace() into kmalloc_large() Hyeonggon Yoo
2022-04-26 16:09   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 07/23] mm/slub: move kmalloc_large_node() to slab_common.c Hyeonggon Yoo
2022-04-26 16:13   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 09/23] mm/slab_common: cleanup kmalloc_large() Hyeonggon Yoo
2022-04-26 17:18   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 10/23] mm/slab_common: cleanup kmem_cache_alloc{,node,lru} Hyeonggon Yoo
2022-04-26 18:01   ` Vlastimil Babka
2022-04-30 11:48     ` Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 11/23] mm/slab_common: kmalloc_node: pass large requests to page allocator Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 12/23] mm/slab_common: cleanup kmalloc() Hyeonggon Yoo
2022-04-26 18:00   ` Joe Perches
2022-04-28 11:30     ` Hyeonggon Yoo
2022-04-27  7:50   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 13/23] mm/slab: kmalloc: pass requests larger than order-1 page to page allocator Hyeonggon Yoo
2022-04-27  8:10   ` Vlastimil Babka
2022-04-30 11:50     ` Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 14/23] mm/slab_common: print cache name in tracepoints Hyeonggon Yoo
2022-04-29 14:05   ` Vlastimil Babka
2022-04-30 14:06     ` Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 15/23] mm/slab_common: use same tracepoint in kmalloc and normal caches Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 16/23] mm/slab_common: rename tracepoint Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 17/23] mm/slab_common: implement __kmem_cache_free() Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 18/23] mm/sl[au]b: generalize kmalloc subsystem Hyeonggon Yoo
2022-04-29 14:30   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 20/23] mm/slab_common: factor out __do_kmalloc_node() Hyeonggon Yoo
2022-04-14 11:45   ` Hyeonggon Yoo
2022-04-29 14:48   ` Vlastimil Babka
2022-04-14  8:57 ` [PATCH v2 21/23] mm/sl[au]b: remove kmem_cache_alloc_node_trace() Hyeonggon Yoo
2022-04-14  8:57 ` [PATCH v2 22/23] mm/sl[auo]b: move definition of __ksize() to mm/slab.h Hyeonggon Yoo
2022-04-14  8:57 ` Hyeonggon Yoo [this message]
2022-04-14  9:58   ` [PATCH v2 23/23] mm/sl[au]b: check if large object is valid in __ksize() Christoph Lameter
2022-04-14 11:46     ` Hyeonggon Yoo
2022-04-14 12:36 ` [PATCH v2 00/23] common kmalloc for SLUB and SLAB v2 Hyeonggon Yoo
     [not found] ` <20220414085727.643099-9-42.hyeyoo@gmail.com>
2022-04-26 17:15   ` [PATCH v2 08/23] mm/slab_common: make kmalloc_large_node() consistent with kmalloc_large() Vlastimil Babka
2022-04-28  6:35     ` Hyeonggon Yoo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220414085727.643099-24-42.hyeyoo@gmail.com \
    --to=42.hyeyoo@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=cl@linux.com \
    --cc=elver@google.com \
    --cc=iamjoonsoo.kim@lge.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=penberg@kernel.org \
    --cc=rientjes@google.com \
    --cc=roman.gushchin@linux.dev \
    --cc=vbabka@suse.cz \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox