From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christopher Lameter Subject: Re: [v3] mm: Add SLUB free list pointer obfuscation Date: Wed, 26 Jul 2017 11:55:44 -0500 (CDT) Message-ID: References: <20170706002718.GA102852@beast> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Kees Cook Cc: Alexander Popov , Andrew Morton , Pekka Enberg , David Rientjes , Joonsoo Kim , "Paul E. McKenney" , Ingo Molnar , Josh Triplett , Andy Lutomirski , Nicolas Pitre , Tejun Heo , Daniel Mack , Sebastian Andrzej Siewior , Sergey Senozhatsky , Helge Deller , Rik van Riel , Linux-MM , Tycho Andersen , LKML "kernel-hardening@lists.openwall.com" List-Id: linux-mm.kvack.org On Wed, 26 Jul 2017, Kees Cook wrote: > >> What happens if, instead of BUG_ON, we do: > >> > >> if (unlikely(WARN_RATELIMIT(object == fp, "double-free detected")) > >> return; > > > > This may work for the free fastpath but the set_freepointer function is > > use in multiple other locations. Maybe just add this to the fastpath > > instead of to this fucnction? > > Do you mean do_slab_free()? Yes inserting these lines into do_slab_free() would simple ignore the double free operation in the fast path and that would be safe. Although in either case we are adding code to the fastpath...