Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!

From: Kees Cook
Date: Wed Aug 17 2016 - 17:53:53 EST

Next message: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Previous message: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
In reply to: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Next in thread: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 17, 2016 at 2:52 PM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Aug 17, 2016 at 2:45 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>
>> But PageSlab(page) should trip, returning __check_heap_object, which
>> for SLOB should just return NULL, skipping all the rest of the
>> checks...
>
> SLOB doesn't actually set that for all allocations.
>
> See "slob_alloc_node()", for example. It just returns a multi-order allocation.
>
> (See also kfree(), which uses PageSlab() to determine it it should do
> slob_free() or just free the pages directly).

Oooh, eww. Okay, that explains it. Alright, dropping all the
multi-page logic now...

-Kees

--
Kees Cook
Nexus Security

Next message: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Previous message: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
In reply to: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Next in thread: Linus Torvalds: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]