Re: [v3] mm: Add SLUB free list pointer obfuscation

From: Kees Cook
Date: Wed Jul 26 2017 - 12:21:04 EST

Next message: Mark Brown: "Re: [PATCH v1 2/3] ASoC: codecs: msm8916-analog: support jack detection"
Previous message: Greg Kroah-Hartman: "Re: [PATCH 4.12 000/196] 4.12.4-stable review"
In reply to: Christopher Lameter: "Re: [v3] mm: Add SLUB free list pointer obfuscation"
Next in thread: Christopher Lameter: "Re: [v3] mm: Add SLUB free list pointer obfuscation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 26, 2017 at 7:08 AM, Christopher Lameter <cl@xxxxxxxxx> wrote:
> On Tue, 25 Jul 2017, Kees Cook wrote:
>
>> > @@ -290,6 +290,10 @@ static inline void set_freepointer(struct kmem_cache *s,
>> > void *object, void *fp)
>> > {
>> > unsigned long freeptr_addr = (unsigned long)object + s->offset;
>> >
>> > +#ifdef CONFIG_SLAB_FREELIST_HARDENED
>> > + BUG_ON(object == fp); /* naive detection of double free or corruption */
>> > +#endif
>> > +
>> > *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr);
>>
>> What happens if, instead of BUG_ON, we do:
>>
>> if (unlikely(WARN_RATELIMIT(object == fp, "double-free detected"))
>> return;
>
> This may work for the free fastpath but the set_freepointer function is
> use in multiple other locations. Maybe just add this to the fastpath
> instead of to this fucnction?

Do you mean do_slab_free()?

-Kees

--
Kees Cook
Pixel Security

Next message: Mark Brown: "Re: [PATCH v1 2/3] ASoC: codecs: msm8916-analog: support jack detection"
Previous message: Greg Kroah-Hartman: "Re: [PATCH 4.12 000/196] 4.12.4-stable review"
In reply to: Christopher Lameter: "Re: [v3] mm: Add SLUB free list pointer obfuscation"
Next in thread: Christopher Lameter: "Re: [v3] mm: Add SLUB free list pointer obfuscation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]