SLUB: sysfs lets root force slab order below required minimum, causing memory corruption

From: Jann Horn
Date: Tue Mar 03 2020 - 19:23:55 EST

Next message: Ionela Voinescu: "Re: [PATCH v5 1/7] arm64: add support for the AMU extension v1"
Previous message: Rajat Jain: "[PATCH v2] Input: Allocate keycode for SNIP key"
Next in thread: David Rientjes: "Re: SLUB: sysfs lets root force slab order below required minimum, causing memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

FYI, I noticed that if you do something like the following as root,
the system blows up pretty quickly with error messages about stuff
like corrupt freelist pointers because SLUB actually allows root to
force a page order that is smaller than what is required to store a
single object:

echo 0 > /sys/kernel/slab/task_struct/order

The other SLUB debugging options, like red_zone, also look kind of
suspicious with regards to races (either racing with other writes to
the SLUB debugging options, or with object allocations).

Next message: Ionela Voinescu: "Re: [PATCH v5 1/7] arm64: add support for the AMU extension v1"
Previous message: Rajat Jain: "[PATCH v2] Input: Allocate keycode for SNIP key"
Next in thread: David Rientjes: "Re: SLUB: sysfs lets root force slab order below required minimum, causing memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]