LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [patch 0/5] Support for sanitization flag in low-level page allocator

[Posted June 3, 2009 by jake]

From:  "Larry H." <research-AT-subreption.com>
To:  Pekka Enberg <penberg-AT-cs.helsinki.fi>
Subject:  Re: [patch 0/5] Support for sanitization flag in low-level page allocator
Date:  Sat, 30 May 2009 01:20:48 -0700
Message-ID:  <20090530082048.GM29711@oblivion.subreption.com>
Cc:  Alan Cox <alan-AT-lxorguk.ukuu.org.uk>, Ingo Molnar <mingo-AT-elte.hu>, Rik van Riel <riel-AT-redhat.com>, linux-kernel-AT-vger.kernel.org, Linus Torvalds <torvalds-AT-osdl.org>, linux-mm-AT-kvack.org, Ingo Molnar <mingo-AT-redhat.com>, pageexec-AT-freemail.hu, Linus Torvalds <torvalds-AT-linux-foundation.org>
Archive-link:  Article, Thread 

On 10:53 Sat 30 May     , Pekka Enberg wrote:
>> That's hopeless, and kzfree is broken. Like I said in my earlier reply,
>> please test that yourself to see the results. Whoever wrote that ignored
>> how SLAB/SLUB work and if kzfree had been used somewhere in the kernel
>> before, it should have been noticed long time ago.
>
> An open-coded version of kzfree was being used in the kernel:
>
>
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-...
>
> Can we now get to the part where you explain how it's broken because I 
> obviously "ignored how SLAB/SLUB works"?

You can find the answer in the code of sanitize_obj, within my kfree
patch. Besides, it would have taken less time for you to write a simple
module that kmallocs and kzfrees a buffer, than writing these two
emails.

Consider the inuse, size, objsize and offset members of a kmem_cache
structure, for further hints. Test the module on a system with SLUB,
though the issue should replicate over SLAB too. And don't dare test it
on SLOB and its wonderful ksize, or even look at the freelist pointer
management within SLUB.

;)

I'm about to recommend Andrew to take a look at this too:
http://marc.info/?l=linux-mm&m=124301548814293&w=2

	Larry

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds