On 3/4/20 1:23 AM, Jann Horn wrote: > Hi! > > FYI, I noticed that if you do something like the following as root, > the system blows up pretty quickly with error messages about stuff > like corrupt freelist pointers because SLUB actually allows root to > force a page order that is smaller than what is required to store a > single object: > > echo 0 > /sys/kernel/slab/task_struct/order > > The other SLUB debugging options, like red_zone, also look kind of > suspicious with regards to races (either racing with other writes to > the SLUB debugging options, or with object allocations). Yeah I also wondered last week that there seems to be no sychronization with alloc/free activity. Increasing order is AFAICS also dangerous with freelist randomization: https://lore.kernel.org/linux-mm/d3acc069-a5c6-f40a-f95c-b546664bc4ee@xxxxxxx/
