Le 13/09/2022 à 05:42, Chao Yu a écrit :
On 2022/9/10 0:47, Christophe JAILLET wrote:
Le 30/08/2022 à 16:10, Chao Yu a écrit :
From: Chao Yu <chao.yu@xxxxxxxx>
In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to
out-of-memory, if it fails, return errno correctly rather than
triggering panic via BUG_ON();
kernel BUG at mm/slub.c:5893!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Call trace:
[...]
Cc: <stable@xxxxxxxxxx>
Reported-by: syzbot+81684812ea68216e08c5@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Chao Yu <chao.yu@xxxxxxxx>
---
mm/slub.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/slub.c b/mm/slub.c
index 862dbd9af4f5..e6f3727b9ad2 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -5890,7 +5890,8 @@ static char *create_unique_id(struct
kmem_cache *s)
char *name = kmalloc(ID_STR_LENGTH, GFP_KERNEL);
Hi,
looks that ID_STR_LENGTH could even be reduced to 32 or 16.
The 2nd BUG_ON at the end of the function could certainly be just
removed as well or remplaced by a:
if (p > name + ID_STR_LENGTH - 1) {
kfree(name);
return -E<something>;
}
Hi Christophe, Vlastimil,
Should I include this in v3? or may be in another patch?
Hi,
My own preference would be for 3 patches.
Yours, as-is.
It fixes a specific issue spotted by syzbot.
Another one for removing a BUG_ON() (that, IIUC can't happen!)
Mostly a clean-up or a good practice in order to remove BUG_ON() from
the kernel we it can be handled another way.
Eventually a 3rd one for reducing ID_STR_LENGTH.
I guess that it is safe to reduce it to 32 or 16, but the impact on RL
would be so small, that I wonder if it worth proposing it.
Just my 2c,
CJ
Thanks,
Just my 2c,
CJ
char *p = name;
- BUG_ON(!name);
+ if (!name)
+ return ERR_PTR(-ENOMEM);
*p++ = ':';
/*
@@ -5948,6 +5949,8 @@ static int sysfs_slab_add(struct kmem_cache *s)
* for the symlinks.
*/
name = create_unique_id(s);
+ if (IS_ERR(name))
+ return PTR_ERR(name);
}
s->kobj.kset = kset;