Patch "mm/slub, kunit: Use inverted data to corrupt kmem cache" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    mm/slub, kunit: Use inverted data to corrupt kmem cache

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mm-slub-kunit-use-inverted-data-to-corrupt-kmem-cach.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 480687eb1d67acf05d9f03234d2b5147457356c4
Author: Guenter Roeck <linux@xxxxxxxxxxxx>
Date:   Tue Apr 2 06:38:39 2024 -0700

    mm/slub, kunit: Use inverted data to corrupt kmem cache
    
    [ Upstream commit b1080c667b3b2c8c38a7fa83ca5567124887abae ]
    
    Two failure patterns are seen randomly when running slub_kunit tests with
    CONFIG_SLAB_FREELIST_RANDOM and CONFIG_SLAB_FREELIST_HARDENED enabled.
    
    Pattern 1:
         # test_clobber_zone: pass:1 fail:0 skip:0 total:1
         ok 1 test_clobber_zone
         # test_next_pointer: EXPECTATION FAILED at lib/slub_kunit.c:72
         Expected 3 == slab_errors, but
             slab_errors == 0 (0x0)
         # test_next_pointer: EXPECTATION FAILED at lib/slub_kunit.c:84
         Expected 2 == slab_errors, but
             slab_errors == 0 (0x0)
         # test_next_pointer: pass:0 fail:1 skip:0 total:1
         not ok 2 test_next_pointer
    
    In this case, test_next_pointer() overwrites p[s->offset], but the data
    at p[s->offset] is already 0x12.
    
    Pattern 2:
         ok 1 test_clobber_zone
         # test_next_pointer: EXPECTATION FAILED at lib/slub_kunit.c:72
         Expected 3 == slab_errors, but
             slab_errors == 2 (0x2)
         # test_next_pointer: pass:0 fail:1 skip:0 total:1
         not ok 2 test_next_pointer
    
    In this case, p[s->offset] has a value other than 0x12, but one of the
    expected failures is nevertheless missing.
    
    Invert data instead of writing a fixed value to corrupt the cache data
    structures to fix the problem.
    
    Fixes: 1f9f78b1b376 ("mm/slub, kunit: add a KUnit test for SLUB debugging functionality")
    Cc: Oliver Glitta <glittao@xxxxxxxxx>
    Cc: Vlastimil Babka <vbabka@xxxxxxx>
    CC: Daniel Latypov <dlatypov@xxxxxxxxxx>
    Cc: Marco Elver <elver@xxxxxxxxxx>
    Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
    Signed-off-by: Vlastimil Babka <vbabka@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/lib/slub_kunit.c b/lib/slub_kunit.c
index d4a3730b08fa7..4ce9604388069 100644
--- a/lib/slub_kunit.c
+++ b/lib/slub_kunit.c
@@ -55,7 +55,7 @@ static void test_next_pointer(struct kunit *test)
 
 	ptr_addr = (unsigned long *)(p + s->offset);
 	tmp = *ptr_addr;
-	p[s->offset] = 0x12;
+	p[s->offset] = ~p[s->offset];
 
 	/*
 	 * Expecting three errors.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux