[Crash-utility] [PATCH] Fix the "kmem -s" option for Linux 5.7 and later kernels
HAGIO KAZUHITO(萩尾 一仁)
k-hagio-ab at nec.com
Fri May 28 08:43:29 UTC 2021
Hi Lianbo,
-----Original Message-----
> Linux 5.7 and later kernels that contain kernel commit <1ad53d9fa3f6>
> ("slub: improve bit diffusion for freelist ptr obfuscation") changed
> the calculation formula in the freelist_ptr(), which added a swab()
> call to mix bits a little more. When kernel is built with the
> "CONFIG_SLAB_FREELIST_HARDENED=y",the "kmem -s" option fails with the
> following errors, if there is no such patch.
>
> crash> kmem -s
> CACHE OBJSIZE ALLOCATED TOTAL SLABS SSIZE NAME
> 82166d00 144 0 0 0 4k fuse_request
> 82166e00 792 0 0 0 16k fuse_inode
> 87201e00 528 0 0 0 8k xfs_dqtrx
> 87201f00 496 0 0 0 8k xfs_dquot
> kmem: xfs_buf: slab: 37202e6e900 invalid freepointer: b844bab900001d70
> kmem: xfs_buf: slab: 3720250fd80 invalid freepointer: b8603f9400001370
> ...
Good catch! And the patch diff looks good to me.
But the freelist_ptr() function, which is patched, is called only when
the error message is NOT printed. So it seems like the patch does not
stop the message, right?
static ulong
get_freepointer(struct meminfo *si, void *object)
{
ulong vaddr, nextfree;
vaddr = (ulong)(object + si->slab_offset);
if (!readmem(vaddr, KVADDR, &nextfree,
sizeof(void *), "get_freepointer", QUIET|RETURN_ON_ERROR)) {
error(INFO, "%s: slab: %lx invalid freepointer: %lx\n",
si->curname, si->slab, vaddr);
return BADADDR;
}
return (freelist_ptr(si, nextfree, vaddr));
}
If so, please fix the commit message. What is the phenomenon that
the patch fixes?
Thanks,
Kazu
>
> Signed-off-by: Lianbo Jiang <lijiang at redhat.com>
> ---
> memory.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/memory.c b/memory.c
> index 8c6bbe409922..a3cf8a86728d 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -20,6 +20,7 @@
> #include <sys/mman.h>
> #include <ctype.h>
> #include <netinet/in.h>
> +#include <byteswap.h>
>
> struct meminfo { /* general purpose memory information structure */
> ulong cache; /* used by the various memory searching/dumping */
> @@ -19336,10 +19337,14 @@ count_free_objects(struct meminfo *si, ulong freelist)
> static ulong
> freelist_ptr(struct meminfo *si, ulong ptr, ulong ptr_addr)
> {
> - if (VALID_MEMBER(kmem_cache_random))
> + if (VALID_MEMBER(kmem_cache_random)) {
> /* CONFIG_SLAB_FREELIST_HARDENED */
> +
> + if (THIS_KERNEL_VERSION >= LINUX(5,7,0))
> + ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
> + : bswap_32(ptr_addr);
> return (ptr ^ si->random ^ ptr_addr);
> - else
> + } else
> return ptr;
> }
>
> --
> 2.17.1
More information about the Crash-utility
mailing list