[Devel] [PATCH RHEL7 COMMIT] kasan/quarantine: fix bugs on qlist_move_cache()

Konstantin Khorenko khorenko at virtuozzo.com
Fri Sep 15 17:18:11 MSK 2017 

The commit is pushed to "branch-rh7-3.10.0-693.1.1.vz7.37.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-693.1.1.vz7.37.4
------>
commit 97f063ad36103b68490a11a2672091bf5dbd2ea8
Author: Joonsoo Kim <iamjoonsoo.kim at lge.com>
Date:   Fri Sep 15 17:18:11 2017 +0300

    kasan/quarantine: fix bugs on qlist_move_cache()
    
    There are two bugs on qlist_move_cache().  One is that qlist's tail
    isn't set properly.  curr->next can be NULL since it is singly linked
    list and NULL value on tail is invalid if there is one item on qlist.
    Another one is that if cache is matched, qlist_put() is called and it
    will set curr->next to NULL.  It would cause to stop the loop
    prematurely.
    
    These problems come from complicated implementation so I'd like to
    re-implement it completely.  Implementation in this patch is really
    simple.  Iterate all qlist_nodes and put them to appropriate list.
    
    Unfortunately, I got this bug sometime ago and lose oops message.  But,
    the bug looks trivial and no need to attach oops.
    
    Fixes: 55834c59098d ("mm: kasan: initial memory quarantine implementation")
    Link: http://lkml.kernel.org/r/1467766348-22419-1-git-send-email-iamjoonsoo.kim@lge.com
    Signed-off-by: Joonsoo Kim <iamjoonsoo.kim at lge.com>
    Reviewed-by: Dmitry Vyukov <dvyukov at google.com>
    Acked-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
    Acked-by: Alexander Potapenko <glider at google.com>
    Cc: Kuthonuzo Luruo <poll.stdin at gmail.com>
    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
    
    https://jira.sw.ru/browse/PSBM-69081
    (cherry picked from commit 0ab686d8c8303069e80300663b3be6201a8697fb)
    Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 mm/kasan/quarantine.c | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
index 4973505..65793f1 100644
--- a/mm/kasan/quarantine.c
+++ b/mm/kasan/quarantine.c
@@ -238,30 +238,23 @@ static void qlist_move_cache(struct qlist_head *from,
 				   struct qlist_head *to,
 				   struct kmem_cache *cache)
 {
-	struct qlist_node *prev = NULL, *curr;
+	struct qlist_node *curr;
 
 	if (unlikely(qlist_empty(from)))
 		return;
 
 	curr = from->head;
+	qlist_init(from);
 	while (curr) {
-		struct qlist_node *qlink = curr;
-		struct kmem_cache *obj_cache = qlink_to_cache(qlink);
-
-		if (obj_cache == cache) {
-			if (unlikely(from->head == qlink)) {
-				from->head = curr->next;
-				prev = curr;
-			} else
-				prev->next = curr->next;
-			if (unlikely(from->tail == qlink))
-				from->tail = curr->next;
-			from->bytes -= cache->size;
-			qlist_put(to, qlink, cache->size);
-		} else {
-			prev = curr;
-		}
-		curr = curr->next;
+		struct qlist_node *next = curr->next;
+		struct kmem_cache *obj_cache = qlink_to_cache(curr);
+
+		if (obj_cache == cache)
+			qlist_put(to, curr, obj_cache->size);
+		else
+			qlist_put(from, curr, obj_cache->size);
+
+		curr = next;
 	}
 }

More information about the Devel mailing list