Re: [Crash-utility] [PATCH 2/2] Fix "kmem -s|-S" not working properly when CONFIG_SLAB_FREELIST_HARDENED is enabled
On 2023/08/14 10:54, Lianbo Jiang wrote:
Currently, crash-utility still depends on detecting the kernel
version,
or the asm instruction 'bswap' on X86 64/X86 architectures to decide how
to deal with the freelist ptr obfuscation, when kernel option
CONFIG_SLAB_FREELIST_HARDENED is enabled.
As you known, the bit diffusion for freelist ptr obfuscation has
experienced the changes several times on the kernel side, For most
distributions, usually they might backport these kernel patches from
upstream, especially for the old kernel, the 'kmem -s|-S' will fail with
an error "invalid freepointer", which can be observed on ppc64le and
S390x architectures, etc. That is really not friendly.
Given that, let's fix the above issues this time, and it won't rely
on the linux version number or asm instruction 'bswap' to decide how to
dereference the freelist ptr.
Reported-by: Lucas Oakley <soakley(a)redhat.com>
Signed-off-by: Lianbo Jiang <lijiang(a)redhat.com>
Thank you for the fix.
Maybe we don't have to revert that patch and can use both of the bswap
way and this way, but seems no big benefit with it, so agree to revert it.
Applied.
Thanks!
Kazu
> ---
> memory.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/memory.c b/memory.c
> index 626c6039c6d9..562914ee9230 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -19654,9 +19654,12 @@ freelist_ptr(struct meminfo *si, ulong ptr, ulong
ptr_addr)
> if (VALID_MEMBER(kmem_cache_random)) {
> /* CONFIG_SLAB_FREELIST_HARDENED */
>
> - if (THIS_KERNEL_VERSION >= LINUX(5,7,0))
> - ptr_addr = (sizeof(long) == 8) ? bswap_64(ptr_addr)
> - : bswap_32(ptr_addr);
> + ulong addr = (sizeof(long) == 8) ? bswap_64(ptr_addr) : bswap_32(ptr_addr);
> + addr = ptr ^ si->random ^ addr;
> +
> + if (!addr || accessible(addr))
> + return addr;
> +
> return (ptr ^ si->random ^ ptr_addr);
> } else
> return ptr;