Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
Other
554
stars
55
forks
source link
BUG at mm/slub.c (slab_alloc_node) 5.14.11-hardened1 #64
Task here was updatedb which from my understanding crawls the entire filesystem for indexing purposes (so it might be thrashing the slab allocator for all the path lookups).
slub.c:3035 is the BUG_ON in the following snippet near the end of slab_alloc_node
if (has_sanitize_verify(s) && object) {
/* KASAN hasn't unpoisoned the object yet (this is done in the
* post-alloc hook), so let's do it temporarily.
*/
kasan_unpoison_object_data(s, object);
BUG_ON(memchr_inv(object, 0, s->object_size)); // <---- slub.c:3035
if (s->ctor)
s->ctor(object);
kasan_poison_object_data(s, object);
} else {
init = slab_want_init_on_alloc(gfpflags, s);
}
I will try to repro in a VM so I can post coredump + debuginfo.
I'm hitting a
BUG_ON
inslab_alloc_node
onlinux-hardened 5.14.11-hardened1
Task here was
updatedb
which from my understanding crawls the entire filesystem for indexing purposes (so it might be thrashing the slab allocator for all the path lookups).slub.c:3035
is the BUG_ON in the following snippet near the end ofslab_alloc_node
I will try to repro in a VM so I can post coredump + debuginfo.