On Tue, Jun 02, 2020 at 04:15:18PM +0200, Vlastimil Babka wrote: > SLUB_DEBUG creates several files under /sys/kernel/slab/<cache>/ that can be > read to check if the respective debugging options are enabled for given cache. > Some options, namely sanity_checks, trace, and failslab can be also enabled > and > disabled at runtime by writing into the files. > > The runtime toggling is racy. Some options disable __CMPXCHG_DOUBLE when > enabled, which means that in case of concurrent allocations, some can still > use > __CMPXCHG_DOUBLE and some not, leading to potential corruption. The s->flags > field is also not updated or checked atomically. The simplest solution is to > remove the runtime toggling. The extended slub_debug boot parameter syntax > introduced by earlier patch should allow to fine-tune the debugging > configuration during boot with same granularity. > > Signed-off-by: Vlastimil Babka <vba...@suse.cz>
Reviewed-by: Kees Cook <keesc...@chromium.org> -- Kees Cook
