Re: [PATCH v4] tools/mm: Fix slabinfo crash when MAX_SLABS is exceeded
From: Vlastimil Babka
Date: Tue Nov 05 2024 - 04:22:12 EST
On 10/31/24 11:55, Marc Dionne wrote:
> From: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
>
> The number of slabs can easily exceed the hard coded MAX_SLABS in the
> slabinfo tool, causing it to overwrite memory and crash.
>
> Increase the value of MAX_SLABS, and check if that has been exceeded for
> each new slab, instead of at the end when it's already too late. Also
> move the check for MAX_ALIASES into the loop body.
>
> Signed-off-by: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
Acked-by: Vlastimil Babka <vbabka@xxxxxxx>
> ---
> tools/mm/slabinfo.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/tools/mm/slabinfo.c b/tools/mm/slabinfo.c
> index cfaeaea71042..1a9b807a48c3 100644
> --- a/tools/mm/slabinfo.c
> +++ b/tools/mm/slabinfo.c
> @@ -21,7 +21,7 @@
> #include <regex.h>
> #include <errno.h>
>
> -#define MAX_SLABS 500
> +#define MAX_SLABS 2000
> #define MAX_ALIASES 500
> #define MAX_NODES 1024
>
> @@ -1228,6 +1228,8 @@ static void read_slab_dir(void)
> continue;
> switch (de->d_type) {
> case DT_LNK:
> + if (alias - aliasinfo == MAX_ALIASES)
> + fatal("Too many aliases\n");
> alias->name = strdup(de->d_name);
> count = readlink(de->d_name, buffer, sizeof(buffer)-1);
>
> @@ -1242,6 +1244,8 @@ static void read_slab_dir(void)
> alias++;
> break;
> case DT_DIR:
> + if (slab - slabinfo == MAX_SLABS)
> + fatal("Too many slabs\n");
> if (chdir(de->d_name))
> fatal("Unable to access slab %s\n", slab->name);
> slab->name = strdup(de->d_name);
> @@ -1310,10 +1314,6 @@ static void read_slab_dir(void)
> slabs = slab - slabinfo;
> actual_slabs = slabs;
> aliases = alias - aliasinfo;
> - if (slabs > MAX_SLABS)
> - fatal("Too many slabs\n");
> - if (aliases > MAX_ALIASES)
> - fatal("Too many aliases\n");
> }
>
> static void output_slabs(void)