mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-21 21:01:13 -05:00
65 lines
2.2 KiB
Diff
65 lines
2.2 KiB
Diff
From c4e490cf148e85ead0d1b1c2caaba833f1d5b29f Mon Sep 17 00:00:00 2001
|
|
From: John Sperbeck <jsperbeck@google.com>
|
|
Date: Tue, 10 Jan 2017 16:58:24 -0800
|
|
Subject: mm/slab.c: fix SLAB freelist randomization duplicate entries
|
|
|
|
This patch fixes a bug in the freelist randomization code. When a high
|
|
random number is used, the freelist will contain duplicate entries. It
|
|
will result in different allocations sharing the same chunk.
|
|
|
|
It will result in odd behaviours and crashes. It should be uncommon but
|
|
it depends on the machines. We saw it happening more often on some
|
|
machines (every few hours of running tests).
|
|
|
|
Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization")
|
|
Link: http://lkml.kernel.org/r/20170103181908.143178-1-thgarnie@google.com
|
|
Signed-off-by: John Sperbeck <jsperbeck@google.com>
|
|
Signed-off-by: Thomas Garnier <thgarnie@google.com>
|
|
Cc: Christoph Lameter <cl@linux.com>
|
|
Cc: Pekka Enberg <penberg@kernel.org>
|
|
Cc: David Rientjes <rientjes@google.com>
|
|
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
|
|
Cc: <stable@vger.kernel.org>
|
|
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
|
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
---
|
|
mm/slab.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/mm/slab.c b/mm/slab.c
|
|
index 29bc6c0..4f2ec6b 100644
|
|
--- a/mm/slab.c
|
|
+++ b/mm/slab.c
|
|
@@ -2457,7 +2457,6 @@ union freelist_init_state {
|
|
unsigned int pos;
|
|
unsigned int *list;
|
|
unsigned int count;
|
|
- unsigned int rand;
|
|
};
|
|
struct rnd_state rnd_state;
|
|
};
|
|
@@ -2483,8 +2482,7 @@ static bool freelist_state_initialize(union freelist_init_state *state,
|
|
} else {
|
|
state->list = cachep->random_seq;
|
|
state->count = count;
|
|
- state->pos = 0;
|
|
- state->rand = rand;
|
|
+ state->pos = rand % count;
|
|
ret = true;
|
|
}
|
|
return ret;
|
|
@@ -2493,7 +2491,9 @@ static bool freelist_state_initialize(union freelist_init_state *state,
|
|
/* Get the next entry on the list and randomize it using a random shift */
|
|
static freelist_idx_t next_random_slot(union freelist_init_state *state)
|
|
{
|
|
- return (state->list[state->pos++] + state->rand) % state->count;
|
|
+ if (state->pos >= state->count)
|
|
+ state->pos = 0;
|
|
+ return state->list[state->pos++];
|
|
}
|
|
|
|
/* Swap two freelist entries */
|
|
--
|
|
cgit v1.1
|
|
|