tools/mm: fix slabinfo crash when MAX_SLABS is exceeded

The number of slabs can easily exceed the hard coded MAX_SLABS in the
slabinfo tool, causing it to overwrite memory and crash.

Increase the value of MAX_SLABS, and check if that has been exceeded for
each new slab, instead of at the end when it's already too late.  Also
move the check for MAX_ALIASES into the loop body.

Link: https://lkml.kernel.org/r/20241031105534.565533-1-marc.c.dionne@gmail.com
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/tools/mm/slabinfo.c b/tools/mm/slabinfo.c
index 04e9e6ba86ead57a2743bf30c00618d6aa88c674..1433eff99feb0518a68109529ab0a43379e1fbfc 100644 (file)
--- a/tools/mm/slabinfo.c
+++ b/tools/mm/slabinfo.c
@@ -21,7 +21,7 @@
 #include <regex.h>
 #include <errno.h>
 
-#define MAX_SLABS 500
+#define MAX_SLABS 2000
 #define MAX_ALIASES 500
 #define MAX_NODES 1024
 
@@ -1228,6 +1228,8 @@ static void read_slab_dir(void)
                                continue;
                switch (de->d_type) {
                   case DT_LNK:
+                       if (alias - aliasinfo == MAX_ALIASES)
+                               fatal("Too many aliases\n");
                        alias->name = strdup(de->d_name);
                        count = readlink(de->d_name, buffer, sizeof(buffer)-1);
 
@@ -1242,6 +1244,8 @@ static void read_slab_dir(void)
                        alias++;
                        break;
                   case DT_DIR:
+                       if (slab - slabinfo == MAX_SLABS)
+                               fatal("Too many slabs\n");
                        if (chdir(de->d_name))
                                fatal("Unable to access slab %s\n", slab->name);
                        slab->name = strdup(de->d_name);
@@ -1312,10 +1316,6 @@ static void read_slab_dir(void)
        slabs = slab - slabinfo;
        actual_slabs = slabs;
        aliases = alias - aliasinfo;
-       if (slabs > MAX_SLABS)
-               fatal("Too many slabs\n");
-       if (aliases > MAX_ALIASES)
-               fatal("Too many aliases\n");
 }
 
 static void output_slabs(void)