]> git.dujemihanovic.xyz Git - linux.git/commitdiff
projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8dfa9d5)
mm/sl[au]b: check if large object is valid in __ksize()
authorHyeonggon Yoo <42.hyeyoo@gmail.com>
Wed, 17 Aug 2022 10:18:26 +0000 (19:18 +0900)
committerVlastimil Babka <vbabka@suse.cz>
Thu, 1 Sep 2022 09:44:39 +0000 (11:44 +0200)
If address of large object is not beginning of folio or size of the
folio is too small, it must be invalid. WARN() and return 0 in such
cases.

Cc: Marco Elver <elver@google.com>
Suggested-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
mm/slab_common.c patch | blob | history

diff --git a/mm/slab_common.c b/mm/slab_common.c
index 500eb777faca664d44ceced39f282af621603794..7972ec4b9ca42c62d2a43ad1f206781f8d5b8e52 100644 (file)
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -984,8 +984,13 @@ size_t __ksize(const void *object)
 
        folio = virt_to_folio(object);
 
-       if (unlikely(!folio_test_slab(folio)))
+       if (unlikely(!folio_test_slab(folio))) {
+               if (WARN_ON(folio_size(folio) <= KMALLOC_MAX_CACHE_SIZE))
+                       return 0;
+               if (WARN_ON(object != folio_address(folio)))
+                       return 0;
                return folio_size(folio);
+       }
 
        return slab_ksize(folio_slab(folio)->slab_cache);
 }
Unnamed repository; edit this file 'description' to name the repository.