summaryrefslogtreecommitdiffstats
path: root/mm/kasan
diff options
context:
space:
mode:
authorDmitry Vyukov <dvyukov@google.com>2018-02-07 00:36:37 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2018-02-07 03:32:43 +0100
commitb1d5728939ebe01a773a75a72e7161408ec9805e (patch)
tree78a5efeeaeefcad39bf62a0af35deea7e1e634c1 /mm/kasan
parentkasan: unify code between kasan_slab_free() and kasan_poison_kfree() (diff)
downloadlinux-b1d5728939ebe01a773a75a72e7161408ec9805e.tar.xz
linux-b1d5728939ebe01a773a75a72e7161408ec9805e.zip
kasan: detect invalid frees
Detect frees of pointers into middle of heap objects. Link: http://lkml.kernel.org/r/cb569193190356beb018a03bb8d6fbae67e7adbc.1514378558.git.dvyukov@google.com Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>a Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/kasan')
-rw-r--r--mm/kasan/kasan.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 578843fab5dc..3fb497d4fbf8 100644
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -495,6 +495,12 @@ static bool __kasan_slab_free(struct kmem_cache *cache, void *object,
s8 shadow_byte;
unsigned long rounded_up_size;
+ if (unlikely(nearest_obj(cache, virt_to_head_page(object), object) !=
+ object)) {
+ kasan_report_invalid_free(object, ip);
+ return true;
+ }
+
/* RCU slabs could be legally used after free within the RCU period */
if (unlikely(cache->flags & SLAB_TYPESAFE_BY_RCU))
return false;