• Pekka Enberg's avatar
    [PATCH] slab: verify pointers before free · ddc2e812
    Pekka Enberg authored
    Passing an invalid pointer to kfree() and kmem_cache_free() is likely to
    cause bad memory corruption or even take down the whole system because the
    bad pointer is likely reused immediately due to the per-CPU caches.  Until
    now, we don't do any verification for this if CONFIG_DEBUG_SLAB is
    disabled.
    
    As suggested by Linus, add PageSlab check to page_to_cache() and
    page_to_slab() to verify pointers passed to kfree().  Also, move the
    stronger check from cache_free_debugcheck() to kmem_cache_free() to ensure
    the passed pointer actually belongs to the cache we're about to free the
    object.
    
    For page_to_cache() and page_to_slab(), the assertions should have
    virtually no extra cost (two instructions, no data cache pressure) and for
    kmem_cache_free() the overhead should be minimal.
    Signed-off-by: default avatarPekka Enberg <penberg@cs.helsinki.fi>
    Cc: Manfred Spraul <manfred@colorfullife.com>
    Cc: Christoph Lameter <clameter@engr.sgi.com>
    Cc: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    ddc2e812
slab.c 108 KB