| Message ID | 1502468246-1262-1-git-send-email-alex.popov@linux.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, 11 Aug 2017, Alexander Popov wrote: > Add an assertion similar to "fasttop" check in GNU C Library allocator > as a part of SLAB_FREELIST_HARDENED feature. An object added to a singly > linked freelist should not point to itself. That helps to detect some > double free errors (e.g. CVE-2017-2636) without slub_debug and KASAN. Acked-by: Christoph Lameter <cl@linux.com>
diff --git a/mm/slub.c b/mm/slub.c index b9c7f1a..77b2781 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -290,6 +290,10 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp) { unsigned long freeptr_addr = (unsigned long)object + s->offset; +#ifdef CONFIG_SLAB_FREELIST_HARDENED + BUG_ON(object == fp); /* naive detection of double free or corruption */ +#endif + *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr); }
Add an assertion similar to "fasttop" check in GNU C Library allocator as a part of SLAB_FREELIST_HARDENED feature. An object added to a singly linked freelist should not point to itself. That helps to detect some double free errors (e.g. CVE-2017-2636) without slub_debug and KASAN. Signed-off-by: Alexander Popov <alex.popov@linux.com> --- mm/slub.c | 4 ++++ 1 file changed, 4 insertions(+)