diff options
| author | Alex Shi <alex.shi@linaro.org> | 2016-08-27 11:27:14 +0800 |
|---|---|---|
| committer | Alex Shi <alex.shi@linaro.org> | 2016-08-27 11:27:14 +0800 |
| commit | 59e65b4bbfe7d0139ab1ab59cd27a5db95f5bb7b (patch) | |
| tree | f33d57c418124a184053ef6bd759ca8a155d6ac6 /mm/slab.c | |
| parent | e779279da78339ec75fa72571ef901a447762cc6 (diff) | |
| parent | 3ad78bad4fd43467f1fc6dff63076789b30c116b (diff) | |
Merge remote-tracking branch 'v4.4/topic/mm-kaslr-pax_usercopy' into linux-linaro-lsk-v4.4
Diffstat (limited to 'mm/slab.c')
| -rw-r--r-- | mm/slab.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/mm/slab.c b/mm/slab.c index 4765c97ce690..24a615d42d74 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -4228,6 +4228,36 @@ static int __init slab_proc_init(void) module_init(slab_proc_init); #endif +#ifdef CONFIG_HARDENED_USERCOPY +/* + * Rejects objects that are incorrectly sized. + * + * Returns NULL if check passes, otherwise const char * to name of cache + * to indicate an error. + */ +const char *__check_heap_object(const void *ptr, unsigned long n, + struct page *page) +{ + struct kmem_cache *cachep; + unsigned int objnr; + unsigned long offset; + + /* Find and validate object. */ + cachep = page->slab_cache; + objnr = obj_to_index(cachep, page, (void *)ptr); + BUG_ON(objnr >= cachep->num); + + /* Find offset within object. */ + offset = ptr - index_to_obj(cachep, page, objnr) - obj_offset(cachep); + + /* Allow address range falling entirely within object size. */ + if (offset <= cachep->object_size && n <= cachep->object_size - offset) + return NULL; + + return cachep->name; +} +#endif /* CONFIG_HARDENED_USERCOPY */ + /** * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object |