Skip to content

Commit d5eff73

Browse files
hygonitehcaster
hygoni
authored and
tehcaster
committed
mm/sl[au]b: check if large object is valid in __ksize()
If address of large object is not beginning of folio or size of the folio is too small, it must be invalid. WARN() and return 0 in such cases. Cc: Marco Elver <elver@google.com> Suggested-by: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
1 parent 8dfa9d5 commit d5eff73

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

mm/slab_common.c

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -984,8 +984,13 @@ size_t __ksize(const void *object)
984984

985985
folio = virt_to_folio(object);
986986

987-
if (unlikely(!folio_test_slab(folio)))
987+
if (unlikely(!folio_test_slab(folio))) {
988+
if (WARN_ON(folio_size(folio) <= KMALLOC_MAX_CACHE_SIZE))
989+
return 0;
990+
if (WARN_ON(object != folio_address(folio)))
991+
return 0;
988992
return folio_size(folio);
993+
}
989994

990995
return slab_ksize(folio_slab(folio)->slab_cache);
991996
}

0 commit comments

Comments
 (0)