Skip to content

Commit

Permalink
mm/mempool: avoid KASAN marking mempool poison checks as use-after-free
Browse files Browse the repository at this point in the history 
commit 7640131 upstream.

When removing an element from the mempool, mark it as unpoisoned in KASAN
before verifying its contents for SLUB/SLAB debugging.  Otherwise KASAN
will flag the reads checking the element use-after-free writes as
use-after-free reads.

Signed-off-by: Matthew Dawson <matthew@mjdsystems.ca>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrii Bordunov <aborduno@cisco.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
Matthew Dawson authored and Greg Kroah-Hartman committed Aug 13, 2017
1 parent 7e86f2d commit d45aaba
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion mm/mempool.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,8 +135,8 @@ static void *remove_element(mempool_t *pool)
void *element = pool->elements[--pool->curr_nr];

BUG_ON(pool->curr_nr < 0);
check_element(pool, element);
kasan_unpoison_element(pool, element);
check_element(pool, element);
return element;
}

Expand Down

0 comments on commit d45aaba

Please sign in to comment.