Currently kfree does not accept ERR_PTR range so redefine ZERO_SIZE_PTR to include this and also change ZERO_OR_NULL_PTR macro to check this new range. With this change kfree will skip and behave as no-ops when ERR_PTR is passed. This will help error related to ERR_PTR stand out better. After this, we don't need to reset any ERR_PTR variable to NULL before being passed to any kfree or related wrappers calls, as everything would be handled by ZERO_SIZE_PTR itself. This patch is verbatim from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx> Cc: Christopher Lameter <cl@xxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Shyam Saini <mayhs11saini@xxxxxxxxx> --- include/linux/slab.h | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/include/linux/slab.h b/include/linux/slab.h index 877a95c6a2d2..8ffdabd218f8 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -127,11 +127,16 @@ * * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can. * Both make kfree a no-op. + * Note: ZERO_SIZE_PTR also cover ERR_PTR Range. */ -#define ZERO_SIZE_PTR ((void *)16) - -#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \ - (unsigned long)ZERO_SIZE_PTR) +#define ZERO_SIZE_PTR \ +({ \ + BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\ + (void *)(-MAX_ERRNO-1L); \ +}) + +#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= \ + (unsigned long)ZERO_SIZE_PTR - 1) #include <linux/kasan.h> -- 2.20.1