Currently kfree does not accept ERR_PTR range so redefine ZERO_SIZE_PTR
to include this and also change ZERO_OR_NULL_PTR macro to check this new
range. With this change kfree will skip and behave as no-ops when ERR_PTR
is passed.
This will help error related to ERR_PTR stand out better.
After this, we don't need to reset any ERR_PTR variable to NULL before
being passed to any kfree or related wrappers calls, as everything would
be handled by ZERO_SIZE_PTR itself.
This patch is verbatim from Brad Spengler/PaX Team's code in the last
public patch of grsecurity/PaX based on my understanding of the code.
Changes or omissions from the original code are mine and don't reflect the
original grsecurity/PaX code.
Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Cc: Christopher Lameter <cl@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Shyam Saini <mayhs11saini@xxxxxxxxx>
---
include/linux/slab.h | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 877a95c6a2d2..8ffdabd218f8 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -127,11 +127,16 @@
*
* ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
* Both make kfree a no-op.
+ * Note: ZERO_SIZE_PTR also cover ERR_PTR Range.
*/
-#define ZERO_SIZE_PTR ((void *)16)
-
-#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
- (unsigned long)ZERO_SIZE_PTR)
+#define ZERO_SIZE_PTR \
+({ \
+ BUILD_BUG_ON(!(MAX_ERRNO & ~PAGE_MASK));\
+ (void *)(-MAX_ERRNO-1L); \
+})
+
+#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= \
+ (unsigned long)ZERO_SIZE_PTR - 1)
#include <linux/kasan.h>
--
2.20.1
