On Wed, Jul 26, 2017 at 9:55 AM, Christopher Lameter <cl@xxxxxxxxx> wrote: > On Wed, 26 Jul 2017, Kees Cook wrote: > >> >> What happens if, instead of BUG_ON, we do: >> >> >> >> if (unlikely(WARN_RATELIMIT(object == fp, "double-free detected")) >> >> return; >> > >> > This may work for the free fastpath but the set_freepointer function is >> > use in multiple other locations. Maybe just add this to the fastpath >> > instead of to this fucnction? >> >> Do you mean do_slab_free()? > > Yes inserting these lines into do_slab_free() would simple ignore the > double free operation in the fast path and that would be safe. > > Although in either case we are adding code to the fastpath... While I'd like it unconditionally, I think Alexander's proposal was to put it behind CONFIG_SLAB_FREELIST_HARDENED. BTW, while I've got your attention, can you Ack the other patch? I sent a v4 for the pointer obfuscation, which we really need: https://lkml.org/lkml/2017/7/26/4 Thanks! -Kees -- Kees Cook Pixel Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
