The patch titled
Subject: mm/slab.h: add additional consistency check
has been removed from the -mm tree. Its filename was
mm-add-additional-consistency-check.patch
This patch was dropped because an alternative patch was merged
------------------------------------------------------
From: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: mm/slab.h: add additional consistency check
As found in PaX, this adds a cheap check on heap consistency, just to
notice if things have gotten corrupted in the page lookup.
Given the kinds of heap attacks I've been seeing, I think this added
consistency check is worth it given how inexpensive it is. When heap
metadata gets corrupted, we can get into nasty side-effects that can be
attacker-controlled, so better to catch obviously bad states as early as
possible.
Christoph said:
: Ok this only affects kmem_cache_free() and not kfree(). For
: kmem_cache_free() we already have a lot of stuff in the hotpath due to
: cgruops. If you want this also for kfree() then we need a separate
: patch.
:
: Also for kmem_cache_free(): Here we always have a slab cache and thus
: we could check the flags that could modify what behavior we want.
Link: http://lkml.kernel.org/r/20170331164028.GA118828@beast
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Acked-by: Christoph Lameter <cl@xxxxxxxxx>
Cc: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
Cc: Pekka Enberg <penberg@xxxxxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/slab.h | 1 +
1 file changed, 1 insertion(+)
diff -puN mm/slab.h~mm-add-additional-consistency-check mm/slab.h
--- a/mm/slab.h~mm-add-additional-consistency-check
+++ a/mm/slab.h
@@ -384,6 +384,7 @@ static inline struct kmem_cache *cache_f
return s;
page = virt_to_head_page(x);
+ BUG_ON(!PageSlab(page));
cachep = page->slab_cache;
if (slab_equal_or_root(cachep, s))
return cachep;
_
Patches currently in -mm which might be from keescook@xxxxxxxxxxxx are
mm-remove-rodata_test_data-export-add-pr_fmt.patch
reiserfs-use-designated-initializers.patch
format-security-move-static-strings-to-const.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
