>kfree calls kfree_debugcheck which looks like (I shortened it):
struct page *page;
if (!virt_addr_valid(objp))
BUG();
page = virt_to_page(objp);
if (!PageSlab(page))
BUG();
It seems to me that these are the functions you look for.
thanks, I will check this out.
I wonder, if above mentioned checks are really going to work for him, because
the requirement is not only to check validity of received kernel pointer but
also to be exact pointer (what was passed to application, because the pointer
is pointer to some context).
The macro virt_addr_valid(kaddr) expands to
pfn_to_page(((unsigned long)(kaddr)-PAGE_OFFSET) >> PAGE_SHIFT)
Basically, what Talib needs is a way to check that the pages containing
the address are allocated to some frame. (Cheking for the validity of the
structure pointed is done independantly by checking some signature+pid
that is supposed to be found at that address.)
I think this is what virt_addr_valid does (and I would appreciate a
correction if I am wrong).
PAGE_SHIFT is log(page_size)
PAGE_OFFSET is the first address available for the kernel
pfn_to_page is mem_map + (pfn)
So, '((kaddr)-PAGE_OFFSET) >> PAGE_SHIFT' really aligns the address and
returns the index of page containing it. 0 being the first page available
to the kernel, etc. (implying virt_addr_valid works only for kernel
space pointers btw.)
I don't know exactly what mem_map is, but it seems it is an array of all
page structures allocated by the kernel, hence virt_addr_valid returns 0
iff the address points to a non-allocated page.
For example, the address passed from kernel to application is 0xC1234567
(which is pointing to some transaction allocated). Now if user application
passed back as 0xC1234568, the above macro will fail to detect (Of course
address is a valid one, but not what expected). For that matter, in my
opinion, it won't be possible to check anyway against such examples.
I think your example is wrong. Since both addresses fall in the same page
it doesn't matter. Now that I think of it, it seems that the check
"if (!PageSlab(page))" is redundant.
You are correct though (and it slipped me) that if the memory allocated
falls on two pages, he should check the validity of both pages.
I really don't think, receiving a pointer from user space is a good idea. I
suggest to take recourse of table mechanism suggested in earlier emails.
I agree on this one. You can have a very efficient table mechanism where
each entry costs you 35 bits (or 67 bits on 64-bit), with 1 lookup for
referencing and 3 lookups for allocating a new transaction. I doubt it
would be less efficient than any other solution, but this is really Talib's
decision to make.
Hayim
Regards,
Mohanlal
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
