2 files changed, 31 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index c02d89777713..1312d7b5a5fb 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1758,6 +1758,7 @@ choice
 config SLAB
        bool "SLAB"
+        select HAVE_HARDENED_USERCOPY_ALLOCATOR
        help
          The regular slab allocator that is established and known to work
          well in all environments. It organizes cache hot objects in
diff --git a/mm/slab.c b/mm/slab.c
index cc8bbc1e6bc9..5e2d5f349aca 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -4477,6 +4477,36 @@ static int __init slab_proc_init(void)
 module_init(slab_proc_init);
 #endif
+#ifdef CONFIG_HARDENED_USERCOPY
+/*
+ * Rejects objects that are incorrectly sized.
+ *
+ * Returns NULL if check passes, otherwise const char * to name of cache
+ * to indicate an error.
+ */
+const char *__check_heap_object(const void *ptr, unsigned long n,
+                                struct page *page)
+{
+        struct kmem_cache *cachep;
+        unsigned int objnr;
+        unsigned long offset;
+        /* Find and validate object. */
+        cachep = page->slab_cache;
+        objnr = obj_to_index(cachep, page, (void *)ptr);
+        BUG_ON(objnr >= cachep->num);
+        /* Find offset within object. */
+        offset = ptr - index_to_obj(cachep, page, objnr) - obj_offset(cachep);
+        /* Allow address range falling entirely within object size. */
+        if (offset <= cachep->object_size && n <= cachep->object_size - offset)
+                return NULL;
+        return cachep->name;
+}
+#endif /* CONFIG_HARDENED_USERCOPY */
 /**
 * ksize - get the actual amount of memory allocated for a given object
 * @objp: Pointer to the object

diff --git a/init/Kconfig b/init/Kconfig index c02d89777713..1312d7b5a5fb 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -1758,6 +1758,7 @@ choice
1758		1758
1759	config SLAB	1759	config SLAB
1760	bool "SLAB"	1760	bool "SLAB"
		1761	select HAVE_HARDENED_USERCOPY_ALLOCATOR
1761	help	1762	help
1762	The regular slab allocator that is established and known to work	1763	The regular slab allocator that is established and known to work
1763	well in all environments. It organizes cache hot objects in	1764	well in all environments. It organizes cache hot objects in


diff --git a/mm/slab.c b/mm/slab.c index cc8bbc1e6bc9..5e2d5f349aca 100644 --- a/mm/slab.c +++ b/mm/slab.c
@@ -4477,6 +4477,36 @@ static int __init slab_proc_init(void)
4477	module_init(slab_proc_init);	4477	module_init(slab_proc_init);
4478	#endif	4478	#endif
4479		4479
		4480	#ifdef CONFIG_HARDENED_USERCOPY
		4481	/*
		4482	* Rejects objects that are incorrectly sized.
		4483	*
		4484	* Returns NULL if check passes, otherwise const char * to name of cache
		4485	* to indicate an error.
		4486	*/
		4487	const char __check_heap_object(const void ptr, unsigned long n,
		4488	struct page *page)
		4489	{
		4490	struct kmem_cache *cachep;
		4491	unsigned int objnr;
		4492	unsigned long offset;
		4493
		4494	/* Find and validate object. */
		4495	cachep = page->slab_cache;
		4496	objnr = obj_to_index(cachep, page, (void *)ptr);
		4497	BUG_ON(objnr >= cachep->num);
		4498
		4499	/* Find offset within object. */
		4500	offset = ptr - index_to_obj(cachep, page, objnr) - obj_offset(cachep);
		4501
		4502	/* Allow address range falling entirely within object size. */
		4503	if (offset <= cachep->object_size && n <= cachep->object_size - offset)
		4504	return NULL;
		4505
		4506	return cachep->name;
		4507	}
		4508	#endif /* CONFIG_HARDENED_USERCOPY */
		4509
4480	/**	4510	/**
4481	* ksize - get the actual amount of memory allocated for a given object	4511	* ksize - get the actual amount of memory allocated for a given object
4482	* @objp: Pointer to the object	4512	* @objp: Pointer to the object