diff options
author | Pekka Enberg <penberg@cs.helsinki.fi> | 2010-04-07 12:23:40 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-04-09 13:09:50 -0400 |
commit | fc1c183353a113c71675fecd0485e5aa0fe68d72 (patch) | |
tree | 25fc50112c80402ab43bd86a3d6b6a99a0c3c128 | |
parent | 4dc86ae1f925b2121d4e75058675895f83e54c71 (diff) |
slab: Generify kernel pointer validation
As suggested by Linus, introduce a kern_ptr_validate() helper that does some
sanity checks to make sure a pointer is a valid kernel pointer. This is a
preparational step for fixing SLUB kmem_ptr_validate().
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Nick Piggin <npiggin@suse.de>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | include/linux/slab.h | 1 | ||||
-rw-r--r-- | mm/slab.c | 13 | ||||
-rw-r--r-- | mm/util.c | 21 |
3 files changed, 23 insertions, 12 deletions
diff --git a/include/linux/slab.h b/include/linux/slab.h index 488446289cab..49d1247cd6d9 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h | |||
@@ -106,6 +106,7 @@ int kmem_cache_shrink(struct kmem_cache *); | |||
106 | void kmem_cache_free(struct kmem_cache *, void *); | 106 | void kmem_cache_free(struct kmem_cache *, void *); |
107 | unsigned int kmem_cache_size(struct kmem_cache *); | 107 | unsigned int kmem_cache_size(struct kmem_cache *); |
108 | const char *kmem_cache_name(struct kmem_cache *); | 108 | const char *kmem_cache_name(struct kmem_cache *); |
109 | int kern_ptr_validate(const void *ptr, unsigned long size); | ||
109 | int kmem_ptr_validate(struct kmem_cache *cachep, const void *ptr); | 110 | int kmem_ptr_validate(struct kmem_cache *cachep, const void *ptr); |
110 | 111 | ||
111 | /* | 112 | /* |
@@ -3602,21 +3602,10 @@ EXPORT_SYMBOL(kmem_cache_alloc_notrace); | |||
3602 | */ | 3602 | */ |
3603 | int kmem_ptr_validate(struct kmem_cache *cachep, const void *ptr) | 3603 | int kmem_ptr_validate(struct kmem_cache *cachep, const void *ptr) |
3604 | { | 3604 | { |
3605 | unsigned long addr = (unsigned long)ptr; | ||
3606 | unsigned long min_addr = PAGE_OFFSET; | ||
3607 | unsigned long align_mask = BYTES_PER_WORD - 1; | ||
3608 | unsigned long size = cachep->buffer_size; | 3605 | unsigned long size = cachep->buffer_size; |
3609 | struct page *page; | 3606 | struct page *page; |
3610 | 3607 | ||
3611 | if (unlikely(addr < min_addr)) | 3608 | if (unlikely(!kern_ptr_validate(ptr, size))) |
3612 | goto out; | ||
3613 | if (unlikely(addr > (unsigned long)high_memory - size)) | ||
3614 | goto out; | ||
3615 | if (unlikely(addr & align_mask)) | ||
3616 | goto out; | ||
3617 | if (unlikely(!kern_addr_valid(addr))) | ||
3618 | goto out; | ||
3619 | if (unlikely(!kern_addr_valid(addr + size - 1))) | ||
3620 | goto out; | 3609 | goto out; |
3621 | page = virt_to_page(ptr); | 3610 | page = virt_to_page(ptr); |
3622 | if (unlikely(!PageSlab(page))) | 3611 | if (unlikely(!PageSlab(page))) |
@@ -186,6 +186,27 @@ void kzfree(const void *p) | |||
186 | } | 186 | } |
187 | EXPORT_SYMBOL(kzfree); | 187 | EXPORT_SYMBOL(kzfree); |
188 | 188 | ||
189 | int kern_ptr_validate(const void *ptr, unsigned long size) | ||
190 | { | ||
191 | unsigned long addr = (unsigned long)ptr; | ||
192 | unsigned long min_addr = PAGE_OFFSET; | ||
193 | unsigned long align_mask = sizeof(void *) - 1; | ||
194 | |||
195 | if (unlikely(addr < min_addr)) | ||
196 | goto out; | ||
197 | if (unlikely(addr > (unsigned long)high_memory - size)) | ||
198 | goto out; | ||
199 | if (unlikely(addr & align_mask)) | ||
200 | goto out; | ||
201 | if (unlikely(!kern_addr_valid(addr))) | ||
202 | goto out; | ||
203 | if (unlikely(!kern_addr_valid(addr + size - 1))) | ||
204 | goto out; | ||
205 | return 1; | ||
206 | out: | ||
207 | return 0; | ||
208 | } | ||
209 | |||
189 | /* | 210 | /* |
190 | * strndup_user - duplicate an existing string from user space | 211 | * strndup_user - duplicate an existing string from user space |
191 | * @s: The string to duplicate | 212 | * @s: The string to duplicate |