mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-28 22:54:05 +08:00
kasan: fix assigning tags twice
When an object is kmalloc()'ed, two hooks are called: kasan_slab_alloc() and kasan_kmalloc(). Right now we assign a tag twice, once in each of the hooks. Fix it by assigning a tag only in the former hook. Link: http://lkml.kernel.org/r/ce8c6431da735aa7ec051fd6497153df690eb021.1549921721.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christoph Lameter <cl@linux.com> Cc: David Rientjes <rientjes@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgeniy Stepanov <eugenis@google.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Kostya Serebryany <kcc@google.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: Qian Cai <cai@lca.pw> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
050c17f239
commit
e1db95befb
@ -361,10 +361,15 @@ void kasan_poison_object_data(struct kmem_cache *cache, void *object)
|
||||
* get different tags.
|
||||
*/
|
||||
static u8 assign_tag(struct kmem_cache *cache, const void *object,
|
||||
bool init, bool krealloc)
|
||||
bool init, bool keep_tag)
|
||||
{
|
||||
/* Reuse the same tag for krealloc'ed objects. */
|
||||
if (krealloc)
|
||||
/*
|
||||
* 1. When an object is kmalloc()'ed, two hooks are called:
|
||||
* kasan_slab_alloc() and kasan_kmalloc(). We assign the
|
||||
* tag only in the first one.
|
||||
* 2. We reuse the same tag for krealloc'ed objects.
|
||||
*/
|
||||
if (keep_tag)
|
||||
return get_tag(object);
|
||||
|
||||
/*
|
||||
@ -405,12 +410,6 @@ void * __must_check kasan_init_slab_obj(struct kmem_cache *cache,
|
||||
return (void *)object;
|
||||
}
|
||||
|
||||
void * __must_check kasan_slab_alloc(struct kmem_cache *cache, void *object,
|
||||
gfp_t flags)
|
||||
{
|
||||
return kasan_kmalloc(cache, object, cache->object_size, flags);
|
||||
}
|
||||
|
||||
static inline bool shadow_invalid(u8 tag, s8 shadow_byte)
|
||||
{
|
||||
if (IS_ENABLED(CONFIG_KASAN_GENERIC))
|
||||
@ -467,7 +466,7 @@ bool kasan_slab_free(struct kmem_cache *cache, void *object, unsigned long ip)
|
||||
}
|
||||
|
||||
static void *__kasan_kmalloc(struct kmem_cache *cache, const void *object,
|
||||
size_t size, gfp_t flags, bool krealloc)
|
||||
size_t size, gfp_t flags, bool keep_tag)
|
||||
{
|
||||
unsigned long redzone_start;
|
||||
unsigned long redzone_end;
|
||||
@ -485,7 +484,7 @@ static void *__kasan_kmalloc(struct kmem_cache *cache, const void *object,
|
||||
KASAN_SHADOW_SCALE_SIZE);
|
||||
|
||||
if (IS_ENABLED(CONFIG_KASAN_SW_TAGS))
|
||||
tag = assign_tag(cache, object, false, krealloc);
|
||||
tag = assign_tag(cache, object, false, keep_tag);
|
||||
|
||||
/* Tag is ignored in set_tag without CONFIG_KASAN_SW_TAGS */
|
||||
kasan_unpoison_shadow(set_tag(object, tag), size);
|
||||
@ -498,10 +497,16 @@ static void *__kasan_kmalloc(struct kmem_cache *cache, const void *object,
|
||||
return set_tag(object, tag);
|
||||
}
|
||||
|
||||
void * __must_check kasan_slab_alloc(struct kmem_cache *cache, void *object,
|
||||
gfp_t flags)
|
||||
{
|
||||
return __kasan_kmalloc(cache, object, cache->object_size, flags, false);
|
||||
}
|
||||
|
||||
void * __must_check kasan_kmalloc(struct kmem_cache *cache, const void *object,
|
||||
size_t size, gfp_t flags)
|
||||
{
|
||||
return __kasan_kmalloc(cache, object, size, flags, false);
|
||||
return __kasan_kmalloc(cache, object, size, flags, true);
|
||||
}
|
||||
EXPORT_SYMBOL(kasan_kmalloc);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user