lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070227181425.GA26886@2ka.mipt.ru>
Date:	Tue, 27 Feb 2007 21:14:25 +0300
From:	Evgeniy Polyakov <johnpol@....mipt.ru>
To:	David Miller <davem@...emloft.net>
Cc:	paul.moore@...com, kaber@...sh.net, netdev@...r.kernel.org,
	acme@...stprotocols.net
Subject: Re: [NET]: Fix kfree(skb)

On Tue, Feb 27, 2007 at 10:00:52AM -0800, David Miller (davem@...emloft.net) wrote:
> It's unfortunately an easy mistake to make since kfree() accepts any
> pointer type without warning.
> 
> What would be really nice is if someone could come up with a way for
> kfree() to disallow being passed objects that are meant to be released
> via some other mechanism.  So that, for example:
> 
> 	kfree(skb);
> 
> would warn or fail to compile, but the kfree_skb() code could go:
> 
> 	kmem_cache_free_I_KNOW_WHAT_I_AM_DOING(skbuff_head_cache, skb);
> 
> :-)

Something like that? (not tested, will do if starting point looks
correct - it checks if requested to be freed size is equal to one of the 
kmalloc() size, and warns if kmalloc cache is not that one where 
we are going to free an object):

diff --git a/mm/slab.c b/mm/slab.c
index c610062..bcb29df 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -3757,6 +3757,15 @@ void kfree(const void *objp)
 	local_irq_save(flags);
 	kfree_debugcheck(objp);
 	c = virt_to_cache(objp);
+
+	{
+		int size = kmem_cache_size(c);
+		struct cache_sizes *csizep = malloc_sizes;
+		while (size != csizep->cs_size)
+			csizep++;
+		WARN_ON(csizep != c);
+	}
+
 	debug_check_no_locks_freed(objp, obj_size(c));
 	__cache_free(c, (void *)objp);
 	local_irq_restore(flags);

-- 
	Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ