lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Feb 2007 10:24:52 -0800 (PST) From: David Miller <davem@...emloft.net> To: johnpol@....mipt.ru Cc: paul.moore@...com, kaber@...sh.net, netdev@...r.kernel.org, acme@...stprotocols.net Subject: Re: [NET]: Fix kfree(skb) From: Evgeniy Polyakov <johnpol@....mipt.ru> Date: Tue, 27 Feb 2007 21:20:01 +0300 > On Tue, Feb 27, 2007 at 09:14:25PM +0300, Evgeniy Polyakov (johnpol@....mipt.ru) wrote: > > On Tue, Feb 27, 2007 at 10:00:52AM -0800, David Miller (davem@...emloft.net) wrote: > > > It's unfortunately an easy mistake to make since kfree() accepts any > > > pointer type without warning. > > > > > > What would be really nice is if someone could come up with a way for > > > kfree() to disallow being passed objects that are meant to be released > > > via some other mechanism. So that, for example: > > > > > > kfree(skb); > > > > > > would warn or fail to compile, but the kfree_skb() code could go: > > > > > > kmem_cache_free_I_KNOW_WHAT_I_AM_DOING(skbuff_head_cache, skb); > > > > > > :-) > > > > Something like that? (not tested, will do if starting point looks > > correct - it checks if requested to be freed size is equal to one of the > > kmalloc() size, and warns if kmalloc cache is not that one where > > we are going to free an object): > > > > diff --git a/mm/slab.c b/mm/slab.c > > index c610062..bcb29df 100644 > > --- a/mm/slab.c > > +++ b/mm/slab.c > > @@ -3757,6 +3757,15 @@ void kfree(const void *objp) > > local_irq_save(flags); > > kfree_debugcheck(objp); > > c = virt_to_cache(objp); > > + > > + { > > + int size = kmem_cache_size(c); > > + struct cache_sizes *csizep = malloc_sizes; > > + while (size != csizep->cs_size) > > that needs a check for csizep != NULL too obviously. > Proof of concept, what do you expect? :) It's a great run-time check, for sure, and definitely something that we should add when SLAB_DEBUG is enabled. A compile-time check would be "really neat" :-) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists