• David Rientjes's avatar
    mm, mempool: poison elements backed by slab allocator · bdfedb76
    David Rientjes authored
    Mempools keep elements in a reserved pool for contexts in which allocation
    may not be possible.  When an element is allocated from the reserved pool,
    its memory contents is the same as when it was added to the reserved pool.
    
    Because of this, elements lack any free poisoning to detect use-after-free
    errors.
    
    This patch adds free poisoning for elements backed by the slab allocator.
    This is possible because the mempool layer knows the object size of each
    element.
    
    When an element is added to the reserved pool, it is poisoned with
    POISON_FREE.  When it is removed from the reserved pool, the contents are
    checked for POISON_FREE.  If there is a mismatch, a warning is emitted to
    the kernel log.
    
    This is only effective for configs with CONFIG_DEBUG_SLAB or
    CONFIG_SLUB_DEBUG_ON.
    
    [fabio.estevam@freescale.com: use '%zu' for printing 'size_t' variable]
    [arnd@arndb.de: add missing include]
    Signed-off-by: default avatarDavid Rientjes <rientjes@google.com>
    Cc: Dave Kleikamp <shaggy@kernel.org>
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
    Cc: Mikulas Patocka <mpatocka@redhat.com>
    Cc: Catalin Marinas <catalin.marinas@arm.com>
    Signed-off-by: default avatarFabio Estevam <fabio.estevam@freescale.com>
    Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    bdfedb76
mempool.c 13.2 KB