This patch add null check for return value of addr_to_metadata().
currently 'meta' is geting accessed without any NULL check but it is
usually checked for this function.
Signed-off-by: Manjeet Pawar <[email protected]>
---
mm/kfence/core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/kfence/core.c b/mm/kfence/core.c
index 575c685aa642..9b953cfa7fee 100644
--- a/mm/kfence/core.c
+++ b/mm/kfence/core.c
@@ -802,6 +802,9 @@ void __kfence_free(void *addr)
{
struct kfence_metadata *meta = addr_to_metadata((unsigned long)addr);
+ if (unlikely(!meta))
+ return;
+
/*
* If the objects of the cache are SLAB_TYPESAFE_BY_RCU, defer freeing
* the object, as the object page may be recycled for other-typed
--
2.17.1
On Fri, 24 Sept 2021 at 15:55, Manjeet Pawar <[email protected]> wrote:
> This patch add null check for return value of addr_to_metadata().
> currently 'meta' is geting accessed without any NULL check but it is
> usually checked for this function.
>
> Signed-off-by: Manjeet Pawar <[email protected]>
Your commit message does not make sense -- what bug did you encounter?
"usually checked for this function" is not a reason to add the check.
Adding a check like this could also hide genuine bugs, as meta should
never be NULL in __kfence_free(). If it is, we'd like to see a crash.
Did you read kfence_free() in include/linux/kfence.h? It already
prevents __kfence_free() being called with a non-KFENCE address.
Without a more thorough explanation, Nack.
Thanks,
-- Marco