Commit ce6fa91b authored by Alexander Popov's avatar Alexander Popov Committed by Linus Torvalds
Browse files

mm/slub.c: add a naive detection of double free or corruption

Add an assertion similar to "fasttop" check in GNU C Library allocator
as a part of SLAB_FREELIST_HARDENED feature.  An object added to a
singly linked freelist should not point to itself.  That helps to detect
some double free errors (e.g. CVE-2017-2636) without slub_debug and


Signed-off-by: default avatarAlexander Popov <>
Acked-by: default avatarChristoph Lameter <>
Cc: Kees Cook <>
Cc: Pekka Enberg <>
Cc: David Rientjes <>
Cc: Joonsoo Kim <>
Cc: Paul E McKenney <>
Cc: Ingo Molnar <>
Cc: Tejun Heo <>
Cc: Andy Lutomirski <>
Cc: Nicolas Pitre <>
Cc: Rik van Riel <>
Cc: Tycho Andersen <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent 2482ddec
......@@ -290,6 +290,10 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
unsigned long freeptr_addr = (unsigned long)object + s->offset;
BUG_ON(object == fp); /* naive detection of double free or corruption */
*(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment