SAFE public projects git trees. - safe/jmp/linux-2.6/commit

author	Pekka Enberg <penberg@cs.helsinki.fi>
	Fri, 23 Jun 2006 09:03:40 +0000 (02:03 -0700)
committer	Linus Torvalds <torvalds@g5.osdl.org>
	Fri, 23 Jun 2006 14:42:51 +0000 (07:42 -0700)
commit	ddc2e812d592457747c4367fb73edcaa8e1e49ff
tree	7dc9066c1e43d14f7c495847a9f0b24287806fb2	tree \| snapshot
parent	8d3c138b77f195ca0eee6fb639ae73f5ea9edb6b	commit \| diff

[PATCH] slab: verify pointers before free

Passing an invalid pointer to kfree() and kmem_cache_free() is likely to
cause bad memory corruption or even take down the whole system because the
bad pointer is likely reused immediately due to the per-CPU caches. Until
now, we don't do any verification for this if CONFIG_DEBUG_SLAB is
disabled.

As suggested by Linus, add PageSlab check to page_to_cache() and
page_to_slab() to verify pointers passed to kfree(). Also, move the
stronger check from cache_free_debugcheck() to kmem_cache_free() to ensure
the passed pointer actually belongs to the cache we're about to free the
object.

For page_to_cache() and page_to_slab(), the assertions should have
virtually no extra cost (two instructions, no data cache pressure) and for
kmem_cache_free() the overhead should be minimal.

Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Christoph Lameter <clameter@engr.sgi.com>
Cc: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>