mm/sl[au]b: check if large object is valid in __ksize()

If address of large object is not beginning of folio or size of the folio is too small, it must be invalid. WARN() and return 0 in such cases. Cc: Marco Elver <elver@google.com> Suggested-by: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
author: Hyeonggon Yoo <42.hyeyoo@gmail.com> 2022-08-17 19:18:26 +0900
committer: Vlastimil Babka <vbabka@suse.cz> 2022-09-01 11:44:39 +0200
commit: d5eff736902d5565a24f1b571b5987b3e5ee9a5b (patch)
tree: 6d7e5fe943c66e9296ec474bf80781178407025a /mm/slab_common.c
parent: 8dfa9d554061873f96335730fb1d403698b2b1b4 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/mm/slab_common.c b/mm/slab_common.c
index 500eb777faca..7972ec4b9ca4 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -984,8 +984,13 @@ size_t __ksize(const void *object)
 
 	folio = virt_to_folio(object);
 
-	if (unlikely(!folio_test_slab(folio)))
+	if (unlikely(!folio_test_slab(folio))) {
+		if (WARN_ON(folio_size(folio) <= KMALLOC_MAX_CACHE_SIZE))
+			return 0;
+		if (WARN_ON(object != folio_address(folio)))
+			return 0;
 		return folio_size(folio);
+	}
 
 	return slab_ksize(folio_slab(folio)->slab_cache);
 }
author	Hyeonggon Yoo <42.hyeyoo@gmail.com>	2022-08-17 19:18:26 +0900
committer	Vlastimil Babka <vbabka@suse.cz>	2022-09-01 11:44:39 +0200
commit	d5eff736902d5565a24f1b571b5987b3e5ee9a5b (patch)
tree	6d7e5fe943c66e9296ec474bf80781178407025a /mm/slab_common.c
parent	8dfa9d554061873f96335730fb1d403698b2b1b4 (diff)