From: Andrey Ryabinin a.ryabinin@samsung.com
Mempools keep allocated objects in reserved for situations when ordinary allocation may not be possible to satisfy. These objects shouldn't be accessed before they leave the pool.
This patch poison elements when get into the pool and unpoison when they leave it. This will let KASan to detect use-after-free of mempool's elements.
Signed-off-by: Andrey Ryabinin a.ryabinin@samsung.com Tested-by: David Rientjes rientjes@google.com Cc: Catalin Marinas catalin.marinas@arm.com Cc: Dmitry Chernenkov drcheren@gmail.com Cc: Dmitry Vyukov dvyukov@google.com Cc: Alexander Potapenko glider@google.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org (cherry picked from commit 923936157b158f36bd6a3d86496dce82b1a957de) Signed-off-by: Alex Shi alex.shi@linaro.org --- mm/mempool.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/mm/mempool.c b/mm/mempool.c index 5e18249..d4c4e4c 100644 --- a/mm/mempool.c +++ b/mm/mempool.c @@ -137,6 +137,7 @@ static void *remove_element(mempool_t *pool) BUG_ON(pool->curr_nr < 0); kasan_unpoison_element(pool, element); check_element(pool, element); + kasan_unpoison_element(pool, element); return element; }