Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ef8b4520 authored by Christoph Lameter's avatar Christoph Lameter Committed by Linus Torvalds
Browse files

Slab allocators: fail if ksize is called with a NULL parameter 



A NULL pointer means that the object was not allocated.  One cannot
determine the size of an object that has not been allocated.  Currently we
return 0 but we really should BUG() on attempts to determine the size of
something nonexistent.

krealloc() interprets NULL to mean a zero sized object.  Handle that
separately in krealloc().

Signed-off-by: default avatarChristoph Lameter <clameter@sgi.com>
Acked-by: default avatarPekka Enberg <penberg@cs.helsinki.fi>
Cc: Matt Mackall <mpm@selenic.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 0da7e01f

mm/slab.c

+2 −1
Original line number Diff line number Diff line
@@ -4446,7 +4446,8 @@ const struct seq_operations slabstats_op = { 
 */

size_t ksize(const void *objp)

{

	if (unlikely(ZERO_OR_NULL_PTR(objp)))

	BUG_ON(!objp);

	if (unlikely(objp == ZERO_SIZE_PTR))

		return 0;



	return obj_size(virt_to_cache(objp));

mm/slob.c

+2 −1
Original line number Diff line number Diff line
@@ -484,7 +484,8 @@ size_t ksize(const void *block) 
{

	struct slob_page *sp;



	if (unlikely(ZERO_OR_NULL_PTR(block)))

	BUG_ON(!block);

	if (unlikely(block == ZERO_SIZE_PTR))

		return 0;



	sp = (struct slob_page *)virt_to_page(block);

mm/slub.c

+2 −1
Original line number Diff line number Diff line
@@ -2449,7 +2449,8 @@ size_t ksize(const void *object) 
	struct page *page;

	struct kmem_cache *s;



	if (unlikely(ZERO_OR_NULL_PTR(object)))

	BUG_ON(!object);

	if (unlikely(object == ZERO_SIZE_PTR))

		return 0;



	page = get_object_page(object);

mm/util.c

+4 −2
Original line number Diff line number Diff line
@@ -81,14 +81,16 @@ EXPORT_SYMBOL(kmemdup); 
void *krealloc(const void *p, size_t new_size, gfp_t flags)

{

	void *ret;

	size_t ks;

	size_t ks = 0;



	if (unlikely(!new_size)) {

		kfree(p);

		return ZERO_SIZE_PTR;

	}



	if (p)

		ks = ksize(p);



	if (ks >= new_size)

		return (void *)p;