-
Andrew Morton authored
From: Manfred Spraul <manfred@colorfullife.com> The patch is designed improve the diagnostics which are presented when the slab memory poison detector triggers. check_poison_obj checks for write accesses after kfree by comparing the object contents with the poison value. The current implementation contains several flaws: - it accepts both POISON_BEFORE and POISON_AFTER. check_poison_obj is only called with POISON_AFTER poison bytes. Fix: only accept POISON_AFTER. - the output is unreadable. Fix: use hexdump. - if a large objects is corrupted, then the relevant lines can scroll of the screen/dmesg buffer. Fix: line limit. - it can access addresses behind the end of the object, which can oops with CONFIG_DEBUG_PAGEALLOC. Fix: bounds checks. Additionally, the patch contains the following changes: - rename POISON_BEFORE and POISON_AFTER to POISON_FREE and POISON_INUSE. The old names are ambiguous. - use the new hexdump object function in ptrinfo. - store_stackinfo was called with wrong parameters: it should store caller, i.e. __builtin_return_address(0), not POISON_AFTER in the object. - dump both the object before and after the corrupted one, not just the one after. Example output: <<< Slab corruption: start=194e708c, len=2048 Redzone: 0x5a2cf071/0x5a2cf071. Last user: [<02399d7c>](dummy_init_module+0x1c/0xb0) 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 7b 030: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 63 Prev obj: start=194e6880, len=2048 Redzone: 0x5a2cf071/0x5a2cf071. Last user: [<00000000>](0x0) 000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b <<<
86c662db