As found in PaX, this adds a cheap check on heap consistency, just to
notice if things have gotten corrupted in the page lookup.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
mm/slab.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/slab.h b/mm/slab.h
index 65e7c3fcac72..64447640b70c 100644
--- a/mm/slab.h
+++ b/mm/slab.h
@@ -384,6 +384,7 @@ static inline struct kmem_cache *cache_from_obj(struct
kmem_cache *s, void *x)
return s;
page = virt_to_head_page(x);
+ BUG_ON(!PageSlab(page));
cachep = page->slab_cache;
if (slab_equal_or_root(cachep, s))
return cachep;
--
2.7.4
--
Kees Cook
Pixel Security
