This updates the comments to better reflect the order and purpose of the checks.
Signed-off-by: Kees Cook <[email protected]> --- mm/usercopy.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/mm/usercopy.c b/mm/usercopy.c index e9e9325f7638..726e570c9b9e 100644 --- a/mm/usercopy.c +++ b/mm/usercopy.c @@ -243,7 +243,8 @@ static inline void check_heap_object(const void *ptr, unsigned long n, /* * Validates that the given object is: * - not bogus address - * - known-safe heap or stack object + * - fully contained by stack (or stack frame, when available) + * - fully within SLAB object (or object whitelist area, when available) * - not in kernel text */ void __check_object_size(const void *ptr, unsigned long n, bool to_user) -- Kees Cook
