On Wed, Aug 17, 2016 at 2:52 PM, Linus Torvalds <[email protected]> wrote: > On Wed, Aug 17, 2016 at 2:45 PM, Kees Cook <[email protected]> wrote: >> >> But PageSlab(page) should trip, returning __check_heap_object, which >> for SLOB should just return NULL, skipping all the rest of the >> checks... > > SLOB doesn't actually set that for all allocations. > > See "slob_alloc_node()", for example. It just returns a multi-order > allocation. > > (See also kfree(), which uses PageSlab() to determine it it should do > slob_free() or just free the pages directly).
Oooh, eww. Okay, that explains it. Alright, dropping all the multi-page logic now... -Kees -- Kees Cook Nexus Security
