--- linux-2.4.21-pre5/mm/slab.c.orig Tue Mar 4 22:47:21 2003
+++ linux-2.4.21-pre5/mm/slab.c Tue Mar 4 22:45:51 2003
@@ -297,8 +297,9 @@
#define RED_MAGIC2 0x170FC2A5UL /* when obj is inactive */
/* ...and for poisoning */
-#define POISON_BYTE 0x5a /* byte value for poisoning */
-#define POISON_END 0xa5 /* end-byte of poisoning */
+#define POISON_BEFORE 0x5a /* for use-uninitialised poisoning */
+#define POISON_AFTER 0x6b /* for use-after-free poisoning */
+#define POISON_END 0xa5 /* end-byte of poisoning */
#endif
@@ -522,14 +523,15 @@
}
#if DEBUG
-static inline void kmem_poison_obj (kmem_cache_t *cachep, void *addr)
+static inline void kmem_poison_obj (kmem_cache_t *cachep, void *addr,
+ unsigned char val)
{
int size = cachep->objsize;
if (cachep->flags & SLAB_RED_ZONE) {
addr += BYTES_PER_WORD;
size -= 2*BYTES_PER_WORD;
}
- memset(addr, POISON_BYTE, size);
+ memset(addr, val, size);
*(unsigned char *)(addr+size-1) = POISON_END;
}
@@ -1083,7 +1085,7 @@
objp -= BYTES_PER_WORD;
if (cachep->flags & SLAB_POISON)
/* need to poison the objs */
- kmem_poison_obj(cachep, objp);
+ kmem_poison_obj(cachep, objp, POISON_BEFORE);
if (cachep->flags & SLAB_RED_ZONE) {
if (*((unsigned long*)(objp)) != RED_MAGIC1)
BUG();
@@ -1443,7 +1445,7 @@
BUG();
}
if (cachep->flags & SLAB_POISON)
- kmem_poison_obj(cachep, objp);
+ kmem_poison_obj(cachep, objp, POISON_AFTER);
if (kmem_extra_free_checks(cachep, slabp, objp))
return;
#endif
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/