From: Matt Mackall Date: Tue, 7 Oct 2008 16:37:35 +0000 (-0500) Subject: SLOB: fix bogus ksize calculation X-Git-Tag: firefly_0821_release~17852 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=85ba94ba0592296053f7f2846812173424afe1cb;p=firefly-linux-kernel-4.4.55.git SLOB: fix bogus ksize calculation SLOB's ksize calculation was braindamaged and generally harmlessly underreported the allocation size. But for very small buffers, it could in fact overreport them, leading code depending on krealloc to overrun the allocation and trample other data. Signed-off-by: Matt Mackall Tested-by: Peter Zijlstra Signed-off-by: Linus Torvalds --- diff --git a/mm/slob.c b/mm/slob.c index 4c82dd41f32e..62b679dc660f 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -515,7 +515,7 @@ size_t ksize(const void *block) sp = (struct slob_page *)virt_to_page(block); if (slob_page(sp)) - return ((slob_t *)block - 1)->units + SLOB_UNIT; + return (((slob_t *)block - 1)->units - 1) * SLOB_UNIT; else return sp->page.private; }