mm/mempool: avoid KASAN marking mempool poison checks as use-after-free

commit 7640131032db9118a78af715ac77ba2debeeb17c upstream. When removing an element from the mempool, mark it as unpoisoned in KASAN before verifying its contents for SLUB/SLAB debugging. Otherwise KASAN will flag the reads checking the element use-after-free writes as use-after-free reads. Signed-off-by: Matthew Dawson <matthew@mjdsystems.ca> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrii Bordunov <aborduno@cisco.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Matthew Dawson <matthew@mjdsystems.ca> 2016-03-11 13:08:07 -0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-08-12 19:29:09 -0700
commit: d45aabadbcb967d3b01451732f65da9ff7315450 (patch)
tree: bfe57558a8a8dc2d0089d9dd9d78dea3572ba8cf
parent: 7e86f2d55f66e0026aa70ea268021df6bf294c5b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/mm/mempool.c b/mm/mempool.c
index 004d42b1dfaf..7924f4f58a6d 100644
--- a/mm/mempool.c
+++ b/mm/mempool.c
@@ -135,8 +135,8 @@ static void *remove_element(mempool_t *pool)
 	void *element = pool->elements[--pool->curr_nr];
 
 	BUG_ON(pool->curr_nr < 0);
-	check_element(pool, element);
 	kasan_unpoison_element(pool, element);
+	check_element(pool, element);
 	return element;
 }
author	Matthew Dawson <matthew@mjdsystems.ca>	2016-03-11 13:08:07 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-08-12 19:29:09 -0700
commit	d45aabadbcb967d3b01451732f65da9ff7315450 (patch)
tree	bfe57558a8a8dc2d0089d9dd9d78dea3572ba8cf
parent	7e86f2d55f66e0026aa70ea268021df6bf294c5b (diff)