io_uring: use mempool KASAN hook
Use the proper kasan_mempool_unpoison_object hook for unpoisoning cached objects. A future change might also update io_uring to check the return value of kasan_mempool_poison_object to prevent double-free and invalid-free bugs. This proves to be non-trivial with the current way io_uring caches objects, so this is left out-of-scope of this series. Link: https://lkml.kernel.org/r/eca18d6cbf676ed784f1a1f209c386808a8087c5.1703024586.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Cc: Alexander Lobakin <alobakin@pm.me> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Breno Leitao <leitao@debian.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgenii Stepanov <eugenis@google.com> Cc: Marco Elver <elver@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
This commit is contained in:
parent
74e831af16
commit
8ab3b09755
|
@ -33,7 +33,7 @@ static inline struct io_cache_entry *io_alloc_cache_get(struct io_alloc_cache *c
|
|||
struct io_cache_entry *entry;
|
||||
|
||||
entry = container_of(cache->list.next, struct io_cache_entry, node);
|
||||
kasan_unpoison_range(entry, cache->elem_size);
|
||||
kasan_mempool_unpoison_object(entry, cache->elem_size);
|
||||
cache->list.next = cache->list.next->next;
|
||||
cache->nr_cached--;
|
||||
return entry;
|
||||
|
|
Loading…
Reference in New Issue