diff --git a/sanitize-memory.patch b/sanitize-memory.patch index c9e0fa9..3e42580 100644 --- a/sanitize-memory.patch +++ b/sanitize-memory.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 0b3de80..2125a49 100644 +index 0b3de80..2167ea0 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2818,6 +2818,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. @@ -222,25 +222,33 @@ index 5ec1580..385cdbc 100644 /* This slob page is about to become partially free. Easy! */ sp->units = units; diff --git a/mm/slub.c b/mm/slub.c -index 4dbb109e..aba52e1 100644 +index 4dbb109e..da2dc67 100644 --- a/mm/slub.c +++ b/mm/slub.c -@@ -2778,6 +2778,14 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page, +@@ -2778,6 +2778,22 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page, slab_free_freelist_hook(s, head, tail); +#ifdef CONFIG_PAX_MEMORY_SANITIZE + if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) { -+ memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size); -+ if (s->ctor) -+ s->ctor(x); ++ int offset = s->offset ? 0 : sizeof(void *); ++ void *x = head; ++ ++ while (1) { ++ memset(x + offset, PAX_MEMORY_SANITIZE_VALUE, s->object_size - offset); ++ if (s->ctor) ++ s->ctor(x); ++ if (x == tail_obj) ++ break; ++ x = get_freepointer(s, x); ++ } + } +#endif + redo: /* * Determine the currently cpus per cpu slab. -@@ -3291,6 +3299,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) +@@ -3291,6 +3307,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) s->inuse = size; if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) || @@ -272,7 +280,7 @@ index 59bf4d7..69f08cd 100644 } diff --git a/security/Kconfig b/security/Kconfig -index e452378..0847880 100644 +index e452378..a7ca1d9 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -6,6 +6,37 @@ menu "Security options"