kasan: fix null pointer dereference in kasan_record_aux_stack

[linux-2.6-microblaze.git] / mm / kasan / generic.c

diff --git a/mm/kasan/generic.c b/mm/kasan/generic.c
index 4c233b3..5106b84 100644 (file)
--- a/mm/kasan/generic.c
+++ b/mm/kasan/generic.c
@@ -337,6 +337,8 @@ void kasan_record_aux_stack(void *addr)
        cache = page->slab_cache;
        object = nearest_obj(cache, page, addr);
        alloc_meta = kasan_get_alloc_meta(cache, object);
+       if (!alloc_meta)
+               return;
 
        alloc_meta->aux_stack[1] = alloc_meta->aux_stack[0];
        alloc_meta->aux_stack[0] = kasan_save_stack(GFP_NOWAIT);
@@ -348,11 +350,11 @@ void kasan_set_free_info(struct kmem_cache *cache,
        struct kasan_free_meta *free_meta;
 
        free_meta = kasan_get_free_meta(cache, object);
-       kasan_set_track(&free_meta->free_track, GFP_NOWAIT);
+       if (!free_meta)
+               return;
 
-       /*
-        *  the object was freed and has free track set
-        */
+       kasan_set_track(&free_meta->free_track, GFP_NOWAIT);
+       /* The object was freed and has free track set. */
        *(u8 *)kasan_mem_to_shadow(object) = KASAN_KMALLOC_FREETRACK;
 }
 
@@ -361,5 +363,6 @@ struct kasan_track *kasan_get_free_track(struct kmem_cache *cache,
 {
        if (*(u8 *)kasan_mem_to_shadow(object) != KASAN_KMALLOC_FREETRACK)
                return NULL;
+       /* Free meta must be present with KASAN_KMALLOC_FREETRACK. */
        return &kasan_get_free_meta(cache, object)->free_track;
 }