From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755298AbbIBQKK (ORCPT ); Wed, 2 Sep 2015 12:10:10 -0400 Received: from zeroeth.unpythonic.net ([162.243.242.154]:52999 "EHLO zeroeth.unpythonic.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754604AbbIBQJy (ORCPT ); Wed, 2 Sep 2015 12:09:54 -0400 Date: Wed, 2 Sep 2015 11:09:50 -0500 From: Jeff Epler To: Muni Sekhar Cc: linux-kernel@vger.kernel.org Subject: Re: kfree a pointer "from the middle" causing protection faults Message-ID: <20150902160949.GA82121@unpythonic.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 02, 2015 at 08:32:15PM +0530, Muni Sekhar wrote: > [ Please keep me in CC as I'm not subscribed to the list] > > Hello, > > > I am getting protection faults in different kernel modules if I try to > free a pointer "from the middle" for example, look at the following > code: [..] Most memory allocators require the pointer eventually passed to the freeing function is the same pointer as the one returned from the allocating function. This is true for libc malloc/free, for instance. As far as I know, it is true for the Linux allocators such as kzalloc. The bug lies in whatever part of linux makes the invalid kfree call. I have not found any documentation that kernel kzalloc/kfree allow passing a pointer "from the middle". For instance, These routines are used to dynamically request pointer-aligned chunks of memory, like malloc and free do in userspace https://www.kernel.org/doc/htmldocs/kernel-hacking/routines-kmalloc.html If the faulty code that you allude to is in the Linux source then please say what it is so that developers can fix it. If it's an out of source module or kernel patch then contact the supplier of that code. Jeff