mm/kasan: fix false positive invalid-free reports with CONFIG_KASAN_SW_TAGS=y

[sfrench/cifs-2.6.git] / mm / kasan / common.c

diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 2277b82902d83a75fabfb9c2c2269315a6022b71..95d16a42db6bc731e11c9e86bb639bb277cc345d 100644 (file)
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -407,8 +407,14 @@ static inline bool shadow_invalid(u8 tag, s8 shadow_byte)
        if (IS_ENABLED(CONFIG_KASAN_GENERIC))
                return shadow_byte < 0 ||
                        shadow_byte >= KASAN_SHADOW_SCALE_SIZE;
-       else
-               return tag != (u8)shadow_byte;
+
+       /* else CONFIG_KASAN_SW_TAGS: */
+       if ((u8)shadow_byte == KASAN_TAG_INVALID)
+               return true;
+       if ((tag != KASAN_TAG_KERNEL) && (tag != (u8)shadow_byte))
+               return true;
+
+       return false;
 }
 
 static bool __kasan_slab_free(struct kmem_cache *cache, void *object,