From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6DA6C25B78 for ; Tue, 28 May 2024 07:18:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 364026B0099; Tue, 28 May 2024 03:18:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 30D046B009A; Tue, 28 May 2024 03:18:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1AE8E6B009B; Tue, 28 May 2024 03:18:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id E5D786B0099 for ; Tue, 28 May 2024 03:18:03 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 69024A033A for ; Tue, 28 May 2024 07:18:03 +0000 (UTC) X-FDA: 82166950446.15.DD55BB5 Received: from out-187.mta1.migadu.com (out-187.mta1.migadu.com [95.215.58.187]) by imf03.hostedemail.com (Postfix) with ESMTP id E490120015 for ; Tue, 28 May 2024 07:18:00 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=SEBbDj5i; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf03.hostedemail.com: domain of chengming.zhou@linux.dev designates 95.215.58.187 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1716880681; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=z+MMiU+hJI9q1Zpsvvem9u01PNIF7co9luviAiwm46A=; b=0cQk4u6quWqqGEEqe4ST7ZRaXe03ZW6IpXbrAuH+payLKNdRNtEG0r0Tj89bA7zC+pMaHL vJycItehy54oRFi8gLD2aW3zzWsODGj4GAuEUouIFa2IW/KILcXhHGXmBgmQ1heyY3pvXy xHY+yNwa/kcbShVj2WKGPgTJzymXpNA= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=SEBbDj5i; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf03.hostedemail.com: domain of chengming.zhou@linux.dev designates 95.215.58.187 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1716880681; a=rsa-sha256; cv=none; b=1kQRR9rpbiMcJiPM1H+rb+ekW+MEtvS87d1KyjRx4fX/1H+h0AnfbeTXomGjkzUPGGYn/y GB3AMUEAvTdQb1+B29G6hyFAefg18ctorS96aOhpN8jY6t774TeGQsLnKNPSbDLFJfjz/J 8CU+kv97RrEiC/RKlifqObs7FdlKjY4= X-Envelope-To: vbabka@suse.cz DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1716880679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z+MMiU+hJI9q1Zpsvvem9u01PNIF7co9luviAiwm46A=; b=SEBbDj5iQ0RtgZMw50efLVdPSDVtXyc5k8515RoFoCTfmT/HtmBY+r+CF75WL1HVTTUUbN k6CFFp50+wHvbBXgVcZ0Rz0AcFS6h2MSn0MvT/2hgQ+xH/vXyaMrdUiYEbJst1ffqteTV2 79h2PGaUF+u3WftcItCTi3AyelEIgfs= X-Envelope-To: linux-kernel@vger.kernel.org X-Envelope-To: roman.gushchin@linux.dev X-Envelope-To: 42.hyeyoo@gmail.com X-Envelope-To: iamjoonsoo.kim@lge.com X-Envelope-To: linux-mm@kvack.org X-Envelope-To: rientjes@google.com X-Envelope-To: zhouchengming@bytedance.com X-Envelope-To: penberg@kernel.org X-Envelope-To: akpm@linux-foundation.org X-Envelope-To: feng.tang@intel.com X-Envelope-To: cl@linux.com X-Envelope-To: chengming.zhou@linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Chengming Zhou Date: Tue, 28 May 2024 15:16:47 +0800 Subject: [PATCH 2/3] slab: don't put freepointer outside of object if only orig_size MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20240528-b4-slab-debug-v1-2-8694ef4802df@linux.dev> References: <20240528-b4-slab-debug-v1-0-8694ef4802df@linux.dev> In-Reply-To: <20240528-b4-slab-debug-v1-0-8694ef4802df@linux.dev> To: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Feng Tang Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, zhouchengming@bytedance.com, Chengming Zhou X-Developer-Signature: v=1; a=ed25519-sha256; t=1716880668; l=989; i=chengming.zhou@linux.dev; s=20240508; h=from:subject:message-id; bh=OAs8MxXLtIhTSqTGWgQ7wsTa/TCkscfJBOGmaKB4LwE=; b=p4YWEPoHk/1slgsxuoFe3wjzjGAgCTzN7Ezd+jn3y503ZqujeWT7WGSlSNnfWVTLYAXmJ/UQC ZITkx44lFWFCzoR5YLWtDFwKy3MXxO+FKc79rS/9mFLv5IInX1yK0ZP X-Developer-Key: i=chengming.zhou@linux.dev; a=ed25519; pk=kx40VUetZeR6MuiqrM7kPCcGakk1md0Az5qHwb6gBdU= X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: E490120015 X-Stat-Signature: ub57aet9hmhjnjngmfo87nnf4sbqbd47 X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1716880680-353087 X-HE-Meta: U2FsdGVkX19hK1iUE2ktOHQAc+j2WZtwwW4ILwiMc6FfQvJao1PzvrvsZ2DFeMv6SjiES0Naxf0EdMSDCWtQVaKiAtW+o6co6yTmoNaQohN/gNOQcRYHJ6WuCi1qRkk2EG083soNJZRcgb48wUmfrom8NyoTjgu1NCAu4Hvawz7s24WCcsTB986k/+OxAZtKovR+VlWnb3cstQctGm6FcdfQi86CQoRkVcyWJDGYqooR5xzPhIwyoBm/mIQPmdtQJ0hTMoveesDwyPmFRcwGsOUsg1z/ra/BTFdO0NkEbbQmSLc+T1BbE9HwgB//PIImL1gQPiix9PlayldM9l0z7Swf5bWBViPru1rIeqsHPDD2ZQ1lIMmYub7qS7tUx+9wagQlLWVwa6o0/2DieWX/LSszIbjSDORuF9Xeg1pZrrmITh33sT7jDU7lfay80nedOq0uv3QDdTODVLUGnc10UmpWmATpRBRL9ynvZhwHNan0JJO8vVNWg9G9+OCKZiFN/6mKKuqOuPGwHxfZoD0TKHy/OyV/eODRZqTuX5f1lPzIVpM++DjIZsxaj84MfkktBf3mKSaLBWzkRQzjj4XQbd3BQE5bnnGBFa0PR3YMlVr5ZeESwWkjgwkIzNy1w8G/aHQPpaLkgMELBFDTpA+HM/tAVJbClJB3od07uwZETDT7yK1GhFhmWFCqC00M4zd2gKlpj5lWhca8DT9EHKr5XUvnFuP3zqRlRpaiyKjf2RrYEekJmVZ2k/nuFCtG+0y1/ElMlfNYvvVqv1fSPAfSRo+xnFLNkhvBORvOhEYGqtjBGXq/d/+sxuzxbpcBfGmZU2ZNd0SD4metoAt/YTVlvz1HrqpavmYDiii+sctHA+SKik5nYvZK6XWXDvB1QWi8N2Hv6tTJXTQDEhtPpAer+G+t6Yzlps8MivYahUVO2AfAZt2g9qYV7U8DvA+PSSTNOwYyE9dlNMr1Kn/B886 SizjbNSd AuGOyBPJex61GTswUuykvPCdV+n83pXf8I+diZUSRx4FPjXHhkDU0WDBC9Q5O4WKYqa8j26l9TiKHsfkuFzOFTbQOcwoWQNm4EMWuL8sBpH9SaL+HUCMuVLCHxSao/E5X66rfMsJrmrrA6B0vQRMCgYrlti4Vhi5jshdx7wtQQo5AyTEmwi39WVK9l0pik+Y3z8Jk9kHDy0HVSx7sm7eN/k4E7oYSZXtrBGLrEjF2t2zHU/xDrB2/1vN22V5/vR+fXx09ux0nSePeMc8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The commit 946fa0dbf2d8 ("mm/slub: extend redzone check to extra allocated kmalloc space than requested") will extend right redzone when allocating for orig_size < object_size. So we can't overlay the freepointer in the object space in this case. But the code looks like it forgot to check SLAB_RED_ZONE, since there won't be extended right redzone if only orig_size enabled. Signed-off-by: Chengming Zhou --- mm/slub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index de57512734ac..b92d9a557852 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -5150,7 +5150,7 @@ static int calculate_sizes(struct kmem_cache *s) */ s->inuse = size; - if (slub_debug_orig_size(s) || + if (((flags & SLAB_RED_ZONE) && slub_debug_orig_size(s)) || (flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)) || ((flags & SLAB_RED_ZONE) && s->object_size < sizeof(void *)) || s->ctor) { -- 2.45.1