From: Vlastimil Babka <vbabka@suse.cz>
To: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: Harry Yoo <harry.yoo@oracle.com>,
Christoph Lameter <cl@gentwo.org>,
David Rientjes <rientjes@google.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Vlastimil Babka <vbabka@suse.cz>
Subject: [PATCH 6/6] slab: don't validate slab pointer in free_debug_processing()
Date: Thu, 11 Sep 2025 19:02:39 +0200 [thread overview]
Message-ID: <20250911-slub-slab-validation-v1-6-8b67eb3b3dc5@suse.cz> (raw)
In-Reply-To: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz>
The struct slab pointer has been obtained one from the object being
freed on all the paths that lead to this function. In all cases this
already includes the test for slab type of the struct page which struct
slab is overlaying. Thus we would not reach this function if it was
not a valid slab pointer in the first place.
One less obvious case is that kmem_cache_free() trusts virt_to_slab()
blindly so it may be NULL if the slab type check is false. But with
SLAB_CONSISTENCY_CHECKS, cache_from_obj() called also from
kmem_cache_free() catches this and returns NULL, which terminates
freeing immediately.
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
---
mm/slub.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index 93df6e82af37c798c3fa5574c9d825f0f4a83013..106dbce64acdf32c1d271ec130c35c0ec0e15630 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3487,11 +3487,6 @@ static inline bool free_debug_processing(struct kmem_cache *s,
int cnt = 0;
if (s->flags & SLAB_CONSISTENCY_CHECKS) {
- if (!validate_slab_ptr(slab)) {
- slab_err(s, slab, "Not a valid slab page");
- goto out;
- }
-
if (!check_slab(s, slab))
goto out;
}
--
2.51.0
next prev parent reply other threads:[~2025-09-11 17:02 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-11 17:02 [PATCH 0/6] slab: struct slab pointer validation improvements Vlastimil Babka
2025-09-11 17:02 ` [PATCH 1/6] slab: Remove dead code in free_consistency_checks() Vlastimil Babka
2025-09-11 17:02 ` [PATCH 2/6] slab: wrap debug slab validation in validate_slab_ptr() Vlastimil Babka
2025-09-12 10:20 ` Harry Yoo
2025-09-11 17:02 ` [PATCH 3/6] slab: move validate_slab_ptr() from check_slab() to its callers Vlastimil Babka
2025-09-12 10:24 ` Harry Yoo
2025-09-11 17:02 ` [PATCH 4/6] slab: move validate_slab_ptr() from alloc_consistency_checks() to its caller Vlastimil Babka
2025-09-12 10:41 ` Harry Yoo
2025-09-11 17:02 ` [PATCH 5/6] slab: validate slab before using it in alloc_single_from_partial() Vlastimil Babka
2025-09-12 10:48 ` Harry Yoo
2025-09-12 11:34 ` Vlastimil Babka
2025-09-11 17:02 ` Vlastimil Babka [this message]
2025-09-12 10:52 ` [PATCH 6/6] slab: don't validate slab pointer in free_debug_processing() Harry Yoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250911-slub-slab-validation-v1-6-8b67eb3b3dc5@suse.cz \
--to=vbabka@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=cl@gentwo.org \
--cc=harry.yoo@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox