From patchwork Mon Oct 18 22:15:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 12568195 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17356C4332F for ; Mon, 18 Oct 2021 22:15:59 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B9F2C610FB for ; Mon, 18 Oct 2021 22:15:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B9F2C610FB Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 6216C94000D; Mon, 18 Oct 2021 18:15:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5AA4E940007; Mon, 18 Oct 2021 18:15:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 44B8E94000D; Mon, 18 Oct 2021 18:15:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0127.hostedemail.com [216.40.44.127]) by kanga.kvack.org (Postfix) with ESMTP id 33B1E940007 for ; Mon, 18 Oct 2021 18:15:58 -0400 (EDT) Received: from smtpin31.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id E50BD2DEB8 for ; Mon, 18 Oct 2021 22:15:57 +0000 (UTC) X-FDA: 78710966754.31.DA2DA92 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf30.hostedemail.com (Postfix) with ESMTP id A47F7E001983 for ; Mon, 18 Oct 2021 22:15:53 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 601D260F57; Mon, 18 Oct 2021 22:15:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1634595356; bh=roSzT3AvId2L5VA5dSV6E9afZsvcls7kpafRy9EfZCE=; h=Date:From:To:Subject:In-Reply-To:From; b=J7RyugNbnFMhdc9Fcd5I7pwOVtd3wuPihtKx6agEzlK/5ztrhfmffabbmWSNYL6gW MqnWJIaBbQzBsZBGJp0lQnpoUzxRBoTVuqAFLrHFrnifdXqr8NLRsVLoMKj3eQ4VBa HNyeuVHB36kBNg+dJc5XJ8aZJiIpdsurJtJumveo= Date: Mon, 18 Oct 2021 15:15:55 -0700 From: Andrew Morton To: akpm@linux-foundation.org, andreyknvl@gmail.com, bharata@linux.ibm.com, cl@linux.com, faiyazm@codeaurora.org, gregkh@linuxfoundation.org, guro@fb.com, iamjoonsoo.kim@lge.com, keescook@chromium.org, linmiaohe@huawei.com, linux-mm@kvack.org, mm-commits@vger.kernel.org, penberg@kernel.org, rientjes@google.com, ryabinin.a.a@gmail.com, stable@vger.kernel.org, torvalds@linux-foundation.org, vbabka@suse.cz Subject: [patch 11/19] mm, slub: fix mismatch between reconstructed freelist depth and cnt Message-ID: <20211018221555.hXUCjmz1Z%akpm@linux-foundation.org> In-Reply-To: <20211018151438.f2246e2656c041b6753a8bdd@linux-foundation.org> User-Agent: s-nail v14.8.16 Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=J7RyugNb; dmarc=none; spf=pass (imf30.hostedemail.com: domain of akpm@linux-foundation.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: A47F7E001983 X-Stat-Signature: w8isyaihim9zdu11yndj3ei6djigqjnj X-HE-Tag: 1634595353-801003 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Miaohe Lin Subject: mm, slub: fix mismatch between reconstructed freelist depth and cnt If object's reuse is delayed, it will be excluded from the reconstructed freelist. But we forgot to adjust the cnt accordingly. So there will be a mismatch between reconstructed freelist depth and cnt. This will lead to free_debug_processing() complaining about freelist count or a incorrect slub inuse count. Link: https://lkml.kernel.org/r/20210916123920.48704-3-linmiaohe@huawei.com Fixes: c3895391df38 ("kasan, slub: fix handling of kasan_slab_free hook") Signed-off-by: Miaohe Lin Reviewed-by: Vlastimil Babka Cc: Andrey Konovalov Cc: Andrey Ryabinin Cc: Bharata B Rao Cc: Christoph Lameter Cc: David Rientjes Cc: Faiyaz Mohammed Cc: Greg Kroah-Hartman Cc: Joonsoo Kim Cc: Kees Cook Cc: Pekka Enberg Cc: Roman Gushchin Cc: Signed-off-by: Andrew Morton --- mm/slub.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/mm/slub.c~mm-slub-fix-mismatch-between-reconstructed-freelist-depth-and-cnt +++ a/mm/slub.c @@ -1701,7 +1701,8 @@ static __always_inline bool slab_free_ho } static inline bool slab_free_freelist_hook(struct kmem_cache *s, - void **head, void **tail) + void **head, void **tail, + int *cnt) { void *object; @@ -1728,6 +1729,12 @@ static inline bool slab_free_freelist_ho *head = object; if (!*tail) *tail = object; + } else { + /* + * Adjust the reconstructed freelist depth + * accordingly if object's reuse is delayed. + */ + --(*cnt); } } while (object != old_tail); @@ -3480,7 +3487,7 @@ static __always_inline void slab_free(st * With KASAN enabled slab_free_freelist_hook modifies the freelist * to remove objects, whose reuse must be delayed. */ - if (slab_free_freelist_hook(s, &head, &tail)) + if (slab_free_freelist_hook(s, &head, &tail, &cnt)) do_slab_free(s, page, head, tail, cnt, addr); }