From patchwork Fri Jun 7 08:40:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chengming Zhou X-Patchwork-Id: 13689484 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31849C27C53 for ; Fri, 7 Jun 2024 08:40:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B66B46B00AE; Fri, 7 Jun 2024 04:40:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B16826B00AF; Fri, 7 Jun 2024 04:40:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9B7586B00B1; Fri, 7 Jun 2024 04:40:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 7D9176B00AE for ; Fri, 7 Jun 2024 04:40:56 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 36D3BA2CA8 for ; Fri, 7 Jun 2024 08:40:56 +0000 (UTC) X-FDA: 82203447312.30.8C3B131 Received: from out-177.mta0.migadu.com (out-177.mta0.migadu.com [91.218.175.177]) by imf27.hostedemail.com (Postfix) with ESMTP id CD4FB40016 for ; Fri, 7 Jun 2024 08:40:53 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=GTo9ZKZ0; spf=pass (imf27.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.177 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717749654; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Co4mRSLXEk4/0neADLChuXkANUmkwfIKXrx3b3r5sIM=; b=Rh7sWSzNKYmW4wIN1U8tReOadeGW5vnzjET9ZmGX7qXFFZoVrqxxeVLTKWsQ88hAF9AwZA o0le3u/ikQOnjnDsfgUKRuM482voxPs0xL7GkAUqqlqPAx4KMq+RsoVvh8pb1r1+jirEhz r6Fy2zOnmoOV8ZuhX1kmD4yApQ6JB+s= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1717749654; a=rsa-sha256; cv=none; b=wXIpCrc5X4auuxftXxKPuIikxDf7Dqyv6ptw3hjZXPARwHmqMBeno5y3J6KF4hKy4YFD/X JBo30APZB0PeUUUEZjvuQUFjdr0z1+XHmSmJJPt/ozN+RiQXQAsg/Hx5jweJh2X0mkxaXi OIjcQVSgBt49P+GOLy4PdiQCtVYr4fU= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=GTo9ZKZ0; spf=pass (imf27.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.177 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev X-Envelope-To: akpm@linux-foundation.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1717749652; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Co4mRSLXEk4/0neADLChuXkANUmkwfIKXrx3b3r5sIM=; b=GTo9ZKZ0MUU5l0W21DXR9nh5FY/hFlzuv0JZ0Cf62BpcKJ4253EFjtFkJoqeO0z0kAg6/4 3NfxFcj6/UzN2GcLdP7LGjocwmvmAnG+M3XYUthkWTaQFM3smEXquqUD+B2QRjnA2GWYKk eRxtY4oCemD/tBZDlf621DBgIo/4wYY= X-Envelope-To: cl@linux.com X-Envelope-To: linux-kernel@vger.kernel.org X-Envelope-To: penberg@kernel.org X-Envelope-To: vbabka@suse.cz X-Envelope-To: roman.gushchin@linux.dev X-Envelope-To: iamjoonsoo.kim@lge.com X-Envelope-To: 42.hyeyoo@gmail.com X-Envelope-To: rientjes@google.com X-Envelope-To: linux-mm@kvack.org X-Envelope-To: zhouchengming@bytedance.com X-Envelope-To: feng.tang@intel.com X-Envelope-To: chengming.zhou@linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Chengming Zhou Date: Fri, 07 Jun 2024 16:40:12 +0800 Subject: [PATCH v3 1/3] slab: make check_object() more consistent MIME-Version: 1.0 Message-Id: <20240607-b4-slab-debug-v3-1-bb2a326c4ceb@linux.dev> References: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> In-Reply-To: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> To: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Feng Tang Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, zhouchengming@bytedance.com, Chengming Zhou X-Developer-Signature: v=1; a=ed25519-sha256; t=1717749639; l=5212; i=chengming.zhou@linux.dev; s=20240508; h=from:subject:message-id; bh=jNo30y7XyYnMpzRv5EeQvmszAtqnlzceibCy6q+bczY=; b=8qobh7yV/EnGOH6lDYM9lDREVDzGWVOsOySTHnQsWoLnsOeHzxJrjXV2T3JsZ2PAXn4oGYipV AYtq3WlnERSB1Bo10ITWmgVmU5ScGQ4Pe9KFgy6nOFFCRbNmnLBn9Yl X-Developer-Key: i=chengming.zhou@linux.dev; a=ed25519; pk=kx40VUetZeR6MuiqrM7kPCcGakk1md0Az5qHwb6gBdU= X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Stat-Signature: o4hjmijbyy9makc1h9cu17q9dwkes6ts X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: CD4FB40016 X-HE-Tag: 1717749653-511473 X-HE-Meta: U2FsdGVkX1/VeUtjx7C0ld5TMimMX0kFYa/2oYXFXJVtdmUNQl7+qAumkONMd4bdkTjQjWYkUy8elIQHzENrnn+rnccUZTPmVPjnVV5+QQW4OO8bneOcxx5TTBwRYZeC8iR8xWcAlHT3mSFuPCH2K9mgQrGSayvW031SVhCxey3XFoQPPZKUgoozgH5qtpYRBbS3A7PXnZJ9ci1ncXgD4CLNuUquIyk014Y7G1TQ9AsYbget5P0zyCERpgIcea1trKBjaigXR6OsszUh1qnxQ4mUCKYsr0n1YUwzJgFW7ISUqpNGw19PNfN9y3RUPXzRi1m8x9OaX/fUHqcdiFjqk9kdyMCk+ZOL1we0fViqV7AVgHwse2y8ghtlDYA7CKCsVRKN3wXWOZy+4IpJj3+Vp2XZgklmnx4eKwxh1QpwuLJK6qWQ7M8dYjXl7x5T1I1dTNesXWITe1xc+7NagO3IlPaTM19TB2z5LGJk2W6bYZTSp2KtDTHxTFRoRPHbYOSpagAMEVzKC1qjRvuKjo/Qli1gdBta++QF9xZyngkPRbZyKDYesq+AGF9flrF1Z2c4OnOJPiW9qistPbbLpOsuN+Lx6g4cnCdZbsnMyX5lcxQk3cdDjVUtr4IuTTTgHhALk4uuwKi2Pnylg/3oADtYyYMxeWqDDKJd0sM1wi5VOB1ZkfUxwlaUISm86Q6+rjvAL6e7HJinLC7RVK00J892lAJXRvYIVbBvE4uBaYIvVDOVWHAjnyKpa+tV2kxsE2kX5/y7SWquibTaZrWYTasP2vcqVVCye5ij/wXEEuTTCY7Be4nulQYAUV3JbqGPwzW40Pdk6SBiIUyS3Cl08UQgRrD9KwtAmwWAsfpwbUiq8NQ9R4uujZolCtYrEoBgXdK5+cQYTC51DULhFDL5in84eAMhAJgnnOUu+UxsQ1llqWH6FoPocMHXx7iUE72TNYLNg8HcTFmLj5/w/aNVKUh wFrEWNBc uW95oNSu6qYBa2qSq+Nbltubml27eTrHsXungqd7sSqvDlh0A9qR55ud/qDW9D95TgMh2V+cRzeGPqg8H3yxNNANG05d3wjXqe9vqLgvB80j+xWqwrjmMKhUgaT5z8f9HV3jn2yU9V84aTFoYhK6jD/nrNqTeRGGow5VreV0IUcz1qqOA4lnJMDqxT3W963KMbmUB+Q5z7OwCOBI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Now check_object() calls check_bytes_and_report() multiple times to check every section of the object it cares about, like left and right redzones, object poison, paddings poison and freepointer. It will abort the checking process and return 0 once it finds an error. There are two inconsistencies in check_object(), which are alignment padding checking and object padding checking. We only print the error messages but don't return 0 to tell callers that something is wrong and needs to be handled. Please see alloc_debug_processing() and free_debug_processing() for details. We want to do all checks without skipping, so use a local variable "ret" to save each check result and change check_bytes_and_report() to only report specific error findings. Then at end of check_object(), print the trailer once if any found an error. Suggested-by: Vlastimil Babka Signed-off-by: Chengming Zhou Reviewed-by: Vlastimil Babka --- mm/slub.c | 62 +++++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 0809760cf789..45f89d4bb687 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -788,8 +788,24 @@ static bool slab_add_kunit_errors(void) kunit_put_resource(resource); return true; } + +static bool slab_in_kunit_test(void) +{ + struct kunit_resource *resource; + + if (!kunit_get_current_test()) + return false; + + resource = kunit_find_named_resource(current->kunit_test, "slab_errors"); + if (!resource) + return false; + + kunit_put_resource(resource); + return true; +} #else static inline bool slab_add_kunit_errors(void) { return false; } +static inline bool slab_in_kunit_test(void) { return false; } #endif static inline unsigned int size_from_object(struct kmem_cache *s) @@ -1192,8 +1208,6 @@ static int check_bytes_and_report(struct kmem_cache *s, struct slab *slab, pr_err("0x%p-0x%p @offset=%tu. First byte 0x%x instead of 0x%x\n", fault, end - 1, fault - addr, fault[0], value); - print_trailer(s, slab, object); - add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); skip_bug_print: restore_bytes(s, what, value, fault, end); @@ -1302,15 +1316,16 @@ static int check_object(struct kmem_cache *s, struct slab *slab, u8 *p = object; u8 *endobject = object + s->object_size; unsigned int orig_size, kasan_meta_size; + int ret = 1; if (s->flags & SLAB_RED_ZONE) { if (!check_bytes_and_report(s, slab, object, "Left Redzone", object - s->red_left_pad, val, s->red_left_pad)) - return 0; + ret = 0; if (!check_bytes_and_report(s, slab, object, "Right Redzone", endobject, val, s->inuse - s->object_size)) - return 0; + ret = 0; if (slub_debug_orig_size(s) && val == SLUB_RED_ACTIVE) { orig_size = get_orig_size(s, object); @@ -1319,14 +1334,15 @@ static int check_object(struct kmem_cache *s, struct slab *slab, !check_bytes_and_report(s, slab, object, "kmalloc Redzone", p + orig_size, val, s->object_size - orig_size)) { - return 0; + ret = 0; } } } else { if ((s->flags & SLAB_POISON) && s->object_size < s->inuse) { - check_bytes_and_report(s, slab, p, "Alignment padding", + if (!check_bytes_and_report(s, slab, p, "Alignment padding", endobject, POISON_INUSE, - s->inuse - s->object_size); + s->inuse - s->object_size)) + ret = 0; } } @@ -1342,27 +1358,25 @@ static int check_object(struct kmem_cache *s, struct slab *slab, !check_bytes_and_report(s, slab, p, "Poison", p + kasan_meta_size, POISON_FREE, s->object_size - kasan_meta_size - 1)) - return 0; + ret = 0; if (kasan_meta_size < s->object_size && !check_bytes_and_report(s, slab, p, "End Poison", p + s->object_size - 1, POISON_END, 1)) - return 0; + ret = 0; } /* * check_pad_bytes cleans up on its own. */ - check_pad_bytes(s, slab, p); + if (!check_pad_bytes(s, slab, p)) + ret = 0; } - if (!freeptr_outside_object(s) && val == SLUB_RED_ACTIVE) - /* - * Object and freepointer overlap. Cannot check - * freepointer while object is allocated. - */ - return 1; - - /* Check free pointer validity */ - if (!check_valid_pointer(s, slab, get_freepointer(s, p))) { + /* + * Cannot check freepointer while object is allocated if + * object and freepointer overlap. + */ + if ((freeptr_outside_object(s) || val != SLUB_RED_ACTIVE) && + !check_valid_pointer(s, slab, get_freepointer(s, p))) { object_err(s, slab, p, "Freepointer corrupt"); /* * No choice but to zap it and thus lose the remainder @@ -1370,9 +1384,15 @@ static int check_object(struct kmem_cache *s, struct slab *slab, * another error because the object count is now wrong. */ set_freepointer(s, p, NULL); - return 0; + ret = 0; } - return 1; + + if (!ret && !slab_in_kunit_test()) { + print_trailer(s, slab, object); + add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); + } + + return ret; } static int check_slab(struct kmem_cache *s, struct slab *slab) From patchwork Fri Jun 7 08:40:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chengming Zhou X-Patchwork-Id: 13689485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADAB9C27C53 for ; Fri, 7 Jun 2024 08:41:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1C85A6B0082; Fri, 7 Jun 2024 04:41:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 179C46B0085; Fri, 7 Jun 2024 04:41:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 01B3D6B00B3; Fri, 7 Jun 2024 04:41:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D74816B00B1 for ; Fri, 7 Jun 2024 04:41:00 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 653821411D8 for ; Fri, 7 Jun 2024 08:41:00 +0000 (UTC) X-FDA: 82203447480.06.4258A24 Received: from out-174.mta0.migadu.com (out-174.mta0.migadu.com [91.218.175.174]) by imf01.hostedemail.com (Postfix) with ESMTP id E88CF40017 for ; Fri, 7 Jun 2024 08:40:57 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=e9yKJrsJ; spf=pass (imf01.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.174 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717749658; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zl8yWyiipM81e8Qi1LyYy64GATjSdpFn6JGZvmprGhI=; b=iGFcr1DGWGDeq9ZOYQKk245c1dMEeZgItSaU1UGgqws1jPapu3Bo33f52JphimNhO5yN/X evep1n8/xOnGVw4mlc6uyXxrWhffJyudKd+IZz1eOdSbDtbFacJSGSFAbdAfgDUrJBt1hu hoOBQYR/G1LhflOP8JAgbLFaHIs+Pr0= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=e9yKJrsJ; spf=pass (imf01.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.174 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1717749658; a=rsa-sha256; cv=none; b=dUOYrnn6K791DF/S51zyW4LLlN5pYdAZJ751GcvSSKYuEeZJlSZP6nJZMJ8rfyfH7DsA+C Y0mkTHSeANUs6wjysWtmp3sWHGA6vZ8v28aenAqjXIxxDSQ2CXa9/wi7jk2em7tWoLHTMA IidG+g75EXmUb3vC+wZPtf0Umya9djA= X-Envelope-To: akpm@linux-foundation.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1717749656; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zl8yWyiipM81e8Qi1LyYy64GATjSdpFn6JGZvmprGhI=; b=e9yKJrsJCyHtaE6gVXuVQZ6ME1Lqhp0vXYf9L7qHjqQAGh3lA2m35CXSJdRDlg51u2z+fz DZKQxelkJdemyDRYlVnekXq5f1oKkkhvCyqyoU8/3lhbDj6e3gmI9F7aSeBwYif1fA1uMC VB8TpBNhvx+5rjqXmLu5oO2tH5/6fBM= X-Envelope-To: cl@linux.com X-Envelope-To: linux-kernel@vger.kernel.org X-Envelope-To: penberg@kernel.org X-Envelope-To: vbabka@suse.cz X-Envelope-To: roman.gushchin@linux.dev X-Envelope-To: iamjoonsoo.kim@lge.com X-Envelope-To: 42.hyeyoo@gmail.com X-Envelope-To: rientjes@google.com X-Envelope-To: linux-mm@kvack.org X-Envelope-To: zhouchengming@bytedance.com X-Envelope-To: feng.tang@intel.com X-Envelope-To: chengming.zhou@linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Chengming Zhou Date: Fri, 07 Jun 2024 16:40:13 +0800 Subject: [PATCH v3 2/3] slab: don't put freepointer outside of object if only orig_size MIME-Version: 1.0 Message-Id: <20240607-b4-slab-debug-v3-2-bb2a326c4ceb@linux.dev> References: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> In-Reply-To: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> To: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Feng Tang Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, zhouchengming@bytedance.com, Chengming Zhou X-Developer-Signature: v=1; a=ed25519-sha256; t=1717749639; l=2058; i=chengming.zhou@linux.dev; s=20240508; h=from:subject:message-id; bh=bn0rvFBpWAZhns05Xqu0KeFYe1or4fDM7A08yx3Psto=; b=EuZ0xsakv2Ol3sPIh0H8VsgQnTrIw6dnox/41Kp96uAXgh1BW2zow6fYw1U6Rfy0z1KMEzF+T lLAWR3T1+rZBIqhuQg+F2qjIYANliGwimvM7/uSh7c6p94F5n11MfVY X-Developer-Key: i=chengming.zhou@linux.dev; a=ed25519; pk=kx40VUetZeR6MuiqrM7kPCcGakk1md0Az5qHwb6gBdU= X-Migadu-Flow: FLOW_OUT X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: E88CF40017 X-Stat-Signature: 1xb8s9b49p3t6q9w44bfx1xygshfjk74 X-HE-Tag: 1717749657-499617 X-HE-Meta: U2FsdGVkX1/s0YBL0TY5p45uUltamRiIssvhQFdR4maNVkxUOwqkjsjKZGmGJIUgeNwo1CokoZQKQLGvdkV1p4mWnIi2BUqbE3TDvssOPoHf5JsaGJF7GtcqJM0nt37dSK9gQ+SqbvJwvLtOceAm1SR3RHJoVwGQOoBbJiBcOQcwNY4lKJAzjq2yOXpfVRS7NempTyYVsr4bpGXfRxIrTT8ATK2gY9FN5XVW1pUaw/1xJaT/jBdN1xpbzwDekxVPfK3xdByoOhD/lXdI7/yJD+MLbvsdYUsdbLbHU/YNIFg0cwRV96yhhOCC2HQ2HP4UGOEHd46I0A2ENy77JznZK7s0UO8p1H7ivrcIMBaducXGEQEQpCRDsoeuDwH/9UxTan8WDf8N0zGkOHVtodvW2oUYEOMKHOReZLKHFYl5ShynknWJdTYT6Kpqfk31m4V0S+hejHe4fXZql1KQI+P6bQte/TlG9fmptPKzv9tTSojQoT1/P0O96x6Txs1g0qM4yP+E5XAQ0xEUTrzD6kp8x0VtYcW27XYk5eIARNC0l2AeUni9exqef2ROz2my01aPC3m5a/eMPnsjrpHn7BhtjdcaDhL3Whbjpzno/YgGKf+w0PS1wKLRe560cGb7AP5+mv81wNZurgSpHxSGz0zf984MS4EXiU5kXBipbGpAhnn4rMtEpKbgYSHUddv8C1iAzB4KMAgkcAF+c8v+LUYRW52kd8nhlppU5M4Pb6jRM1jU/fOu6EV2Oj4s6XiutRbNDzq2Qp01uKaCH5zfnInD4kJw+15ec/I1ncBm3aSgQN5GcTDcnRowKTpVECBblUdzyP37qNQMiTtcRWdFWi7WNwq8mG2mxJQnsxIb4OKXT985Lvu6MlbbD1h+GVFo3ndAl8tC826dnZKKEpyI881dSyYJdnH/BCDJH0goun+EqKxMHLpzR3R/WGxY0lIurMa7NYD8HzKpNk7hhBsHue7 yx77yCCg cgEJp4vk0LqCAPqslq43eZWuQRXN2WbSyQL7f2pZiKybQjQH9pDkru2r52RW4IILACU+h9EAkvVxCqjs5iVwb6f7CdaEPss5ORyR0+4goiZVa/Sd/rFgKwbv2r8DDBs5NxPW0kAeChceBKudlmCWmVRGkJQdA2pGfpzr9eyxqFrL1KUhzuZXxa6aRLh433Zh48smttyA8MO7zo0xiT8d3H61yXh3wTpHAijI+Kxe6w4UkIMrxBICQ1FdCxoY6ODrS/qvoGspDMkP2gcc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The commit 946fa0dbf2d8 ("mm/slub: extend redzone check to extra allocated kmalloc space than requested") will extend right redzone when allocating for orig_size < object_size. So we can't overlay the freepointer in the object space in this case. But the code looks like it forgot to check SLAB_RED_ZONE, since there won't be extended right redzone if only orig_size enabled. As we are here, make this complex conditional expressions a little prettier and add some comments about extending right redzone when slub_debug_orig_size() enabled. Reviewed-by: Feng Tang Reviewed-by: Vlastimil Babka Signed-off-by: Chengming Zhou --- mm/slub.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 45f89d4bb687..1551a0345650 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -5169,10 +5169,9 @@ static int calculate_sizes(struct kmem_cache *s) */ s->inuse = size; - if (slub_debug_orig_size(s) || - (flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)) || - ((flags & SLAB_RED_ZONE) && s->object_size < sizeof(void *)) || - s->ctor) { + if ((flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)) || s->ctor || + ((flags & SLAB_RED_ZONE) && + (s->object_size < sizeof(void *) || slub_debug_orig_size(s)))) { /* * Relocate free pointer after the object if it is not * permitted to overwrite the first word of the object on @@ -5180,7 +5179,9 @@ static int calculate_sizes(struct kmem_cache *s) * * This is the case if we do RCU, have a constructor or * destructor, are poisoning the objects, or are - * redzoning an object smaller than sizeof(void *). + * redzoning an object smaller than sizeof(void *) or are + * redzoning an object with slub_debug_orig_size() enabled, + * in which case the right redzone may be extended. * * The assumption that s->offset >= s->inuse means free * pointer is outside of the object is used in the From patchwork Fri Jun 7 08:40:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chengming Zhou X-Patchwork-Id: 13689486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC73CC27C53 for ; Fri, 7 Jun 2024 08:41:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 488C46B00B3; Fri, 7 Jun 2024 04:41:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 414646B00B4; Fri, 7 Jun 2024 04:41:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B28D6B00B5; Fri, 7 Jun 2024 04:41:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 0672F6B00B3 for ; Fri, 7 Jun 2024 04:41:04 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 7C6C7C1808 for ; Fri, 7 Jun 2024 08:41:04 +0000 (UTC) X-FDA: 82203447648.03.5AD9080 Received: from out-175.mta0.migadu.com (out-175.mta0.migadu.com [91.218.175.175]) by imf01.hostedemail.com (Postfix) with ESMTP id 082004001D for ; Fri, 7 Jun 2024 08:41:01 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=FRcixKR6; spf=pass (imf01.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.175 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717749662; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ry4pUT0wLp2rsQ9gaswXTMi4aahc6CD0b0+IGJL1qoc=; b=8U/0EpDHwECQIkZ9IC+A+uUqsgURJCXATa1bkjJ4vvf4nGhqDM1Em2ZkUkh/+Xe6R6vB/p vw7sY4iQa8RfwlGA6mVRJxy9E6nTfFC11OqUMi1+gg0UmPNo79tcDXpoUeG/rNG4vYDHsw ABinu/77SQm4SPwDkbfM5NpNXH8vr+g= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=FRcixKR6; spf=pass (imf01.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.175 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1717749662; a=rsa-sha256; cv=none; b=Ppil7G8Ios6CLo0DgIO4EPA0w0B1HtwFAHHy0edU6hnZcbhncts9dkCXrfh2qm5Tq3fE8C dG3FcToJknaW4tBNGIXBMzZuRzUOgGVBkoHZgxhFWaTAqWswo4BsJ1pZkoDL3hARxIRzZa bT6jLFqQ/TUrV/8EYIEGLP53SNuc0Us= X-Envelope-To: akpm@linux-foundation.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1717749660; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ry4pUT0wLp2rsQ9gaswXTMi4aahc6CD0b0+IGJL1qoc=; b=FRcixKR6sKrZnRAihVBRcSYK+FzLr1DTKGdjp7gt7YjG5xNLhkZKrAE/H76ecCGUaGvyEl +Q/8BaJeIRX2/qAySlikCNZYqDOygv5xawpTX5p4zGCiiOujXilQsF0sT6oyL3SNYihAuY OqAYNTMpowc1/RKf+uZ2zKUROli77is= X-Envelope-To: cl@linux.com X-Envelope-To: linux-kernel@vger.kernel.org X-Envelope-To: penberg@kernel.org X-Envelope-To: vbabka@suse.cz X-Envelope-To: roman.gushchin@linux.dev X-Envelope-To: iamjoonsoo.kim@lge.com X-Envelope-To: 42.hyeyoo@gmail.com X-Envelope-To: rientjes@google.com X-Envelope-To: linux-mm@kvack.org X-Envelope-To: zhouchengming@bytedance.com X-Envelope-To: feng.tang@intel.com X-Envelope-To: chengming.zhou@linux.dev X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Chengming Zhou Date: Fri, 07 Jun 2024 16:40:14 +0800 Subject: [PATCH v3 3/3] slab: delete useless RED_INACTIVE and RED_ACTIVE MIME-Version: 1.0 Message-Id: <20240607-b4-slab-debug-v3-3-bb2a326c4ceb@linux.dev> References: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> In-Reply-To: <20240607-b4-slab-debug-v3-0-bb2a326c4ceb@linux.dev> To: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Feng Tang Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, zhouchengming@bytedance.com, Chengming Zhou X-Developer-Signature: v=1; a=ed25519-sha256; t=1717749639; l=2492; i=chengming.zhou@linux.dev; s=20240508; h=from:subject:message-id; bh=HrPAwtMOeYeTV8i4zs/HyF+XzjWDLITsYcMCCwBJKjk=; b=0CWA1/J60O55kCn+Cliv8N6QcksKBT2/nb1uYUtntzcYzA4/3nHZS/oGeU/wqaO43cxUe9VK3 x/KnumkFAuTCC+ZC6HiCZJwshbZvD3XI8TRNVUKnUxr7RfCfVjRiD/G X-Developer-Key: i=chengming.zhou@linux.dev; a=ed25519; pk=kx40VUetZeR6MuiqrM7kPCcGakk1md0Az5qHwb6gBdU= X-Migadu-Flow: FLOW_OUT X-Stat-Signature: 71qaoo5kpmi3kweyxbig6kyzcdehktno X-Rspamd-Queue-Id: 082004001D X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1717749661-886670 X-HE-Meta: U2FsdGVkX1+NITnR5ySe85DuxvEvmmqzA2MH+REPkUrtzbjpWbiRORc/g3QWHk6ssGYwSAMbUvHMIr1UQmsNIpqPPzC3Kld4nHsK6WiJC/4hp42MXbSefein2jMtG9XkAQO0onyEw12D2Ab3dRvaf22r9X41hqP1Cp+BPX3UdljhqiMZnn+yGOY9lSHRtoPUvTTO6wn0JAxAmb5+lwpWsWdXS8XKqM+EFetpGiU8majDmElcHdvFJySBPLYNJ17a3JyKWAGXVKKHY10zOOpH3/7Zcgag5I/9XvqpeXurcZ8a9dfAA0I7JTmWiUqEPiblBUH+Hf3tPfreW3G5R8djiWAtD+i+0rImxuTYWr/i2I8vZjsaXSKCTrHclB5/Vu3ZB0VdZdx16keElj8FbhBbVdsle4XWCd8jRTkPX0IgqiyeCloT1YJcINB8yD8PyjSWjbwCYO7EazTFrWOrzjOWm4Mqa+du/mz2oclCz85GO+5mUQhv2WAe1LS4mIL5UqX5+vBsFHQF8r6mEaI5GZKE3b1eVAUEG6GUIQga0kjQHbmuldxhCzqjL8Je6agdA/vUBlZI69Taup10tzKWPLznRN7YBwX9hM8cfCeUOsoKkYfZx8xGoh/dkjaBeAbxarKubK3s4CUHsJNcZiMw9LIcXgiutAzwFsFA+aK9VpBqCS7b+k5DSjOLsfG6a1JyAqkUmfsEZGPEuShp4kdIVjYM75gnCIaTgTTbtAWGK6aUGThs4WziNyxFJaYRd6vvr1VvUET4R5+95T9dkKILvL4POlV+8WCz/BLQ26sJMMHor4gU3Hd2tD/6yZvmlvUMrGCgliZ40A4U9+gBrrZKyJb887NILeqTOqyAStwFErYqo+8dSbtJg+9EIN7DtifmNXrsHWqmnTkVCaupGGnjTKdZ8/lQ7g1uhEo8MEppipgB8PnxPgx4N/e5xywnjPS2q2MhsET8PQVoFaipyInyN7h p5zERuy3 0ul5IrwUjmGv9iXf2v7H9UcD1sOCpQ0dy28obdqL1eZdF5tUoQ5RBASoFZKe35Lj6xNN8qjk9Wet+IBLTJ2Ck/TIOgYmf1azC0HrUqNCZj3W+srrAswzDLHIZlhWlFiDthF4WhDtYKYiFIkj88G3winrzmKCUfxAkzvh+mDqD9VzlLzlsV7Gq2+nOVLcKKUQZa8WSwOgGdsfmTTM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: These seem useless since we use the SLUB_RED_INACTIVE and SLUB_RED_ACTIVE, so just delete them, no functional change. Reviewed-by: Vlastimil Babka Signed-off-by: Chengming Zhou --- include/linux/poison.h | 7 ++----- mm/slub.c | 4 ++-- tools/include/linux/poison.h | 7 ++----- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/include/linux/poison.h b/include/linux/poison.h index 1f0ee2459f2a..9c1a035af97c 100644 --- a/include/linux/poison.h +++ b/include/linux/poison.h @@ -38,11 +38,8 @@ * Magic nums for obj red zoning. * Placed in the first word before and the first word after an obj. */ -#define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */ -#define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */ - -#define SLUB_RED_INACTIVE 0xbb -#define SLUB_RED_ACTIVE 0xcc +#define SLUB_RED_INACTIVE 0xbb /* when obj is inactive */ +#define SLUB_RED_ACTIVE 0xcc /* when obj is active */ /* ...and for poisoning */ #define POISON_INUSE 0x5a /* for use-uninitialised poisoning */ diff --git a/mm/slub.c b/mm/slub.c index 1551a0345650..efa7c88d8d8c 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1230,8 +1230,8 @@ static int check_bytes_and_report(struct kmem_cache *s, struct slab *slab, * Padding is extended by another word if Redzoning is enabled and * object_size == inuse. * - * We fill with 0xbb (RED_INACTIVE) for inactive objects and with - * 0xcc (RED_ACTIVE) for objects in use. + * We fill with 0xbb (SLUB_RED_INACTIVE) for inactive objects and with + * 0xcc (SLUB_RED_ACTIVE) for objects in use. * * object + s->inuse * Meta data starts here. diff --git a/tools/include/linux/poison.h b/tools/include/linux/poison.h index 2e6338ac5eed..e530e54046c9 100644 --- a/tools/include/linux/poison.h +++ b/tools/include/linux/poison.h @@ -47,11 +47,8 @@ * Magic nums for obj red zoning. * Placed in the first word before and the first word after an obj. */ -#define RED_INACTIVE 0x09F911029D74E35BULL /* when obj is inactive */ -#define RED_ACTIVE 0xD84156C5635688C0ULL /* when obj is active */ - -#define SLUB_RED_INACTIVE 0xbb -#define SLUB_RED_ACTIVE 0xcc +#define SLUB_RED_INACTIVE 0xbb /* when obj is inactive */ +#define SLUB_RED_ACTIVE 0xcc /* when obj is active */ /* ...and for poisoning */ #define POISON_INUSE 0x5a /* for use-uninitialised poisoning */