From nobody Thu Oct 2 19:27:06 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C346535FC18 for ; Thu, 11 Sep 2025 17:03:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610186; cv=none; b=S0Y+56bb1n5KcplrSAqxcLYUOzIOG2Nzz/OsGpsXjjZnHN/xBlbfdzzmTaAeCK4xIn7gO06HHzfKj4QCRlV1oI5iizlSLuOnaI+/IKlb471pcAJ1+EUPFHnyupwzSlLzJSQ0xpKnPgqtyqZh+xqN2CqSwEXOlcM9U3sfdGy9ka8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610186; c=relaxed/simple; bh=UkVCPyexZLuujdS/vq/QGfsjbUjvfJOcwBd5QuSG1Dc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DU6x0upGHfIRLeDcVW/MvMzQ7QETRrlmUvXJu4W0JidNHUPkpixlpqhZZRRhIS7orq/0TB07vueHxZvp7X3ZZCJvSDpLfavFOD4EXqYAEyyTfrf9UnHBa4CYsILghexvVmJUiiQxh3tpcDTgDlsD3nie1wGFlacT7lD49myYHy0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=MtT2CGXS; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=5GSiutm2; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=aRi7YGSd; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=UFU16EPg; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="MtT2CGXS"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="5GSiutm2"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="aRi7YGSd"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="UFU16EPg" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 01DC47647E; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610156; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=MtT2CGXS0oB0KE1fLvExDMMJMc8nuu5zAuU4GGnqGztTCwbkABvMuffinDIgF3zqj8kqta 3AoVsTSuueITNaVq5kqGMa8RRwt1OjPcs6aE6xFIhXq+MgCmlHgphheOCFJYxAWNNz8wjT xDXwBHzNblv2tej3IzBsCL5X519G42g= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610156; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=5GSiutm2fsIaxCzQ51sYTrzP2N+ePhhsgtlgzgUPNLJmkKs88ZBL9ckisMxvkdEji9kxQi LfWroL+vWuICWTDw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=aRi7YGSdI/ZSD8wGJzaYz9hrGpD8rTajcN2DOUK0xGb5fo8QZos5GWypcwB03LfqNih4Nk UxMF/lPpfP5VSvTxm5UeO8tyhKqPVyn/czhyn7m2aUd9CMvCBve7Xff6tqqO/JAgHNSIza sk+Ya7lBEqTc0aq5fupszNHOeaWR+PA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=UFU16EPgWUxx9bfx8YzkL8UdxDIMNz6fYhEqJyLaiyW2gWddq6NlX7AuR/C0apIbYu7Ege 6QRvffcbojJh5lBw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id E169F13ABA; Thu, 11 Sep 2025 17:02:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id mFfANqoAw2gUJAAAD6G6ig (envelope-from ); Thu, 11 Sep 2025 17:02:34 +0000 From: Vlastimil Babka Date: Thu, 11 Sep 2025 19:02:34 +0200 Subject: [PATCH 1/6] slab: Remove dead code in free_consistency_checks() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250911-slub-slab-validation-v1-1-8b67eb3b3dc5@suse.cz> References: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> In-Reply-To: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spam-Level: X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.998]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; R_RATELIMIT(0.00)[to_ip_from(RLwn5r54y1cp81no5tmbbew5oc)]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[infradead.org:email,oracle.com:email,suse.cz:email,suse.cz:mid] X-Spam-Flag: NO X-Spam-Score: -4.30 From: "Matthew Wilcox (Oracle)" We already know that slab is a valid slab as that's checked by the caller. In the future, we won't be able to get to a slab pointer from a non-slab page. Signed-off-by: Matthew Wilcox (Oracle) Reviewed-by: Harry Yoo Signed-off-by: Vlastimil Babka --- mm/slub.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 3062f56bf49882538ba5af407de9f69c451f2e29..56143bfd1ae319d384981c810a5= ed84af00f4afa 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1684,10 +1684,7 @@ static inline int free_consistency_checks(struct kme= m_cache *s, return 0; =20 if (unlikely(s !=3D slab->slab_cache)) { - if (!folio_test_slab(slab_folio(slab))) { - slab_err(s, slab, "Attempt to free object(0x%p) outside of slab", - object); - } else if (!slab->slab_cache) { + if (!slab->slab_cache) { slab_err(NULL, slab, "No slab cache for object 0x%p", object); } else { --=20 2.51.0 From nobody Thu Oct 2 19:27:06 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 602E022AE45 for ; Thu, 11 Sep 2025 17:02:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610173; cv=none; b=N/JXjoHhNsEf0enKL/oX7N5XLbI9tHRKzc9mIeX8FlwxUQpITvpBjysfVebBE5YEshV1GBYl21vY6XDzs2/94tNQn0r2HhiUIoUb18mkKK8wAdga/ptnYi5NFZDPp3iTVmJz4TWqVHJyXbnSSeAAdqKtzEgfEOpXKinY2lPCXYw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610173; c=relaxed/simple; bh=6tkeaTNyRm1SBHJQKgvKFHCqSVqtEzkC5yHycaSB9t0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Hkoi4tH95p4mp13Hv8gXgdOKmazR5mFW95Q1Swp4wgfP1N2h5L5eKZHP+vnNlTpptUJmmkvcjwxZr4Fwi1r5WoYW7x5Cm+9q5yU5VYWaKUTfGl+X+oujW3ry2qHwJh4MarfO1hu+qkDYEm5Xq3YOyKJnBEX7facpro2Fa3FiFAU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=caB69UBa; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=eciko9ma; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=caB69UBa; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=eciko9ma; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="caB69UBa"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="eciko9ma"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="caB69UBa"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="eciko9ma" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 11BE47647F; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jRP07fiR2IX4gxo9ENuoZTQhuQ0mAms5suV1861+oXk=; b=caB69UBaTbJw0cyHbpwNyhsojWzldNenRQf7IxQxYYwsRwFbZdTbBFqmXnGnAGylbG5XUg I5a6YRc/oyJW8A5J8RVQ776dTKd4NHj4ur+OL0++IZVMvjqcxkOoHUX9zRiuO8du7yXG5E HxvVaXgq4LODJ7BLPbAebZN/vGYVRTs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jRP07fiR2IX4gxo9ENuoZTQhuQ0mAms5suV1861+oXk=; b=eciko9ma7alFW2z3yd0wB6yiSLgj3Fo+mGOYT5Imo3INWV5tQGVmCZaGV+oajdOCArOO+C Kot8xIChGaREOEAw== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jRP07fiR2IX4gxo9ENuoZTQhuQ0mAms5suV1861+oXk=; b=caB69UBaTbJw0cyHbpwNyhsojWzldNenRQf7IxQxYYwsRwFbZdTbBFqmXnGnAGylbG5XUg I5a6YRc/oyJW8A5J8RVQ776dTKd4NHj4ur+OL0++IZVMvjqcxkOoHUX9zRiuO8du7yXG5E HxvVaXgq4LODJ7BLPbAebZN/vGYVRTs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jRP07fiR2IX4gxo9ENuoZTQhuQ0mAms5suV1861+oXk=; b=eciko9ma7alFW2z3yd0wB6yiSLgj3Fo+mGOYT5Imo3INWV5tQGVmCZaGV+oajdOCArOO+C Kot8xIChGaREOEAw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id F0C5C13AD6; Thu, 11 Sep 2025 17:02:34 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id ECiDOqoAw2gUJAAAD6G6ig (envelope-from ); Thu, 11 Sep 2025 17:02:34 +0000 From: Vlastimil Babka Date: Thu, 11 Sep 2025 19:02:35 +0200 Subject: [PATCH 2/6] slab: wrap debug slab validation in validate_slab_ptr() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250911-slub-slab-validation-v1-2-8b67eb3b3dc5@suse.cz> References: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> In-Reply-To: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spam-Level: X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:email,suse.cz:mid] X-Spam-Flag: NO X-Spam-Score: -4.30 This will make it clear where we currently cast struct slab to folio only to check the slab type, and allow to change the implementation later with memdesc conversion. For now use a struct page based implementation instead of struct folio to be compatible with further upcoming changes. Signed-off-by: Vlastimil Babka Reviewed-by: Harry Yoo --- mm/slub.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 56143bfd1ae319d384981c810a5ed84af00f4afa..5bbfe4ee8d9846ec9a34584c107= 50388849da3b9 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -821,6 +821,15 @@ static inline unsigned int get_orig_size(struct kmem_c= ache *s, void *object) return *(unsigned int *)p; } =20 +/* + * For debugging context when we want to check if the struct slab pointer + * appears to be valid. + */ +static bool validate_slab_ptr(struct slab *slab) +{ + return PageSlab(slab_page(slab)); +} + #ifdef CONFIG_SLUB_DEBUG static unsigned long object_map[BITS_TO_LONGS(MAX_OBJS_PER_PAGE)]; static DEFINE_SPINLOCK(object_map_lock); @@ -1453,7 +1462,7 @@ static int check_slab(struct kmem_cache *s, struct sl= ab *slab) { int maxobj; =20 - if (!folio_test_slab(slab_folio(slab))) { + if (!validate_slab_ptr(slab)) { slab_err(s, slab, "Not a valid slab page"); return 0; } @@ -1653,7 +1662,7 @@ static noinline bool alloc_debug_processing(struct km= em_cache *s, return true; =20 bad: - if (folio_test_slab(slab_folio(slab))) { + if (validate_slab_ptr(slab)) { /* * If this is a slab page then lets do the best we can * to avoid issues in the future. Marking all objects @@ -2818,7 +2827,7 @@ static void *alloc_single_from_partial(struct kmem_ca= che *s, slab->inuse++; =20 if (!alloc_debug_processing(s, slab, object, orig_size)) { - if (folio_test_slab(slab_folio(slab))) + if (validate_slab_ptr(slab)) remove_partial(n, slab); return NULL; } --=20 2.51.0 From nobody Thu Oct 2 19:27:06 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 120B3362997 for ; Thu, 11 Sep 2025 17:02:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610180; cv=none; b=I5Kn1KVF1Xzgpc4RrdeKlio3DrptBvRvHad+nphOnkXIem/T0PJ1F+KMfWko0H2yt3SFNcguY3x3XRXLC3GGE8WtzpU2eKqKSm22KdtDXHTsKciCmRgKAI2UTnKCg1vh79zj3TAA99rNUyUlOwS+jmHLpuxxfU0Pc8jPOSxFx5s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610180; c=relaxed/simple; bh=u41jKkPeVaZ40Td3aPD6Zm+fSYateZo15susiF2ehm8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=CIkU8A7KrNTFdccd9f6aCAJyBqwlZyCt8vub8El4wdqN5FCHnYUT7EV/TMzvYtqM8a86SkXNWkc7pbfX7b9nruJNLxJts/x4XiIOb4y1jy1xrjs2dQR+V9An4Cbn1fnUiyEKObvFe5bJEXV6Jd8fQjtT9yhO8IWe+KP68YwKOHc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=zqAMFcRd; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=SZN5HjVQ; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=zqAMFcRd; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=SZN5HjVQ; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="zqAMFcRd"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="SZN5HjVQ"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="zqAMFcRd"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="SZN5HjVQ" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 20C1576481; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6f2UzExln6BeKZDBJcPia3VoQR4i2uiv1uWrKQDThX8=; b=zqAMFcRd0T8/Twk0PQTF4F5+pW56BJRruI4CHexUjek9fqBJLHOK4y/l0Y8yelAOxclz6P i0qTDSOtItIRAyOg6JVE/j6p6EEimt7R12EP+1SWMRGxtgO6PkD16QF1MATavB8q+q3ST5 Z407S5wPjh+yrN3hXruz1PAeL3UJxtc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6f2UzExln6BeKZDBJcPia3VoQR4i2uiv1uWrKQDThX8=; b=SZN5HjVQH7I6DxWuH/saAoWkOzECfWBjOFnbm+SQlrLVpYfvKgag+zQHPNs4GM6Pnv7ipm G/yzbj9qb1zfkZAQ== Authentication-Results: smtp-out2.suse.de; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=zqAMFcRd; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=SZN5HjVQ DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6f2UzExln6BeKZDBJcPia3VoQR4i2uiv1uWrKQDThX8=; b=zqAMFcRd0T8/Twk0PQTF4F5+pW56BJRruI4CHexUjek9fqBJLHOK4y/l0Y8yelAOxclz6P i0qTDSOtItIRAyOg6JVE/j6p6EEimt7R12EP+1SWMRGxtgO6PkD16QF1MATavB8q+q3ST5 Z407S5wPjh+yrN3hXruz1PAeL3UJxtc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6f2UzExln6BeKZDBJcPia3VoQR4i2uiv1uWrKQDThX8=; b=SZN5HjVQH7I6DxWuH/saAoWkOzECfWBjOFnbm+SQlrLVpYfvKgag+zQHPNs4GM6Pnv7ipm G/yzbj9qb1zfkZAQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 0C87A13ADB; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 0PHHAqsAw2gUJAAAD6G6ig (envelope-from ); Thu, 11 Sep 2025 17:02:35 +0000 From: Vlastimil Babka Date: Thu, 11 Sep 2025 19:02:36 +0200 Subject: [PATCH 3/6] slab: move validate_slab_ptr() from check_slab() to its callers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250911-slub-slab-validation-v1-3-8b67eb3b3dc5@suse.cz> References: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> In-Reply-To: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:106:10:150:64:167:received]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_SEVEN(0.00)[9]; RCVD_TLS_ALL(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:mid,suse.cz:dkim,suse.cz:email]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.cz:+] X-Spam-Flag: NO X-Spam-Level: X-Rspamd-Queue-Id: 20C1576481 X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Rspamd-Action: no action X-Spam-Score: -4.51 We will want to do the validation earlier in some callers or remove it completely, so extract it from check_slab() first. No functional change. Signed-off-by: Vlastimil Babka Reviewed-by: Harry Yoo --- mm/slub.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 5bbfe4ee8d9846ec9a34584c10750388849da3b9..94a089205a86f0667444484e158= d307e72cd96e1 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1458,15 +1458,15 @@ static int check_object(struct kmem_cache *s, struc= t slab *slab, return ret; } =20 +/* + * Checks if the slab state looks sane. Assumes the struct slab pointer + * was either obtained in a way that ensures it's valid, or validated + * by validate_slab_ptr() + */ static int check_slab(struct kmem_cache *s, struct slab *slab) { int maxobj; =20 - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - return 0; - } - maxobj =3D order_objects(slab_order(slab), s->size); if (slab->objects > maxobj) { slab_err(s, slab, "objects %u > max %u", @@ -1633,6 +1633,11 @@ void setup_slab_debug(struct kmem_cache *s, struct s= lab *slab, void *addr) static inline int alloc_consistency_checks(struct kmem_cache *s, struct slab *slab, void *object) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return 0; + } + if (!check_slab(s, slab)) return 0; =20 @@ -3485,6 +3490,11 @@ static inline bool free_debug_processing(struct kmem= _cache *s, int cnt =3D 0; =20 if (s->flags & SLAB_CONSISTENCY_CHECKS) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + goto out; + } + if (!check_slab(s, slab)) goto out; } @@ -6519,6 +6529,11 @@ static void validate_slab(struct kmem_cache *s, stru= ct slab *slab, void *p; void *addr =3D slab_address(slab); =20 + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return; + } + if (!check_slab(s, slab) || !on_freelist(s, slab, NULL)) return; =20 --=20 2.51.0 From nobody Thu Oct 2 19:27:06 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E43C53629B5 for ; Thu, 11 Sep 2025 17:02:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610160; cv=none; b=LW6JN/SLCPccnuUSwHlqNVTRRerrh0HxTzdAotNw0TEN4o/yJUAHoz75V5BJzfNyfG6pu7VYaQakLSUaQ2MpsF2L7RI8L7LnLd4/Muhe2FWgd2Wiw+zPz0L2xoILzkT48k+PhI8RZC1SLchYvIxjDRJz0ZXmEuTmNUJsMz2OMDo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610160; c=relaxed/simple; bh=OBrCz4d0jzHFrNHwjW+2Kmd3qAmniHh1spG+C3r92lA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=LyZMKCjzt0OdOVPHxRYDx3OHZs9uY823oWXTEAnee3uhDr89tY6fnbFggUhZmF0pHvYcYn+B4PpCtsLPkvGBNrQBL6VGAppWc5ftdwlZgUASuBcJ2MjKuqPk/xBr3X5IMdGfQQxO8614lRvd4ZFIQtTo2Op0gV0v8RLMWi8QyX0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=3NUsIjTT; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=WTl41xxS; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=3NUsIjTT; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=WTl41xxS; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="3NUsIjTT"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="WTl41xxS"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="3NUsIjTT"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="WTl41xxS" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 306B476482; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=16JtMs2N3c8BfxyIy3mN0WoRRH25v+rdskgyAm89Lvk=; b=3NUsIjTTN3qASJMnexCA5e+92cBKzdrKYdjG2TFhAVDAXH3TfeGX85tKlNJ8azYupkjf8f k/uf/IJmJhEWgr54gKCtB+pSWTdd4UTPVhd+5bS2ehkgjl0kWnoyGrsU/m1nWeEg041mRl l7BcPPatZvfSxnz63//p00cKbK7HEqk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=16JtMs2N3c8BfxyIy3mN0WoRRH25v+rdskgyAm89Lvk=; b=WTl41xxSWFezDL6Yh/s1NTrX3RQSSzNglUw5tHGaNCTp1IQCnZ1OsWN8CyNn+e4ahIzxtj ywruhUuWBJsszNAg== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=16JtMs2N3c8BfxyIy3mN0WoRRH25v+rdskgyAm89Lvk=; b=3NUsIjTTN3qASJMnexCA5e+92cBKzdrKYdjG2TFhAVDAXH3TfeGX85tKlNJ8azYupkjf8f k/uf/IJmJhEWgr54gKCtB+pSWTdd4UTPVhd+5bS2ehkgjl0kWnoyGrsU/m1nWeEg041mRl l7BcPPatZvfSxnz63//p00cKbK7HEqk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=16JtMs2N3c8BfxyIy3mN0WoRRH25v+rdskgyAm89Lvk=; b=WTl41xxSWFezDL6Yh/s1NTrX3RQSSzNglUw5tHGaNCTp1IQCnZ1OsWN8CyNn+e4ahIzxtj ywruhUuWBJsszNAg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 1B7F713AE0; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id wGJtBqsAw2gUJAAAD6G6ig (envelope-from ); Thu, 11 Sep 2025 17:02:35 +0000 From: Vlastimil Babka Date: Thu, 11 Sep 2025 19:02:37 +0200 Subject: [PATCH 4/6] slab: move validate_slab_ptr() from alloc_consistency_checks() to its caller Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250911-slub-slab-validation-v1-4-8b67eb3b3dc5@suse.cz> References: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> In-Reply-To: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; R_RATELIMIT(0.00)[to_ip_from(RLwn5r54y1cp81no5tmbbew5oc)]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:mid,suse.cz:email] X-Spam-Flag: NO X-Spam-Level: X-Spam-Score: -4.30 In alloc_debug_processing() we can call validate_slab_ptr() upfront and then don't need to recheck when alloc_consistency_checks() fails for other reasons. Signed-off-by: Vlastimil Babka Reviewed-by: Harry Yoo --- mm/slub.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 94a089205a86f0667444484e158d307e72cd96e1..909c71372a2f542b6e0d67c12ea= 683133b246b66 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1633,11 +1633,6 @@ void setup_slab_debug(struct kmem_cache *s, struct s= lab *slab, void *addr) static inline int alloc_consistency_checks(struct kmem_cache *s, struct slab *slab, void *object) { - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - return 0; - } - if (!check_slab(s, slab)) return 0; =20 @@ -1656,6 +1651,11 @@ static noinline bool alloc_debug_processing(struct k= mem_cache *s, struct slab *slab, void *object, int orig_size) { if (s->flags & SLAB_CONSISTENCY_CHECKS) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return false; + } + if (!alloc_consistency_checks(s, slab, object)) goto bad; } @@ -1667,17 +1667,15 @@ static noinline bool alloc_debug_processing(struct = kmem_cache *s, return true; =20 bad: - if (validate_slab_ptr(slab)) { - /* - * If this is a slab page then lets do the best we can - * to avoid issues in the future. Marking all objects - * as used avoids touching the remaining objects. - */ - slab_fix(s, "Marking all objects used"); - slab->inuse =3D slab->objects; - slab->freelist =3D NULL; - slab->frozen =3D 1; /* mark consistency-failed slab as frozen */ - } + /* + * Let's do the best we can to avoid issues in the future. Marking all + * objects as used avoids touching the remaining objects. + */ + slab_fix(s, "Marking all objects used"); + slab->inuse =3D slab->objects; + slab->freelist =3D NULL; + slab->frozen =3D 1; /* mark consistency-failed slab as frozen */ + return false; } =20 --=20 2.51.0 From nobody Thu Oct 2 19:27:06 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1ECFF2376FC for ; Thu, 11 Sep 2025 17:02:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610166; cv=none; b=Te4jShve7Mm1WblnkBNv2fC/Ubsb/n71PLkVNRD4Bk9FER4yEFTXIFYFfRjDooJ/xVHqcZXDSoPF8WE6QR7X0rBTCpsA1jt6XrKbrlazy+pgvll7MPK8Gjmdt1XM9morsz6k0kz5sbTqrKXkuE0qOjKWvbI50z2u4e53rQgxQDM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610166; c=relaxed/simple; bh=J54BT6re3klenuxIAXAyoezp6r+AS24sukuirRLMaO4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZtYLQVrcKC9yZCqfu/yLEobj5A357VR6nbhOfuRvyPxI39d9BmzwlG+7C+FNmVMkJI+d0lWe7B39HA9ICSQ3K61nli3NNrctlau+a+kiaHqwslrTa3TPsaYoLztrif6SNkskUYsRDXohQCGUj1DOha+842LZGmBs53o4yCiGdn4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=QF7gdNKw; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=ZzFRLsT1; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=QF7gdNKw; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=ZzFRLsT1; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="QF7gdNKw"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="ZzFRLsT1"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="QF7gdNKw"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="ZzFRLsT1" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 485AC76483; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4Pv1HSdC4mXzEJtFV99nSHn9ZZRv54mCokp/t2JPr4o=; b=QF7gdNKwdu0/USHXbl4y1V8/yJbhvLhl97mMfX04Ke9OmFeWQkWbXSDP5Dr6YGfiyUTuxa ZqdMklKHmoXCPwjCIkQm3Oz1lSQbfVOAOM3ID9xPRcBiCdXZWLXb05Q90q65Of6QkXxd8r MMGbQUc1Unp+j/QoySvE+aZckuUPyn4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4Pv1HSdC4mXzEJtFV99nSHn9ZZRv54mCokp/t2JPr4o=; b=ZzFRLsT1OyihjWkvvWzckDLpxpzhTnothsrLr4f3UrldTZP1Dig0fGl2EZCo6SvvRPmYhc qfkdAyNx5hihfrDA== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4Pv1HSdC4mXzEJtFV99nSHn9ZZRv54mCokp/t2JPr4o=; b=QF7gdNKwdu0/USHXbl4y1V8/yJbhvLhl97mMfX04Ke9OmFeWQkWbXSDP5Dr6YGfiyUTuxa ZqdMklKHmoXCPwjCIkQm3Oz1lSQbfVOAOM3ID9xPRcBiCdXZWLXb05Q90q65Of6QkXxd8r MMGbQUc1Unp+j/QoySvE+aZckuUPyn4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4Pv1HSdC4mXzEJtFV99nSHn9ZZRv54mCokp/t2JPr4o=; b=ZzFRLsT1OyihjWkvvWzckDLpxpzhTnothsrLr4f3UrldTZP1Dig0fGl2EZCo6SvvRPmYhc qfkdAyNx5hihfrDA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 2A90513AF8; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id qOAXCqsAw2gUJAAAD6G6ig (envelope-from ); Thu, 11 Sep 2025 17:02:35 +0000 From: Vlastimil Babka Date: Thu, 11 Sep 2025 19:02:38 +0200 Subject: [PATCH 5/6] slab: validate slab before using it in alloc_single_from_partial() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250911-slub-slab-validation-v1-5-8b67eb3b3dc5@suse.cz> References: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> In-Reply-To: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spam-Level: X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; R_RATELIMIT(0.00)[to_ip_from(RLwn5r54y1cp81no5tmbbew5oc)]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:email,suse.cz:mid] X-Spam-Flag: NO X-Spam-Score: -4.30 We touch slab->freelist and slab->inuse before checking the slab pointer is actually sane. Do that validation first, which will be safer. We can thus also remove the check from alloc_debug_processing(). This adds a new "s->flags & SLAB_CONSISTENCY_CHECKS" test but alloc_single_from_partial() is only called for caches with debugging enabled so it's acceptable. In alloc_single_from_new_slab() we just created the struct slab and call alloc_debug_processing() to mainly set up redzones, tracking etc, while not really expecting the consistency checks to fail. Thus don't validate it there. Signed-off-by: Vlastimil Babka --- mm/slub.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 909c71372a2f542b6e0d67c12ea683133b246b66..93df6e82af37c798c3fa5574c9d= 825f0f4a83013 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1651,11 +1651,6 @@ static noinline bool alloc_debug_processing(struct k= mem_cache *s, struct slab *slab, void *object, int orig_size) { if (s->flags & SLAB_CONSISTENCY_CHECKS) { - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - return false; - } - if (!alloc_consistency_checks(s, slab, object)) goto bad; } @@ -2825,15 +2820,19 @@ static void *alloc_single_from_partial(struct kmem_= cache *s, =20 lockdep_assert_held(&n->list_lock); =20 + if (s->flags & SLAB_CONSISTENCY_CHECKS) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return NULL; + } + } + object =3D slab->freelist; slab->freelist =3D get_freepointer(s, object); slab->inuse++; =20 - if (!alloc_debug_processing(s, slab, object, orig_size)) { - if (validate_slab_ptr(slab)) - remove_partial(n, slab); + if (!alloc_debug_processing(s, slab, object, orig_size)) return NULL; - } =20 if (slab->inuse =3D=3D slab->objects) { remove_partial(n, slab); --=20 2.51.0 From nobody Thu Oct 2 19:27:06 2025 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C6D335FC39 for ; Thu, 11 Sep 2025 17:02:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610167; cv=none; b=FtLzZm1Z4v78ITRqXVW3PRHe77+vyTix6k6BC5/bvhrAUh/dl6F4CBrUj3l+0giTSLQN35yEj5BpXo/sWNH8A1+1RJhOue/vi1UKH+AT9Q2zr4dwmsZ12WbCE7kwOZKSv+PBWtbJVyeSekrdViURaHJDOcZLLhZnKUuXt/cAlTQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757610167; c=relaxed/simple; bh=2bRHwmHX5rn1+DO9kZ0MmLe1t+SjB2iull3FQiSUXxI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hHxMk1fKMa/iij5qdwK9c70pU2Ae1nQw15GPW2jRMl+wFWeWjFXoOBWJUtvnSqcojouMTY3yiMw8EGsIUF8tBMJ2uHubAn37KoShRX6e7W3d9bGiWQaAEv3jmfRnHtnAeMM3TKThCq9pUVrN6UMjh8bZokXNd3cEUh1JuQHkgJw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=UlRLIenv; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=oGn/PNUn; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=UlRLIenv; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=oGn/PNUn; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="UlRLIenv"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="oGn/PNUn"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="UlRLIenv"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="oGn/PNUn" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 4B129385FB; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gU8uzwxAYobW2SW2rVaJMdcJbOZvC5xNrUDaVXNRGxg=; b=UlRLIenv1BNmXoAJVTeMxpBMoAOaKHc+pxyu8MYuMXV9fqIzZ772TMdMW3aU9SyOhqvpu8 R2akgspt2OlhZShcE7t4dWKxIt5YhY8i24bHvKqb7c5INKHxKjJ0O+qvtYZPfNYp8VD06D 5JRoTmIMTR0olrImNVE8InGeFX+Jc2M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gU8uzwxAYobW2SW2rVaJMdcJbOZvC5xNrUDaVXNRGxg=; b=oGn/PNUniXADceo50TVabUOMevpYbP0N9zyRD3gLNzAzq1D7glDcZHWggPBOKsv2PZAEqQ JVylQibCsPAR0iDA== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gU8uzwxAYobW2SW2rVaJMdcJbOZvC5xNrUDaVXNRGxg=; b=UlRLIenv1BNmXoAJVTeMxpBMoAOaKHc+pxyu8MYuMXV9fqIzZ772TMdMW3aU9SyOhqvpu8 R2akgspt2OlhZShcE7t4dWKxIt5YhY8i24bHvKqb7c5INKHxKjJ0O+qvtYZPfNYp8VD06D 5JRoTmIMTR0olrImNVE8InGeFX+Jc2M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757610155; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gU8uzwxAYobW2SW2rVaJMdcJbOZvC5xNrUDaVXNRGxg=; b=oGn/PNUniXADceo50TVabUOMevpYbP0N9zyRD3gLNzAzq1D7glDcZHWggPBOKsv2PZAEqQ JVylQibCsPAR0iDA== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 3A2C413AD6; Thu, 11 Sep 2025 17:02:35 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id KKnpDasAw2gUJAAAD6G6ig (envelope-from ); Thu, 11 Sep 2025 17:02:35 +0000 From: Vlastimil Babka Date: Thu, 11 Sep 2025 19:02:39 +0200 Subject: [PATCH 6/6] slab: don't validate slab pointer in free_debug_processing() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250911-slub-slab-validation-v1-6-8b67eb3b3dc5@suse.cz> References: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> In-Reply-To: <20250911-slub-slab-validation-v1-0-8b67eb3b3dc5@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[99.99%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; R_RATELIMIT(0.00)[to_ip_from(RLwn5r54y1cp81no5tmbbew5oc)]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.cz:mid,suse.cz:email] X-Spam-Flag: NO X-Spam-Level: X-Spam-Score: -4.30 The struct slab pointer has been obtained one from the object being freed on all the paths that lead to this function. In all cases this already includes the test for slab type of the struct page which struct slab is overlaying. Thus we would not reach this function if it was not a valid slab pointer in the first place. One less obvious case is that kmem_cache_free() trusts virt_to_slab() blindly so it may be NULL if the slab type check is false. But with SLAB_CONSISTENCY_CHECKS, cache_from_obj() called also from kmem_cache_free() catches this and returns NULL, which terminates freeing immediately. Signed-off-by: Vlastimil Babka Reviewed-by: Harry Yoo --- mm/slub.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 93df6e82af37c798c3fa5574c9d825f0f4a83013..106dbce64acdf32c1d271ec130c= 35c0ec0e15630 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3487,11 +3487,6 @@ static inline bool free_debug_processing(struct kmem= _cache *s, int cnt =3D 0; =20 if (s->flags & SLAB_CONSISTENCY_CHECKS) { - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - goto out; - } - if (!check_slab(s, slab)) goto out; } --=20 2.51.0