From nobody Thu Oct 2 15:18:40 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38F252F3603 for ; Mon, 15 Sep 2025 13:55:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944513; cv=none; b=pGeUlPLspgO/xB4EKlLrfyGP5Fmyxhv/Z51zq+IeidcHumfsNOuTTDhtbTuvZcuOasAZP9/hBESJEscjClHAn1QPyqTvFEDSQxN4ok5bAlbRy3nvxuLhD4GWmzbSecOu2mYMbhJboPrEeJjWHh1uukTDCRpxxB6WBbptUCtlxAA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944513; c=relaxed/simple; bh=UkVCPyexZLuujdS/vq/QGfsjbUjvfJOcwBd5QuSG1Dc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hwimrBsVVZ9OFOWcJEtoM7MiGygy+cNmGzVZUCQjzOp9wcqq1Qh+SMUlKNuik/LcESQKSJ2BS7IrmgtFdMf44frk9akiQyKaZ78zcTpTGRFrWfk73jkG7zeNoEGCsKm3eOl0Yb7gdrl7yVbanYSkNPyj+fkaVCrX/3JvjlJKHUg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=lNWfE7ZL; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=HFd5SR5T; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=lNWfE7ZL; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=HFd5SR5T; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="lNWfE7ZL"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="HFd5SR5T"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="lNWfE7ZL"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="HFd5SR5T" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 4E2191FB56; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=lNWfE7ZLvWo3kC3UhnIq11SZFcaFo9jK8/G/Wzw+hou3aNcyIYMbCcWVj273ML5pKN1w8/ epN51z1eIUbu8hDM753phtn/vr3I3yluVcw7nsVGAo1ujt6MMVYytjpwmxEEh7+/DTIISZ fEIIWZfCtmxlCBrZphAQlFJKRCkkpP8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=HFd5SR5TPuFbGxd1Um+Q7J5LAunMBFUxKrILbNBmmuY+TwgnQq2Aa9BB33jMEqv7BpASQz C/ndCSxLIO0erZBQ== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=lNWfE7ZLvWo3kC3UhnIq11SZFcaFo9jK8/G/Wzw+hou3aNcyIYMbCcWVj273ML5pKN1w8/ epN51z1eIUbu8hDM753phtn/vr3I3yluVcw7nsVGAo1ujt6MMVYytjpwmxEEh7+/DTIISZ fEIIWZfCtmxlCBrZphAQlFJKRCkkpP8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Gr2Y5vpWLhYmkFvvE0c3RnudTXKlGf10pEcNoBQE900=; b=HFd5SR5TPuFbGxd1Um+Q7J5LAunMBFUxKrILbNBmmuY+TwgnQq2Aa9BB33jMEqv7BpASQz C/ndCSxLIO0erZBQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 38BE21398D; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 0K+QDb4ayGhnVgAAD6G6ig (envelope-from ); Mon, 15 Sep 2025 13:55:10 +0000 From: Vlastimil Babka Date: Mon, 15 Sep 2025 15:55:08 +0200 Subject: [PATCH v2 1/6] slab: Remove dead code in free_consistency_checks() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250915-slub-slab-validation-v2-1-314690fc1532@suse.cz> References: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> In-Reply-To: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spam-Level: X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.998]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,infradead.org:email] X-Spam-Flag: NO X-Spam-Score: -4.30 From: "Matthew Wilcox (Oracle)" We already know that slab is a valid slab as that's checked by the caller. In the future, we won't be able to get to a slab pointer from a non-slab page. Signed-off-by: Matthew Wilcox (Oracle) Reviewed-by: Harry Yoo Signed-off-by: Vlastimil Babka --- mm/slub.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 3062f56bf49882538ba5af407de9f69c451f2e29..56143bfd1ae319d384981c810a5= ed84af00f4afa 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1684,10 +1684,7 @@ static inline int free_consistency_checks(struct kme= m_cache *s, return 0; =20 if (unlikely(s !=3D slab->slab_cache)) { - if (!folio_test_slab(slab_folio(slab))) { - slab_err(s, slab, "Attempt to free object(0x%p) outside of slab", - object); - } else if (!slab->slab_cache) { + if (!slab->slab_cache) { slab_err(NULL, slab, "No slab cache for object 0x%p", object); } else { --=20 2.51.0 From nobody Thu Oct 2 15:18:40 2025 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F98930EF87 for ; Mon, 15 Sep 2025 13:55:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944513; cv=none; b=jNZAWf2WAAspqsieXyDgfIh35ZrSBl+rZHHWt+v2BLCEXzLQCS1coV/3/VX6AvYxZu3XeNzZRNWyAFA8UKMAfmtMYrhQHKsA2NY6nkWy/ZBXnGe32/OEKEmyQYcQ0dkhzM8niwzCD9xhXSMliN35VGD7uI58sVcxAgIfpQ+bRS0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944513; c=relaxed/simple; bh=BCJZmAr1Bx5V8/zojsYy7RlB6Vdaz+dZH0np5iUmmZY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=VrRnwyOZ6D6RYAuTGWGVuCAU0CJkFmpEeQWNvCxPTuSjjQ5hRtEofTwSR0Poq4G/eshZBClr065hzGlm0UzZyBjddEzr49hCO2YDQDbOwrGOaKWVP7PmTzx80w5ccVSRdlChQOpYJdCrbw9hQbZl6aJc0G5wCX+55vdGm1rWxkY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=sMZHxzxT; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=ZvB3dreT; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=sMZHxzxT; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=ZvB3dreT; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="sMZHxzxT"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="ZvB3dreT"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="sMZHxzxT"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="ZvB3dreT" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 5C936336BF; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MVmn++9xJB9GpxveASuMULaQTKTMrSj+26tW8lFK6LI=; b=sMZHxzxT/K4//pDSK5b0FvXDxnPAklwI8Jqhin6x4U/N00Wp1kKG6NHeIjRISYSrMLuDkW 3heY/FBZ+ksOrq1k1wAo+ByP6DVNJay6TR4bJv+fpXtioNrp/RUNdnBpe3oORGWc6Ne3GQ UL6R5ZiPS6AcoLjDUEurUaQzg0aglOI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MVmn++9xJB9GpxveASuMULaQTKTMrSj+26tW8lFK6LI=; b=ZvB3dreTfm43G16xd6mRYRFIm3Ocd6F2n/Ls0ww1kbdrjpV/IO7uRpkxoFqbEJKBIbO3/z V5bfC1Qm/qMSsZBQ== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=sMZHxzxT; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=ZvB3dreT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MVmn++9xJB9GpxveASuMULaQTKTMrSj+26tW8lFK6LI=; b=sMZHxzxT/K4//pDSK5b0FvXDxnPAklwI8Jqhin6x4U/N00Wp1kKG6NHeIjRISYSrMLuDkW 3heY/FBZ+ksOrq1k1wAo+ByP6DVNJay6TR4bJv+fpXtioNrp/RUNdnBpe3oORGWc6Ne3GQ UL6R5ZiPS6AcoLjDUEurUaQzg0aglOI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MVmn++9xJB9GpxveASuMULaQTKTMrSj+26tW8lFK6LI=; b=ZvB3dreTfm43G16xd6mRYRFIm3Ocd6F2n/Ls0ww1kbdrjpV/IO7uRpkxoFqbEJKBIbO3/z V5bfC1Qm/qMSsZBQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 483CB13A92; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id wB9LEb4ayGhnVgAAD6G6ig (envelope-from ); Mon, 15 Sep 2025 13:55:10 +0000 From: Vlastimil Babka Date: Mon, 15 Sep 2025 15:55:09 +0200 Subject: [PATCH v2 2/6] slab: wrap debug slab validation in validate_slab_ptr() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250915-slub-slab-validation-v2-2-314690fc1532@suse.cz> References: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> In-Reply-To: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spam-Level: X-Spam-Flag: NO X-Rspamd-Queue-Id: 5C936336BF X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo]; DKIM_TRACE(0.00)[suse.cz:+] X-Spam-Score: -4.51 This will make it clear where we currently cast struct slab to folio only to check the slab type, and allow to change the implementation later with memdesc conversion. For now use a struct page based implementation instead of struct folio to be compatible with further upcoming changes. Reviewed-by: Harry Yoo Signed-off-by: Vlastimil Babka --- mm/slub.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 56143bfd1ae319d384981c810a5ed84af00f4afa..75e4388d507d1abcbce8c7d5d25= 81381de46cf4d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -821,6 +821,15 @@ static inline unsigned int get_orig_size(struct kmem_c= ache *s, void *object) return *(unsigned int *)p; } =20 +/* + * For debugging context when we want to check if the struct slab pointer + * appears to be valid. + */ +static inline bool validate_slab_ptr(struct slab *slab) +{ + return PageSlab(slab_page(slab)); +} + #ifdef CONFIG_SLUB_DEBUG static unsigned long object_map[BITS_TO_LONGS(MAX_OBJS_PER_PAGE)]; static DEFINE_SPINLOCK(object_map_lock); @@ -1453,7 +1462,7 @@ static int check_slab(struct kmem_cache *s, struct sl= ab *slab) { int maxobj; =20 - if (!folio_test_slab(slab_folio(slab))) { + if (!validate_slab_ptr(slab)) { slab_err(s, slab, "Not a valid slab page"); return 0; } @@ -1653,7 +1662,7 @@ static noinline bool alloc_debug_processing(struct km= em_cache *s, return true; =20 bad: - if (folio_test_slab(slab_folio(slab))) { + if (validate_slab_ptr(slab)) { /* * If this is a slab page then lets do the best we can * to avoid issues in the future. Marking all objects @@ -2818,7 +2827,7 @@ static void *alloc_single_from_partial(struct kmem_ca= che *s, slab->inuse++; =20 if (!alloc_debug_processing(s, slab, object, orig_size)) { - if (folio_test_slab(slab_folio(slab))) + if (validate_slab_ptr(slab)) remove_partial(n, slab); return NULL; } --=20 2.51.0 From nobody Thu Oct 2 15:18:40 2025 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 200AD30DEDE for ; Mon, 15 Sep 2025 13:55:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944519; cv=none; b=H7JJXir4nINu4drILF5182x099Yad6SzyVvXxlV9NTy+BkURGLFSh1ukohozpiduw7u9sXc0Mq+5RdlOGdAs8Lw/hK+t0Ozb/YQrPSva89g/IyJUOVUBjQm3MVf14W5qs5vJlnMe+RxYH2aBKOhhDLxr3lC58KUKoGRznWmGDww= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944519; c=relaxed/simple; bh=nC2l1AVwnnn4sM7J9x2F2Oqttd3HygqlYWCnMO2r/d4=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=pC1DsM2ylo3dIeUJdNe79PMpvOuadAnPHxR5nr2Bzx5VfR/O7tZRjYgNDzQKQC7X/9G7eTUtrCrZT7LWe1r/h32vQ6sGz1JyXQ7wK4tJwQXCQ8FNhzqFJ61cmyog2hz7lMeQSKgQML4sOH3No9+GgECW3pbjNZWoBGj8dflBp8M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=U/aOyTJI; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=/yrH6ds7; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=U/aOyTJI; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=/yrH6ds7; arc=none smtp.client-ip=195.135.223.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="U/aOyTJI"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="/yrH6ds7"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="U/aOyTJI"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="/yrH6ds7" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 6C7791FB5D; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Sp7wX8LAIXoZv2g9Und0rpOnfEG/AgSUWiifNHh6/Uk=; b=U/aOyTJI6mxu4J16SBnq/1byPaGnjFtJsTlF2NhS3H4xcEqUbM8FkYVH2RtVqcVzoX10mW 12tJji+v2+yQzx08Gra5MkZaiFqX+/C9GTExEuk/kNk6OBhXngqJr6pX8/hPa9hLmJa9wW is9SXYO/2EsE5xZKaRCJ5Qxyil6yfTg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Sp7wX8LAIXoZv2g9Und0rpOnfEG/AgSUWiifNHh6/Uk=; b=/yrH6ds7EBlnmdP5IBLvOaCOWGPjtPBTN2rF1GRimxvA2gpsTm08ynSqzZYg8gCybmVaBB 4jHIdlXjJEYcG4Bg== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Sp7wX8LAIXoZv2g9Und0rpOnfEG/AgSUWiifNHh6/Uk=; b=U/aOyTJI6mxu4J16SBnq/1byPaGnjFtJsTlF2NhS3H4xcEqUbM8FkYVH2RtVqcVzoX10mW 12tJji+v2+yQzx08Gra5MkZaiFqX+/C9GTExEuk/kNk6OBhXngqJr6pX8/hPa9hLmJa9wW is9SXYO/2EsE5xZKaRCJ5Qxyil6yfTg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Sp7wX8LAIXoZv2g9Und0rpOnfEG/AgSUWiifNHh6/Uk=; b=/yrH6ds7EBlnmdP5IBLvOaCOWGPjtPBTN2rF1GRimxvA2gpsTm08ynSqzZYg8gCybmVaBB 4jHIdlXjJEYcG4Bg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 56FCB13AB2; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id sFT6FL4ayGhnVgAAD6G6ig (envelope-from ); Mon, 15 Sep 2025 13:55:10 +0000 From: Vlastimil Babka Date: Mon, 15 Sep 2025 15:55:10 +0200 Subject: [PATCH v2 3/6] slab: move validate_slab_ptr() from check_slab() to its callers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250915-slub-slab-validation-v2-3-314690fc1532@suse.cz> References: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> In-Reply-To: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo] X-Spam-Flag: NO X-Spam-Level: X-Spam-Score: -4.30 We will want to do the validation earlier in some callers or remove it completely, so extract it from check_slab() first. No functional change. Reviewed-by: Harry Yoo Signed-off-by: Vlastimil Babka --- mm/slub.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 75e4388d507d1abcbce8c7d5d2581381de46cf4d..6fb24010c17019ed304b4ef61f4= 02212dd634efb 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1458,15 +1458,15 @@ static int check_object(struct kmem_cache *s, struc= t slab *slab, return ret; } =20 +/* + * Checks if the slab state looks sane. Assumes the struct slab pointer + * was either obtained in a way that ensures it's valid, or validated + * by validate_slab_ptr() + */ static int check_slab(struct kmem_cache *s, struct slab *slab) { int maxobj; =20 - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - return 0; - } - maxobj =3D order_objects(slab_order(slab), s->size); if (slab->objects > maxobj) { slab_err(s, slab, "objects %u > max %u", @@ -1633,6 +1633,11 @@ void setup_slab_debug(struct kmem_cache *s, struct s= lab *slab, void *addr) static inline int alloc_consistency_checks(struct kmem_cache *s, struct slab *slab, void *object) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return 0; + } + if (!check_slab(s, slab)) return 0; =20 @@ -3485,6 +3490,11 @@ static inline bool free_debug_processing(struct kmem= _cache *s, int cnt =3D 0; =20 if (s->flags & SLAB_CONSISTENCY_CHECKS) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + goto out; + } + if (!check_slab(s, slab)) goto out; } @@ -6519,6 +6529,11 @@ static void validate_slab(struct kmem_cache *s, stru= ct slab *slab, void *p; void *addr =3D slab_address(slab); =20 + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return; + } + if (!check_slab(s, slab) || !on_freelist(s, slab, NULL)) return; =20 --=20 2.51.0 From nobody Thu Oct 2 15:18:40 2025 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D920313276 for ; Mon, 15 Sep 2025 13:55:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944520; cv=none; b=gie0HwWMN55rbSKrT/MJdJebFUSyqmjbsS+vjIFwY2PtFO48h6WBMA1OcPVlJql3SJZsZ87543nZnSuawxW9yJPZPHhocESGTYx6P+pjydZTwNFiM9Jy7IZw2B6/xBxVtFroQzPsuTQgP7AgRwEwf3ovD3uuSjYkjR2TMCd2EjY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944520; c=relaxed/simple; bh=IFEPrW0+O2b/PpdHrbhOMQ2ggtbk7wzfMiWyQCdvZ58=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZwYcpGIcNnogHNyB5g3fBAALwVupIGMBNcjP2pqx1roqCpn+yaPYn7NzlmFytEZw5fDyLWJfYa94942ZEeOYeLlc23I/BQzM+J+3Ay0K9Mn83ElR590mMvjNnUuP12aj1GTmTSaQYukr5R1zX1SyUpBSaFCu1JKe9Oxti/UJmrs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=K9jI49jQ; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=nU/aOJJT; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=K9jI49jQ; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=nU/aOJJT; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="K9jI49jQ"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="nU/aOJJT"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="K9jI49jQ"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="nU/aOJJT" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 7A2FC336EB; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6BO/XM4CY4A6MXS0It0mmWotlrINeIN+ElFGE0qvaZQ=; b=K9jI49jQV8qPC4HDukiV/itEqObzPRcDI2cxTrbLaVmHM9c5kpjeHd3xA0WUcK7ZciLPFk OVZH5/WxvUsQ9kCs1PoDfPbs5jEUeu4d3SnuFRFh9hsgzZcD3XsGBbvFQyao8ltsU/H9OO OfUwNSfgv8RuAln/QMvHYLVpdrjxyTU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6BO/XM4CY4A6MXS0It0mmWotlrINeIN+ElFGE0qvaZQ=; b=nU/aOJJTGDoOskAVdUHdJW6JZDgK3whIZwe5TfkY1F8CQeHz/dFrzI2mVGzWcP1SA0s/ex +A3fbK32NFrgguDg== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6BO/XM4CY4A6MXS0It0mmWotlrINeIN+ElFGE0qvaZQ=; b=K9jI49jQV8qPC4HDukiV/itEqObzPRcDI2cxTrbLaVmHM9c5kpjeHd3xA0WUcK7ZciLPFk OVZH5/WxvUsQ9kCs1PoDfPbs5jEUeu4d3SnuFRFh9hsgzZcD3XsGBbvFQyao8ltsU/H9OO OfUwNSfgv8RuAln/QMvHYLVpdrjxyTU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6BO/XM4CY4A6MXS0It0mmWotlrINeIN+ElFGE0qvaZQ=; b=nU/aOJJTGDoOskAVdUHdJW6JZDgK3whIZwe5TfkY1F8CQeHz/dFrzI2mVGzWcP1SA0s/ex +A3fbK32NFrgguDg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 65E7413AD3; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id QO2bGL4ayGhnVgAAD6G6ig (envelope-from ); Mon, 15 Sep 2025 13:55:10 +0000 From: Vlastimil Babka Date: Mon, 15 Sep 2025 15:55:11 +0200 Subject: [PATCH v2 4/6] slab: move validate_slab_ptr() from alloc_consistency_checks() to its caller Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250915-slub-slab-validation-v2-4-314690fc1532@suse.cz> References: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> In-Reply-To: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spam-Level: X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; R_RATELIMIT(0.00)[to_ip_from(RLwn5r54y1cp81no5tmbbew5oc)]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo] X-Spam-Flag: NO X-Spam-Score: -4.30 In alloc_debug_processing() we can call validate_slab_ptr() upfront and then don't need to recheck when alloc_consistency_checks() fails for other reasons. Reviewed-by: Harry Yoo Signed-off-by: Vlastimil Babka --- mm/slub.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 6fb24010c17019ed304b4ef61f402212dd634efb..12ad42f3d2e066b02340f2c30a8= 5422583af3c5d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1633,11 +1633,6 @@ void setup_slab_debug(struct kmem_cache *s, struct s= lab *slab, void *addr) static inline int alloc_consistency_checks(struct kmem_cache *s, struct slab *slab, void *object) { - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - return 0; - } - if (!check_slab(s, slab)) return 0; =20 @@ -1656,6 +1651,11 @@ static noinline bool alloc_debug_processing(struct k= mem_cache *s, struct slab *slab, void *object, int orig_size) { if (s->flags & SLAB_CONSISTENCY_CHECKS) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return false; + } + if (!alloc_consistency_checks(s, slab, object)) goto bad; } @@ -1667,17 +1667,15 @@ static noinline bool alloc_debug_processing(struct = kmem_cache *s, return true; =20 bad: - if (validate_slab_ptr(slab)) { - /* - * If this is a slab page then lets do the best we can - * to avoid issues in the future. Marking all objects - * as used avoids touching the remaining objects. - */ - slab_fix(s, "Marking all objects used"); - slab->inuse =3D slab->objects; - slab->freelist =3D NULL; - slab->frozen =3D 1; /* mark consistency-failed slab as frozen */ - } + /* + * Let's do the best we can to avoid issues in the future. Marking all + * objects as used avoids touching the remaining objects. + */ + slab_fix(s, "Marking all objects used"); + slab->inuse =3D slab->objects; + slab->freelist =3D NULL; + slab->frozen =3D 1; /* mark consistency-failed slab as frozen */ + return false; } =20 --=20 2.51.0 From nobody Thu Oct 2 15:18:40 2025 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B8351F7910 for ; Mon, 15 Sep 2025 13:55:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944527; cv=none; b=mZnnQR21yLcbyMFRNADvJKR4J/4KmkC1n1veWkbagrnSa0D4iRmyiuzGgoqocukeQ0sKyMlwNk5lEk8NlrWIiUa24QEyuoIkpoe/UO+fg23qOfrfsk71XW2CI8GuAKtoYM7bA/wo97lZ1X4Aqzm97uGghsj38MvOVFja3jbS308= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944527; c=relaxed/simple; bh=yx9swKlEE32j5EGHX98aO4cFPrOX/4B2PJCvxwa1uU0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ljg8MR0A79UraMPLVqsYNwMhq1Zbb3uWMuUDYoDOwdGytaXtdWmhO8eCpuIkcBlwiz9yMru3hOsc5GGaDViV5oLcxBHpl2FM17MFEP7g1Qu5MEQZ6aUtmD+IKadkw7tdBW4evoTWMAit4HbFLCDn9Jrdq9Wff7DluCoyh2nWVdg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=TBB0SvGp; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=F3t0KNuU; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=TBB0SvGp; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=F3t0KNuU; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="TBB0SvGp"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="F3t0KNuU"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="TBB0SvGp"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="F3t0KNuU" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 8A5253373F; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3aFYCuHm05s73tMXYFeBnQKfhnxCSiN8/Pi6EDb3yRQ=; b=TBB0SvGprSGr7Hp+nsaLYIP/LhraF6DmpBLL7FcPjr3SGa+RfMhT+olWwvqPyo5VqJM4RY bVk90WcY4QDIytc7Gx+oI7ALh0Lb5tPUVcTefMk5bBTiEZw9PYOhh2bAKCZ+S+UMX1kkHX IZVj55dEr98aGBcIaUMW8ALgEm+SmCQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3aFYCuHm05s73tMXYFeBnQKfhnxCSiN8/Pi6EDb3yRQ=; b=F3t0KNuUsvKacjdIp1+wuU530xZy7vYnSiQtPx7FAjudLq/0JFanw/HYHxROGDYlrQMA4x /f8HlOL1acJp9TAg== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3aFYCuHm05s73tMXYFeBnQKfhnxCSiN8/Pi6EDb3yRQ=; b=TBB0SvGprSGr7Hp+nsaLYIP/LhraF6DmpBLL7FcPjr3SGa+RfMhT+olWwvqPyo5VqJM4RY bVk90WcY4QDIytc7Gx+oI7ALh0Lb5tPUVcTefMk5bBTiEZw9PYOhh2bAKCZ+S+UMX1kkHX IZVj55dEr98aGBcIaUMW8ALgEm+SmCQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3aFYCuHm05s73tMXYFeBnQKfhnxCSiN8/Pi6EDb3yRQ=; b=F3t0KNuUsvKacjdIp1+wuU530xZy7vYnSiQtPx7FAjudLq/0JFanw/HYHxROGDYlrQMA4x /f8HlOL1acJp9TAg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 7567313ADB; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 6FZZHL4ayGhnVgAAD6G6ig (envelope-from ); Mon, 15 Sep 2025 13:55:10 +0000 From: Vlastimil Babka Date: Mon, 15 Sep 2025 15:55:12 +0200 Subject: [PATCH v2 5/6] slab: validate slab before using it in alloc_single_from_partial() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250915-slub-slab-validation-v2-5-314690fc1532@suse.cz> References: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> In-Reply-To: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FUZZY_RATELIMITED(0.00)[rspamd.com]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; R_RATELIMIT(0.00)[to_ip_from(RLwn5r54y1cp81no5tmbbew5oc)]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo] X-Spam-Flag: NO X-Spam-Level: X-Spam-Score: -4.30 We touch slab->freelist and slab->inuse before checking the slab pointer is actually sane. Do that validation first, which will be safer. We can thus also remove the check from alloc_debug_processing(). This adds a new "s->flags & SLAB_CONSISTENCY_CHECKS" test but alloc_single_from_partial() is only called for caches with debugging enabled so it's acceptable. In alloc_single_from_new_slab() we just created the struct slab and call alloc_debug_processing() to mainly set up redzones, tracking etc, while not really expecting the consistency checks to fail. Thus don't validate it there. Signed-off-by: Vlastimil Babka Reviewed-by: Harry Yoo --- mm/slub.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 12ad42f3d2e066b02340f2c30a85422583af3c5d..e5b53d1debddd3fe0f941f579a1= 043a5b976e50b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -821,6 +821,8 @@ static inline unsigned int get_orig_size(struct kmem_ca= che *s, void *object) return *(unsigned int *)p; } =20 +#ifdef CONFIG_SLUB_DEBUG + /* * For debugging context when we want to check if the struct slab pointer * appears to be valid. @@ -830,7 +832,6 @@ static inline bool validate_slab_ptr(struct slab *slab) return PageSlab(slab_page(slab)); } =20 -#ifdef CONFIG_SLUB_DEBUG static unsigned long object_map[BITS_TO_LONGS(MAX_OBJS_PER_PAGE)]; static DEFINE_SPINLOCK(object_map_lock); =20 @@ -1651,11 +1652,6 @@ static noinline bool alloc_debug_processing(struct k= mem_cache *s, struct slab *slab, void *object, int orig_size) { if (s->flags & SLAB_CONSISTENCY_CHECKS) { - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - return false; - } - if (!alloc_consistency_checks(s, slab, object)) goto bad; } @@ -2825,13 +2821,21 @@ static void *alloc_single_from_partial(struct kmem_= cache *s, =20 lockdep_assert_held(&n->list_lock); =20 +#ifdef SLUB_DEBUG + if (s->flags & SLAB_CONSISTENCY_CHECKS) { + if (!validate_slab_ptr(slab)) { + slab_err(s, slab, "Not a valid slab page"); + return NULL; + } + } +#endif + object =3D slab->freelist; slab->freelist =3D get_freepointer(s, object); slab->inuse++; =20 if (!alloc_debug_processing(s, slab, object, orig_size)) { - if (validate_slab_ptr(slab)) - remove_partial(n, slab); + remove_partial(n, slab); return NULL; } =20 --=20 2.51.0 From nobody Thu Oct 2 15:18:40 2025 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6333B305062 for ; Mon, 15 Sep 2025 13:55:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944534; cv=none; b=UnV14RIWUInph7xKkY165NIBIhF38MQE/FXczAhCwAHwUxfZfE/SSS0oSUrrSdc3YnnKvpgF9TQk/+A6zdcCZweZNuDEuKmKaj6b+GGs6AhNWmY8DGZz/bjSSOSp/032k/2tQGp82UbAce82LqiHsB5o18SD5dyQmg8i15/JEx4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757944534; c=relaxed/simple; bh=aDJ5YxL8SPy2pJ4aI19nrb5XcncBqfio3shlTU1b0ac=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=oc9AnM+lMf6pmu/+4Z83cV1rXHA7ku6uB2pVBYVDlKIJzaXBjhTaLMSPgGG1E10Y64iIaw5bWV+JsDWB66q/xE1OdOKUE8Og5s19UciDAOw8xgdpACq2a2GyOhzW/b4g2acWI90awZFhvipPY5+KQUy3JpZn1rw6RMX2+otTCRQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=FxtCWqvR; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=mTzrYONe; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=FxtCWqvR; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=mTzrYONe; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="FxtCWqvR"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="mTzrYONe"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="FxtCWqvR"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="mTzrYONe" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 988433374A; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Yhq37OvjM7fq00iEJul32hLecu5UF+dKNzM5S6DIT68=; b=FxtCWqvR5ywVPaYtW5YFKfdfWmRJ3K6NxfiT/WISnhCdXqkcsTQJEwv3RrNpSrYU47Gm7e x/A6YEm0wJOi8YgJbClNr3lO9P84GIuhrzgMmQdpdZgkp6OjPvNHJm7EQAQsB84EsJgVwA ZGtEv1U986SydiOJ5pVIVED2PqNzr7E= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Yhq37OvjM7fq00iEJul32hLecu5UF+dKNzM5S6DIT68=; b=mTzrYONeW8ploOIGMF5soa9ONZ78yoSDZAqUfFFlBTkBwMc33XoxrC9S0Ip2GBnqZM/3kw O7LDL+kk/DgRAaBQ== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=FxtCWqvR; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=mTzrYONe DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Yhq37OvjM7fq00iEJul32hLecu5UF+dKNzM5S6DIT68=; b=FxtCWqvR5ywVPaYtW5YFKfdfWmRJ3K6NxfiT/WISnhCdXqkcsTQJEwv3RrNpSrYU47Gm7e x/A6YEm0wJOi8YgJbClNr3lO9P84GIuhrzgMmQdpdZgkp6OjPvNHJm7EQAQsB84EsJgVwA ZGtEv1U986SydiOJ5pVIVED2PqNzr7E= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1757944510; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Yhq37OvjM7fq00iEJul32hLecu5UF+dKNzM5S6DIT68=; b=mTzrYONeW8ploOIGMF5soa9ONZ78yoSDZAqUfFFlBTkBwMc33XoxrC9S0Ip2GBnqZM/3kw O7LDL+kk/DgRAaBQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 864891368D; Mon, 15 Sep 2025 13:55:10 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id +FaGIL4ayGhnVgAAD6G6ig (envelope-from ); Mon, 15 Sep 2025 13:55:10 +0000 From: Vlastimil Babka Date: Mon, 15 Sep 2025 15:55:13 +0200 Subject: [PATCH v2 6/6] slab: don't validate slab pointer in free_debug_processing() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250915-slub-slab-validation-v2-6-314690fc1532@suse.cz> References: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> In-Reply-To: <20250915-slub-slab-validation-v2-0-314690fc1532@suse.cz> To: "Matthew Wilcox (Oracle)" Cc: Harry Yoo , Christoph Lameter , David Rientjes , Roman Gushchin , Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka X-Mailer: b4 0.14.2 X-Spam-Level: X-Spam-Flag: NO X-Rspamd-Queue-Id: 988433374A X-Rspamd-Action: no action X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Spamd-Result: default: False [-4.51 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; RCPT_COUNT_SEVEN(0.00)[9]; RCVD_TLS_ALL(0.00)[]; R_RATELIMIT(0.00)[to_ip_from(RLfsjnp7neds983g95ihcnuzgq)]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:rdns,imap1.dmz-prg2.suse.org:helo]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; DKIM_TRACE(0.00)[suse.cz:+] X-Spam-Score: -4.51 The struct slab pointer has been obtained from the object being freed on all the paths that lead to this function. In all cases this already includes the test for slab type of the struct page which struct slab is overlaying. Thus we would not reach this function if it was not a valid slab pointer in the first place. One less obvious case is that kmem_cache_free() trusts virt_to_slab() blindly so it may be NULL if the slab type check is false. But with SLAB_CONSISTENCY_CHECKS, cache_from_obj() called also from kmem_cache_free() catches this and returns NULL, which terminates freeing immediately. Reviewed-by: Harry Yoo Signed-off-by: Vlastimil Babka --- mm/slub.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index e5b53d1debddd3fe0f941f579a1043a5b976e50b..6fe02b1d3fe9d4101465190ebef= d6df41f887fb9 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3492,11 +3492,6 @@ static inline bool free_debug_processing(struct kmem= _cache *s, int cnt =3D 0; =20 if (s->flags & SLAB_CONSISTENCY_CHECKS) { - if (!validate_slab_ptr(slab)) { - slab_err(s, slab, "Not a valid slab page"); - goto out; - } - if (!check_slab(s, slab)) goto out; } --=20 2.51.0