From nobody Wed Dec 31 08:46:44 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EC9E2C4332F
	for <linux-kernel@archiver.kernel.org>; Mon,  6 Nov 2023 20:13:06 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232331AbjKFUNF (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Mon, 6 Nov 2023 15:13:05 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39336 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233023AbjKFUMs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Nov 2023 15:12:48 -0500
Received: from out-186.mta1.migadu.com (out-186.mta1.migadu.com
 [IPv6:2001:41d0:203:375::ba])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD9D0D7D
        for <linux-kernel@vger.kernel.org>;
 Mon,  6 Nov 2023 12:12:45 -0800 (PST)
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and
 include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
        t=1699301564;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=Y7WYl7BvMbHXvuo0GG2Dw3ttgTpXyQGpBAxBpCO6Yug=;
        b=Se8wvGtj/WVgiMvB7sZyg/heScqMLOAwYAwTo7zIDTlOs7/E4MpQ3WkYM5OZWwaEklWfOa
        6LljcHgyM247RHb2O+0uPsJYfuEgHjfHFdFXD7jDjGFaAlpmIDR4Qn3spNLTA9EIg7y9u6
        nCPJ9UBSsabPf9Y6+LauRsZG7NRpK20=
From: andrey.konovalov@linux.dev
To: Marco Elver <elver@google.com>,
        Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Andrey Ryabinin <ryabinin.a.a@gmail.com>,
        kasan-dev@googlegroups.com, Evgenii Stepanov <eugenis@google.com>,
        Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org,
        Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH RFC 13/20] mempool: use new mempool KASAN hooks
Date: Mon,  6 Nov 2023 21:10:22 +0100
Message-Id: 
 <35771e9e5fc0fe2169c59f190fbd6bfc901b7c09.1699297309.git.andreyknvl@google.com>
In-Reply-To: <cover.1699297309.git.andreyknvl@google.com>
References: <cover.1699297309.git.andreyknvl@google.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Migadu-Flow: FLOW_OUT
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

From: Andrey Konovalov <andreyknvl@google.com>

Update the mempool code to use the new mempool KASAN hooks.

Rely on the return value of kasan_mempool_poison_object and
kasan_mempool_poison_pages to prevent double-free and invalid-free bugs.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 mm/mempool.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/mm/mempool.c b/mm/mempool.c
index 768cb39dc5e2..f67ca6753332 100644
--- a/mm/mempool.c
+++ b/mm/mempool.c
@@ -104,32 +104,34 @@ static inline void poison_element(mempool_t *pool, vo=
id *element)
 }
 #endif /* CONFIG_DEBUG_SLAB || CONFIG_SLUB_DEBUG_ON */
=20
-static __always_inline void kasan_poison_element(mempool_t *pool, void *el=
ement)
+static __always_inline bool kasan_poison_element(mempool_t *pool, void *el=
ement)
 {
 	if (pool->alloc =3D=3D mempool_alloc_slab || pool->alloc =3D=3D mempool_k=
malloc)
-		kasan_mempool_poison_object(element);
+		return kasan_mempool_poison_object(element);
 	else if (pool->alloc =3D=3D mempool_alloc_pages)
-		kasan_poison_pages(element, (unsigned long)pool->pool_data,
-				   false);
+		return kasan_mempool_poison_pages(element,
+						(unsigned long)pool->pool_data);
+	return true;
 }
=20
 static void kasan_unpoison_element(mempool_t *pool, void *element)
 {
 	if (pool->alloc =3D=3D mempool_kmalloc)
-		kasan_unpoison_range(element, (size_t)pool->pool_data);
+		kasan_mempool_unpoison_object(element, (size_t)pool->pool_data);
 	else if (pool->alloc =3D=3D mempool_alloc_slab)
-		kasan_unpoison_range(element, kmem_cache_size(pool->pool_data));
+		kasan_mempool_unpoison_object(element,
+					      kmem_cache_size(pool->pool_data));
 	else if (pool->alloc =3D=3D mempool_alloc_pages)
-		kasan_unpoison_pages(element, (unsigned long)pool->pool_data,
-				     false);
+		kasan_mempool_unpoison_pages(element,
+					     (unsigned long)pool->pool_data);
 }
=20
 static __always_inline void add_element(mempool_t *pool, void *element)
 {
 	BUG_ON(pool->curr_nr >=3D pool->min_nr);
 	poison_element(pool, element);
-	kasan_poison_element(pool, element);
-	pool->elements[pool->curr_nr++] =3D element;
+	if (kasan_poison_element(pool, element))
+		pool->elements[pool->curr_nr++] =3D element;
 }
=20
 static void *remove_element(mempool_t *pool)
--=20
2.25.1