From patchwork Wed Nov 29 09:53:29 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vlastimil Babka <vbabka@suse.cz>
X-Patchwork-Id: 13472574
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8253DC4167B
	for <linux-mm@archiver.kernel.org>; Wed, 29 Nov 2023 09:54:01 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 1D01B6B03BE; Wed, 29 Nov 2023 04:53:44 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 994046B03C5; Wed, 29 Nov 2023 04:53:43 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 501206B03C3; Wed, 29 Nov 2023 04:53:43 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com
 [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 59B2B6B03C3
	for <linux-mm@kvack.org>; Wed, 29 Nov 2023 04:53:42 -0500 (EST)
Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 297871404F2
	for <linux-mm@kvack.org>; Wed, 29 Nov 2023 09:53:42 +0000 (UTC)
X-FDA: 81510529884.20.A994CE0
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])
	by imf21.hostedemail.com (Postfix) with ESMTP id 017241C0015
	for <linux-mm@kvack.org>; Wed, 29 Nov 2023 09:53:39 +0000 (UTC)
Authentication-Results: imf21.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=JSaWHQ5n;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=F3IPQ3Nk;
	dmarc=none;
	spf=pass (imf21.hostedemail.com: domain of vbabka@suse.cz designates
 195.135.223.131 as permitted sender) smtp.mailfrom=vbabka@suse.cz
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1701251620;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=Z/MdY/rw/HJ2oq6eayRQ1jISyVijjFBbUkDkU5iKbc8=;
	b=Vt1/CEllMdFeOutafbJF4gK9gGIR2ia8lJS7FRkbdmOq/3I49007ogygymKMF11WSOVs6R
	5WaN3XVmKWaHhktX8ReAplOinzeYO5ESsfGMRdWgvqx4p+79aoPitYuA/ZtcyDfLe2RKHv
	7X4XipTt8kOv9zViG/4VudNvQLsLjII=
ARC-Authentication-Results: i=1;
	imf21.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=JSaWHQ5n;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=F3IPQ3Nk;
	dmarc=none;
	spf=pass (imf21.hostedemail.com: domain of vbabka@suse.cz designates
 195.135.223.131 as permitted sender) smtp.mailfrom=vbabka@suse.cz
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1701251620; a=rsa-sha256;
	cv=none;
	b=HmBOhfjI3xLSBMNk/nt+agRpv8LwOgW6MZl4n5JWZzIsVjO0mjsG3q8yNicbMkQjvCxrlZ
	8LTMkXuXXPiAefJeNUjYva576J/QSw+t9Og0XsKBBpni7HkgSCv7LwtQypCGWeA0BYh2Ck
	NJYibuvfovU2f8pB92uRMJMvQaHLHtw=
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org
 [10.150.64.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id 44CA81F8B9;
	Wed, 29 Nov 2023 09:53:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz;
 s=susede2_rsa;
	t=1701251617;
 h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Z/MdY/rw/HJ2oq6eayRQ1jISyVijjFBbUkDkU5iKbc8=;
	b=JSaWHQ5ngHNR9h0BjZPRO9pLV15+bY/sEiVQLXEtaalvdmi6pmxe9eubOmuCdSSXeNh/Sb
	Nh4DIf+6GCzwc4Z9cmo4/0h6AQF8+HTMP/IskJTEjbgBOYzfWDDmc9KEj599VKQ98q9w7M
	A6yjwcRMpx9Ot6/k9lkxkNg8+uMSuPs=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1701251617;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Z/MdY/rw/HJ2oq6eayRQ1jISyVijjFBbUkDkU5iKbc8=;
	b=F3IPQ3NkAI4OgYj5R6JdEz852oBdNpOhcIfg0KleOLz7BA8tL0iO7eyPul69JqVGKjb/Zt
	uYSShywwUe5LzyAQ==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 240B213A9A;
	Wed, 29 Nov 2023 09:53:37 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id +GmBCCEKZ2UrfQAAD6G6ig
	(envelope-from <vbabka@suse.cz>); Wed, 29 Nov 2023 09:53:37 +0000
From: Vlastimil Babka <vbabka@suse.cz>
Date: Wed, 29 Nov 2023 10:53:29 +0100
Subject: [PATCH RFC v3 4/9] mm/slub: free KFENCE objects in
 slab_free_hook()
MIME-Version: 1.0
Message-Id: <20231129-slub-percpu-caches-v3-4-6bcf536772bc@suse.cz>
References: <20231129-slub-percpu-caches-v3-0-6bcf536772bc@suse.cz>
In-Reply-To: <20231129-slub-percpu-caches-v3-0-6bcf536772bc@suse.cz>
To: Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>,
 David Rientjes <rientjes@google.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>,
 Matthew Wilcox <willy@infradead.org>,
 "Liam R. Howlett" <Liam.Howlett@oracle.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
 Roman Gushchin <roman.gushchin@linux.dev>,
 Hyeonggon Yoo <42.hyeyoo@gmail.com>,
 Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>,
 Dmitry Vyukov <dvyukov@google.com>, linux-mm@kvack.org,
 linux-kernel@vger.kernel.org, maple-tree@lists.infradead.org,
 kasan-dev@googlegroups.com, Vlastimil Babka <vbabka@suse.cz>
X-Mailer: b4 0.12.4
X-Rspam-User: 
X-Rspamd-Server: rspam12
X-Rspamd-Queue-Id: 017241C0015
X-Stat-Signature: gzkozhjos34kwx4wkty388537gt595g4
X-HE-Tag: 1701251619-870434
X-HE-Meta: 
 U2FsdGVkX19mpuc4fh7gGaSZSFfXWSoyCMOaHvNCrXMdIRxROZaBOUggl7f0VCwZCr9i23nMhyE8/fg+HBjli2S5/ETSIk1L1njbMRpvEMJvkwSM7cQizSjkWMQ7EZ5ZgXOnuXDiIy34d6VetYZ4JJiIXq5ydG/9HaA/msryAI5f8jjVOz67pY0JBTGbrlZfV9gGLpZAOyv476osER8vTOkhpCfVDqOUqPy5/dtFNYcBjoCGzlz7F+UATimfj9wHFv/zlO5Kz6R3nS2XqwR70d3hJDS6UmjuCXyL2OZJrV7jv1n+5x1Xp2JT7hDKyUk6jp3N9N+QPFO+b4I5LDxma/FRsNRukPDo2LSgEKa/l52y1iQpXDwxu8wfcuv6xNaDNUsrVPuargsVJrG6XYLhDZY1nbPA7DlqzVkkTXZiK3ykPBfAyrlA0bmVszwbV/s03Cacp01NHMWABMP0w3/pSGeTJynsGosQq6T/ZOfnaRSUsDIIzkIxZL5CGP0SOd25ti+zGfmQ0GbFaGJcs1afJU0Cqra30gFHN2ssUG5Y30NXYR0nIos1CnEq3HdlHJIM+vjpTUWe5skHR2qapbbFGUf6eWI2rJmMGFVi/wcxI6185zySEuvaQreG3RvybvLl19xJTjBdok/tJ5ZsDq/7y3zI/t3KO0xIObR91dkrt9MOHNyWSCvHYuxt5LJ6Nlf7coLVpqGKS96729KPKZmikA9+17n7HOUnh4hG2PEichC2qtiTRL9zHnZMuXARgl17ypdFkFONyUkhgCP6+KJIZMhvFAUGcue/rHdstl1CXzLbVO/aySalZJp5e/QWzUdH24Ska/otAwVeJqvwCmd7DkFnFh2qK62mWSi53ek8W6sxjVQitfahUrJptFfPPrzFFEiAb95KL9kqyJQydER8QEn+spiaGsLn6ht8qNuX9POd6RR+4BbjA8NHuXMa2YZ0xnyTS910XAKqP0WE0em
 lhKonULz
 g/qeG0auZk9iiSmFB05kAfS7Slh783QNkam3r+N37hH94ZNH2Y2qIiQtqhkXlugwKeacSQRemImNSPe9wDBf8MycJfnZs1U+xG+24+k6MBXNnBmxlx8x190L0APTI0+P44f8NcmZwIzzdY7rO7t4nozZ8hs7KOkp3btGUdrASGjDX9UQThao2+DX8ChgGW2Qe+t7Szgv562kce3b7qJy9VnqtOhITX1M9ff1l4O+VCMiXDk00HT9K7xfp3lnnKJZ0Tbc0wRQBsKCARREgx1GhM2W0qDwGvyxAXJ36o6cmsdurzC2AB3F6Vyp90rjiiKVe//V67O/KnHjKGyvGMmeAUOg/6g==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

When freeing an object that was allocated from KFENCE, we do that in the
slowpath __slab_free(), relying on the fact that KFENCE "slab" cannot be
the cpu slab, so the fastpath has to fallback to the slowpath.

This optimization doesn't help much though, because is_kfence_address()
is checked earlier anyway during the free hook processing or detached
freelist building. Thus we can simplify the code by making the
slab_free_hook() free the KFENCE object immediately, similarly to KASAN
quarantine.

In slab_free_hook() we can place kfence_free() above init processing, as
callers have been making sure to set init to false for KFENCE objects.
This simplifies slab_free(). This places it also above kasan_slab_free()
which is ok as that skips KFENCE objects anyway.

While at it also determine the init value in slab_free_freelist_hook()
outside of the loop.

This change will also make introducing per cpu array caches easier.

Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Tested-by: Marco Elver <elver@google.com>
---
 mm/slub.c | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/mm/slub.c b/mm/slub.c
index 7d23f10d42e6..59912a376c6d 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1772,7 +1772,7 @@ static bool freelist_corrupted(struct kmem_cache *s, struct slab *slab,
  * production configuration these hooks all should produce no code at all.
  *
  * Returns true if freeing of the object can proceed, false if its reuse
- * was delayed by KASAN quarantine.
+ * was delayed by KASAN quarantine, or it was returned to KFENCE.
  */
 static __always_inline
 bool slab_free_hook(struct kmem_cache *s, void *x, bool init)
@@ -1790,6 +1790,9 @@ bool slab_free_hook(struct kmem_cache *s, void *x, bool init)
 		__kcsan_check_access(x, s->object_size,
 				     KCSAN_ACCESS_WRITE | KCSAN_ACCESS_ASSERT);
 
+	if (kfence_free(kasan_reset_tag(x)))
+		return false;
+
 	/*
 	 * As memory initialization might be integrated into KASAN,
 	 * kasan_slab_free and initialization memset's must be
@@ -1819,22 +1822,25 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s,
 	void *object;
 	void *next = *head;
 	void *old_tail = *tail;
+	bool init;
 
 	if (is_kfence_address(next)) {
 		slab_free_hook(s, next, false);
-		return true;
+		return false;
 	}
 
 	/* Head and tail of the reconstructed freelist */
 	*head = NULL;
 	*tail = NULL;
 
+	init = slab_want_init_on_free(s);
+
 	do {
 		object = next;
 		next = get_freepointer(s, object);
 
 		/* If object's reuse doesn't have to be delayed */
-		if (slab_free_hook(s, object, slab_want_init_on_free(s))) {
+		if (slab_free_hook(s, object, init)) {
 			/* Move object to the new freelist */
 			set_freepointer(s, object, *head);
 			*head = object;
@@ -3619,9 +3625,6 @@ static void __slab_free(struct kmem_cache *s, struct slab *slab,
 
 	stat(s, FREE_SLOWPATH);
 
-	if (kfence_free(head))
-		return;
-
 	if (IS_ENABLED(CONFIG_SLUB_TINY) || kmem_cache_debug(s)) {
 		free_to_partial_list(s, slab, head, tail, cnt, addr);
 		return;
@@ -3806,13 +3809,9 @@ static __fastpath_inline
 void slab_free(struct kmem_cache *s, struct slab *slab, void *object,
 	       unsigned long addr)
 {
-	bool init;
-
 	memcg_slab_free_hook(s, slab, &object, 1);
 
-	init = !is_kfence_address(object) && slab_want_init_on_free(s);
-
-	if (likely(slab_free_hook(s, object, init)))
+	if (likely(slab_free_hook(s, object, slab_want_init_on_free(s))))
 		do_slab_free(s, slab, object, object, 1, addr);
 }