From patchwork Sat Jun 5 01:58:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lin, Zhenpeng" X-Patchwork-Id: 12301251 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MISSING_HEADERS,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A12C2C47082 for ; Sat, 5 Jun 2021 07:35:41 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 1A19C6121E for ; Sat, 5 Jun 2021 07:35:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1A19C6121E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=psu.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 80D7C6B006C; Sat, 5 Jun 2021 03:35:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7BE696B0070; Sat, 5 Jun 2021 03:35:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 612166B0071; Sat, 5 Jun 2021 03:35:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0240.hostedemail.com [216.40.44.240]) by kanga.kvack.org (Postfix) with ESMTP id 2FB9C6B006C for ; Sat, 5 Jun 2021 03:35:40 -0400 (EDT) Received: from smtpin31.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id B8E6D12C0 for ; Sat, 5 Jun 2021 07:35:39 +0000 (UTC) X-FDA: 78218860398.31.84E1CB2 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2134.outbound.protection.outlook.com [40.107.223.134]) by imf10.hostedemail.com (Postfix) with ESMTP id 9821C40002AD for ; Sat, 5 Jun 2021 07:35:38 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=egxSqdY31ZvoenbROZbM9AR/YbPfxUux8cRIYcu16tQTwEehkfFdivGsabIeHPwxIuVrokocVUMqiywK1KvPIjfTMWfcAFe65hg442PKBpBhYjKWRMSrjHBjhRXeAL77baUCjf+G9cqjkjUKoWUGDfYUJWsOiGc21Wy3UZPj1009MJ0xW0jXtofFKChsOu4/OhdgQ48X+saocF7nbtUogBNVYwdnw1UbLgwbSyGMUtGvsPxalJhHfbAHTriZmz/BTUM82QAcveB+44H/vweJ9XdVqbeuOVJ6C/WhfZ98PHX3HyXS7+ae9QLZHc5U/U6KK8nUkLV6AyeWZGf109Z9mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+gbpXCsnlJwKY5rhaKXO9TugTXG3on4XJh9c1CSFDE=; b=AOBUQ8pD52NQ3R4AiLLh1U0rrhRKJY4NCi+B+XZ8MklQc79fE32fnkXd0jCFMItXXsnFNMJcivJTieR4pvzMqyj+Jd1d8ypKGuMzjVIjTPum6GqwVgw+YMZ/a5VY1CbNzvvpxl2sAIOB2fE+/xrXsl/dsE0EY0G8n+nktvKZeRNRUkEknETNVSdUSTuRI8JDxJNUCFq5BXtSFgBQMaZ/oUb54j+OYCZrWlN+eQoWpz0+6puWh7A4oWgIUKe4D/0y3Px04cGD4qAKmjNCnTespY71TxxlKCsmuO9tzESwHYyJlPNpwzwa8fpjH1T51S/FoeDH83e3uvCUUvYnFguvXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=psu.edu; dmarc=pass action=none header.from=psu.edu; dkim=pass header.d=psu.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=psu.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D+gbpXCsnlJwKY5rhaKXO9TugTXG3on4XJh9c1CSFDE=; b=giDiUSPlDPoiI5EB8RUhHPaAqwUW2JTyBiPJDPoOzsnKaOfHy1RkHTZgh2VV4wqttF6kPgsX3q3SgtHBC35UE80nu3yROUJY4HC6mA9oVt0unBEnEYLZG7q+6g+thAAvr36HUf6FSgrdIEVaKYWNx7P43CzFk0oiqPYSzgBZDrI= Received: from BL0PR02MB4370.namprd02.prod.outlook.com (2603:10b6:208:42::31) by BL3PR02MB8252.namprd02.prod.outlook.com (2603:10b6:208:343::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.20; Sat, 5 Jun 2021 01:58:13 +0000 Received: from BL0PR02MB4370.namprd02.prod.outlook.com ([fe80::b9aa:60c4:fd30:a12f]) by BL0PR02MB4370.namprd02.prod.outlook.com ([fe80::b9aa:60c4:fd30:a12f%7]) with mapi id 15.20.4173.030; Sat, 5 Jun 2021 01:58:13 +0000 From: "Lin, Zhenpeng" CC: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Kees Cook , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" Subject: [PATCH] slub: choose the right freelist pointer location when creating small caches Thread-Topic: [PATCH] slub: choose the right freelist pointer location when creating small caches Thread-Index: AQHXWa4+V/vSYomud0a9EoZDRw8H2A== Date: Sat, 5 Jun 2021 01:58:13 +0000 Message-ID: <6746FEEA-FD69-4792-8DDA-C78F5FE7DA02@psu.edu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [67.22.19.206] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 27480e31-a3ed-4759-9840-08d927c560ac x-ms-traffictypediagnostic: BL3PR02MB8252: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2276; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: oMyAYnyHPLEZzHZPOwgprxWbwLA+WQq7fcpwK9d5oERHiTTCROZhg7TYIPLneHDNZNxV8mAvNpE6VGWYbPgzS/anHwU6UUEmCiy25Ki7uDoknHvBZRmN2bEsxT4gd/EDHmYFI2186LcBHLusIwNJId0loo0WYQUSTJ26F0lOgH5Ku+vETzADuERfTIahU9fr3+ByeTtaRSWuHa8HdsXfmm0HYDEnzckhvTTVKuWBNxm3IPUgRxckRDRbffomVZzh0uR80pRCKivvi3Afbwbax0ywy7jy3QfrrFb+XHkozUoPE5XpW7f4WruBR4g8sAqMFg9wTlYMJw2yWjoWe+8z3qYyYtVG9xYX3JaW1wcyGBQY6tyKKWURTTDqZdvGcTyBV2JzFRHXdEX/wmpJKkKX9xCDLdXkenlzg7nsOhTYljU6xju0lAO/DQP3DJCeOFTC3SL8RHejSWX9CLRX7DoOuRVGRYtN5F5RoUqgbl+XeR1WCGHWsc/Y1ckZGEpQRNRESZ5Q4VHsDLKPUESWs5lqudClueeW7EJnbObg4NGMemzRU3gzrOd+j/e2jiZPM0bOVnavSywx5xVHEVyk88icrmLLrYWmRajbOSkrZUjPliU7j2C+V+Zb60o9GGAfToO0yf2sZTza/k1ziPTdLaBLreq2u/Nsm5imIVOIaMM74Fs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BL0PR02MB4370.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(366004)(376002)(39860400002)(396003)(136003)(26005)(186003)(6506007)(8676002)(786003)(36756003)(316002)(6486002)(109986005)(54906003)(4326008)(6512007)(8936002)(2616005)(478600001)(64756008)(2906002)(75432002)(71200400001)(66946007)(66476007)(66556008)(76116006)(66446008)(86362001)(83380400001)(33656002)(122000001)(38100700002)(5660300002)(45980500001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?Q4X9nKn1IPKpjKPDsqE8h1hQP9zO?= =?utf-8?q?t0PEenYbbwuxY6l2GD9xzasjI3O4XsGSCQhw5ceqMfAp6cwhNmuPPa+yw0vsvwLC8?= =?utf-8?q?yfLi57kB7OVgj7fWEpj3GDZR1wuUIJhKHFu9V/C844fTGytkiqyvUGVD+KtqY6K88?= =?utf-8?q?7pTq6pG9vwlsVFnuCEVIeDO2F/1WJLBa6HkOlNlYYPXjnsTpT8MSFmg7B/a9nqNSU?= =?utf-8?q?LLPObJzJO48RSbnMnPw6rP34QCHTDTjL228oRTgCWS3lMvmGVw1ruTm2zDBLoBMjJ?= =?utf-8?q?76TicfdEwVgTSuRwhXX+g0A9V8QqBfCV/NQtG2DyfwGS+rBz6EPhvxAU2sJ5WUrA5?= =?utf-8?q?JweLqBbO82PvPzL6spMLsMwDNA09TWXNs7ZPSVfzmPFMg/Z1F8vFcGnEEBhSQzxb/?= =?utf-8?q?U96BSRqEIkFLui462ZJAvoBb4RBizwbcGrxd0o1O8RrCwugv+rer2KRnkJ6v9Nvye?= =?utf-8?q?cdBHoeBGQswVvv63n4x0rq8HYpz3PKYg+cbVHEbrzt/XOiM2mhuPQVtNrhhrfrbMa?= =?utf-8?q?BsoIC0CYYgpq7n1n7sW3t3BfWU+ksfC3Tn7AjFsbzxjVkhqhd1Ix++hHCaj80hhsc?= =?utf-8?q?j6DLNedQoVzmfOIWERW8FB/pUcNy0pzA3JzJ+yLbz1moA6rhgkGCCueaXLrF2Obon?= =?utf-8?q?HtmqwIprcCdkJf2LWXWzjnLK+Ea+/aV3BR1pmiF00pds7C0bvJ8nr7f7XrAV+IGKS?= =?utf-8?q?ImyrBHFIgV6PfiaNxcpw7SBe8rnx7g+Gr9s0A9545ZWL1Q3G1KWRn1BoMFtZmXpK+?= =?utf-8?q?eDh+CfYmVK0quuRSRDlZwC/QH4D2vZap81SwZpJYCyQRxQ8QdmHxbrWaxsi2LrLlX?= =?utf-8?q?bYzjaaofGMsB49jrfl+IMsYh6XDQNE0mL2zQkLmLZ1qanjhKcm0dhZrDJIJoz4Dqy?= =?utf-8?q?IAHPBxIdvSUSS8RjSa1W0fJdlbdr1wMardkhrYZI9JR4YszWDcruT6acZPIqpgaQ7?= =?utf-8?q?s3CfjN6iQVYyu3FtTcMw819eQ3N9jYM+YkF/KKQFmoiRVbGwxQKliM4SNHr0A3KJe?= =?utf-8?q?ECZnDCbljtxz3Xne9MIkvCKrf/8XtCt1M+nkkx91UbHuXRXkA9E1fLJqHEdgKqvPV?= =?utf-8?q?kBXydyPQ+QmNqJS/c/mNdYxkPUTu7XEOep6yQ8QqU3wnEGPBKFoPVIaSre6LOApK6?= =?utf-8?q?W4hQbMn8qvG4eXR15HLAYTnEKr5UTXhawNk5NTvT8GYgxniujl1oZo3JU5bb1Ielz?= =?utf-8?q?V7oOCcd2pLIAzakJ3EcDHLO2MEW0MF89nQKLxOZjdloupHRKVR+Z61a4W9Z5Y/qpG?= =?utf-8?q?72qIHl9gev9q7Ppq?= x-ms-exchange-transport-forked: True Content-ID: <71AA9A43EF0D3C4EA81674552F6715C5@namprd02.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: psu.edu X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BL0PR02MB4370.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 27480e31-a3ed-4759-9840-08d927c560ac X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2021 01:58:13.2311 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 7cf48d45-3ddb-4389-a9c1-c115526eb52e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: c/JUkxmk99FFF0PVWKViveBpZTICLRuLc/IRDEpkM4ATltpzIzBuhR6sMHCV9L6F X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR02MB8252 Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=psu.edu header.s=selector1 header.b=giDiUSPl; spf=pass (imf10.hostedemail.com: domain of zplin@psu.edu designates 40.107.223.134 as permitted sender) smtp.mailfrom=zplin@psu.edu; dmarc=pass (policy=none) header.from=psu.edu X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 9821C40002AD X-Stat-Signature: 8hyhqozaex8a8onrax56xua4397ijys7 X-HE-Tag: 1622878538-412765 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When enabling CONFIG_SLUB_DEBUG and booting with "slub_debug=Z", the kernel crashes at creating caches if the object size is smaller than 2*sizeof(void*). The problem is due to the wrong calculation of freepointer_area. The freelist pointer can be stored in the middle of object only if the object size is not smaller than 2*sizeof(void*). Otherwise, the freelist pointer will be corrupted by SLUB_RED_ZONE. Fixes: 3202fa62fb43 ("slub: relocate freelist pointer to middle of object") Fixes: 89b83f282d8b ("slub: avoid redzone when choosing freepointer location") Signed-off-by: Zhenpeng Lin --- mm/slub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.17.1 diff --git a/mm/slub.c b/mm/slub.c index 3f96e099817a..cb23233ee683 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3704,7 +3704,7 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) * can't use that portion for writing the freepointer, so * s->offset must be limited within this for the general case. */ - freepointer_area = size; + freepointer_area = s->object_size; #ifdef CONFIG_SLUB_DEBUG /* @@ -3751,7 +3751,7 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) */ s->offset = size; size += sizeof(void *); - } else if (freepointer_area > sizeof(void *)) { + } else if (freepointer_area >= 2 * sizeof(void *)) { /* * Store freelist pointer near middle of object to keep * it away from the edges of the object to avoid small