> > static inline void *get_freepointer(struct kmem_cache *s, void *object)
> > {
> > object = kasan_reset_tag(object);
> > - return freelist_dereference(s, object + s->offset);
> > + return kmsan_init(freelist_dereference(s, object + s->offset));
>
> ... but I don't see why it applies to get_freepointer() too? What am I missing?
Agreed, kmsan_init() is not needed here.
> > }
> >
> > static void prefetch_freepointer(const struct kmem_cache *s, void *object)
> > @@ -357,18 +361,28 @@ static void prefetch_freepointer(const struct kmem_cache *s, void *object)
> > prefetchw(object + s->offset);
> > }
> >
> > +/*
> > + * When running under KMSAN, get_freepointer_safe() may return an uninitialized
> > + * pointer value in the case the current thread loses the race for the next
> > + * memory chunk in the freelist. In that case this_cpu_cmpxchg_double() in
> > + * slab_alloc_node() will fail, so the uninitialized value won't be used, but
> > + * KMSAN will still check all arguments of cmpxchg because of imperfect
> > + * handling of inline assembly.
> > + * To work around this problem, use kmsan_init() to force initialize the
> > + * return value of get_freepointer_safe().
> > + */
> > static inline void *get_freepointer_safe(struct kmem_cache *s, void *object)
> > {
> > unsigned long freepointer_addr;
> > void *p;
> >
> > if (!debug_pagealloc_enabled_static())
> > - return get_freepointer(s, object);
> > + return kmsan_init(get_freepointer(s, object));
>
> So here kmsan_init() is done twice?
Yeah, removing it from get_freepointer() does not introduce new
errors. I'll fix this in v2.
