On 02/23/2018 06:53 PM, Andrey Konovalov wrote:
> The kasan_slab_free hook's return value denotes whether the reuse of a
> slab object must be delayed (e.g. when the object is put into memory
> qurantine).
>
> The current way SLUB handles this hook is by ignoring its return value
> and hardcoding checks similar (but not exactly the same) to the ones
> performed in kasan_slab_free, which is prone to making mistakes.
>
What are those differences exactly? And what problems do they cause?
Answers to these questions should be in the changelog.
> This patch changes the way SLUB handles this by:
> 1. taking into account the return value of kasan_slab_free for each of
> the objects, that are being freed;
> 2. reconstructing the freelist of objects to exclude the ones, whose
> reuse must be delayed.
>
> Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
> ---
>
> @@ -2965,14 +2974,13 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page,
> void *head, void *tail, int cnt,
> unsigned long addr)
> {
> - slab_free_freelist_hook(s, head, tail);
> /*
> - * slab_free_freelist_hook() could have put the items into quarantine.
> - * If so, no need to free them.
> + * With KASAN enabled slab_free_freelist_hook modifies the freelist
> + * to remove objects, whose reuse must be delayed.
> */
> - if (s->flags & SLAB_KASAN && !(s->flags & SLAB_TYPESAFE_BY_RCU))
> - return;
> - do_slab_free(s, page, head, tail, cnt, addr);
> + slab_free_freelist_hook(s, &head, &tail);
> + if (head != NULL)
That's an additional branch in non-debug fast-path. Find a way to avoid this.
> + do_slab_free(s, page, head, tail, cnt, addr);
> }
>
> #ifdef CONFIG_KASAN
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
