On Mon, 27 Apr 2020, Waiman Long wrote:
>
> To fix it, use the check "s->offset == s->inuse" in the new helper
> function freeptr_after_object() instead. Also add another helper function
> get_info_end() to return the end of info block (inuse + free pointer
> if not overlapping with object).
>
> Fixes: 3202fa62fb43 ("slub: relocate freelist pointer to middle of object")
> Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
> ---
> mm/slub.c | 37 ++++++++++++++++++++++---------------
> 1 file changed, 22 insertions(+), 15 deletions(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 0e736d66bb42..68f1b4b1c309 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -551,15 +551,29 @@ static void print_section(char *level, char *text, u8 *addr,
> metadata_access_disable();
> }
>
> +static inline bool freeptr_after_object(struct kmem_cache *s)
bool freeptr_outside_of_object()?
> +{
> + return s->offset == s->inuse;
s->offset >= s->inuse?
There may be a redzone after the object.
> +static inline unsigned int get_info_end(struct kmem_cache *s)
static inline track_offset()?
