On Tue, May 28, 2024 at 03:16:47PM +0800, Chengming Zhou wrote:
> The commit 946fa0dbf2d8 ("mm/slub: extend redzone check to extra
> allocated kmalloc space than requested") will extend right redzone
> when allocating for orig_size < object_size. So we can't overlay the
> freepointer in the object space in this case.
>
> But the code looks like it forgot to check SLAB_RED_ZONE, since there
> won't be extended right redzone if only orig_size enabled.
Look good to me. Thanks!
Reviewed-by: Feng Tang <feng.tang@xxxxxxxxx>
>
> Signed-off-by: Chengming Zhou <chengming.zhou@xxxxxxxxx>
> ---
> mm/slub.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/slub.c b/mm/slub.c
> index de57512734ac..b92d9a557852 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -5150,7 +5150,7 @@ static int calculate_sizes(struct kmem_cache *s)
> */
> s->inuse = size;
>
> - if (slub_debug_orig_size(s) ||
> + if (((flags & SLAB_RED_ZONE) && slub_debug_orig_size(s)) ||
> (flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)) ||
> ((flags & SLAB_RED_ZONE) && s->object_size < sizeof(void *)) ||
> s->ctor) {
>
> --
> 2.45.1
>
