On Mon, 2020-12-14 at 10:19 -0800, Andrew Morton wrote: > On Mon, 14 Dec 2020 13:46:50 +0800 Kuan-Ying Lee <Kuan-Ying.Lee@xxxxxxxxxxxx> wrote: > > > On Sat, 2020-12-12 at 22:05 -0800, akpm@xxxxxxxxxxxxxxxxxxxx wrote: > > > The patch titled > > > Subject: kasan: fix object remaining in offline per-cpu quarantine > > > has been removed from the -mm tree. Its filename was > > > kasan-fix-object-remain-in-offline-per-cpu-quarantine.patch > > > > > > This patch was dropped because it was merged into mainline or a subsystem tree > > > > > > > Hi Andrew, > > > > Sorry to bother. > > This patch has dependency with two patches of Andrey's patch series as > > below. > > "kasan: rename get_alloc/free_info" > > "kasan: sanitize objects when metadata doesnt fit" > > Are you sure? Please check 5.10 and if there are problems there, > please propose a standalone fix. > Yes. Andrey's patch has the return value and return false. Return false will make slab allocator free the object and qlink_free() also free the object, so Qiang remove the qlink_free() to resolve the double free as below. https://lore.kernel.org/linux-mm/20201204102206.20237-1-qiang.zhang@xxxxxxxxxxxxx/ q = this_cpu_ptr(&cpu_quarantine); if (q->offline) { - qlink_free(&meta->quarantine_link, cache); // free once local_irq_restore(flags); return false; // free twice } But if removing qlink_free() without Andrey's patch, this object will not be freed. It will cause memory leak as below. q = this_cpu_ptr(&cpu_quarantine); if (q->offline) { local_irq_restore(flags); return; } Thus, before applying Andrey's patch, we still need qlink_free(). I will prepare a standalone fix to add qlink_free() back. Thanks.
