On Tue, Dec 15, 2020 at 4:04 AM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: > > From: Alexander Popov <alex.popov@xxxxxxxxx> > Subject: mm/slab: rerform init_on_free earlier Nit: s/rerform/perform > > Currently in CONFIG_SLAB init_on_free happens too late, and heap objects > go to the heap quarantine not being erased. > > Lets move init_on_free clearing before calling kasan_slab_free(). In that > case heap quarantine will store erased objects, similarly to CONFIG_SLUB=y > behavior. > > Link: https://lkml.kernel.org/r/20201210183729.1261524-1-alex.popov@xxxxxxxxx > Signed-off-by: Alexander Popov <alex.popov@xxxxxxxxx> > Reviewed-by: Alexander Potapenko <glider@xxxxxxxxxx> > Acked-by: David Rientjes <rientjes@xxxxxxxxxx> > Acked-by: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx> > Cc: Christoph Lameter <cl@xxxxxxxxx> > Cc: Pekka Enberg <penberg@xxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > --- > > mm/slab.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > --- a/mm/slab.c~mm-slab-perform-init_on_free-earlier > +++ a/mm/slab.c > @@ -3417,6 +3417,9 @@ free_done: > static __always_inline void __cache_free(struct kmem_cache *cachep, void *objp, > unsigned long caller) > { > + if (unlikely(slab_want_init_on_free(cachep))) > + memset(objp, 0, cachep->object_size); > + > /* Put the object into the quarantine, don't touch it for now. */ > if (kasan_slab_free(cachep, objp, _RET_IP_)) > return; > @@ -3435,8 +3438,6 @@ void ___cache_free(struct kmem_cache *ca > struct array_cache *ac = cpu_cache_get(cachep); > > check_irq_off(); > - if (unlikely(slab_want_init_on_free(cachep))) > - memset(objp, 0, cachep->object_size); > kmemleak_free_recursive(objp, cachep->flags); > objp = cache_free_debugcheck(cachep, objp, caller); > memcg_slab_free_hook(cachep, &objp, 1); > _ -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Paul Manicle, Halimah DeLaine Prado Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg
