The patch titled
Subject: mm: kfence: fix objcgs vector allocation
has been added to the -mm tree. Its filename is
mm-kfence-fix-objcgs-vector-allocation.patch
This patch should soon appear at
https://ozlabs.org/~akpm/mmots/broken-out/mm-kfence-fix-objcgs-vector-allocation.patch
and later at
https://ozlabs.org/~akpm/mmotm/broken-out/mm-kfence-fix-objcgs-vector-allocation.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Muchun Song <songmuchun@xxxxxxxxxxxxx>
Subject: mm: kfence: fix objcgs vector allocation
If the kfence object is allocated to be used for objects vector, then this
slot of the pool eventually being occupied permanently since the vector is
never freed. The solutions could be 1) freeing vector when the kfence
object is freed or 2) allocating all vectors statically. Since the memory
consumption of object vectors is low, it is better to chose 2) to fix the
issue and it is also can reduce overhead of vectors allocating in the
future.
Link: https://lkml.kernel.org/r/20220328132843.16624-1-songmuchun@xxxxxxxxxxxxx
Fixes: d3fb45f370d9 ("mm, kfence: insert KFENCE hooks for SLAB")
Signed-off-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
Reviewed-by: Marco Elver <elver@xxxxxxxxxx>
Reviewed-by: Roman Gushchin <roman.gushchin@xxxxxxxxx>
Cc: Alexander Potapenko <glider@xxxxxxxxxx>
Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Cc: Xiongchun Duan <duanxiongchun@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/kfence/core.c | 11 ++++++++++-
mm/kfence/kfence.h | 3 +++
2 files changed, 13 insertions(+), 1 deletion(-)
--- a/mm/kfence/core.c~mm-kfence-fix-objcgs-vector-allocation
+++ a/mm/kfence/core.c
@@ -566,6 +566,8 @@ static unsigned long kfence_init_pool(vo
* enters __slab_free() slow-path.
*/
for (i = 0; i < KFENCE_POOL_SIZE / PAGE_SIZE; i++) {
+ struct slab *slab = page_slab(&pages[i]);
+
if (!i || (i % 2))
continue;
@@ -573,7 +575,11 @@ static unsigned long kfence_init_pool(vo
if (WARN_ON(compound_head(&pages[i]) != &pages[i]))
return addr;
- __SetPageSlab(&pages[i]);
+ __folio_set_slab(slab_folio(slab));
+#ifdef CONFIG_MEMCG
+ slab->memcg_data = (unsigned long)&kfence_metadata[i / 2 - 1].objcg |
+ MEMCG_DATA_OBJCGS;
+#endif
}
/*
@@ -1033,6 +1039,9 @@ void __kfence_free(void *addr)
{
struct kfence_metadata *meta = addr_to_metadata((unsigned long)addr);
+#ifdef CONFIG_MEMCG
+ KFENCE_WARN_ON(meta->objcg);
+#endif
/*
* If the objects of the cache are SLAB_TYPESAFE_BY_RCU, defer freeing
* the object, as the object page may be recycled for other-typed
--- a/mm/kfence/kfence.h~mm-kfence-fix-objcgs-vector-allocation
+++ a/mm/kfence/kfence.h
@@ -89,6 +89,9 @@ struct kfence_metadata {
struct kfence_track free_track;
/* For updating alloc_covered on frees. */
u32 alloc_stack_hash;
+#ifdef CONFIG_MEMCG
+ struct obj_cgroup *objcg;
+#endif
};
extern struct kfence_metadata kfence_metadata[CONFIG_KFENCE_NUM_OBJECTS];
_
Patches currently in -mm which might be from songmuchun@xxxxxxxxxxxxx are
mm-kfence-fix-objcgs-vector-allocation.patch
