The patch titled Subject: mempool: do not use ksize() for poisoning has been added to the -mm mm-unstable branch. Its filename is mempool-do-not-use-ksize-for-poisoning.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mempool-do-not-use-ksize-for-poisoning.patch This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kees Cook <keescook@xxxxxxxxxxxx> Subject: mempool: do not use ksize() for poisoning Date: Fri, 28 Oct 2022 08:53:01 -0700 Nothing appears to be using ksize() within the kmalloc-backed mempools except the mempool poisoning logic. Use the actual pool size instead of the ksize() to avoid needing any special handling of the memory as needed by KASAN, UBSAN_BOUNDS, nor FORTIFY_SOURCE. Link: https://lkml.kernel.org/r/20221028154823.you.615-kees@xxxxxxxxxx Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Suggested-by: Vlastimil Babka <vbabka@xxxxxxx> Link: https://lore.kernel.org/lkml/f4fc52c4-7c18-1d76-0c7a-4058ea2486b9@xxxxxxx/ Acked-by: Vlastimil Babka <vbabka@xxxxxxx> Reviewed-by: Andrey Konovalov <andreyknvl@xxxxxxxxx> Cc: David Rientjes <rientjes@xxxxxxxxxx> Cc: Marco Elver <elver@xxxxxxxxxx> Cc: Vincenzo Frascino <vincenzo.frascino@xxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- --- a/mm/mempool.c~mempool-do-not-use-ksize-for-poisoning +++ a/mm/mempool.c @@ -58,7 +58,7 @@ static void check_element(mempool_t *poo { /* Mempools backed by slab allocator */ if (pool->free == mempool_free_slab || pool->free == mempool_kfree) { - __check_element(pool, element, ksize(element)); + __check_element(pool, element, (size_t)pool->pool_data); } else if (pool->free == mempool_free_pages) { /* Mempools backed by page allocator */ int order = (int)(long)pool->pool_data; @@ -81,7 +81,7 @@ static void poison_element(mempool_t *po { /* Mempools backed by slab allocator */ if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc) { - __poison_element(element, ksize(element)); + __poison_element(element, (size_t)pool->pool_data); } else if (pool->alloc == mempool_alloc_pages) { /* Mempools backed by page allocator */ int order = (int)(long)pool->pool_data; @@ -112,7 +112,7 @@ static __always_inline void kasan_poison static void kasan_unpoison_element(mempool_t *pool, void *element) { if (pool->alloc == mempool_alloc_slab || pool->alloc == mempool_kmalloc) - kasan_unpoison_range(element, __ksize(element)); + kasan_unpoison_range(element, (size_t)pool->pool_data); else if (pool->alloc == mempool_alloc_pages) kasan_unpoison_pages(element, (unsigned long)pool->pool_data, false); _ Patches currently in -mm which might be from keescook@xxxxxxxxxxxx are mempool-do-not-use-ksize-for-poisoning.patch