[folded-merged] kasan-improve-free-meta-storage-in-generic-kasan-v3.patch removed from -mm tree

Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> · Sun, 10 Dec 2023 16:45:15 -0800

The quilt patch titled
     Subject: kasan: Improve free meta storage in Generic KASAN
has been removed from the -mm tree.  Its filename was
     kasan-improve-free-meta-storage-in-generic-kasan-v3.patch

This patch was dropped because it was folded into kasan-improve-free-meta-storage-in-generic-kasan.patch

------------------------------------------------------
From: Juntong Deng <juntong.deng@xxxxxxxxxxx>
Subject: kasan: Improve free meta storage in Generic KASAN
Date: Wed, 22 Nov 2023 18:46:31 +0000

When SLUB DEBUG is enabled, the previous free meta storage method
continues to be used.  Cancel the change to kasan_metadata_size().

Make kasan_metadata_size() adapt to the improved free meta storage

Link: https://lkml.kernel.org/r/VI1P193MB0752675D6E0A2D16CE656F8299BAA@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Suggested-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Signed-off-by: Juntong Deng <juntong.deng@xxxxxxxxxxx>
Cc: Alexander Potapenko <glider@xxxxxxxxxx>
Cc: Andrey Konovalov <andreyknvl@xxxxxxxxx>
Cc: Andrey Ryabinin <ryabinin.a.a@xxxxxxxxx>
Cc: Vincenzo Frascino <vincenzo.frascino@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 mm/kasan/generic.c |   23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

--- a/mm/kasan/generic.c~kasan-improve-free-meta-storage-in-generic-kasan-v3
+++ a/mm/kasan/generic.c
@@ -407,19 +407,28 @@ void kasan_cache_create(struct kmem_cach
 	 *    be touched after it was freed, or
 	 * 2. Object has a constructor, which means it's expected to
 	 *    retain its content until the next allocation, or
+	 * 3. Object is too small and SLUB DEBUG is enabled. Avoid
+	 *    free meta that exceeds the object size corrupts the
+	 *    SLUB DEBUG metadata.
 	 * Otherwise cache->kasan_info.free_meta_offset = 0 is implied.
-	 * Even if the object is smaller than free meta, it is still
-	 * possible to store part of the free meta in the object.
+	 * If the object is smaller than the free meta and SLUB DEBUG
+	 * is not enabled, it is still possible to store part of the
+	 * free meta in the object.
 	 */
 	if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor) {
 		cache->kasan_info.free_meta_offset = *size;
 		*size += sizeof(struct kasan_free_meta);
 	} else if (cache->object_size < sizeof(struct kasan_free_meta)) {
-		rem_free_meta_size = sizeof(struct kasan_free_meta) -
-								cache->object_size;
-		*size += rem_free_meta_size;
-		if (cache->kasan_info.alloc_meta_offset != 0)
-			cache->kasan_info.alloc_meta_offset += rem_free_meta_size;
+		if (__slub_debug_enabled()) {
+			cache->kasan_info.free_meta_offset = *size;
+			*size += sizeof(struct kasan_free_meta);
+		} else {
+			rem_free_meta_size = sizeof(struct kasan_free_meta) -
+									cache->object_size;
+			*size += rem_free_meta_size;
+			if (cache->kasan_info.alloc_meta_offset != 0)
+				cache->kasan_info.alloc_meta_offset += rem_free_meta_size;
+		}
 	}
 
 	/* If free meta doesn't fit, don't add it. */
_

Patches currently in -mm which might be from juntong.deng@xxxxxxxxxxx are

kasan-improve-free-meta-storage-in-generic-kasan.patch
kasan-record-and-report-more-information.patch








