Skip to content

Commit 51dedad

Browse files
xairytorvalds
xairy
authored and
torvalds
committed
kasan, slab: make freelist stored without tags
Similarly to "kasan, slub: move kasan_poison_slab hook before page_address", move kasan_poison_slab() before alloc_slabmgmt(), which calls page_address(), to make page_address() return value to be non-tagged. This, combined with calling kasan_reset_tag() for off-slab slab management object, leads to freelist being stored non-tagged. Link: http://lkml.kernel.org/r/dfb53b44a4d00de3879a05a9f04c1f55e584f7a1.1550602886.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Qian Cai <cai@lca.pw> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgeniy Stepanov <eugenis@google.com> Cc: Kostya Serebryany <kcc@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 219667c commit 51dedad

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

mm/slab.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2359,7 +2359,7 @@ static void *alloc_slabmgmt(struct kmem_cache *cachep,
23592359
void *freelist;
23602360
void *addr = page_address(page);
23612361

2362-
page->s_mem = kasan_reset_tag(addr) + colour_off;
2362+
page->s_mem = addr + colour_off;
23632363
page->active = 0;
23642364

23652365
if (OBJFREELIST_SLAB(cachep))
@@ -2368,6 +2368,7 @@ static void *alloc_slabmgmt(struct kmem_cache *cachep,
23682368
/* Slab management obj is off-slab. */
23692369
freelist = kmem_cache_alloc_node(cachep->freelist_cache,
23702370
local_flags, nodeid);
2371+
freelist = kasan_reset_tag(freelist);
23712372
if (!freelist)
23722373
return NULL;
23732374
} else {
@@ -2681,6 +2682,13 @@ static struct page *cache_grow_begin(struct kmem_cache *cachep,
26812682

26822683
offset *= cachep->colour_off;
26832684

2685+
/*
2686+
* Call kasan_poison_slab() before calling alloc_slabmgmt(), so
2687+
* page_address() in the latter returns a non-tagged pointer,
2688+
* as it should be for slab pages.
2689+
*/
2690+
kasan_poison_slab(page);
2691+
26842692
/* Get slab management. */
26852693
freelist = alloc_slabmgmt(cachep, page, offset,
26862694
local_flags & ~GFP_CONSTRAINT_MASK, page_node);
@@ -2689,7 +2697,6 @@ static struct page *cache_grow_begin(struct kmem_cache *cachep,
26892697

26902698
slab_map_pages(cachep, page, freelist);
26912699

2692-
kasan_poison_slab(page);
26932700
cache_init_objs(cachep, page);
26942701

26952702
if (gfpflags_allow_blocking(local_flags))

0 commit comments

Comments
 (0)