tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

slab: fix clearing freelist in free_deferred_objects()

defer_free() links pending objects using the slab's freelist offset
which is fine as they are not free yet. free_deferred_objects() then
clears this pointer to avoid confusing the debugging consistency checks
that may be enabled for the cache.

However, with CONFIG_SLAB_FREELIST_HARDENED, even the NULL pointer needs
to be encoded appropriately using set_freepointer(), otherwise it's
decoded as something else and triggers the consistency checks, as found
by the kernel test robot.

Use set_freepointer() to prevent the issue.

Fixes: af92793e52c3 ("slab: Introduce kmalloc_nolock() and kfree_nolock().")
Reported-and-tested-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202510101652.7921fdc6-lkp@intel.com
Acked-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Harry Yoo <harry.yoo@oracle.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>

Vlastimil Babka df90f6cd 3a866087

+4 -3
+4 -3
mm/slub.c
··· 6443 6443 slab = virt_to_slab(x); 6444 6444 s = slab->slab_cache; 6445 6445 6446 + /* Point 'x' back to the beginning of allocated object */ 6447 + x -= s->offset; 6448 + 6446 6449 /* 6447 6450 * We used freepointer in 'x' to link 'x' into df->objects. 6448 6451 * Clear it to NULL to avoid false positive detection 6449 6452 * of "Freepointer corruption". 6450 6453 */ 6451 - *(void **)x = NULL; 6454 + set_freepointer(s, x, NULL); 6452 6455 6453 - /* Point 'x' back to the beginning of allocated object */ 6454 - x -= s->offset; 6455 6456 __slab_free(s, slab, x, x, 1, _THIS_IP_); 6456 6457 } 6457 6458