Re: [PATCH v2 00/33] Separate struct slab from struct page
From: Matthew Wilcox <willy@infradead.org>
Date: 2021-12-25 17:53:47
Also in:
cgroups, linux-iommu, linux-patches
From: Matthew Wilcox <willy@infradead.org>
Date: 2021-12-25 17:53:47
Also in:
cgroups, linux-iommu, linux-patches
On Sat, Dec 25, 2021 at 09:16:55AM +0000, Hyeonggon Yoo wrote:
# mm: Convert struct page to struct slab in functions used by other subsystems I'm not familiar with kasan, but to ask: Does ____kasan_slab_free detect invalid free if someone frees an object that is not allocated from slab?@@ -341,7 +341,7 @@ static inline bool ____kasan_slab_free(struct kmem_cache *cache, void *object, - if (unlikely(nearest_obj(cache, virt_to_head_page(object), object) != + if (unlikely(nearest_obj(cache, virt_to_slab(object), object) != object)) { kasan_report_invalid_free(tagged_object, ip); return true;I'm asking this because virt_to_slab() will return NULL if folio_test_slab() returns false. That will cause NULL pointer dereference in nearest_obj. I don't think this change is intended.
You need to track down how this could happen. As far as I can tell, it's always called when we know the object is part of a slab. That's where the cachep pointer is deduced from.