diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2026-02-21 15:12:09 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2026-02-21 15:12:09 -0800 |
| commit | fa5c82f4d2bbde10e9fd3a32aecacfe3813919ba (patch) | |
| tree | 5b67eac20681c85579c4af0236c92bc32ddf31ad | |
| parent | 8934827db5403eae57d4537114a9ff88b0a8460f (diff) | |
slab.h: disable completely broken overflow handling in flex allocations
Commit 69050f8d6d07 ("treewide: Replace kmalloc with kmalloc_obj for
non-scalar types") started using the new allocation helpers, and in the
process showed that they were completely non-working.
The overflow logic in overflows_flex_counter_type() is completely the
wrong way around, and that broke __alloc_flex() completely. By chance,
the resulting code was then such a mess that clang generated
sufficiently garbage code that objtool warned about it all. Which made
it somewhat quicker to narrow things down.
While fixing overflows_flex_counter_type() would presumably fix this
all, I'm excising the whole broken overflow logic from __alloc_flex(),
because we don't want that kind of code in basic allocation functions
anyway.
That (no longer) broken overflows_flex_counter_type() thing needs to be
inserted into the actual __set_flex_counter() logic in the unlikely case
that we ever want this at all. And made conditional.
Fixes: 81cee9166a90 ("compiler_types: Introduce __flex_counter() and family")
Fixes: 69050f8d6d07 ("treewide: Replace kmalloc with kmalloc_obj for non-scalar types")
Cc: Kees Cook <kees@kernel.org>
Link: https://lore.kernel.org/all/CAHk-=whEd020BYzGTzYrENjD9Z5_82xx6h8HsQvH5xDSnv0=Hw@mail.gmail.com/
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | include/linux/overflow.h | 2 | ||||
| -rw-r--r-- | include/linux/slab.h | 6 |
2 files changed, 2 insertions, 6 deletions
diff --git a/include/linux/overflow.h b/include/linux/overflow.h index a5e95dbce220..eddd987a8513 100644 --- a/include/linux/overflow.h +++ b/include/linux/overflow.h @@ -570,7 +570,7 @@ static inline size_t __must_check size_sub(size_t minuend, size_t subtrahend) * @FAM is not annotated with __counted_by(), always returns true. */ #define overflows_flex_counter_type(TYPE, FAM, COUNT) \ - (!overflows_type(COUNT, typeof_flex_counter(((TYPE *)NULL)->FAM))) + (overflows_type(COUNT, typeof_flex_counter(((TYPE *)NULL)->FAM))) /** * __set_flex_counter() - Set the counter associated with the given flexible diff --git a/include/linux/slab.h b/include/linux/slab.h index c5fde8740281..1270320b59c8 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -1003,11 +1003,7 @@ void *kmalloc_nolock_noprof(size_t size, gfp_t gfp_flags, int node); ({ \ const size_t __count = (COUNT); \ const size_t __obj_size = struct_size_t(TYPE, FAM, __count); \ - TYPE *__obj_ptr; \ - if (WARN_ON_ONCE(overflows_flex_counter_type(TYPE, FAM, __count))) \ - __obj_ptr = NULL; \ - else \ - __obj_ptr = KMALLOC(__obj_size, GFP); \ + TYPE *__obj_ptr = KMALLOC(__obj_size, GFP); \ if (__obj_ptr) \ __set_flex_counter(__obj_ptr->FAM, __count); \ __obj_ptr; \ |