diff options
| author | Vlastimil Babka <vbabka@suse.cz> | 2025-10-14 10:40:57 +0200 |
|---|---|---|
| committer | Vlastimil Babka <vbabka@suse.cz> | 2025-10-14 20:32:30 +0200 |
| commit | df90f6cd29d8c77be6de4f9adf9cbe42ce2f0016 (patch) | |
| tree | c5d6e60f5477e2655d1c09c8a0f04636a457877f /mm | |
| parent | 3a8660878839faadb4f1a6dd72c3179c1df56787 (diff) | |
slab: fix clearing freelist in free_deferred_objects()
defer_free() links pending objects using the slab's freelist offset
which is fine as they are not free yet. free_deferred_objects() then
clears this pointer to avoid confusing the debugging consistency checks
that may be enabled for the cache.
However, with CONFIG_SLAB_FREELIST_HARDENED, even the NULL pointer needs
to be encoded appropriately using set_freepointer(), otherwise it's
decoded as something else and triggers the consistency checks, as found
by the kernel test robot.
Use set_freepointer() to prevent the issue.
Fixes: af92793e52c3 ("slab: Introduce kmalloc_nolock() and kfree_nolock().")
Reported-and-tested-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202510101652.7921fdc6-lkp@intel.com
Acked-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Harry Yoo <harry.yoo@oracle.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Diffstat (limited to 'mm')
| -rw-r--r-- | mm/slub.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/mm/slub.c b/mm/slub.c index b1f15598fbfd..13ae4491136a 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -6443,15 +6443,16 @@ static void free_deferred_objects(struct irq_work *work) slab = virt_to_slab(x); s = slab->slab_cache; + /* Point 'x' back to the beginning of allocated object */ + x -= s->offset; + /* * We used freepointer in 'x' to link 'x' into df->objects. * Clear it to NULL to avoid false positive detection * of "Freepointer corruption". */ - *(void **)x = NULL; + set_freepointer(s, x, NULL); - /* Point 'x' back to the beginning of allocated object */ - x -= s->offset; __slab_free(s, slab, x, x, 1, _THIS_IP_); } |