Skip to content

Commit 68f285e

Browse files
torvaldstorvalds
committed
Merge tag 'slab-for-6.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab
Pull slab fixes from Vlastimil Babka: - Stable fix to make slub_debug code not access invalid pointers in the process of reporting issues (Li Qiong) - Stable fix to make object tracking pass gfp flags to stackdepot to avoid deadlock in contexts that can't even wake up kswapd due to e.g. timers debugging enabled (yangshiguang) * tag 'slab-for-6.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab: mm: slub: avoid wake up kswapd in set_track_prepare mm/slub: avoid accessing metadata when pointer is invalid in object_err()
2 parents 08b06c3 + 850470a commit 68f285e

File tree

1 file changed

+26
-11
lines changed

1 file changed

+26
-11
lines changed

mm/slub.c

Lines changed: 26 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -962,19 +962,19 @@ static struct track *get_track(struct kmem_cache *s, void *object,
962962
}
963963

964964
#ifdef CONFIG_STACKDEPOT
965-
static noinline depot_stack_handle_t set_track_prepare(void)
965+
static noinline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags)
966966
{
967967
depot_stack_handle_t handle;
968968
unsigned long entries[TRACK_ADDRS_COUNT];
969969
unsigned int nr_entries;
970970

971971
nr_entries = stack_trace_save(entries, ARRAY_SIZE(entries), 3);
972-
handle = stack_depot_save(entries, nr_entries, GFP_NOWAIT);
972+
handle = stack_depot_save(entries, nr_entries, gfp_flags);
973973

974974
return handle;
975975
}
976976
#else
977-
static inline depot_stack_handle_t set_track_prepare(void)
977+
static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags)
978978
{
979979
return 0;
980980
}
@@ -996,9 +996,9 @@ static void set_track_update(struct kmem_cache *s, void *object,
996996
}
997997

998998
static __always_inline void set_track(struct kmem_cache *s, void *object,
999-
enum track_item alloc, unsigned long addr)
999+
enum track_item alloc, unsigned long addr, gfp_t gfp_flags)
10001000
{
1001-
depot_stack_handle_t handle = set_track_prepare();
1001+
depot_stack_handle_t handle = set_track_prepare(gfp_flags);
10021002

10031003
set_track_update(s, object, alloc, addr, handle);
10041004
}
@@ -1140,7 +1140,12 @@ static void object_err(struct kmem_cache *s, struct slab *slab,
11401140
return;
11411141

11421142
slab_bug(s, reason);
1143-
print_trailer(s, slab, object);
1143+
if (!object || !check_valid_pointer(s, slab, object)) {
1144+
print_slab_info(slab);
1145+
pr_err("Invalid pointer 0x%p\n", object);
1146+
} else {
1147+
print_trailer(s, slab, object);
1148+
}
11441149
add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
11451150

11461151
WARN_ON(1);
@@ -1921,9 +1926,9 @@ static inline bool free_debug_processing(struct kmem_cache *s,
19211926
static inline void slab_pad_check(struct kmem_cache *s, struct slab *slab) {}
19221927
static inline int check_object(struct kmem_cache *s, struct slab *slab,
19231928
void *object, u8 val) { return 1; }
1924-
static inline depot_stack_handle_t set_track_prepare(void) { return 0; }
1929+
static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; }
19251930
static inline void set_track(struct kmem_cache *s, void *object,
1926-
enum track_item alloc, unsigned long addr) {}
1931+
enum track_item alloc, unsigned long addr, gfp_t gfp_flags) {}
19271932
static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n,
19281933
struct slab *slab) {}
19291934
static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n,
@@ -3876,9 +3881,14 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
38763881
* For debug caches here we had to go through
38773882
* alloc_single_from_partial() so just store the
38783883
* tracking info and return the object.
3884+
*
3885+
* Due to disabled preemption we need to disallow
3886+
* blocking. The flags are further adjusted by
3887+
* gfp_nested_mask() in stack_depot itself.
38793888
*/
38803889
if (s->flags & SLAB_STORE_USER)
3881-
set_track(s, freelist, TRACK_ALLOC, addr);
3890+
set_track(s, freelist, TRACK_ALLOC, addr,
3891+
gfpflags & ~(__GFP_DIRECT_RECLAIM));
38823892

38833893
return freelist;
38843894
}
@@ -3910,7 +3920,8 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
39103920
goto new_objects;
39113921

39123922
if (s->flags & SLAB_STORE_USER)
3913-
set_track(s, freelist, TRACK_ALLOC, addr);
3923+
set_track(s, freelist, TRACK_ALLOC, addr,
3924+
gfpflags & ~(__GFP_DIRECT_RECLAIM));
39143925

39153926
return freelist;
39163927
}
@@ -4421,8 +4432,12 @@ static noinline void free_to_partial_list(
44214432
unsigned long flags;
44224433
depot_stack_handle_t handle = 0;
44234434

4435+
/*
4436+
* We cannot use GFP_NOWAIT as there are callsites where waking up
4437+
* kswapd could deadlock
4438+
*/
44244439
if (s->flags & SLAB_STORE_USER)
4425-
handle = set_track_prepare();
4440+
handle = set_track_prepare(__GFP_NOWARN);
44264441

44274442
spin_lock_irqsave(&n->list_lock, flags);
44284443

0 commit comments

Comments
 (0)