| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJuCfpF5gG63njY436vctG-Tzbco8X9a1w3YA=u1AGrRqxVshg@mail.gmail.com>
Date: Tue, 28 Oct 2025 10:43:16 -0700
From: Suren Baghdasaryan <surenb@...gle.com>
To: Harry Yoo <harry.yoo@...cle.com>
Cc: akpm@...ux-foundation.org, vbabka@...e.cz, andreyknvl@...il.com,
cl@...ux.com, dvyukov@...gle.com, glider@...gle.com, hannes@...xchg.org,
linux-mm@...ck.org, mhocko@...nel.org, muchun.song@...ux.dev,
rientjes@...gle.com, roman.gushchin@...ux.dev, ryabinin.a.a@...il.com,
shakeel.butt@...ux.dev, vincenzo.frascino@....com, yeoreum.yun@....com,
tytso@....edu, adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH V3 1/7] mm/slab: allow specifying freepointer offset
when using constructor
On Mon, Oct 27, 2025 at 5:29 AM Harry Yoo <harry.yoo@...cle.com> wrote:
>
> When a slab cache has a constructor, the free pointer is placed after the
> object because certain fields must not be overwritten even after the
> object is freed.
>
> However, some fields that the constructor does not care can safely be
> overwritten. Allow specifying the free pointer offset within the object,
> reducing the overall object size when some fields can be reused for the
> free pointer.
Documentation explicitly says that ctor currently isn't supported with
custom free pointers:
https://elixir.bootlin.com/linux/v6.18-rc3/source/include/linux/slab.h#L318
It obviously needs to be updated but I suspect there was a reason for
this limitation. Have you investigated why it's not supported? I
remember looking into it when I was converting vm_area_struct cache to
use SLAB_TYPESAFE_BY_RCU but I can't recall the details now...
>
> Signed-off-by: Harry Yoo <harry.yoo@...cle.com>
> ---
> mm/slab_common.c | 2 +-
> mm/slub.c | 6 ++++--
> 2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index 932d13ada36c..2c2ed2452271 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -231,7 +231,7 @@ static struct kmem_cache *create_cache(const char *name,
> err = -EINVAL;
> if (args->use_freeptr_offset &&
> (args->freeptr_offset >= object_size ||
> - !(flags & SLAB_TYPESAFE_BY_RCU) ||
> + (!(flags & SLAB_TYPESAFE_BY_RCU) && !args->ctor) ||
> !IS_ALIGNED(args->freeptr_offset, __alignof__(freeptr_t))))
> goto out;
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 462a39d57b3a..64705cb3734f 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -7781,7 +7781,8 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s)
> s->inuse = size;
>
> if (((flags & SLAB_TYPESAFE_BY_RCU) && !args->use_freeptr_offset) ||
> - (flags & SLAB_POISON) || s->ctor ||
> + (flags & SLAB_POISON) ||
> + (s->ctor && !args->use_freeptr_offset) ||
> ((flags & SLAB_RED_ZONE) &&
> (s->object_size < sizeof(void *) || slub_debug_orig_size(s)))) {
> /*
> @@ -7802,7 +7803,8 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s)
> */
> s->offset = size;
> size += sizeof(void *);
> - } else if ((flags & SLAB_TYPESAFE_BY_RCU) && args->use_freeptr_offset) {
> + } else if (((flags & SLAB_TYPESAFE_BY_RCU) || s->ctor) &&
> + args->use_freeptr_offset) {
> s->offset = args->freeptr_offset;
> } else {
> /*
> --
> 2.43.0
>
Powered by blists - more mailing lists