[PATCH 01/32] kasan: check KASAN_NO_FREE_META in __kasan_metadata_size

1 view
Skip to first unread message

andrey.k...@linux.dev

unread,
Jun 13, 2022, 4:15:25 PM6/13/22
to Marco Elver, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Andrey Ryabinin, kasa...@googlegroups.com, Peter Collingbourne, Evgenii Stepanov, Florian Mayer, Andrew Morton, linu...@kvack.org, linux-...@vger.kernel.org, Andrey Konovalov
From: Andrey Konovalov <andre...@google.com>

__kasan_metadata_size() calculates the size of the redzone for objects
in a slab cache.

When accounting for presence of kasan_free_meta in the redzone, this
function only compares free_meta_offset with 0. But free_meta_offset could
also be equal to KASAN_NO_FREE_META, which indicates that kasan_free_meta
is not present at all.

Add a comparison with KASAN_NO_FREE_META into __kasan_metadata_size().

Signed-off-by: Andrey Konovalov <andre...@google.com>

---

This is a minor fix that only affects slub_debug runs, so it is probably
not worth backporting.
---
mm/kasan/common.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index c40c0e7b3b5f..968d2365d8c1 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -223,8 +223,9 @@ size_t __kasan_metadata_size(struct kmem_cache *cache)
return 0;
return (cache->kasan_info.alloc_meta_offset ?
sizeof(struct kasan_alloc_meta) : 0) +
- (cache->kasan_info.free_meta_offset ?
- sizeof(struct kasan_free_meta) : 0);
+ ((cache->kasan_info.free_meta_offset &&
+ cache->kasan_info.free_meta_offset != KASAN_NO_FREE_META) ?
+ sizeof(struct kasan_free_meta) : 0);
}

struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache,
--
2.25.1

Marco Elver

unread,
Jun 20, 2022, 9:40:02 AM6/20/22
to andrey.k...@linux.dev, Alexander Potapenko, Andrey Konovalov, Dmitry Vyukov, Andrey Ryabinin, kasa...@googlegroups.com, Peter Collingbourne, Evgenii Stepanov, Florian Mayer, Andrew Morton, linu...@kvack.org, linux-...@vger.kernel.org, Andrey Konovalov
On Mon, 13 Jun 2022 at 22:15, <andrey.k...@linux.dev> wrote:
>
> From: Andrey Konovalov <andre...@google.com>
>
> __kasan_metadata_size() calculates the size of the redzone for objects
> in a slab cache.
>
> When accounting for presence of kasan_free_meta in the redzone, this
> function only compares free_meta_offset with 0. But free_meta_offset could
> also be equal to KASAN_NO_FREE_META, which indicates that kasan_free_meta
> is not present at all.
>
> Add a comparison with KASAN_NO_FREE_META into __kasan_metadata_size().
>
> Signed-off-by: Andrey Konovalov <andre...@google.com>

Reviewed-by: Marco Elver <el...@google.com>


> ---
>
> This is a minor fix that only affects slub_debug runs, so it is probably
> not worth backporting.
> ---
> mm/kasan/common.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index c40c0e7b3b5f..968d2365d8c1 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -223,8 +223,9 @@ size_t __kasan_metadata_size(struct kmem_cache *cache)
> return 0;
> return (cache->kasan_info.alloc_meta_offset ?
> sizeof(struct kasan_alloc_meta) : 0) +
> - (cache->kasan_info.free_meta_offset ?
> - sizeof(struct kasan_free_meta) : 0);
> + ((cache->kasan_info.free_meta_offset &&
> + cache->kasan_info.free_meta_offset != KASAN_NO_FREE_META) ?
> + sizeof(struct kasan_free_meta) : 0);
> }
>
> struct kasan_alloc_meta *kasan_get_alloc_meta(struct kmem_cache *cache,
> --
> 2.25.1
>
> --
> You received this message because you are subscribed to the Google Groups "kasan-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/91406e5f2a1c0a1fddfc4e7f17df22fda852591c.1655150842.git.andreyknvl%40google.com.
Reply all
Reply to author
Forward
0 new messages