From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1B23913AED for ; Fri, 29 Dec 2023 20:00:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="XZtkE1D8" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DD4F7C433C8; Fri, 29 Dec 2023 20:00:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1703880056; bh=Qz5zC6IG5Pz1c+GKmjy9fvVQy4pVoNKtOpwVSY3B5Vs=; h=Date:To:From:Subject:From; b=XZtkE1D8By9wijC+g7KShQ8S9qZR4VZJ9IH2J+uglQ1D28B2LSkaVNvnD2R6SqwHM k+Sk2zXR65NJuuGbMw48TvrzvSJQsYtCjJcR3kJ4fm0OFUSABBJOGuxxhxvZb2EIyx 8MS7oAPXtoQadSzKK22ne7D9msxgeG8f11kCj8Hs= Date: Fri, 29 Dec 2023 12:00:55 -0800 To: mm-commits@vger.kernel.org,ryabinin.a.a@gmail.com,leitao@debian.org,glider@google.com,eugenis@google.com,elver@google.com,dvyukov@google.com,alobakin@pm.me,andreyknvl@google.com,akpm@linux-foundation.org From: Andrew Morton Subject: [merged mm-stable] skbuff-use-mempool-kasan-hooks.patch removed from -mm tree Message-Id: <20231229200055.DD4F7C433C8@smtp.kernel.org> Precedence: bulk X-Mailing-List: mm-commits@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: The quilt patch titled Subject: skbuff: use mempool KASAN hooks has been removed from the -mm tree. Its filename was skbuff-use-mempool-kasan-hooks.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrey Konovalov Subject: skbuff: use mempool KASAN hooks Date: Tue, 19 Dec 2023 23:29:04 +0100 Instead of using slab-internal KASAN hooks for poisoning and unpoisoning cached objects, use the proper mempool KASAN hooks. Also check the return value of kasan_mempool_poison_object to prevent double-free and invali-free bugs. Link: https://lkml.kernel.org/r/a3482c41395c69baa80eb59dbb06beef213d2a14.1703024586.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov Cc: Alexander Lobakin Cc: Alexander Potapenko Cc: Andrey Ryabinin Cc: Breno Leitao Cc: Dmitry Vyukov Cc: Evgenii Stepanov Cc: Marco Elver Signed-off-by: Andrew Morton --- net/core/skbuff.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/net/core/skbuff.c~skbuff-use-mempool-kasan-hooks +++ a/net/core/skbuff.c @@ -337,7 +337,7 @@ static struct sk_buff *napi_skb_cache_ge } skb = nc->skb_cache[--nc->skb_count]; - kasan_unpoison_new_object(skbuff_cache, skb); + kasan_mempool_unpoison_object(skb, kmem_cache_size(skbuff_cache)); return skb; } @@ -1309,13 +1309,15 @@ static void napi_skb_cache_put(struct sk struct napi_alloc_cache *nc = this_cpu_ptr(&napi_alloc_cache); u32 i; - kasan_poison_new_object(skbuff_cache, skb); + if (!kasan_mempool_poison_object(skb)) + return; + nc->skb_cache[nc->skb_count++] = skb; if (unlikely(nc->skb_count == NAPI_SKB_CACHE_SIZE)) { for (i = NAPI_SKB_CACHE_HALF; i < NAPI_SKB_CACHE_SIZE; i++) - kasan_unpoison_new_object(skbuff_cache, - nc->skb_cache[i]); + kasan_mempool_unpoison_object(nc->skb_cache[i], + kmem_cache_size(skbuff_cache)); kmem_cache_free_bulk(skbuff_cache, NAPI_SKB_CACHE_HALF, nc->skb_cache + NAPI_SKB_CACHE_HALF); _ Patches currently in -mm which might be from andreyknvl@google.com are kasan-stop-leaking-stack-trace-handles.patch