From: Harry Yoo <harry.yoo@oracle.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: akpm@linux-foundation.org, andreyknvl@gmail.com, cl@gentwo.org,
dvyukov@google.com, glider@google.com, hannes@cmpxchg.org,
linux-mm@kvack.org, mhocko@kernel.org, muchun.song@linux.dev,
rientjes@google.com, roman.gushchin@linux.dev,
ryabinin.a.a@gmail.com, shakeel.butt@linux.dev,
surenb@google.com, vincenzo.frascino@arm.com,
yeoreum.yun@arm.com, tytso@mit.edu, adilger.kernel@dilger.ca,
linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org,
cgroups@vger.kernel.org, hao.li@linux.dev
Subject: Re: [PATCH V5 8/8] mm/slab: place slabobj_ext metadata in unused space within s->size
Date: Thu, 8 Jan 2026 18:02:38 +0900 [thread overview]
Message-ID: <aV9yrnpk1sEDIJEY@hyeyoo> (raw)
In-Reply-To: <8c67dcbe-f393-4da6-8d24-f9da79c246c4@suse.cz>
On Wed, Jan 07, 2026 at 06:33:52PM +0100, Vlastimil Babka wrote:
> On 1/5/26 09:02, Harry Yoo wrote:
> > diff --git a/mm/slub.c b/mm/slub.c
> > index 50b74324e550..43fdbff9d09b 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -977,6 +977,39 @@ static inline bool obj_exts_in_slab(struct kmem_cache *s, struct slab *slab)
> > {
> > return false;
> > }
> > +
> > +#endif
> > +
> > +#if defined(CONFIG_SLAB_OBJ_EXT) && defined(CONFIG_64BIT)
> > +static bool obj_exts_in_object(struct kmem_cache *s)
> > +{
> > + return s->flags & SLAB_OBJ_EXT_IN_OBJ;
>
> So this is a property of the cache.
Right.
> > @@ -2280,7 +2322,8 @@ static inline void free_slab_obj_exts(struct slab *slab)
> > return;
> > }
> >
> > - if (obj_exts_in_slab(slab->slab_cache, slab)) {
> > + if (obj_exts_in_slab(slab->slab_cache, slab) ||
> > + obj_exts_in_object(slab->slab_cache)) {
>
> Here we check that property to determine if we can return early and not do
> kfree().
Right.
> > @@ -2326,6 +2369,23 @@ static void alloc_slab_obj_exts_early(struct kmem_cache *s, struct slab *slab)
> > obj_exts |= MEMCG_DATA_OBJEXTS;
> > slab->obj_exts = obj_exts;
> > slab_set_stride(slab, sizeof(struct slabobj_ext));
> > + } else if (obj_exts_in_object(s)) {
> > + unsigned int offset = obj_exts_offset_in_object(s);
>
> But we reach this only when need_slab_obj_exts() is true above. So there
> might be slabs from caches where obj_exts_in_object() is true, but still
> have obj_exts allocated by kmalloc, and we leak them in
> free_slab_obj_exts().
Oh god, right!
> (and we perform some incorrect action wherever else
> obj_exts_in_object() is checked) AFAIU?
Yes.
It must check if slabs actually have allocated obj_exts from wasted space...
> So I think we need to check obj_exts_in_slab() (in the simplified way I
> suggested for patch 7/8) first, and only look at obj_exts_in_object()
> afterwards to distinguish the exact layout where needed?
> (i.e. free_slab_obj_exts() is fine to just check obj_exts_in_slab()).
That'll work, will do.
--
Cheers,
Harry / Hyeonggon
next prev parent reply other threads:[~2026-01-08 9:04 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-05 8:02 [PATCH V5 0/8] mm/slab: reduce slab accounting memory overhead by allocating slabobj_ext metadata within unsed slab space Harry Yoo
2026-01-05 8:02 ` [PATCH V5 1/8] mm/slab: use unsigned long for orig_size to ensure proper metadata align Harry Yoo
2026-01-07 11:43 ` Vlastimil Babka
2026-01-08 7:12 ` Harry Yoo
2026-01-08 11:39 ` Alexander Potapenko
2026-01-09 1:52 ` Harry Yoo
2026-01-09 9:30 ` Alexander Potapenko
2026-01-12 6:28 ` Harry Yoo
2026-01-05 8:02 ` [PATCH V5 2/8] mm/slab: allow specifying free pointer offset when using constructor Harry Yoo
2026-01-05 8:02 ` [PATCH V5 3/8] ext4: specify the free pointer offset for ext4_inode_cache Harry Yoo
2026-01-07 13:54 ` Vlastimil Babka
2026-01-08 7:14 ` Harry Yoo
2026-01-05 8:02 ` [PATCH V5 4/8] mm/slab: abstract slabobj_ext access via new slab_obj_ext() helper Harry Yoo
2026-01-07 14:53 ` Hao Li
2026-01-08 7:21 ` Harry Yoo
2026-01-07 14:56 ` Vlastimil Babka
2026-01-08 8:03 ` Harry Yoo
2026-01-05 8:02 ` [PATCH V5 5/8] mm/slab: use stride to access slabobj_ext Harry Yoo
2026-01-05 8:02 ` [PATCH V5 6/8] mm/memcontrol,alloc_tag: handle slabobj_ext access under KASAN poison Harry Yoo
2026-01-05 8:02 ` [PATCH V5 7/8] mm/slab: save memory by allocating slabobj_ext array from leftover Harry Yoo
2026-01-07 17:08 ` Vlastimil Babka
2026-01-05 8:02 ` [PATCH V5 8/8] mm/slab: place slabobj_ext metadata in unused space within s->size Harry Yoo
2026-01-07 17:33 ` Vlastimil Babka
2026-01-08 9:02 ` Harry Yoo [this message]
2026-01-08 5:52 ` Hao Li
2026-01-08 8:41 ` Harry Yoo
2026-01-08 9:52 ` Hao Li
2026-01-08 10:28 ` Harry Yoo
2026-01-08 10:44 ` Harry Yoo
2026-01-08 10:52 ` Vlastimil Babka
2026-01-08 12:48 ` Hao Li
2026-01-09 2:32 ` Harry Yoo
2026-01-08 11:57 ` Hao Li
2026-01-05 8:05 ` [PATCH V5 0/8] mm/slab: reduce slab accounting memory overhead by allocating slabobj_ext metadata within unsed slab space Harry Yoo
2026-01-07 17:43 ` Vlastimil Babka
2026-01-08 7:05 ` Harry Yoo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aV9yrnpk1sEDIJEY@hyeyoo \
--to=harry.yoo@oracle.com \
--cc=adilger.kernel@dilger.ca \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=cgroups@vger.kernel.org \
--cc=cl@gentwo.org \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hannes@cmpxchg.org \
--cc=hao.li@linux.dev \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=muchun.song@linux.dev \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=ryabinin.a.a@gmail.com \
--cc=shakeel.butt@linux.dev \
--cc=surenb@google.com \
--cc=tytso@mit.edu \
--cc=vbabka@suse.cz \
--cc=vincenzo.frascino@arm.com \
--cc=yeoreum.yun@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.