Re: [PATCH 1/3] mm/slub: hw_tags: skip page-allocator unpoisoning on slab allocation

[Dev Jain <dev.jain@arm.com>]

On 14/05/26 5:41 pm, Ryan Roberts wrote:
> On 13/05/2026 11:57, Dev Jain wrote:
>> When a new slab page is allocated, the buddy will unpoison the page.
>> Then slab immediately poisons the page via kasan_poison_slab(). This
>> is wasted work.
>>
>> Similar to what is done in vmalloc currently, use GFP_SKIP_KASAN
>> (hw tags flag only) to skip unpoisoning of the slab page.
>>
>> Signed-off-by: Dev Jain <dev.jain@arm.com>
>> ---
>>  mm/page_alloc.c |  2 +-
>>  mm/slub.c       | 11 +++++++++--
>>  2 files changed, 10 insertions(+), 3 deletions(-)
>>
>> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
>> index 227d58dc3de6..c3a69913aaa9 100644
>> --- a/mm/page_alloc.c
>> +++ b/mm/page_alloc.c
>> @@ -7723,7 +7723,7 @@ struct page *alloc_frozen_pages_nolock_noprof(gfp_t gfp_flags, int nid, unsigned
>>  	struct alloc_context ac = { };
>>  	struct page *page;
>>  
>> -	VM_WARN_ON_ONCE(gfp_flags & ~__GFP_ACCOUNT);
>> +	VM_WARN_ON_ONCE(gfp_flags & ~(__GFP_ACCOUNT | __GFP_SKIP_KASAN));
>>  	/*
>>  	 * In PREEMPT_RT spin_trylock() will call raw_spin_lock() which is
>>  	 * unsafe in NMI. If spin_trylock() is called from hard IRQ the current
>> diff --git a/mm/slub.c b/mm/slub.c
>> index 0baa906f39ab..da3520769d1f 100644
>> --- a/mm/slub.c
>> +++ b/mm/slub.c
>> @@ -3269,9 +3269,16 @@ static inline struct slab *alloc_slab_page(gfp_t flags, int node,
>>  	struct slab *slab;
>>  	unsigned int order = oo_order(oo);
>>  
>> +	/*
>> +	 * New slab pages are immediately poisoned by kasan_poison_slab()
>> +	 * before any object is handed out, so page allocator unpoisoning
>> +	 * is wasted work for HW_TAGS KASAN.
>> +	 */
>> +	flags |= __GFP_SKIP_KASAN;
> 
> You will also want to elide kasan_poison_slab() right? In which case, it might
> be better to handle __GFP_SKIP_KASAN in allocate_slab() (which calls
> alloc_slab_page()), because that's the place where kasan_poison_slab() currently
> is and it's probably better to keep the logic together.

Okay.

> 
> Note that there is a wrinkle though; logically, there are different types of
> memory poison; KASAN_PAGE_FREE, KASAN_PAGE_REDZONE, KASAN_SLAB_REDZONE, etc.
> Memory returned by the page allocator with __GFP_SKIP_KASAN set, will have
> KASAN_PAGE_FREE poison (I think). But kasan_poison_slab() sets
> KASAN_SLAB_REDZONE poison.
> 
> However, this is only distinguished in practice for KASAN_GENERIC. For
> KASAN_SW_TAGS and KASAN_HW_TAGS these distinct logical types all map to the same
> KASAN_TAG_INVALID tag. So this optimization can only be safely applied to
> KASAN_SW_TAGS and KASAN_HW_TAGS.

GFP_SKIP_KASAN is only for HW_TAGS.

I will mention the KASAN_SLAB_REDZONE = KASAN_PAGE_FREE for hw tags in
the description.
> 
> It would be nice if this could be abstracted away somehow...
> 
>> +
>>  	if (unlikely(!allow_spin))
>> -		page = alloc_frozen_pages_nolock(0/* __GFP_COMP is implied */,
> 
> nit: you may want to keep this comment around?

Yes I will keep this.

> 
>> -								  node, order);
>> +		page = alloc_frozen_pages_nolock(__GFP_SKIP_KASAN,
>> +						 node, order);
>>  	else if (node == NUMA_NO_NODE)
>>  		page = alloc_frozen_pages(flags, order);
>>  	else
>