From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
To: Vlastimil Babka <vbabka@suse.cz>,
Andrew Morton <akpm@linux-foundation.org>
Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>,
Christoph Lameter <cl@gentwo.org>,
David Rientjes <rientjes@google.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Harry Yoo <harry.yoo@oracle.com>,
linux-mm@kvack.org
Subject: [PATCH 18/22] usercopy: Remove folio references from check_heap_object()
Date: Fri, 29 Aug 2025 16:47:22 +0100 [thread overview]
Message-ID: <20250829154728.3397606-19-willy@infradead.org> (raw)
In-Reply-To: <20250829154728.3397606-1-willy@infradead.org>
Because the pointer being checked may not lie within the first PAGE_SIZE
bytes of the object, we have to mark all pages as being LargeKmalloc.
We could use virt_to_head_page() instead, but that would pessimize
slab objects. Once we move to memdescs properly, we'll tag each page
as being LargeKmalloc anyway, so this is more in keeping with how code
will be written in the future.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
---
mm/slub.c | 8 ++++++--
mm/usercopy.c | 21 ++++++++++++---------
2 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index 8ab2d329664b..8226d2d9ff21 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -5287,10 +5287,12 @@ static void *___kmalloc_large_node(size_t size, gfp_t flags, int node)
page = __alloc_frozen_pages_noprof(flags, order, node, NULL);
if (page) {
+ unsigned long i;
ptr = page_address(page);
mod_lruvec_page_state(page, NR_SLAB_UNRECLAIMABLE_B,
PAGE_SIZE << order);
- __SetPageLargeKmalloc(page);
+ for (i = 0; i < 1UL << order; i++)
+ __SetPageLargeKmalloc(page + i);
}
ptr = kasan_kmalloc_large(ptr, size, flags);
@@ -6198,6 +6200,7 @@ EXPORT_SYMBOL(kmem_cache_free);
static void free_large_kmalloc(struct page *page, void *object)
{
unsigned int order = compound_order(page);
+ unsigned long i;
if (WARN_ON_ONCE(order == 0))
pr_warn_once("object pointer: 0x%p\n", object);
@@ -6208,7 +6211,8 @@ static void free_large_kmalloc(struct page *page, void *object)
mod_lruvec_page_state(page, NR_SLAB_UNRECLAIMABLE_B,
-(PAGE_SIZE << order));
- __ClearPageLargeKmalloc(page);
+ for (i = 0; i < 1UL << order; i++)
+ __ClearPageLargeKmalloc(page + i);
free_frozen_pages(page, order);
}
diff --git a/mm/usercopy.c b/mm/usercopy.c
index dbdcc43964fb..8d21635147a4 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -164,7 +164,7 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
{
unsigned long addr = (unsigned long)ptr;
unsigned long offset;
- struct folio *folio;
+ struct page *page;
if (is_kmap_addr(ptr)) {
offset = offset_in_page(ptr);
@@ -189,15 +189,18 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
if (!virt_addr_valid(ptr))
return;
- folio = virt_to_folio(ptr);
-
- if (folio_test_slab(folio)) {
+ page = virt_to_page(ptr);
+ if (PageLargeKmalloc(page)) {
+ page = compound_head(page);
+ offset = ptr - page_address(page);
+ if (n > page_size(page) - offset)
+ usercopy_abort("kmalloc", NULL, to_user, offset, n);
+ return;
+ } else {
+ struct slab *slab = page_slab(page);
/* Check slab allocator for flags and size. */
- __check_heap_object(ptr, n, folio_slab(folio), to_user);
- } else if (folio_test_large(folio)) {
- offset = ptr - folio_address(folio);
- if (n > folio_size(folio) - offset)
- usercopy_abort("page alloc", NULL, to_user, offset, n);
+ if (slab)
+ __check_heap_object(ptr, n, slab, to_user);
}
}
--
2.47.2
next prev parent reply other threads:[~2025-08-29 15:47 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-29 15:47 [PATCH 00/22] Prepare slab for memdescs Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 01/22] slab: Remove unnecessary test from alloc_debug_processing() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 02/22] slab: Remove unnecessary test from alloc_single_from_partial() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 03/22] slab: Remove dead code in check_slab() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 04/22] slab: Remove dead code in free_consistency_checks() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 05/22] mm: Constify compound_order() and page_size() Matthew Wilcox (Oracle)
2025-08-29 20:42 ` Zi Yan
2025-08-29 22:53 ` Matthew Wilcox
2025-08-31 1:06 ` Zi Yan
2025-09-01 15:45 ` David Hildenbrand
2025-08-29 15:47 ` [PATCH 06/22] slab: Reimplement page_slab() Matthew Wilcox (Oracle)
2025-09-01 15:50 ` David Hildenbrand
2025-08-29 15:47 ` [PATCH 07/22] slab: Remove folio references from __ksize() Matthew Wilcox (Oracle)
2025-09-03 5:23 ` Matthew Wilcox
2025-08-29 15:47 ` [PATCH 08/22] slab: Remove folio references in memcg_slab_post_charge() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 09/22] slab: Remove folio references in slab alloc/free Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 10/22] slab: Remove folio references from ___kmalloc_large_node() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 11/22] slab: Remove folio references from free_large_kmalloc() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 12/22] slab: Remove folio references from kvfree_rcu_cb() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 13/22] slab: Remove folio references from kvfree() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 14/22] slab: Remove folio references from __do_krealloc() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 15/22] slab: Remove folio references from build_detached_freelist() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 16/22] slab: Remove dead code from free_large_kmalloc() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 17/22] slab: Remove folio references from kfree_rcu_sheaf() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` Matthew Wilcox (Oracle) [this message]
2025-08-29 15:47 ` [PATCH 19/22] memcg: Convert mem_cgroup_from_obj_folio() to mem_cgroup_from_obj_slab() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 20/22] kasan: Remove references to folio in __kasan_mempool_poison_object() Matthew Wilcox (Oracle)
2025-09-01 15:47 ` David Hildenbrand
2025-08-29 15:47 ` [PATCH 21/22] slab: Remove references to folios from virt_to_slab() Matthew Wilcox (Oracle)
2025-08-29 15:47 ` [PATCH 22/22] mm: Remove redundant test in validate_page_before_insert() Matthew Wilcox (Oracle)
2025-09-01 15:46 ` David Hildenbrand
2025-08-29 17:05 ` [PATCH 00/22] Prepare slab for memdescs Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250829154728.3397606-19-willy@infradead.org \
--to=willy@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=cl@gentwo.org \
--cc=harry.yoo@oracle.com \
--cc=linux-mm@kvack.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).