Re: [RFC PATCH V3 7/7] mm/slab: place slabobj_ext metadata in unused space within s->size
From: Yeoreum Yun
Date: Thu Oct 30 2025 - 08:42:01 EST
Hi Harry,
> On Wed, Oct 29, 2025 at 07:19:29PM +0100, Andrey Ryabinin wrote:
> >
> >
> > On 10/27/25 1:28 PM, Harry Yoo wrote:
> >
> > > slab->obj_exts |= MEMCG_DATA_OBJEXTS;
> > > slab_set_stride(slab, sizeof(struct slabobj_ext));
> > > + } else if (obj_exts_in_object(s)) {
> > > + unsigned int offset = obj_exts_offset_in_object(s);
> > > +
> > > + slab->obj_exts = (unsigned long)slab_address(slab);
> > > + slab->obj_exts += s->red_left_pad;
> > > + slab->obj_exts += obj_exts_offset_in_object(s);
> > > + if (IS_ENABLED(CONFIG_MEMCG))
> > > + slab->obj_exts |= MEMCG_DATA_OBJEXTS;
> > > + slab_set_stride(slab, s->size);
> > > +
> > > + for_each_object(addr, s, slab_address(slab), slab->objects) {
> > > + kasan_unpoison_range(addr + offset,
> > > + sizeof(struct slabobj_ext));
> >
> > Is this leftover from previous version? Otherwise I don't get why we unpoison this.
>
> Oh god, yes! Thanks for catching. Will fix in the next version.
>
Not only this, there would be possible case for WARN_ON() in the
kasan_unpoison_range() for unaligned address with KASAN_GRANULE_SIZE
when:
- No debug information.
- object size = 24 byte.
- align = 32 bytes.
- sizeof(struct slabobj_ext) = 8 (CONFIG_MEMCG=y && CONFIG_MEM_ALLOC_PROFILING=n)
- using KASAN_HW_TAG (KASAN_GRANULE_SIZE = 16 bytes).
Thanks.
--
Sincerely,
Yeoreum Yun