Re: [PATCH V5 8/8] mm/slab: place slabobj_ext metadata in unused space within s->size

From: Harry Yoo
Date: Thu Jan 08 2026 - 04:21:31 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 2/2] pinctrl: qcom: sa8775p-lpass-lpi: Add SA8775P LPASS pinctrl"
Previous message: Bartosz Golaszewski: "Re: [PATCH] gpio: drop Kconfig dependencies from symbol GPIO_TN48M_CPLD"
In reply to: Hao Li: "Re: [PATCH V5 8/8] mm/slab: place slabobj_ext metadata in unused space within s->size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 07, 2026 at 06:33:52PM +0100, Vlastimil Babka wrote:
> On 1/5/26 09:02, Harry Yoo wrote:
> > diff --git a/mm/slub.c b/mm/slub.c
> > index 50b74324e550..43fdbff9d09b 100644
> > --- a/mm/slub.c
> > +++ b/mm/slub.c
> > @@ -977,6 +977,39 @@ static inline bool obj_exts_in_slab(struct kmem_cache *s, struct slab *slab)
> > {
> > return false;
> > }
> > +
> > +#endif
> > +
> > +#if defined(CONFIG_SLAB_OBJ_EXT) && defined(CONFIG_64BIT)
> > +static bool obj_exts_in_object(struct kmem_cache *s)
> > +{
> > + return s->flags & SLAB_OBJ_EXT_IN_OBJ;
>
> So this is a property of the cache.

Right.

> > @@ -2280,7 +2322,8 @@ static inline void free_slab_obj_exts(struct slab *slab)
> > return;
> > }
> >
> > - if (obj_exts_in_slab(slab->slab_cache, slab)) {
> > + if (obj_exts_in_slab(slab->slab_cache, slab) ||
> > + obj_exts_in_object(slab->slab_cache)) {
>
> Here we check that property to determine if we can return early and not do
> kfree().

Right.

> > @@ -2326,6 +2369,23 @@ static void alloc_slab_obj_exts_early(struct kmem_cache *s, struct slab *slab)
> > obj_exts |= MEMCG_DATA_OBJEXTS;
> > slab->obj_exts = obj_exts;
> > slab_set_stride(slab, sizeof(struct slabobj_ext));
> > + } else if (obj_exts_in_object(s)) {
> > + unsigned int offset = obj_exts_offset_in_object(s);
>
> But we reach this only when need_slab_obj_exts() is true above. So there
> might be slabs from caches where obj_exts_in_object() is true, but still
> have obj_exts allocated by kmalloc, and we leak them in
> free_slab_obj_exts().

Oh god, right!

> (and we perform some incorrect action wherever else
> obj_exts_in_object() is checked) AFAIU?

Yes.

It must check if slabs actually have allocated obj_exts from wasted space...

> So I think we need to check obj_exts_in_slab() (in the simplified way I
> suggested for patch 7/8) first, and only look at obj_exts_in_object()
> afterwards to distinguish the exact layout where needed?
> (i.e. free_slab_obj_exts() is fine to just check obj_exts_in_slab()).

That'll work, will do.

--
Cheers,
Harry / Hyeonggon

Next message: Krzysztof Kozlowski: "Re: [PATCH v2 2/2] pinctrl: qcom: sa8775p-lpass-lpi: Add SA8775P LPASS pinctrl"
Previous message: Bartosz Golaszewski: "Re: [PATCH] gpio: drop Kconfig dependencies from symbol GPIO_TN48M_CPLD"
In reply to: Hao Li: "Re: [PATCH V5 8/8] mm/slab: place slabobj_ext metadata in unused space within s->size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]