Re: [PATCH] slab: replace cache_from_obj() with inline checks

[Hao Li]

On Tue, Jan 20, 2026 at 01:55:09PM +0100, Vlastimil Babka wrote:
> On 1/20/26 12:57, Hao Li wrote:
> 
> >> @@ -6774,11 +6770,21 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
> >>   */
> >>  void kmem_cache_free(struct kmem_cache *s, void *x)
> >>  {
> >> -	s = cache_from_obj(s, x);
> >> -	if (!s)
> >> -		return;
> >> +	struct slab *slab;
> >> +
> >> +	slab = virt_to_slab(x);
> >> +
> >> +	if (IS_ENABLED(CONFIG_SLAB_FREELIST_HARDENED) ||
> >> +	    kmem_cache_debug_flags(s, SLAB_CONSISTENCY_CHECKS)) {
> >> +
> >> +		if (unlikely(!slab || (slab->slab_cache != s))) {
> >> +			warn_free_bad_obj(s, x);
> > 
> > Just to make sure I'm understanding correctly, are we intentionally not
> > releasing the object x in this case? Thanks.
> 
> Yes, it means something went wrong so it's better not to do anything.

Got it, that makes sense - thanks!

> That was true before this patch as well.

I'm still not entirely sure I follow. I read the original code, and it seems
like it retrieved the real cache from the object and released the object into
that correct cache. Did I misunderstand something?

-- 
Thanks,
Hao

> 
> >> +			return;
> >> +		}
> >> +	}
> >> +
> >>  	trace_kmem_cache_free(_RET_IP_, x, s);
> >> -	slab_free(s, virt_to_slab(x), x, _RET_IP_);
> >> +	slab_free(s, slab, x, _RET_IP_);
> >>  }
> >>  EXPORT_SYMBOL(kmem_cache_free);
> >>  
> >> @@ -7305,7 +7311,7 @@ int build_detached_freelist(struct kmem_cache *s, size_t size,
> >>  		df->s = slab->slab_cache;
> >>  	} else {
> >>  		df->slab = slab;
> >> -		df->s = cache_from_obj(s, object); /* Support for memcg */
> >> +		df->s = s;
> >>  	}
> >>  
> >>  	/* Start new detached freelist */
> >> 
> >> ---
> >> base-commit: 0f61b1860cc3f52aef9036d7235ed1f017632193
> >> change-id: 20260120-b4-remove_cache_from_obj-190fcaf16789
> >> 
> >> Best regards,
> >> -- 
> >> Vlastimil Babka <vbabka@xxxxxxx>
> >> 
>