Re: [PATCH v2 01/16] mm/slab: do not limit zeroing to orig_size when only red zoning is enabled

Next message: Ming Qian(OSS): "Re: [PATCH RFC 1/2] media: docs: Clarify V4L2_FMT_FLAG_DYN_RESOLUTION usage"
Previous message: Runyu Xiao: "[PATCH net] netfilter: nft_synproxy: stop bypassing the priv-&gt;info snapshot"
In reply to: Vlastimil Babka (SUSE): "[PATCH v2 01/16] mm/slab: do not limit zeroing to orig_size when only red zoning is enabled"
Next in thread: Hao Li: "Re: [PATCH v2 01/16] mm/slab: do not limit zeroing to orig_size when only red zoning is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Harry Yoo

Date: Thu Jun 11 2026 - 00:28:37 EST

On 6/11/26 12:40 AM, Vlastimil Babka (SUSE) wrote:
> When init (zeroing) on allocation is requested, for kmalloc() we
> generally have to zero the full object size even if a smaller size is
> requested, in order to provide krealloc()'s __GFP_ZERO guarantees.
>
> But if we track the requested size, krealloc() uses that information to
> do the right thing. With red zoning also enabled, any unused size
> became part of the red zone, so it must not be zeroed.
>
> However the check is imprecise, and will trigger also when only
> SLAB_RED_ZONE is enabled without SLAB_STORE_USER. This means enabling
> red zoning alone can compromise krealloc()'s __GFP_ZERO contract.
>
> Fix this by using slub_debug_orig_size() instead, which is the exact
> check for whether the requested size is tracked. We don't need to care
> if red zoning is also enabled or not. Also update and expand the
> comment accordingly.
>
> Fixes: 9ce67395f5a0 ("mm/slub: only zero requested size of buffer for kzalloc when debug enabled")
> Cc: <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Vlastimil Babka (SUSE) <vbabka@xxxxxxxxxx>
> ---

Reviewed-by: Harry Yoo (Oracle) <harry@xxxxxxxxxx>

--
Cheers,
Harry / Hyeonggon

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature