[PATCH 0/4] mm/slub: preserve previous object lifetime

[Pengpeng Hou]

SLAB_STORE_USER currently stores one allocation track and one free track
for an object.  Once the object is reused, the next allocation overwrites
the allocation track.  If a stale pointer from the previous lifetime is
later freed or otherwise reported, the report can show the victim
allocation and the stale operation while the previous completed lifetime
has already been lost.

This series keeps one previous completed lifetime in the existing
SLAB_STORE_USER metadata and prints it when available.  It is intended as
diagnostic information for reuse cases only; it does not infer semantic
ownership or identify the root cause of a use-after-free.

This is the non-RFC version of the earlier RFC.  Based on the feedback,
this version does not add a separate slab_debug=H option.  If a user
enables U, the user tracking metadata records the current allocation/free
tracks and one previous completed allocation/free pair.

Changes since RFC:
- extend the existing U option directly instead of adding H/UH
- add KUnit coverage for the previous-lifetime state transition
- document the extra report lines and the diagnostic-only semantics

Pengpeng Hou (4):
  mm/slub: factor user tracking metadata size calculation
  mm/slub: preserve previous object lifetime in user tracking
  mm/slub: test previous lifetime tracking
  Documentation/mm: document SLUB previous lifetime tracking

 Documentation/admin-guide/mm/slab.rst |  12 ++-
 lib/tests/slub_kunit.c                |  33 +++++++++
 mm/slab.h                             |  10 +++
 mm/slub.c                             | 102 +++++++++++++++++++++-----
 4 files changed, 136 insertions(+), 21 deletions(-)

-- 
2.43.0