Re: [PATCH v2] mm/slub: preserve original size in _kmalloc_nolock_noprof retry path

Next message: &quot;Kai M&#xE4;kisara (Kolumbus)&quot;: "Re: [PATCH v3] scsi: scsi_debug: fix one-partition tape setup bounds"
Previous message: Minda Chen: "[net-next v6 1/3] net: phy: motorcomm: move mdio lock out from yt8531_set_ds()"
In reply to: hu.shengming: "[PATCH v2] mm/slub: preserve original size in _kmalloc_nolock_noprof retry path"
Next in thread: Hao Li: "Re: [PATCH v2] mm/slub: preserve original size in _kmalloc_nolock_noprof retry path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Harry Yoo

Date: Fri Jun 05 2026 - 02:03:10 EST

On 6/4/26 9:27 PM, hu.shengming@xxxxxxxxxx wrote:
> From: Shengming Hu <hu.shengming@xxxxxxxxxx>
>
> _kmalloc_nolock_noprof() retries from the next kmalloc bucket when the
> initial allocation fails. The retry currently reuses `size` as the
> bucket selector and overwrites it with s->object_size + 1.
>
> That value is later passed as the original allocation size to
> __slab_alloc_node(), slab_post_alloc_hook() and kasan_kmalloc(). On a
> successful retry this makes KASAN/slub-debug observe the retry bucket
> selector rather than the caller requested size, potentially widening the
> valid kmalloc range and hiding overflows.
>
> Keep the caller requested size separately as orig_size and pass it to
> the allocation/debug/KASAN paths. Continue using `size` as the retry cache
> selector.
>
> Fixes: af92793e52c3 ("slab: Introduce kmalloc_nolock() and kfree_nolock()")
> Signed-off-by: Shengming Hu <hu.shengming@xxxxxxxxxx>
> ---
> Changes in v2:
> - Use an explicit orig_size variable instead of bucket_size, as suggested
> by Harry and Vlastimil.
> - Link to v1: https://lore.kernel.org/all/20260603211011530GqLSXP_rgcuQdR47IGQLL@xxxxxxxxxx/
>
> ---

Reviewed-by: Harry Yoo (Oracle) <harry@xxxxxxxxxx>

--
Cheers,
Harry / Hyeonggon

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature