+ kasan-improve-free-meta-storage-in-generic-kasan-v3.patch added to mm-unstable branch

+ kasan-improve-free-meta-storage-in-generic-kasan-v3.patch added to mm-unstable branch

[Andrew Morton]

The patch titled
     Subject: kasan: Improve free meta storage in Generic KASAN
has been added to the -mm mm-unstable branch.  Its filename is
     kasan-improve-free-meta-storage-in-generic-kasan-v3.patch

This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/kasan-improve-free-meta-storage-in-generic-kasan-v3.patch

This patch will later appear in the mm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days

------------------------------------------------------
From: Juntong Deng <juntong.deng@outlook.com>
Subject: kasan: Improve free meta storage in Generic KASAN
Date: Wed, 22 Nov 2023 18:46:31 +0000

When SLUB DEBUG is enabled, the previous free meta storage method
continues to be used.  Cancel the change to kasan_metadata_size().

Make kasan_metadata_size() adapt to the improved free meta storage

Link: https://lkml.kernel.org/r/VI1P193MB0752675D6E0A2D16CE656F8299BAA@VI1P193MB0752.EURP193.PROD.OUTLOOK.COM
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Juntong Deng <juntong.deng@outlook.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/kasan/generic.c |   23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

--- a/mm/kasan/generic.c~kasan-improve-free-meta-storage-in-generic-kasan-v3
+++ a/mm/kasan/generic.c
@@ -407,19 +407,28 @@ void kasan_cache_create(struct kmem_cach
 	 *    be touched after it was freed, or
 	 * 2. Object has a constructor, which means it's expected to
 	 *    retain its content until the next allocation, or
+	 * 3. Object is too small and SLUB DEBUG is enabled. Avoid
+	 *    free meta that exceeds the object size corrupts the
+	 *    SLUB DEBUG metadata.
 	 * Otherwise cache->kasan_info.free_meta_offset = 0 is implied.
-	 * Even if the object is smaller than free meta, it is still
-	 * possible to store part of the free meta in the object.
+	 * If the object is smaller than the free meta and SLUB DEBUG
+	 * is not enabled, it is still possible to store part of the
+	 * free meta in the object.
 	 */
 	if ((cache->flags & SLAB_TYPESAFE_BY_RCU) || cache->ctor) {
 		cache->kasan_info.free_meta_offset = *size;
 		*size += sizeof(struct kasan_free_meta);
 	} else if (cache->object_size < sizeof(struct kasan_free_meta)) {
-		rem_free_meta_size = sizeof(struct kasan_free_meta) -
-								cache->object_size;
-		*size += rem_free_meta_size;
-		if (cache->kasan_info.alloc_meta_offset != 0)
-			cache->kasan_info.alloc_meta_offset += rem_free_meta_size;
+		if (__slub_debug_enabled()) {
+			cache->kasan_info.free_meta_offset = *size;
+			*size += sizeof(struct kasan_free_meta);
+		} else {
+			rem_free_meta_size = sizeof(struct kasan_free_meta) -
+									cache->object_size;
+			*size += rem_free_meta_size;
+			if (cache->kasan_info.alloc_meta_offset != 0)
+				cache->kasan_info.alloc_meta_offset += rem_free_meta_size;
+		}
 	}
 
 	/* If free meta doesn't fit, don't add it. */
_

Patches currently in -mm which might be from juntong.deng@outlook.com are

kasan-improve-free-meta-storage-in-generic-kasan.patch
kasan-improve-free-meta-storage-in-generic-kasan-v3.patch