Commit 959f018f authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'slab-for-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab 

Pull slab fixes from Vlastimil Babka:

 - Fixes for two bugs that can be triggered when debugging options are
   enabled (Hao Ge, Vlastimil Babka)

* tag 'slab-for-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab:
  slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL
  slab: fix clearing freelist in free_deferred_objects()
parents f406055c 86f54f9b

mm/slub.c

+12 −4
Original line number Diff line number Diff line
@@ -2170,8 +2170,15 @@ static inline void free_slab_obj_exts(struct slab *slab) 
	struct slabobj_ext *obj_exts;



	obj_exts = slab_obj_exts(slab);

	if (!obj_exts)

	if (!obj_exts) {

		/*

		 * If obj_exts allocation failed, slab->obj_exts is set to

		 * OBJEXTS_ALLOC_FAIL. In this case, we end up here and should

		 * clear the flag.

		 */

		slab->obj_exts = 0;

		return;

	}



	/*

	 * obj_exts was created with __GFP_NO_OBJ_EXT flag, therefore its
@@ -6443,15 +6450,16 @@ static void free_deferred_objects(struct irq_work *work) 
		slab = virt_to_slab(x);

		s = slab->slab_cache;



		/* Point 'x' back to the beginning of allocated object */

		x -= s->offset;



		/*

		 * We used freepointer in 'x' to link 'x' into df->objects.

		 * Clear it to NULL to avoid false positive detection

		 * of "Freepointer corruption".

		 */

		*(void **)x = NULL;

		set_freepointer(s, x, NULL);



		/* Point 'x' back to the beginning of allocated object */

		x -= s->offset;

		__slab_free(s, slab, x, x, 1, _THIS_IP_);

	}