Merge tag 'slab-for-6.9-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab

void kfree_sensitive(const void *objp);

size_t __ksize(const void *objp);

DEFINE_FREE(kfree, void *, if (_T) kfree(_T))

DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T))

/**

 * ksize - Report actual allocation size of associated object

extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags)

		      __realloc_size(3);

extern void kvfree(const void *addr);

DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T))

DEFINE_FREE(kvfree, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T))

extern void kvfree_sensitive(const void *addr, size_t len);

	*(freeptr_t *)freeptr_addr = freelist_ptr_encode(s, fp, freeptr_addr);

}

/*

 * See comment in calculate_sizes().

 */

static inline bool freeptr_outside_object(struct kmem_cache *s)

{

	return s->offset >= s->inuse;

}

/*

 * Return offset of the end of info block which is inuse + free pointer if

 * not overlapping with object.

 */

static inline unsigned int get_info_end(struct kmem_cache *s)

{

	if (freeptr_outside_object(s))

		return s->inuse + sizeof(void *);

	else

		return s->inuse;

}

/* Loop over all objects in a slab */

#define for_each_object(__p, __s, __addr, __objects) \

	for (__p = fixup_red_left(__s, __addr); \

	metadata_access_disable();

}

/*

 * See comment in calculate_sizes().

 */

static inline bool freeptr_outside_object(struct kmem_cache *s)

{

	return s->offset >= s->inuse;

}

/*

 * Return offset of the end of info block which is inuse + free pointer if

 * not overlapping with object.

 */

static inline unsigned int get_info_end(struct kmem_cache *s)

{

	if (freeptr_outside_object(s))

		return s->inuse + sizeof(void *);

	else

		return s->inuse;

}

static struct track *get_track(struct kmem_cache *s, void *object,

	enum track_item alloc)

{

	 *

	 * The initialization memset's clear the object and the metadata,

	 * but don't touch the SLAB redzone.

	 *

	 * The object's freepointer is also avoided if stored outside the

	 * object.

	 */

	if (unlikely(init)) {

		int rsize;

		unsigned int inuse;

		inuse = get_info_end(s);

		if (!kasan_has_integrated_init())

			memset(kasan_reset_tag(x), 0, s->object_size);

		rsize = (s->flags & SLAB_RED_ZONE) ? s->red_left_pad : 0;

		memset((char *)kasan_reset_tag(x) + s->inuse, 0,

		       s->size - s->inuse - rsize);

		memset((char *)kasan_reset_tag(x) + inuse, 0,

		       s->size - inuse - rsize);

	}

	/* KASAN might put x into memory quarantine, delaying its reuse. */

	return !kasan_slab_free(s, x, init);

static __always_inline void maybe_wipe_obj_freeptr(struct kmem_cache *s,

						   void *obj)

{

	if (unlikely(slab_want_init_on_free(s)) && obj)

	if (unlikely(slab_want_init_on_free(s)) && obj &&

	    !freeptr_outside_object(s))

		memset((void *)((char *)kasan_reset_tag(obj) + s->offset),

			0, sizeof(void *));

}