Commit fa5c82f4 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

slab.h: disable completely broken overflow handling in flex allocations 

Commit 69050f8d ("treewide: Replace kmalloc with kmalloc_obj for
non-scalar types") started using the new allocation helpers, and in the
process showed that they were completely non-working.

The overflow logic in overflows_flex_counter_type() is completely the
wrong way around, and that broke __alloc_flex() completely.  By chance,
the resulting code was then such a mess that clang generated
sufficiently garbage code that objtool warned about it all.  Which made
it somewhat quicker to narrow things down.

While fixing overflows_flex_counter_type() would presumably fix this
all, I'm excising the whole broken overflow logic from __alloc_flex(),
because we don't want that kind of code in basic allocation functions
anyway.

That (no longer) broken overflows_flex_counter_type() thing needs to be
inserted into the actual __set_flex_counter() logic in the unlikely case
that we ever want this at all.  And made conditional.

Fixes: 81cee916 ("compiler_types: Introduce __flex_counter() and family")
Fixes: 69050f8d ("treewide: Replace kmalloc with kmalloc_obj for non-scalar types")
Cc: Kees Cook <kees@kernel.org>
Link: https://lore.kernel.org/all/CAHk-=whEd020BYzGTzYrENjD9Z5_82xx6h8HsQvH5xDSnv0=Hw@mail.gmail.com/


Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 8934827d

include/linux/overflow.h

+1 −1
Original line number Diff line number Diff line
@@ -570,7 +570,7 @@ static inline size_t __must_check size_sub(size_t minuend, size_t subtrahend) 
 * @FAM is not annotated with __counted_by(), always returns true.

 */

#define overflows_flex_counter_type(TYPE, FAM, COUNT)		\

	(!overflows_type(COUNT, typeof_flex_counter(((TYPE *)NULL)->FAM)))

	(overflows_type(COUNT, typeof_flex_counter(((TYPE *)NULL)->FAM)))



/**

 * __set_flex_counter() - Set the counter associated with the given flexible

include/linux/slab.h

+1 −5
Original line number Diff line number Diff line
@@ -1003,11 +1003,7 @@ void *kmalloc_nolock_noprof(size_t size, gfp_t gfp_flags, int node); 
({									\

	const size_t __count = (COUNT);					\

	const size_t __obj_size = struct_size_t(TYPE, FAM, __count);	\

	TYPE *__obj_ptr;						\

	if (WARN_ON_ONCE(overflows_flex_counter_type(TYPE, FAM,	__count))) \

		__obj_ptr = NULL;					\

	else								\

		__obj_ptr = KMALLOC(__obj_size, GFP);			\

	TYPE *__obj_ptr = KMALLOC(__obj_size, GFP);			\

	if (__obj_ptr)							\

		__set_flex_counter(__obj_ptr->FAM, __count);		\

	__obj_ptr;							\