From: Dmitry Vyukov <dvyu...@google.com>
Slub does not call kmalloc_slab() for sizes > KMALLOC_MAX_CACHE_SIZE,
instead it falls back to kmalloc_large().
For slab KMALLOC_MAX_CACHE_SIZE == KMALLOC_MAX_SIZE and it calls
kmalloc_slab() for all allocations relying on NULL return value
for over-sized allocations.
This inconsistency leads to unwanted warnings from kmalloc_slab()
for over-sized allocations for slab. Returning NULL for failed
allocations is the expected behavior.
Make slub and slab code consistent by checking size >
KMALLOC_MAX_CACHE_SIZE in slab before calling kmalloc_slab().
While we are here also fix the check in kmalloc_slab().
We should check against KMALLOC_MAX_CACHE_SIZE rather than
KMALLOC_MAX_SIZE. It all kinda worked because for slab the
constants are the same, and slub always checks the size against
KMALLOC_MAX_CACHE_SIZE before kmalloc_slab().
But if we get there with size > KMALLOC_MAX_CACHE_SIZE anyhow
bad things will happen. For example, in case of a newly introduced
bug in slub code.
Also move the check in kmalloc_slab() from function entry
to the size > 192 case. This partially compensates for the additional
check in slab code and makes slub code a bit faster
(at least theoretically).
Also drop __GFP_NOWARN in the warning check.
This warning means a bug in slab code itself,
user-passed flags have nothing to do with it.
Nothing of this affects slob.
Signed-off-by: Dmitry Vyukov <dvyu...@google.com>
Cc: Christoph Lameter <c...@linux.com>
Cc: Pekka Enberg <penb...@kernel.org>
Cc: David Rientjes <rient...@google.com>
Cc: Joonsoo Kim <iamjoonsoo....@lge.com>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: linux...@kvack.org
Cc: linux-kernel@vger.kernel.org
Reported-by: syzbot+87829a10073277282...@syzkaller.appspotmail.com
Reported-by: syzbot+ef4e8fc3a06e9019b...@syzkaller.appspotmail.com
Reported-by: syzbot+6e438f4036df52cbb...@syzkaller.appspotmail.com
Reported-by: syzbot+8574471d8734457d9...@syzkaller.appspotmail.com
Reported-by: syzbot+af1504df0807a083d...@syzkaller.appspotmail.com
---
Changes since v1:
- everything has changed, re-review
---
mm/slab.c | 4 ++++
mm/slab_common.c | 12 ++++++------
2 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/mm/slab.c b/mm/slab.c
index 9515798f37b2d..2a5654bb3b3ff 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -3675,6 +3675,8 @@ __do_kmalloc_node(size_t size, gfp_t flags, int node,
unsigned long caller)
struct kmem_cache *cachep;
void *ret;
+ if (unlikely(size > KMALLOC_MAX_CACHE_SIZE))
+ return NULL;
cachep = kmalloc_slab(size, flags);
if (unlikely(ZERO_OR_NULL_PTR(cachep)))
return cachep;
@@ -3710,6 +3712,8 @@ static __always_inline void *__do_kmalloc(size_t size,
gfp_t flags,
struct kmem_cache *cachep;
void *ret;
+ if (unlikely(size > KMALLOC_MAX_CACHE_SIZE))
+ return NULL;
cachep = kmalloc_slab(size, flags);
if (unlikely(ZERO_OR_NULL_PTR(cachep)))
return cachep;
diff --git a/mm/slab_common.c b/mm/slab_common.c
index 1f903589980f9..7eb8dc136c1cb 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -1023,18 +1023,18 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t
flags)
{
unsigned int index;
- if (unlikely(size > KMALLOC_MAX_SIZE)) {
- WARN_ON_ONCE(!(flags & __GFP_NOWARN));
- return NULL;
- }
-
if (size <= 192) {
if (!size)
return ZERO_SIZE_PTR;
index = size_index[size_index_elem(size)];
- } else
+ } else {
+ if (unlikely(size > KMALLOC_MAX_CACHE_SIZE)) {
+ WARN_ON(1);
+ return NULL;
+ }
index = fls(size - 1);
+ }
return kmalloc_caches[kmalloc_type(flags)][index];
}
--
2.19.0.605.g01d371f741-goog
