On Fri, Jul 03, 2026 at 03:55:52PM +0100, Catalin Marinas wrote:
> > I understand we want to detect any change in any of these per cpu field and
> > catch it independent of the CPU. I am inclined toward that.
> > 
> >     --- a/mm/kmemleak.c
> >     +++ b/mm/kmemleak.c
> >     @@ -1409,8 +1409,9 @@ static bool update_checksum(struct 
> > kmemleak_object *object)
> >                     object->checksum = 0;
> >                     for_each_possible_cpu(cpu) {
> >                             void *ptr = per_cpu_ptr((void __percpu 
> > *)object->pointer, cpu);
> >     +                       u32 seed = object->checksum + cpu;
> > 
> >     -                       object->checksum ^= crc32(0, 
> > kasan_reset_tag((void *)ptr), object->size);
> >     +                       object->checksum ^= crc32(seed, 
> > kasan_reset_tag((void *)ptr), object->size);
> 
> Yeah, the xor wasn't a great idea. What about initialising the checksum
> value on object allocation to ~0 (for the two-scans idea) and for
> per-cpu, just build the crc on top of the previous crc, something like:
> 
> diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> index 7c7ba17ce7af..e196f53f9b46 100644
> --- a/mm/kmemleak.c
> +++ b/mm/kmemleak.c
> @@ -687,7 +687,7 @@ static struct kmemleak_object *__alloc_object(gfp_t gfp)
>       atomic_set(&object->use_count, 1);
>       object->excess_ref = 0;
>       object->count = 0;                      /* white color initially */
> -     object->checksum = 0;
> +     object->checksum = ~0;
>       object->del_state = 0;
>  
>       /* task information */
> @@ -981,7 +981,7 @@ static void reset_checksum(unsigned long ptr)
>       }
>  
>       raw_spin_lock_irqsave(&object->lock, flags);
> -     object->checksum = 0;
> +     object->checksum = ~0;
>       raw_spin_unlock_irqrestore(&object->lock, flags);
>       put_object(object);
>  }
> @@ -1410,7 +1410,8 @@ static bool update_checksum(struct kmemleak_object 
> *object)
>               for_each_possible_cpu(cpu) {
>                       void *ptr = per_cpu_ptr((void __percpu 
> *)object->pointer, cpu);
>  
> -                     object->checksum ^= crc32(0, kasan_reset_tag((void 
> *)ptr), object->size);
> +                     object->checksum = crc32(object->checksum,
> +                                              kasan_reset_tag((void *)ptr), 
> object->size);
>               }
>       } else {
>               object->checksum = crc32(0, kasan_reset_tag((void 
> *)object->pointer), object->size);

Ack, this seems more robust and easier to follow than my approach,
thanks for your insight here.

I will spin this "fix" separated (CCing stable), and send a v2 for this
selftest with priming enabled.

Thanks for your suggestion,
--breno

Reply via email to