On Fri, Jul 03, 2026 at 03:55:52PM +0100, Catalin Marinas wrote:
> > I understand we want to detect any change in any of these per cpu field and
> > catch it independent of the CPU. I am inclined toward that.
> >
> > --- a/mm/kmemleak.c
> > +++ b/mm/kmemleak.c
> > @@ -1409,8 +1409,9 @@ static bool update_checksum(struct
> > kmemleak_object *object)
> > object->checksum = 0;
> > for_each_possible_cpu(cpu) {
> > void *ptr = per_cpu_ptr((void __percpu
> > *)object->pointer, cpu);
> > + u32 seed = object->checksum + cpu;
> >
> > - object->checksum ^= crc32(0,
> > kasan_reset_tag((void *)ptr), object->size);
> > + object->checksum ^= crc32(seed,
> > kasan_reset_tag((void *)ptr), object->size);
>
> Yeah, the xor wasn't a great idea. What about initialising the checksum
> value on object allocation to ~0 (for the two-scans idea) and for
> per-cpu, just build the crc on top of the previous crc, something like:
>
> diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> index 7c7ba17ce7af..e196f53f9b46 100644
> --- a/mm/kmemleak.c
> +++ b/mm/kmemleak.c
> @@ -687,7 +687,7 @@ static struct kmemleak_object *__alloc_object(gfp_t gfp)
> atomic_set(&object->use_count, 1);
> object->excess_ref = 0;
> object->count = 0; /* white color initially */
> - object->checksum = 0;
> + object->checksum = ~0;
> object->del_state = 0;
>
> /* task information */
> @@ -981,7 +981,7 @@ static void reset_checksum(unsigned long ptr)
> }
>
> raw_spin_lock_irqsave(&object->lock, flags);
> - object->checksum = 0;
> + object->checksum = ~0;
> raw_spin_unlock_irqrestore(&object->lock, flags);
> put_object(object);
> }
> @@ -1410,7 +1410,8 @@ static bool update_checksum(struct kmemleak_object
> *object)
> for_each_possible_cpu(cpu) {
> void *ptr = per_cpu_ptr((void __percpu
> *)object->pointer, cpu);
>
> - object->checksum ^= crc32(0, kasan_reset_tag((void
> *)ptr), object->size);
> + object->checksum = crc32(object->checksum,
> + kasan_reset_tag((void *)ptr),
> object->size);
> }
> } else {
> object->checksum = crc32(0, kasan_reset_tag((void
> *)object->pointer), object->size);
Ack, this seems more robust and easier to follow than my approach,
thanks for your insight here.
I will spin this "fix" separated (CCing stable), and send a v2 for this
selftest with priming enabled.
Thanks for your suggestion,
--breno