Skip to content

Commit b653d3a

Browse files
author
Audra Mitchell
committed
slub: Reflow ___slab_alloc()
JIRA: https://issues.redhat.com/browse/RHEL-125520 CVE: CVE-2025-39843 This patch is a backport of the following upstream commit: commit 24c6a09 Author: Chengming Zhou <zhouchengming@bytedance.com> Date: Thu Nov 2 03:23:22 2023 +0000 slub: Reflow ___slab_alloc() The get_partial() interface used in ___slab_alloc() may return a single object in the "kmem_cache_debug(s)" case, in which we will just return the "freelist" object. Move this handling up to prepare for later changes. And the "pfmemalloc_match()" part is not needed for node partial slab, since we already check this in the get_partial_node(). Signed-off-by: Chengming Zhou <zhouchengming@bytedance.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Tested-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Audra Mitchell <audra@redhat.com>
1 parent df37740 commit b653d3a

File tree

1 file changed

+15
-16
lines changed

1 file changed

+15
-16
lines changed

mm/slub.c

Lines changed: 15 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -3514,8 +3514,21 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
35143514
pc.slab = &slab;
35153515
pc.orig_size = orig_size;
35163516
freelist = get_partial(s, node, &pc);
3517-
if (freelist)
3518-
goto check_new_slab;
3517+
if (freelist) {
3518+
if (kmem_cache_debug(s)) {
3519+
/*
3520+
* For debug caches here we had to go through
3521+
* alloc_single_from_partial() so just store the
3522+
* tracking info and return the object.
3523+
*/
3524+
if (s->flags & SLAB_STORE_USER)
3525+
set_track(s, freelist, TRACK_ALLOC, addr);
3526+
3527+
return freelist;
3528+
}
3529+
3530+
goto retry_load_slab;
3531+
}
35193532

35203533
slub_put_cpu_ptr(s->cpu_slab);
35213534
slab = new_slab(s, gfpflags, node);
@@ -3551,20 +3564,6 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
35513564

35523565
inc_slabs_node(s, slab_nid(slab), slab->objects);
35533566

3554-
check_new_slab:
3555-
3556-
if (kmem_cache_debug(s)) {
3557-
/*
3558-
* For debug caches here we had to go through
3559-
* alloc_single_from_partial() so just store the tracking info
3560-
* and return the object
3561-
*/
3562-
if (s->flags & SLAB_STORE_USER)
3563-
set_track(s, freelist, TRACK_ALLOC, addr);
3564-
3565-
return freelist;
3566-
}
3567-
35683567
if (unlikely(!pfmemalloc_match(slab, gfpflags))) {
35693568
/*
35703569
* For !pfmemalloc_match() case we don't load freelist so that

0 commit comments

Comments
 (0)