mm/slub: remove redundant kasan_reset_tag() from freelist_ptr calculations

tehcaster · tehcaster · commit b06952cdbc7f · 2023-07-14T09:52:37.000+02:00
Commit d36a63a ("kasan, slub: fix more conflicts with CONFIG_SLAB_FREELIST_HARDENED") has introduced kasan_reset_tags() to freelist_ptr() encoding/decoding when CONFIG_SLAB_FREELIST_HARDENED is enabled to resolve issues when passing tagged or untagged pointers inconsistently would lead to incorrect calculations. Later, commit aa1ef4d ("kasan, mm: reset tags when accessing metadata") made sure all pointers have tags reset regardless of CONFIG_SLAB_FREELIST_HARDENED, because there was no other way to access the freepointer metadata safely with hw tag-based KASAN. Therefore the kasan_reset_tag() usage in freelist_ptr_encode()/decode() is now redundant, as all callers use kasan_reset_tag() unconditionally when constructing ptr_addr. Remove the redundant calls and simplify the code and remove obsolete comments. Also in freelist_ptr_encode() introduce an 'encoded' variable to make the lines shorter and make it similar to the _decode() one. Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Acked-by: Kees Cook <keescook@chromium.org>
diff --git a/mm/slub.c b/mm/slub.c
@@ -374,22 +374,14 @@ typedef struct { unsigned long v; } freeptr_t;
 static inline freeptr_t freelist_ptr_encode(const struct kmem_cache *s,
 					    void *ptr, unsigned long ptr_addr)
 {
+	unsigned long encoded;
+
 #ifdef CONFIG_SLAB_FREELIST_HARDENED
-	/*
-	 * When CONFIG_KASAN_SW/HW_TAGS is enabled, ptr_addr might be tagged.
-	 * Normally, this doesn't cause any issues, as both set_freepointer()
-	 * and get_freepointer() are called with a pointer with the same tag.
-	 * However, there are some issues with CONFIG_SLUB_DEBUG code. For
-	 * example, when __free_slub() iterates over objects in a cache, it
-	 * passes untagged pointers to check_object(). check_object() in turns
-	 * calls get_freepointer() with an untagged pointer, which causes the
-	 * freepointer to be restored incorrectly.
-	 */
-	return (freeptr_t){.v = (unsigned long)ptr ^ s->random ^
-			swab((unsigned long)kasan_reset_tag((void *)ptr_addr))};
+	encoded = (unsigned long)ptr ^ s->random ^ swab(ptr_addr);
 #else
-	return (freeptr_t){.v = (unsigned long)ptr};
+	encoded = (unsigned long)ptr;
 #endif
+	return (freeptr_t){.v = encoded};
 }
 
 static inline void *freelist_ptr_decode(const struct kmem_cache *s,
@@ -398,9 +390,7 @@ static inline void *freelist_ptr_decode(const struct kmem_cache *s,
 	void *decoded;
 
 #ifdef CONFIG_SLAB_FREELIST_HARDENED
-	/* See the comment in freelist_ptr_encode */
-	decoded = (void *)(ptr.v ^ s->random ^
-		swab((unsigned long)kasan_reset_tag((void *)ptr_addr)));
+	decoded = (void *)(ptr.v ^ s->random ^ swab(ptr_addr));
 #else
 	decoded = (void *)ptr.v;
 #endif
