From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DAC59C433EF
	for <linux-mm@archiver.kernel.org>; Fri, 10 Dec 2021 10:45:03 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0F4A56B0071; Fri, 10 Dec 2021 05:44:53 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 07ED76B0072; Fri, 10 Dec 2021 05:44:53 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E60536B0074; Fri, 10 Dec 2021 05:44:52 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0123.hostedemail.com [216.40.44.123])
	by kanga.kvack.org (Postfix) with ESMTP id D2E656B0071
	for <linux-mm@kvack.org>; Fri, 10 Dec 2021 05:44:52 -0500 (EST)
Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 95AD0181AF5EA
	for <linux-mm@kvack.org>; Fri, 10 Dec 2021 10:44:42 +0000 (UTC)
X-FDA: 78901551204.18.6E08ABB
Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176])
	by imf05.hostedemail.com (Postfix) with ESMTP id 323AF100007
	for <linux-mm@kvack.org>; Fri, 10 Dec 2021 10:44:42 +0000 (UTC)
Received: by mail-pg1-f176.google.com with SMTP id m24so7699682pgn.7
        for <linux-mm@kvack.org>; Fri, 10 Dec 2021 02:44:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=0U8OtES5xOj4rqgnd2vdl4trSth3+050XfcObSQBQ58=;
        b=KdTmk3w7bmfzFk7lnwFxJUX4SzMf3YcvWLIvC/3KqTNvA5BCm0daDjN3XEP6tgr7fb
         qJjxeZl124cLQYufEByAOcgi0jlWmxl6OcxSZnUb5tFw8GjHStsxjMSpDJDLBosZlvcn
         k5ccAPIPdlLcRdBsMTP24plm4wRRaz6KbMps78pA97TBZZORbaNq03FkbgfYh7pxintc
         sBQ/WeMhcxm2X+ePjadP7N0yvevNjQ3RLL2SI4gPkls80c+gzF0VgYk7+K3bmTMjjUHY
         wIK4ChK9Lnu4OO611jbVCsnDVx0Ua41VaJ9bTccQej13+aiQFv41U8rB0k2zbi+Wvtr7
         h8Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=0U8OtES5xOj4rqgnd2vdl4trSth3+050XfcObSQBQ58=;
        b=RwIlaWBeqeeZfwoXhYgHOl9C2MtKLIBT1wqTodRozsweG6u046EGeCz4WE4rasDiQv
         u3XVgzCFgwnIVuLtaRsxzZ9l+MPgUBKr5MvwpTl9krpNAmKm05gjIBB/g8HOTHJW5m2H
         V13cdqmWJ39blPgWyM7r5KISHJPmTo7vi++/Tw+96MrShaTHwMQ0eDuo7jKiM/u9jPxz
         Kk9oUXbz6Ac6xneyeGyoZkURNCVm43ghzO+qpnMlAUGl3eFOCjtgQt7/vBZRJe3d+ycq
         PbiX0RcbZxr7jI1dvkyU3DbcD+a8xFqxPgtl2V9xN5t01cYMsS/XBwrsrUCygBxZLk1N
         IOGw==
X-Gm-Message-State: AOAM530Zqr9gfBg8Uujcmq5tE+Aqdy9yPPCOxmhWSx5Hp/tIEPo5fHrp
	jLVYhRiithq5kbg2fzB6HbQ=
X-Google-Smtp-Source: ABdhPJyll9nMQuRPwgwMd9dUKhLY1En8Eimub3NMYDOH6MCdrfAGbhcNGJjptNiCGNdOecDZaxA/Xw==
X-Received: by 2002:a63:6987:: with SMTP id e129mr38676747pgc.520.1639133081071;
        Fri, 10 Dec 2021 02:44:41 -0800 (PST)
Received: from odroid ([114.29.23.242])
        by smtp.gmail.com with ESMTPSA id 16sm2264896pgu.93.2021.12.10.02.44.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 10 Dec 2021 02:44:40 -0800 (PST)
Date: Fri, 10 Dec 2021 10:44:35 +0000
From: Hyeonggon Yoo <42.hyeyoo@gmail.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Matthew Wilcox <willy@infradead.org>, Christoph Lameter <cl@linux.com>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Pekka Enberg <penberg@kernel.org>, linux-mm@kvack.org,
	Andrew Morton <akpm@linux-foundation.org>, patches@lists.linux.dev
Subject: Re: [PATCH v2 24/33] mm/slob: Convert SLOB to use struct slab
Message-ID: <20211210104435.GA632117@odroid>
References: <20211201181510.18784-1-vbabka@suse.cz>
 <20211201181510.18784-25-vbabka@suse.cz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20211201181510.18784-25-vbabka@suse.cz>
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: 323AF100007
X-Stat-Signature: 85e6zpies8awijtygxq17hi6uga8j3ai
Authentication-Results: imf05.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=KdTmk3w7;
	spf=pass (imf05.hostedemail.com: domain of 42.hyeyoo@gmail.com designates 209.85.215.176 as permitted sender) smtp.mailfrom=42.hyeyoo@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-HE-Tag: 1639133082-545712
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Dec 01, 2021 at 07:15:01PM +0100, Vlastimil Babka wrote:
> From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
> 
> Use struct slab throughout the slob allocator.
> 
> [ vbabka@suse.cz: don't introduce wrappers for PageSlobFree in mm/slab.h just
>   for the single callers being wrappers in mm/slob.c ]
> 
> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
> Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
> ---
>  mm/slob.c | 34 +++++++++++++++++-----------------
>  1 file changed, 17 insertions(+), 17 deletions(-)
> 
> diff --git a/mm/slob.c b/mm/slob.c
> index d2d15e7f191c..d3512bcc3141 100644
> --- a/mm/slob.c
> +++ b/mm/slob.c

...

>  		/* Enough room on this page? */
> @@ -358,8 +358,8 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node,
>  		b = slob_new_pages(gfp & ~__GFP_ZERO, 0, node);
>  		if (!b)
>  			return NULL;
> -		sp = virt_to_page(b);
> -		__SetPageSlab(sp);
> +		sp = virt_to_slab(b);
> +		__SetPageSlab(slab_page(sp));

Hello Vlastimil.

I've tested this patch on my machine and it causes NULL pointer dereference.
that's because virt_to_slab returns NULL if folio_test_slab is false.
and __SetPageSlab is called with sp = NULL.

diff below fixed bug.

diff --git a/mm/slob.c b/mm/slob.c
index d3512bcc3141..cf669f03440f 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -358,8 +358,8 @@ static void *slob_alloc(size_t size, gfp_t gfp, int a
lign, int node,
                b = slob_new_pages(gfp & ~__GFP_ZERO, 0, node);
                if (!b)
                        return NULL;
+               __SetPageSlab(virt_to_page(b));
                sp = virt_to_slab(b);
-               __SetPageSlab(slab_page(sp));

                spin_lock_irqsave(&slob_lock, flags);
                sp->units = SLOB_UNITS(PAGE_SIZE);
 
 Thanks,
 Hyeonggon.

>  
>  		spin_lock_irqsave(&slob_lock, flags);
>  		sp->units = SLOB_UNITS(PAGE_SIZE);
> @@ -381,7 +381,7 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node,
>   */
>  static void slob_free(void *block, int size)
>  {
> -	struct page *sp;
> +	struct slab *sp;
>  	slob_t *prev, *next, *b = (slob_t *)block;
>  	slobidx_t units;
>  	unsigned long flags;
> @@ -391,7 +391,7 @@ static void slob_free(void *block, int size)
>  		return;
>  	BUG_ON(!size);
>  
> -	sp = virt_to_page(block);
> +	sp = virt_to_slab(block);
>  	units = SLOB_UNITS(size);
>  
>  	spin_lock_irqsave(&slob_lock, flags);
> @@ -401,8 +401,8 @@ static void slob_free(void *block, int size)
>  		if (slob_page_free(sp))
>  			clear_slob_page_free(sp);
>  		spin_unlock_irqrestore(&slob_lock, flags);
> -		__ClearPageSlab(sp);
> -		page_mapcount_reset(sp);
> +		__ClearPageSlab(slab_page(sp));
> +		page_mapcount_reset(slab_page(sp));
>  		slob_free_pages(b, 0);
>  		return;
>  	}
> -- 
> 2.33.1
> 
>