From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE85EC5478C for ; Fri, 23 Feb 2024 04:58:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65ADC6B0089; Thu, 22 Feb 2024 23:58:53 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 609F76B008A; Thu, 22 Feb 2024 23:58:53 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4AAD06B008C; Thu, 22 Feb 2024 23:58:53 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 396DD6B0089 for ; Thu, 22 Feb 2024 23:58:53 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 0BD1BA0ECF for ; Fri, 23 Feb 2024 04:58:53 +0000 (UTC) X-FDA: 81821863746.08.5652EA4 Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com [209.85.167.178]) by imf15.hostedemail.com (Postfix) with ESMTP id 2D47DA000C for ; Fri, 23 Feb 2024 04:58:51 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=GOTQvZqZ; spf=pass (imf15.hostedemail.com: domain of senozhatsky@chromium.org designates 209.85.167.178 as permitted sender) smtp.mailfrom=senozhatsky@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708664331; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0Y5oHXS7hzxeBc3vy+q2jGv2jNguvT+Eq8pnZfSskI4=; b=4EkyhPF1dhexeFPHHGZ72ZGpYki+1PRk4rVCsiNQC6XMRsk04Ml8Hl8gYIKmZ0roaf0Ufp f8teRV79suLJeq06z5khb4XhMIR6Hx/i/LM7kKqePVioZT5UKtonO37RhzoNIRiBsFV3Dt o7Ale90GN3vQdOq4YaJE8NIms9bSB3I= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708664331; a=rsa-sha256; cv=none; b=B7xfk39J8hsLYyoNL8mjcxJfgwShwFdqzNP9OdXQHjDHzuMf6AUvu3DWaMsYLvKiaXehU8 +3+0FY+fwSA7py+4vCY0B1LXTxJtsLd/xmYx+lT/4SCnbA8x8BcaZLbp5y7Yif7gJH1UT0 U3/aWL44nFWYpA5Fg8tbTB0q8g89wmc= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=GOTQvZqZ; spf=pass (imf15.hostedemail.com: domain of senozhatsky@chromium.org designates 209.85.167.178 as permitted sender) smtp.mailfrom=senozhatsky@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-oi1-f178.google.com with SMTP id 5614622812f47-3c1404d05bfso359426b6e.3 for ; Thu, 22 Feb 2024 20:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1708664330; x=1709269130; darn=kvack.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=0Y5oHXS7hzxeBc3vy+q2jGv2jNguvT+Eq8pnZfSskI4=; b=GOTQvZqZYgngZwoCi6AspM1Kp7cstGp69EInH+8fR1R8FpiFguU+EtaDUVmIJco2CO hW+QLD+8d6YGm26EGW+zpTmkCKKfUmzqoOIcHqnzmXXvzvRpSJXfICIfoD3u6fYB/JXV +8lRCf8HUymdGxEX7C9DMeLQvoe6QKRTkE9HY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708664330; x=1709269130; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0Y5oHXS7hzxeBc3vy+q2jGv2jNguvT+Eq8pnZfSskI4=; b=rkrlF+Xm46kKvVHDVKmlzVD+dFxCJkay+1UsrcEGE+n6RH5C1jeQ2Jq1MbdkOaoNKq 648HBTk7za768HMWHuEe6D5Js9hR1YLmCrczmZw7GGs/j1nytnC9WN0zbZLSLQWJvImy LxQbyOxc8DnCRKQZo14QKaxk7V/yVDXJtSgXrn/r2pU+OM1ccUxCjdy2hhcNQCdIxm6U 53sD3x0/YBiunivCSqAnUu5kLP79vZZy7OLjIH4S3KQqwrlO9hrwjhZPahYQW9SlXBqe Bxdky5fBhMtOiWLDGDI20E49pYbWHv4kLvSbR5xmNltMNV62XRdV6WMW+yEwVR0oVDoa LP9Q== X-Forwarded-Encrypted: i=1; AJvYcCVusRVPWd3ynJXia3u40wmW3Qnro1gTHOS0Adq1/4Or2Zzq7nnA3iJvNiogBe6sDZcdXhPthsjLHJ/o6Yf0SU8ZdeA= X-Gm-Message-State: AOJu0YxtJt5Nfj3LNHSFhia/OIJZ4e324c3yPlupttDxjlvISkN9H8z4 Qvhb033WDyyFuPKsnuOCuvrFwlb6OUvPy45iomXt0WNTFAgWbTUKJmMvTSuaBQ== X-Google-Smtp-Source: AGHT+IHJKeMQ3VslkggX5iSO0kShgjERUcuNmI/V5dyG8Fd6wbdxlkhw67UUyaGha0ID4ycsu5Jq5A== X-Received: by 2002:a05:6808:38cf:b0:3bf:e37a:9250 with SMTP id el15-20020a05680838cf00b003bfe37a9250mr1154583oib.18.1708664330261; Thu, 22 Feb 2024 20:58:50 -0800 (PST) Received: from google.com ([2401:fa00:8f:203:b194:4f71:568a:eeb0]) by smtp.gmail.com with ESMTPSA id u9-20020a62ed09000000b006e469a6ca72sm8562682pfh.15.2024.02.22.20.58.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 20:58:49 -0800 (PST) Date: Fri, 23 Feb 2024 13:58:45 +0900 From: Sergey Senozhatsky To: Sergey Senozhatsky Cc: Yosry Ahmed , Tetsuo Handa , Johannes Weiner , Nhat Pham , Minchan Kim , linux-mm Subject: Re: [mm/page_alloc or mm/vmscan or mm/zswap] use-after-free in obj_malloc() Message-ID: <20240223045845.GN11472@google.com> References: <20240223044808.GK11472@google.com> <20240223045639.GM11472@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20240223045639.GM11472@google.com> X-Rspamd-Queue-Id: 2D47DA000C X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: onkured43gqnwwtuiyyomr5gpyw8rn4x X-HE-Tag: 1708664331-373588 X-HE-Meta: U2FsdGVkX1+jRJ8ndWn6CQ5Nm00N8hXfrIhZ8RUTAwwjFoCZjMJj5U/3+IZWF2MwkJHpXF/nBq9xxNLc4yEzgL9ZKUB56D8rJfk2JjWaZ8lyXyDXctZGa1GJ/Ge+eW9Rryu7C3YFQ3TRBOZPiD/AJanxKRdAMahafX2Qs3DYnCiAXqN2X2/jiD1JkfsZfZV80SR969pIU4jxZSBwRL2nx6Fkk6821KAMv5A9Ql4FYcnGjlw4JLMTTaVLiuY0Tf8tZFlB3hBNTeCONXIxDo23goxx7Y6qo+VJ+Iay/AHABrWYUEiGHcQW7tilbtlwkZiRT8N0yGnCg6qV7SxC/v1qVHmiFq5FVne+8ncbw7Fk9aeXK8fdtKckyUIvwORnIfI3Hr5yhS4i1zoqinK88PJ7GWU+WzLZwU/xutUnzUI75P7vrie+VdleFH9u5RsZTaowEyKKQbkUGKDWMPM2s+C1BnUbJx+Tu98njAv6EPHdYShLLUdCQZ7TCxcfZmiNQRKr2GRDi24HGM6/DMdLfO2dJ6w6JROq6CpEWR7BlaIN8c2bK0x7KEqPIdGdrBHzPHv1m6jmnkdjjvv1QQeEyHL9Iyug08XA5s6Vt8CYyZ4h0jAOyVaS7suQRVHYR3gS/LiTU0d/rVuRuQV6fU3TJN69IKmf0xOpE38PClmlmEQGWE1Asxix6BuzwI2uMsbLgry9HLaNM9A5OvzqgJH6l4kJFeQwf8fZ/x71n8cwYSFCXL5pB6GljpHmaByENgo967ggy/7LBlc8GoF9u0p8mNcCcJ34hXClDV9XModZtSYNHm5FvYTWbYUX/AQgtYCyhgA5H1+Fovd6u9uT0+ttt9ahOYCBs6a4QVHDuY6nqheQDikttX5BaP++BUWuv7PAKjmdiYKAtHjmPOdS/ccTul8KuquTfHn96/DvoPgJXpxyogfSblQZha/xVA8+zajZykZX1vz4cYVIwxfF1kiltNB nGjrE5jO c9LlQZ+H+WwFqJQCiDC/MLgvEa9xO8780ZgoLsBDBf3HcuMT4Nmv68k3QbePavcoY1vGXVY9DhPXBqLERszUHtKpQllTUVVvzhTkgC8CC/ayiyv4mB48MzTTs04t5koThLbl6vhugaetQ7DcATsuTsSm1KoTHLLmy13c3UQtlu+a4sBDTFye21jT/AaBuunjpRlQTw5KOAmQ/tkLJgeow+t/2wPQTXJ6XqfV0OjYgs25rrhX9ETqSgImKYzw4GREbl+u1QJm4DzPTkrl3JL32/YliZiKqEKMjduQCwr67UVg+ZFXL0Voxocd84om86t/J9z68sSM+ocqkhSK2r+rDKNjwoqyPLcJ0d3RsbjwUJgiDzgmn9PWPAtytEewCXYsnTCzIlekI07Y/kKh9etF3yEg6sX08yocn190XO/ogBhUQ1rYt8Hu7LHFn6ffRATL1jzS89X3HAdXNasqU0r083QFKd0oGL2LSCCzkvYMksyzPQwqeoC9ZqBO0PrBvBGq5mvSh94mEsnpQpFYk0hKNn1EEuFB3C6R7s4L7m+sm0PS+ApPGZkit2UAdxl59s4IUBPnsg/WBkaLECR5sCLxkxavWyEyaz0qQr0FO X-Bogosity: Ham, tests=bogofilter, spamicity=0.000160, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On (24/02/23 13:56), Sergey Senozhatsky wrote: > On (24/02/22 20:50), Yosry Ahmed wrote: > > On Thu, Feb 22, 2024 at 8:48 PM Sergey Senozhatsky > > wrote: > > > > > > On (24/02/22 18:27), Yosry Ahmed wrote: > > > > I also don't see any recent changes in mm/zsmalloc.c that modify this > > > > code, so maybe it wasn't introduce in 6.7. I will defer to Minchan and > > > > Sergey, I don't think zswap is an active actor in this bug report. > > > > > > Yeah. [1] are the only recent zsmalloc patches I can recall, and those > > > patches touch zsmalloc locking (zspages migration/compaction). > > > > > > https://lore.kernel.org/lkml/20240219-b4-szmalloc-migrate-v1-0-34cd49c6545b@bytedance.com/ > > > > These are not in 6.8.0-rc5 anyway, right? > > I see them in next-20240223, which seems to be 6.8-rc6 (according to ^ -rc5 But they look more or less correct to me, so I'm not blaming those patches. We should be protected by pool->look. Bisection would help us a lot, I think.