From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3163EC54E41 for ; Wed, 6 Mar 2024 21:46:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BB6346B0083; Wed, 6 Mar 2024 16:46:04 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B65C06B0089; Wed, 6 Mar 2024 16:46:04 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A54A76B008A; Wed, 6 Mar 2024 16:46:04 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 950316B0083 for ; Wed, 6 Mar 2024 16:46:04 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 57723C086E for ; Wed, 6 Mar 2024 21:46:04 +0000 (UTC) X-FDA: 81867947448.07.28DBC9A Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf14.hostedemail.com (Postfix) with ESMTP id 4DC7810000E for ; Wed, 6 Mar 2024 21:46:01 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=Z5RzWAiv; dmarc=none; spf=pass (imf14.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1709761562; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uhsEDrm49UfgMHzawL3k1jLTtu8tgOY6LDpaAMHtHYA=; b=wmUlpE4SVTYdKl5kFpoX9uhxviOauQmC/bK9JRLVqgfAQlNLTZT27AbZntHh9ka3MG7tU7 BvVLEQQDIrqwvK3bCMVNmq+I88oNHSvuwJR/FYJ7TszjKEUzFvSBZuEDaQbwhOL7NG5HZt u0symkgEaWqX8TLtD0RcMErCa+MRHXE= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=Z5RzWAiv; dmarc=none; spf=pass (imf14.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709761562; a=rsa-sha256; cv=none; b=sWCAV7jPXWdYk0grdYPk/ZlFo0/nMWxgij12IedJTklQsb3Ba4284ZV+JkRwPJnZQiCAEJ yf0tea/MEeGKuI9RoocA37cNVu+MbUn3sMYYRL7hdY/QCnvI7izAhfp0dRUqzyz/NsGhKU DrVq9g7CASOkamU4AGyrrkS8rtzeIl0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 30AFBCE221B; Wed, 6 Mar 2024 21:45:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1EA4C433C7; Wed, 6 Mar 2024 21:45:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1709761558; bh=vBQCLMrINPHoLrXL2GqrhG4eI9tUR23QhfUqun5vSqs=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=Z5RzWAivMykYg0gU1u5LMZ03vAU3hmBZCVlMnHuFL52vVx+KG3paWaHhxW65qRayJ j14c2qzrIGo5HLdr4k/YMYaFYFzHU6gtWhRCrbYcGfqf49bx0DY4yE6fHiXWbIqwRr 1VP/vz+oFg2kKPmgtun67qP3rL8WGHLvZCAoB+UI= Date: Wed, 6 Mar 2024 13:45:57 -0800 From: Andrew Morton To: "Matthew Wilcox (Oracle)" Cc: linux-mm@kvack.org, "Borah, Chaitanya Kumar" Subject: Re: [PATCH] mm: Fix list corruption in put_pages_list Message-Id: <20240306134557.e14fad1abdf7a537e5d287d5@linux-foundation.org> In-Reply-To: <20240306212749.1823380-1-willy@infradead.org> References: <20240306212749.1823380-1-willy@infradead.org> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4DC7810000E X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: mzbtsi73b9i5x5xdmr7cy7tjf4cf498z X-HE-Tag: 1709761561-203 X-HE-Meta: U2FsdGVkX1++CsLACpo0s22j17lgXF2Lx5nhCuAsOcXG/XuLSQgB1aqJPejOwiNfW9FU8nXXMOdbWDCICGJYTeqM0569xyKIt+b8qvkTkR0bxt7nXUb4vBflqKzFSpkwa/hah6hwRMeveqolKcB60RN9Ncuwg1XGJ25FGxgivCxXbxUuczWG1Z3hkHc66+7LXuyEcbRV66IK3rF6KrZzH3cHar/XJEw/e47zq6G4TjV/LMoM+GvDNkw2NDi/4niExpUinZVHT5PhXZuTLFHDUSdA7BmEr1icu6Y8kh/CWGHVJvIcXMQnsw0cD34/TespxkUJMLtJ154w362M8FHKG6rRsBmajdxLLDpdISMpr9uPtvWrsKhzZTAYQBx/HPNJJ/L9c1H1ZjZ9Pkj9cE+XP/8d4plt1Z/+XVI443GXXn/GQS/NzA/haSEog8hG+kXmndSqc8wc130PR1i65ofYyGWNwIzhP07rivqsKSbynG7lG+xrYTMHP7UBf4p/qTKdBSVC96Ldw9vByA/yOp3QMeXY970wXtv7gn1LpF9JXs/c3HbLEtP9ryDMuhMHtLrWsvSW4eyzcpAIRrUFBWe1xu4DJFL3bi/3zorOjw8cAuERilpDLvfGrvrZzecHbAKtKqJbn2Wba9ihxBApekVh/OmKWztIe3KqPWWwhgX5WHgRgG7JLA4jA9V4CiKTzR98VRzWQkyW3gmGKQjZHvv4oFTwDqSmbQytksBD4/OHVYfExdxTjPL9apsKF8sB7Kp9uxHQKahZP78wQp/rejyS9T/gAK9Mx+jCiInxt5olbOtJlizVgOm7Ec7vdLzAimlfisLl8fb+lK6QulZm4kKrntRBmZ74rvYkLPN77T9ybFFcrokrI5GD+4WTTxo6aLZ0tjXyyXnhEzGnNHEESXj02ttqJTMI71EFJu5tSErYYF2K7/7bFj0NA29R53VoofBPUtFhaTaef6HlstOF/KD PR1pMcjU wkJY9 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 6 Mar 2024 21:27:30 +0000 "Matthew Wilcox (Oracle)" wrote: > My recent change to put_pages_list() dereferences folio->lru.next after > returning the folio to the page allocator. Usually this is now on the > pcp list with other free folios, so we try to free an already-free > folio. This only happens with lists that have more than 15 entries, so > it wasn't immediately discovered. Revert to using list_for_each_safe() > so we dereference lru.next before disposing of the folio. > > Reported-by: "Borah, Chaitanya Kumar" I'm unable to find the bug report on linux-mm. Help please? > Fixes: 24835f899c01 (mm: use free_unref_folios() in put_pages_list()) > Signed-off-by: Matthew Wilcox (Oracle) > --- > mm/swap.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mm/swap.c b/mm/swap.c > index a910af21ba68..1d4b7713605d 100644 > --- a/mm/swap.c > +++ b/mm/swap.c > @@ -139,10 +139,10 @@ EXPORT_SYMBOL(__folio_put); > void put_pages_list(struct list_head *pages) > { > struct folio_batch fbatch; > - struct folio *folio; > + struct folio *folio, *next; > > folio_batch_init(&fbatch); > - list_for_each_entry(folio, pages, lru) { > + list_for_each_entry_safe(folio, next, pages, lru) { > if (!folio_put_testzero(folio)) > continue; > if (folio_test_hugetlb(folio)) { > -- > 2.43.0