From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3FED4C25B4F for ; Mon, 6 May 2024 14:59:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CC7316B0092; Mon, 6 May 2024 10:59:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C50316B0093; Mon, 6 May 2024 10:59:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AF0986B0095; Mon, 6 May 2024 10:59:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 8D1716B0092 for ; Mon, 6 May 2024 10:59:17 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id AB611C0B65 for ; Mon, 6 May 2024 14:59:16 +0000 (UTC) X-FDA: 82088279112.29.01773D8 Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by imf14.hostedemail.com (Postfix) with ESMTP id C2EC810001B for ; Mon, 6 May 2024 14:59:13 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=de21+nYo; spf=pass (imf14.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.176 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715007553; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IunX6IRuqcgUzJVC/f5W6bbijjjJpOpS2R20SUSIYXo=; b=Rl1Z03+doqm2bMmgsMVY0mSCBrD4Mau4WU5BMJInbTgHwcMTpIFee6tIuush+vwHO4vAZ0 b0+djbLE7qNvx+Y6uz1Rm+9Qx6tCLZlk8u1G5h7Un/nPGNGCkHhNFbtS/FOeFjqB8OhjZi cBzxKfVaUXxyTJhU8xv/FeHdlh98MCo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715007553; a=rsa-sha256; cv=none; b=h73hp9J3Xh3SyGGtjpEqFsMHqSwq0Pc8ZERs/uSRfIMCLFO0bfl8wB6aLEpkY7X2k836cZ yB5x/Chimb7NcWmrv+FqM9tQWSrDrExejIb0lqhVA5KI2p/476ZMwwsRGY3eVEI0mjUCUt rJAbVJh232Qt09WE6pH8XSoR516Co2k= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=de21+nYo; spf=pass (imf14.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.176 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-6f4496af4cdso1587245b3a.0 for ; Mon, 06 May 2024 07:59:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1715007552; x=1715612352; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=IunX6IRuqcgUzJVC/f5W6bbijjjJpOpS2R20SUSIYXo=; b=de21+nYo9ALm+Rdhx5pT6MA6SLHAma2SslecPR94/k9/WF3jAlVTFaFYNP+QWMdfGn si27GpqbnOiCu5g18MUTHQTxnRb3PFvtfR06IqXmezmExqF4edASJ2Sv7VI1n1ZeA1BA 6Xsd3lWIjXMwhWuPPCAlRSlFgvf1r5X0CJbwY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715007552; x=1715612352; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=IunX6IRuqcgUzJVC/f5W6bbijjjJpOpS2R20SUSIYXo=; b=b0rMjl67Pcdj9ey77urOZ4xtA+L3oiZuMa/S1Yvrhg47F3wBhpVB8zRVL465CzvRU9 Khs6CPMUxEV4u7Up9DQj3k/g31dSq4pG2Vf89iDAIe3UoUgU4vu1EgktlEMlZxqrVAHC OO6bup+CNqXIwKn0vKd18q7WEXBRHb08MofXb2YqDg1UdG3gI8YevYE4smKUhfR8kxsU +wPRnamT4cs3GUcD2IvBVX0b8kk4eNzEzP1imFyAa06ovYosbGRsSEigji4C2MuayqiB iHyCudpKAVFyA//8GXhJAEDX1Qrq6cs4WLmqGl86RIdGgLC04PgYgCAWAh70baBraLns +xWw== X-Forwarded-Encrypted: i=1; AJvYcCWUgc+vC/lWrXh9kALqhB25HGwPn5Q3UzPfIb3kkuPiUbiQWVJy34WopXfLgfN68tBN6RDKhkgIgFUoMM7mCMyyRqs= X-Gm-Message-State: AOJu0YyuZaBsRAq6JbjYfeflG0wPluvkp1DGayxk9WLCYxp5lh7D2LYx yyTMRM967jq+rV3OUtnNVoJvLEK2o28gUD38gLPGP8P+HTsHjh6KfDZ8P+F2Yg== X-Google-Smtp-Source: AGHT+IGTrUq92ztvkp/luk79tG6ey2G6nGljGdwae1LfiYZHjJkJWBHTJ0ECyHaD/8YNa+BlzfdREg== X-Received: by 2002:a05:6a21:3943:b0:1af:a451:52ab with SMTP id ac3-20020a056a21394300b001afa45152abmr4783770pzc.48.1715007552476; Mon, 06 May 2024 07:59:12 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id le8-20020a056a004fc800b006f475027095sm2584859pfb.167.2024.05.06.07.59.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 May 2024 07:59:12 -0700 (PDT) Date: Mon, 6 May 2024 07:59:11 -0700 From: Kees Cook To: Oscar Salvador Cc: Andrew Morton , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Michal Hocko , Vlastimil Babka , Marco Elver , Andrey Konovalov , Alexander Potapenko , Alexandre Ghiti , syzbot+41bbfdb8d41003d12c0f@syzkaller.appspotmail.com Subject: Re: [PATCH v4 2/4] mm,page_owner: Fix refcount imbalance Message-ID: <202405060754.4405F8402F@keescook> References: <20240404070702.2744-1-osalvador@suse.de> <20240404070702.2744-3-osalvador@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240404070702.2744-3-osalvador@suse.de> X-Rspam-User: X-Stat-Signature: ax54y73r1b9879yancykpdi8phywe3by X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: C2EC810001B X-HE-Tag: 1715007553-999840 X-HE-Meta: U2FsdGVkX187GoS9NzIwCeA/CZuCu3I5iuY0ZxCQlJaSxB3eFmgm5SJ98fZYQeDwI5n6Q380UQIUIlMZXAUy55pbwTqvo9ZiXkcvw+WAYYbf+1mg18rfGHw+tsSZ2l4nFV90MiU99K7sisybBCG8rrK+HABo+LZR/OCaeGNlp4b87wBtcVEh3IE2CD7dPmzP2Ou65aMeTES5LUC5PCpKuzhSIZI7G3mvJ3wXRS2aT7vmQPxKl4VRsdKzh95hdXplhQYRn2jiRgBVeRsTMFHuiQGkgB1DyLki3XYB79eqdGGa7WM5b3bxM+tfAqrz9CTfS4s2uCC8WDCHZFzdPU9nZnE0k4KY8koI6709aFYgBvbVfEbcknD7zOOU5ol4nUv4Wyhot1uvk2ILq3MHjhjXoyvuz2b9rWF9xbnJeBYivfsPCc2yyVH2mkPgvWeNvyasISQy/zo/kQgW8kdCwZApI/Rms9kbF4jh9dkF0mgDp1RfLzGTe08T3HOSqh0lLcEH9S+iz+o+DZGiPYBWHoS40YJnDZOThjNHzOaTY42o6WwlrK7XdyiQ2CPhjhbA1xC2oZchTyb8RYBBFcnz4TZOJxrvoGDW4aIlpNX6Mx1B9ZJGXYZqn0rT+coWZ1Cjqjw2Xc2hEbD/UNQ3IMFAtYfYAw5nVQHd6ZQz2+88+Pbb111CV3F3tXrg+ak9RfIVGzGr/Gu1XVE1amdzUdwTEi7iOjcNwhwZtSnXyqA0G9fi01CQ8QAtCInWFgGfASswxWqt9AVsWa7/M9nl3aJ5HcRtCj67Z8p9XH//xRRko5ZJ0ZzWiS0x84BqBeHd6Qccz3NSvsfFCQ+xh727rzQihZlJsFkwFeTTnnrvTEQOAO23h7nSJZ06JHH3ElGwJkntKQvASLTZPP6XLoeQ1BLWGdDHSrs9ebUuTyd5rSyhpu45H6ZEKHarUqWLEBVZSu+W0fJUZKceOWMevMDZfYmQx9D 95Z+Yg2i 5BEagaCDKQCOY8xUG2pY/MpFO5fW7h1UPUJaBSq54ss7hl42wj8YJw5BC40p8wanZ+JxVRy6sqna5OdC0HJhCPQO10ecwGfIeaSLz/z0Ed2DiP6Sgfl4brRpe9IBdRC0xUEx4MctdNAWmpdvy1b2l4HcJLmdcOWEqntHNvrwo+TFnZF4GQPjE6PFfE9RaMi6txW/efcun50YuEGpeM7t7N0/buJWLLhsF9QNCnra4UZrEKhDZOEDW93QCAH485pGSD0FJQmTSx6Xn33UBRAuiGYQxthWyrHv7AzCpfw7rvtCS+9DJ2b+z7KRXi2abbakuJmb5mZAwRNLnynIZncnMZCSwD6+cBxBJJqce/IDpRJg49/3Zj0cdoc+l/oidxir+ti4x0e/uxK8wW+i0c0Qe6Cv/q1gpLFQUCsXIUF3hwpFhna3QQc4n/dq2vfa+6zlfgCsCaSDJ8FiZ63vDyOEvER8qeXFPBs0gssq2A0BcdjRrW7KA/sPk4iVl7jZniq99oQznXjD7zjgckTCLVIbq6AK/O9O1vxaMI1q80e2fYfkzkhx+gDBRpB4JDKLG1xOG877U3DpgdyizCnQ/6y8/SzKsL541QZEA/Oj+gn/crmhqq0yKJrUqTUR14BrCaOxdpOprAM8t9eUpEsmtBkhwwiy+aA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Apr 04, 2024 at 09:07:00AM +0200, Oscar Salvador wrote: > Current code does not contemplate scenarios were an allocation and > free operation on the same pages do not handle it in the same amount > at once. > To give an example, page_alloc_exact(), where we will allocate a page > of enough order to stafisfy the size request, but we will free the > remainings right away. > > In the above example, we will increment the stack_record refcount > only once, but we will decrease it the same number of times as number > of unused pages we have to free. > This will lead to a warning because of refcount imbalance. > > Fix this by recording the number of base pages in the refcount field. > > Reported-by: syzbot+41bbfdb8d41003d12c0f@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/linux-mm/00000000000090e8ff0613eda0e5@google.com > Fixes: 217b2119b9e2 ("mm,page_owner: implement the tracking of the stacks count") Does this also fix this? https://lore.kernel.org/all/202405061514.23fedba1-oliver.sang@intel.com/ This is a report of the backtrace changing, but the warning was pre-existing. > [...] > -static void dec_stack_record_count(depot_stack_handle_t handle) > +static void dec_stack_record_count(depot_stack_handle_t handle, > + int nr_base_pages) > { > struct stack_record *stack_record = __stack_depot_get_stack_record(handle); > > - if (stack_record) > - refcount_dec(&stack_record->count); > + if (!stack_record) > + return; > + > + if (refcount_sub_and_test(nr_base_pages, &stack_record->count)) > + pr_warn("%s: refcount went to 0 for %u handle\n", __func__, > + handle); This pr_warn() isn't needed: refcount will very loudly say the same thing. :) -- Kees Cook