From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2895CFB440 for ; Mon, 7 Oct 2024 09:13:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8E4206B00EF; Mon, 7 Oct 2024 05:13:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 894DD6B00F0; Mon, 7 Oct 2024 05:13:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 75B6D6B00F1; Mon, 7 Oct 2024 05:13:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 515736B00EF for ; Mon, 7 Oct 2024 05:13:48 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 02A921A08E0 for ; Mon, 7 Oct 2024 09:13:47 +0000 (UTC) X-FDA: 82646243736.18.AE94F46 Received: from mail-m3289.qiye.163.com (mail-m3289.qiye.163.com [220.197.32.89]) by imf30.hostedemail.com (Postfix) with ESMTP id 9ECC68000E for ; Mon, 7 Oct 2024 09:13:44 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=ucloud.cn header.s=default header.b=CzL9WzLt; spf=pass (imf30.hostedemail.com: domain of yuan.gao@ucloud.cn designates 220.197.32.89 as permitted sender) smtp.mailfrom=yuan.gao@ucloud.cn; dmarc=pass (policy=quarantine) header.from=ucloud.cn ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728292292; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GuEfmkR6uSSIGq2LPxg5NsQYWXV41FAYulYx32Qyh5g=; b=oEuRAiai5PE0igd6pkkR/Hnjw+QaVXAPPr2BbiENPbl+b8BNpz5MeMOsSjlsTHddTqTfeE IsSkTHdkzUrszbnHiTaVGPbNQbrYqpMTVGc6SQ7oHlA4pS60E062s4OJNA6MCX4pZp0vO8 zZtJkcdpIXiezp6rPKGTXQSWK2gH+80= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728292292; a=rsa-sha256; cv=none; b=esoNTfbrtFd0nHusOu9Yb5ItlcQ6Z/VHI7Aq/mpWZX1Z2eg/J4OMG7SDlGgqe7tCsIZr6G IGXfKNlQZyn9dkULBdNtjlLuItCDgiRICCUA0uUksUFGTrxNlNPT+EYtWn3qAoWij0+KNj 9by/2mE+n8K1y5NyhE74jgPccYD3jyw= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=ucloud.cn header.s=default header.b=CzL9WzLt; spf=pass (imf30.hostedemail.com: domain of yuan.gao@ucloud.cn designates 220.197.32.89 as permitted sender) smtp.mailfrom=yuan.gao@ucloud.cn; dmarc=pass (policy=quarantine) header.from=ucloud.cn DKIM-Signature: a=rsa-sha256; b=CzL9WzLt6gXE39cady1xUQWL/R4OOlyiSfVv/VtIAOfhDAnVRIeCDbDw3btAaf4I7HdL4cBzDmYE8/tLDn9D/JTkjwh4fJ514WS0kqQ1Fdn8F5G8xGu7YQgmBLKdz0t5XmiQw1gOzpBcoRqdq5817mO/azKXdkhG1jkH45aAeDQ=; s=default; c=relaxed/relaxed; d=ucloud.cn; v=1; bh=GuEfmkR6uSSIGq2LPxg5NsQYWXV41FAYulYx32Qyh5g=; h=date:mime-version:subject:message-id:from; Received: from localhost.localdomain (unknown [106.75.210.166]) by smtp.qiye.163.com (Hmail) with ESMTPA id 66DA074046A; Mon, 7 Oct 2024 17:12:49 +0800 (CST) From: "yuan.gao" To: 42.hyeyoo@gmail.com Cc: akpm@linux-foundation.org, cl@linux.com, iamjoonsoo.kim@lge.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, penberg@kernel.org, rientjes@google.com, roman.gushchin@linux.dev, vbabka@suse.cz, yuan.gao@ucloud.cn Subject: Re: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Date: Mon, 7 Oct 2024 17:12:43 +0800 Message-ID: <20241007091245.8476-1-yuan.gao@ucloud.cn> X-Mailer: git-send-email 2.43.5 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly tZV1koWUFJQjdXWS1ZQUlXWQ8JGhUIEh9ZQVlCHxhJVkpMGRpNT05JQhgeSlYVFAkWGhdVGRETFh oSFyQUDg9ZV1kYEgtZQVlKS01VTE5VSUpLVUpNTVlXWRYaDxIVHRRZQVlPS0hVSktJT09PSFVKS0 tVSkJLS1kG X-HM-Tid: 0a926640b5b40236kunm66da074046a X-HM-MType: 1 X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Nzo6MDo4GTchAkw*DzodGT8L ERcaCxRVSlVKTElDSUJJSExLSEpMVTMWGhIXVQIOGhVVHBoUOw4YFxQOH1UYFUVZV1kSC1lBWUpL TVVMTlVJSktVSk1NWVdZCAFZQUhDSko3Bg++ X-Rspamd-Queue-Id: 9ECC68000E X-Stat-Signature: o11bsjrc8e8y9eka4quop8p9akda8n8e X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1728292424-989226 X-HE-Meta: U2FsdGVkX1/RHHVN6UKGcdDzURAMzn+8dYfFSmKsRVy6BdHcX1DCjL0g5vVkPW15SRu0MDpJZBWMvleLDW0S/SAQYdqgeUTCnjeWCm8PPWgXReqCqLvGS5TqONUn0akq0PGXL6mvjUIN4644T9CTCFWN/xJdLjOYZQTk41QwznQagIuV1dWEnnof7NQQ3EK1KZPbWJmW3Jdl3NjE+RWf1rhTCD2mhlSEPbScx8QbDeIdJKwsiMxGHePq9TR5jgYW4dMDOrqpjs6hxvam/fkKr2qEI9u09Pt0JafEjqu7+riY21Mu4rQF/DSPAOoiVEpSEQFlTXJpqqtadVxnWV2hodfuC8RwzJGSctLiIUiwzU4QHvp4gKPVE+ZLxMkDZF+N0EgDzWG+4G11HTbfFPmbwnouQd2jq/sVp3LG+gqCbl1HKV6jLsJo1X5NqpYIAn6LKAJ/08ljtY56CTXrlNn91F57cWgndlM3imkq8om5DnhcaGZxBcDe/eJNcFVZnAN5D/vG7AyOU5VU1usp6yh87eEKO2sCbTgpOWV/R4JWaX59RnCv4AJNa2kU48GkwVwhMOtW4x94K9sqCo97iJY0azR9RsE+NgK9s9MDfveDV9z8cv4NvxqVATFEaxRh7RPDvMpb9dVh+uFL9eu+ofRL9/OlkOPMTs66okKFQP4OnHW5b2y98BL04iReIU1SJ0gay0D7i2Pab/HkT6mG/6PTAZJ+UlVcVROsJJyude2sw7iFTNrQ39b8QZ4t0+SMOUDHsykmJse9Ui1OBFxUKMPdvx4oEZfwPT9Bjhu0p8dHyzDcmFZrXHJGGyGTbO3mJsVQQFd3e3sN4JsZra3kJzZP3Pt9rGYZ9tzlkWy1mznCA0pEfONPWZy1CDv6d0Km7KkY+0Qaph8zJT9zIkuXHWvqh8qAC0tr7g9PdMvo+3dL71PsJlNJu8PACPqeOYTqRPJXz4qIHr9K7XiLxS1Jwko ZyvLYQfP aGcwb7ElWMUZpUa1GMgLy6N6tsy/6UT3bp0gdffKcWrI+IhtDM7gARj/0QUvYdnxWHuLLp64YNYRrSitn3gT4M7u/i6pLyEaAYsn60si70frydpupN+JItBWq40ZalTZVU8jgsq5HZY0Sc6A5Sqkh6rRnavDTxSEliAuOo3KoSu5jeYKb29QCdZH3cruktxZf0C95L8K2xP1/ft2GJEpX2yDHyR65OtzfpVhSJhmqs6RIR+JmGp+SZuTq2ZJtALB8f8ZyBUyjtUPpf9BqhbpWIdU/owTMfOLPOnDbL5ZPpm1W8qBG3vtYQzvjvLoJytU0rNdLcyKszjeS+o4VK188x6CENQTWY2vzV7RbsOwPuYqtv7znGyA6spEB6706BCpYU8tMJSZUIjyC6SM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 24/10/06 10:00PM, Hyeonggon Yoo wrote: > On Sun, Oct 6, 2024 at 1:48 PM yuan.gao wrote: > > > > Boot with slub_debug=UFPZ. > > > > If allocated object failed in alloc_consistency_checks, all objects of > > the slab will be marked as used, and then the slab will be removed from > > the partial list. > > > > When an object belonging to the slab got freed later, the remove_full() > > function is called. Because the slab is neither on the partial list nor > > on the full list, it eventually lead to a list corruption. > > Good catch! Thanks for investigating the cause and fixing it. > > > So we need to add the slab to full list in this case. > > While I believe that behavior is not intended by alloc_debug_processing(), > I can't think of a better fix here without adding some complexity. > The approach looks fine to me. > > > --- > > mm/slub.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/mm/slub.c b/mm/slub.c > > index 21f71cb6cc06..a99522b9efc0 100644 > > --- a/mm/slub.c > > +++ b/mm/slub.c > > @@ -2746,6 +2746,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, > > > > if (!alloc_debug_processing(s, slab, object, orig_size)) { > > remove_partial(n, slab); > > + if (slab->inuse == slab->objects) > > + add_full(s, n, slab); > > Shouldn't this be (folio_test_slab(slab_folio(slab))) instead of > (slab->inuse == slab->objects)? > Oh wait. the kernel also should not call remove_partial() for non-slab folios. > > So I think it should be: > > if (!alloc_debug_processing(s, slab, object, orig_size)) { > if (folio_test_slab(slab_folio(slab))) { > remove_partial(n, slab); > add_full(s, n, slab); > } > } Thank you for reminding me of this. I didn't notice the subtle differences here. > By the way, SLUB always messes with struct page fields even when it is > not a slab, > and I think SLUB should avoid modifying those fields before confirming > it is a slab. > (specifically, calling alloc_debug_processing() before updating > ->freelist, ->inuse fields) > > That is beyond the scope of this patch, but do you want to address it > in the next version > of your patch series? > > Cheers, > Hyeonggon > I'm glad to do that, just takes time. Thanks