From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F176CF258D for ; Sun, 13 Oct 2024 20:46:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C0EF86B0082; Sun, 13 Oct 2024 16:46:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BBF536B0083; Sun, 13 Oct 2024 16:46:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A86756B0085; Sun, 13 Oct 2024 16:46:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8BFB46B0082 for ; Sun, 13 Oct 2024 16:46:18 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 26B0C1C51B0 for ; Sun, 13 Oct 2024 20:46:10 +0000 (UTC) X-FDA: 82669761468.24.61DC1ED Received: from mail-il1-f172.google.com (mail-il1-f172.google.com [209.85.166.172]) by imf28.hostedemail.com (Postfix) with ESMTP id F36E7C0015 for ; Sun, 13 Oct 2024 20:46:10 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=shSvuOXn; spf=pass (imf28.hostedemail.com: domain of rientjes@google.com designates 209.85.166.172 as permitted sender) smtp.mailfrom=rientjes@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728852303; a=rsa-sha256; cv=none; b=3n4B/ooe+A91f7xpXzFRdN3Mq82Jd/cvzVAin72AjUEA4qdNBId4W07Mld5nUoWbX2+nrF Qc+8sMk4OyUAF2jQOxfkV6S51q3Ml91LMEk1acptbali6MTmfuHj47EgzC/nl3FBcprtbd wc8bJZzBviX5Iy09gXut4L3XskfgN7M= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=shSvuOXn; spf=pass (imf28.hostedemail.com: domain of rientjes@google.com designates 209.85.166.172 as permitted sender) smtp.mailfrom=rientjes@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728852303; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hzrPGSF9sPSxB1fjq+78A8m6tr308rxiQmG+priBswo=; b=mDz8DKXoLKXQNlpJEL1UUV8cXpjQr6zt8dh2VVhmdz1TEDyVGuutNWW6B3UQnXDFK7ZaqZ KBtmpxisZeFmYkLA1HSNZASTaxFpwkCha0p1GxQre9LOQtpdvgz4aSwvAw4bwc1af3ND6B Hv5QQphfryZw6glJQSHNBNnsxAyiqwE= Received: by mail-il1-f172.google.com with SMTP id e9e14a558f8ab-3a3b3f4b2afso534345ab.0 for ; Sun, 13 Oct 2024 13:46:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1728852375; x=1729457175; darn=kvack.org; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=hzrPGSF9sPSxB1fjq+78A8m6tr308rxiQmG+priBswo=; b=shSvuOXnOdV3FkQ9AqXxDhLYSPahmBOWhFx3sy/4Szh16doNX76nC9Io77GffiCyz/ 5V7KXWrK7ZTXX9Uh4jy0NHXPFGJLvWMeL5ooeH1xUD79yT8n+AQFyZCJDNAjv85H5PJR O0orhf7wvHu1OSszKKm038Ew4ZGbH3znvEtHSPIuYcLooXmgLPgfNRl812y5Ls1MPi7P +2GpVOEkdTvlXW4Lh569e3yUn7VAviCzDAiKFOrDMU5Fj1ivMLB2pV7WPMnp9qS/cP1Y u2CiB1Del7ATkQ76miLhhnOLdxEf++aA25tBGKaiehnArSi7Gnc9cP67feCmVOwjNBOo qpNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728852375; x=1729457175; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hzrPGSF9sPSxB1fjq+78A8m6tr308rxiQmG+priBswo=; b=hspdoyXOI46eqlBInr3YokfjXqn6MHrrOBz9GRTW1tGYSe80fyW/9WdZqs1aRYl+4+ SR/3y3MKb7w8YizLzFtpCLKbDNxcUXxHffIMgmLxx1WsCyboeO/qSfswqJot9AIDqAM/ ct3qPwyKi9we/06AAig1FL8WFnrZ31lDnrHipC+3qVRwVscLzL4J08b2LG0HudiuPqlO IgLT22/EOjvkExJAUfKPIHYXMIuRE8Qf6GTydvmF9HSBvr/GKnm2D5jjqi6Y8mIOz/ke ZxJbHxfN/WlewAVt9uKmYNtno9iaffPfWCOELbrkRQUY12OH9gxy8GKytG2w6cRAk6Rs XA3A== X-Forwarded-Encrypted: i=1; AJvYcCW8VWQwZIIO89FBI0JkSaX3cIp8mzroxOIWS1q2v1ArAKopHwBRtouwcQuvSypPb6jgRcXhNoVqrg==@kvack.org X-Gm-Message-State: AOJu0YymjOM9ureMg6bPCJ6sL9SvM+BjQNEjmJ+gv4AwDp0x04ncQL4a 1EvHiYl7oXpVDKuL9kRkVMAPOh9nopdA+fD3MAXkTkdNb+LhrX7XqfHtVU3drQ== X-Google-Smtp-Source: AGHT+IEHGQO8HxKY7uuhKGsoLz1zdLwZN2fc1QCZousb1o7sa+WqVyaK5FBaPWGNo3cek8C6TYaC6Q== X-Received: by 2002:a05:6e02:1562:b0:3a3:b07b:6d3 with SMTP id e9e14a558f8ab-3a3bdd3457dmr5846485ab.9.1728852374974; Sun, 13 Oct 2024 13:46:14 -0700 (PDT) Received: from [2620:0:1008:15:278e:7bb9:ac44:ba28] ([2620:0:1008:15:278e:7bb9:ac44:ba28]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-7ea448f9380sm5560091a12.26.2024.10.13.13.46.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Oct 2024 13:46:14 -0700 (PDT) Date: Sun, 13 Oct 2024 13:46:13 -0700 (PDT) From: David Rientjes To: "yuan.gao" cc: "Christoph Lameter (Ampere)" , penberg@kernel.org, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, vbabka@suse.cz, roman.gushchin@linux.dev, 42.hyeyoo@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] mm/slub: Avoid list corruption when removing a slab from the full list In-Reply-To: Message-ID: <572f7473-1781-388b-103e-d4382f58f2f9@google.com> References: <20241011102020.58087-1-yuan.gao@ucloud.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Stat-Signature: i967oxcdnzdj6dio1k7y9ezqp7augw3d X-Rspamd-Queue-Id: F36E7C0015 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1728852370-173856 X-HE-Meta: U2FsdGVkX1+/lxtYIPA5GWjZam5Iz68ve6mSVhtEQlE+j0ucANA6voKg0f9iIExmiF/gLF9rtdNaaug3WvoTGzxMxpBAcAyN1yPn3zbfaZIE1EAHadg7WgdyV2xYRu9sp3e6/QKvIOnhauUYygv3temPAuuT4BnxgeyP6Xo+uKtJxX2ZPckfsDqdzTw92DfQN1bdMB7kyr5/WfzWWMHb4MxT57xpqK5NoI0KzHTJ0OJsuQZ5hzVwp+aHLPYtbaNTrZnsjNNlRXsqj8l+0SuSEITIEF6J2TO3wUd/j+wkRZO9Az/DYn/kgSprhdgJqJusL++hk3t0UgfDPmG0/4Bop/cAedO62z/S12RHDzBh5gBt8qJexFqXfdUCdmCxUf1yj93a+NPnkzw0glYHDjHWMVInrLFfSBUdnb8T5CZ6dpVZfZnXL9GqKxA6hioRZ5C9e2baGZd31uQU/eX/uE+DVKtFv456izv9xGaqWsJfV9gDRHCQyRhxBJmDEYulikTWV/QtqX0CMzQc+8HkbQo+3/JZ586LGHJV5n4cQ66hd0B/VFtcZ4KYimFSoCeYkuic0yOfoJYqrUIUUqb2oIaaLwrJOdY49ywd+Dlggb563eXJIP38XS4wPRE+fH8waoX+9vV6c8DNL5h2PAYu764enMpfCQBZalQ4Gmqfq80WXxvLSqfepBIg6SkODtH69vo3nzTQkdcAgKf5icge1lRenFshQvauo+4DQEx1DmxSlmFHUuCw5u/4S/Y6ydqybu9iXRRa/bsIdRhc9+An4e7AEuQRJJ5WTLIpnfDKJw0+4wh1JN3L2RLVHOPpfGHa40FMGdB58C/4jueQhxH61kQZsSEdrTUFeJtZjpkQO6MLfPD1zDTipfcfOi1Xsf75H9ID8cf0J8AX0xEN3JpXVNeMeBqMjw+EMAUZrtH25AlLmzP8FAW6NeREGnfCqMF9990by8+2a0s0pTk6uFY+w9B vgNm6s0t wbWVqtNe8tVqKfn81lr6VSVh6aY/0dB9N99acfndSzaNbp7HL1wT4EXvRdiVMpOmJIZ5SuTOlhLrgRn+FJVG31KbQRtE2wk1D56XnCO3GDC9xTcsv98XDPhXSOrn2Dk9eD5INV2epKIt4YEen+z4bN9EusxHHWTdiI/3jY6F9RqKNgJgsA97i660kvIsPM7r6KjuiyC1aJAefyKFc7mZKA/n5e1wh6aUxu5+GuJUkeBN4UavHw0OdxzkqnQ7dskBNBYi4SRZQ4pr6BYaPLhpWOPbIn8E1I++ZD3CwaC7d9taYQhqWFpnugumVTMc8NHjr4HXkPfDBPHSvmjICASY1VgecsIeZ9EKalot6Kbb6bS0O2QfCYLCM7uy+6WjmRaK2wfeKROt1mdqWGKfw0vbmsylMRgCVt9guheXSc5TupMahZDUlLizK8kDTwb6dZmknGEvKmmmTZ5/F4CmZnFNECeI/Cg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000070, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, 12 Oct 2024, yuan.gao wrote: > On 24/10/11 11:07AM, Christoph Lameter (Ampere) wrote: > > On Fri, 11 Oct 2024, yuan.gao wrote: > > > > > When an object belonging to the slab got freed later, the remove_full() > > > function is called. Because the slab is neither on the partial list nor > > > on the full list, it eventually lead to a list corruption. > > > > We detect list poison.... > > > > > diff --git a/mm/slab.h b/mm/slab.h > > > index 6c6fe6d630ce..7681e71d9a13 100644 > > > --- a/mm/slab.h > > > +++ b/mm/slab.h > > > @@ -73,6 +73,10 @@ struct slab { > > > struct { > > > unsigned inuse:16; > > > unsigned objects:15; > > > + /* > > > + * Reuse frozen bit for slab with debug enabled: > > > > "If slab debugging is enabled then the frozen bit can bereused to > > indicate that the slab was corrupted" > > > > > index 5b832512044e..b9265e9f11aa 100644 > > > --- a/mm/slub.c > > > +++ b/mm/slub.c > > > @@ -1423,6 +1423,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) > > > slab->inuse, slab->objects); > > > return 0; > > > } > > > + if (slab->frozen) { > > > + slab_err(s, slab, "Corrupted slab"); > > > > > > "Slab folio disabled due to metadata corruption" ? > > > > > > Yes, that's what I meant. > Perhaps I should change the description from "Corrupted slab" to > "Metadata corrupt"? > I think the point here is that slab page corruption is different from slab metadata corruption :) The suggested phrasing, "Slab folio disabled due to metadata corruption", sounds good to me. > > > @@ -2744,7 +2750,10 @@ static void *alloc_single_from_partial(struct kmem_cache *s, > > > slab->inuse++; > > > > > > if (!alloc_debug_processing(s, slab, object, orig_size)) { > > > - remove_partial(n, slab); > > > + if (folio_test_slab(slab_folio(slab))) { > > > > > > Does folio_test_slab test for the frozen bit?? > > > > For slab folios, slab->fronzen has been set to 1. > For non-slab folios, we should not call remove_partial(). > I'm not sure if I understand this correctly. > > Thanks >