From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f72.google.com (mail-wm0-f72.google.com [74.125.82.72]) by kanga.kvack.org (Postfix) with ESMTP id C8AA3828E2 for ; Fri, 1 Jul 2016 10:15:41 -0400 (EDT) Received: by mail-wm0-f72.google.com with SMTP id c82so19876508wme.2 for ; Fri, 01 Jul 2016 07:15:41 -0700 (PDT) Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com. [2a00:1450:4010:c07::234]) by mx.google.com with ESMTPS id e66si3928603lfi.238.2016.07.01.07.15.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Jul 2016 07:15:40 -0700 (PDT) Received: by mail-lf0-x234.google.com with SMTP id l188so78182580lfe.2 for ; Fri, 01 Jul 2016 07:15:40 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <1467381733-18314-1-git-send-email-iamjoonsoo.kim@lge.com> From: Dmitry Vyukov Date: Fri, 1 Jul 2016 16:15:20 +0200 Message-ID: Subject: Re: [PATCH v3] kasan/quarantine: fix bugs on qlist_move_cache() Content-Type: text/plain; charset=UTF-8 Sender: owner-linux-mm@kvack.org List-ID: To: Joonsoo Kim Cc: Andrew Morton , Andrey Ryabinin , Alexander Potapenko , kasan-dev , "linux-mm@kvack.org" , LKML , Joonsoo Kim On Fri, Jul 1, 2016 at 4:09 PM, Joonsoo Kim wrote: > 2016-07-01 23:03 GMT+09:00 Dmitry Vyukov : >> On Fri, Jul 1, 2016 at 4:02 PM, wrote: >>> From: Joonsoo Kim >>> >>> There are two bugs on qlist_move_cache(). One is that qlist's tail >>> isn't set properly. curr->next can be NULL since it is singly linked >>> list and NULL value on tail is invalid if there is one item on qlist. >>> Another one is that if cache is matched, qlist_put() is called and >>> it will set curr->next to NULL. It would cause to stop the loop >>> prematurely. >>> >>> These problems come from complicated implementation so I'd like to >>> re-implement it completely. Implementation in this patch is really >>> simple. Iterate all qlist_nodes and put them to appropriate list. >>> >>> Unfortunately, I got this bug sometime ago and lose oops message. >>> But, the bug looks trivial and no need to attach oops. >>> >>> v3: fix build warning >>> >>> Signed-off-by: Joonsoo Kim >>> --- >>> mm/kasan/quarantine.c | 21 +++++++-------------- >>> 1 file changed, 7 insertions(+), 14 deletions(-) >>> >>> diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c >>> index 4973505..cf92494 100644 >>> --- a/mm/kasan/quarantine.c >>> +++ b/mm/kasan/quarantine.c >>> @@ -238,30 +238,23 @@ static void qlist_move_cache(struct qlist_head *from, >>> struct qlist_head *to, >>> struct kmem_cache *cache) >>> { >>> - struct qlist_node *prev = NULL, *curr; >>> + struct qlist_node *curr; >>> >>> if (unlikely(qlist_empty(from))) >>> return; >>> >>> curr = from->head; >>> + qlist_init(from); >>> while (curr) { >>> struct qlist_node *qlink = curr; >>> struct kmem_cache *obj_cache = qlink_to_cache(qlink); >>> >>> - if (obj_cache == cache) { >>> - if (unlikely(from->head == qlink)) { >>> - from->head = curr->next; >>> - prev = curr; >>> - } else >>> - prev->next = curr->next; >>> - if (unlikely(from->tail == qlink)) >>> - from->tail = curr->next; >>> - from->bytes -= cache->size; >>> - qlist_put(to, qlink, cache->size); >>> - } else { >>> - prev = curr; >>> - } >>> curr = curr->next; >>> + >>> + if (obj_cache == cache) >>> + qlist_put(to, qlink, cache->size); >>> + else >>> + qlist_put(from, qlink, cache->size); >> >> This line is wrong. If obj_cache != cache, object size != cache->size. >> Quarantine contains objects of different sizes. > > You're right. 11 pm is not good time to work. :/ > If it is fixed, the patch looks correct to you? > I will fix it and send v4 on next week. I don't see anything else wrong. But I need to see how you fix the size issue. Performance of this operation is not particularly critical, so the simpler the better. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org