From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F15FC48BC4 for ; Fri, 23 Feb 2024 05:06:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B44DB6B006E; Fri, 23 Feb 2024 00:06:38 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id AF3EB6B0088; Fri, 23 Feb 2024 00:06:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9BB6C6B008A; Fri, 23 Feb 2024 00:06:38 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 8E8D86B006E for ; Fri, 23 Feb 2024 00:06:38 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id B9F4C1C0ED6 for ; Fri, 23 Feb 2024 05:06:37 +0000 (UTC) X-FDA: 81821883234.02.07688D8 Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com [209.85.222.41]) by imf01.hostedemail.com (Postfix) with ESMTP id 00CC340005 for ; Fri, 23 Feb 2024 05:06:35 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Z7njNqo5; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf01.hostedemail.com: domain of yosryahmed@google.com designates 209.85.222.41 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708664796; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DCCDFdXHOgjX8e1FH7zggaHTiVPwXheBpbVJBPEc5SY=; b=Gf/AqvyU5blmis0I68q8WQsb+yfMITAzyNXoVw+RFrro6uhqx9AvjsvHuvUQdlTmG0LgBV a7zDGwWw2Mq5usigT7jP3JDY4CU44Ci2haEjFWRBr9NCdIACCXalHpcgxP/edqUcwY3kDM hhhYEw2M/r4dnYewYcYY7QdRNr/q5us= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Z7njNqo5; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf01.hostedemail.com: domain of yosryahmed@google.com designates 209.85.222.41 as permitted sender) smtp.mailfrom=yosryahmed@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708664796; a=rsa-sha256; cv=none; b=ilSn4sIuk/TPmjanoaXwiMQQ2d8vE5SRrLhPVn4hiztU61qSgF/zdNzTJraZltkaPt2R8w XoWDZFCC4SCjthIVe/FhOGY0kMfTlJR/q7BWkbxjDdvomfJ6A1NqtB+/L4J6p05xSGuGQb IZYuGxhKD9w3LmZmslR37Ib2a7f1BuM= Received: by mail-ua1-f41.google.com with SMTP id a1e0cc1a2514c-7d698a8d93cso245362241.3 for ; Thu, 22 Feb 2024 21:06:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1708664795; x=1709269595; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=DCCDFdXHOgjX8e1FH7zggaHTiVPwXheBpbVJBPEc5SY=; b=Z7njNqo50rSYiIf7tVCwITWCKxSINilRTHm+3Gfd/44IAGn/rxQg/I6s3o5yiJC6Jo JmDxPbO9woGBhKyZ3l4g6bIb0lv+e0tuaHM/3//MwYUXmGo1ki5OojFDjjMKjj8gRF3s x4RSrurP91EoSdlWg7pt/b9AiR0N8TgeuQbUcbBe6PVUcA6iIcGdaF9lCA83XISgqow+ 1HlM+bV1O1sgnfqrikrYKQZC82GdgNIOysaqzrDjhHU/1Jp3ISEFrSgcLekmw/zyPbLx oeadA4Xn0RupZM+McX7gRpo3jbCybM5kuTNeEcVJVgZYpCeT37k886KS2D98O33wRuQ7 PXNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708664795; x=1709269595; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DCCDFdXHOgjX8e1FH7zggaHTiVPwXheBpbVJBPEc5SY=; b=GQPk8M+SEdZ4mRHe77Zn6Nb6w8pPgfga1J1uVNg3fXCNQJFHF1cv+DJCiHnSO/X2PT fhthewrbhD6j/elF8nhw4Kw68g/49SX3O/I6nkTpbwpG9Hr18m4oH9/eKVhNdQ58SVQ9 weF5VfVegbWOi6J34bYWd33OMjGjxmg3Y7ina23oMWcsZS73Ek7wxP/wmlhx5OYRwPdh NDkD7tzqkqao4L9mAdntTo+PBUxkd6QXxA8pUHISW9vjMEu7N8hc3VeyMW4tZWHVT3YM /yV8GfJtPlvF/0Ue8lAI/D9czS8sBpuif61jsWT0X/nNKvP9Z+1lAzNywqPLGrQ2/qKt l9Rw== X-Forwarded-Encrypted: i=1; AJvYcCUOpQUAdRZFmQ4ae6sSBEjpzH+hxHSeY8CgbUhql1A6VTOiCX8nRmCdBnE1trgXRtIKADIlI6riBaJ1e/7wdl8xzmg= X-Gm-Message-State: AOJu0YxeJP7Ei1WYYlWEXzrNpeVAjia8UdiPlksnLdegUg/SXVuX1w8L H24Ie+FRauM24TwdhXYnB3N7ldoNNYT9cRENFShNgp5XC4pO42GOdyKjuZE+tsV2JqcrOHaN6wS P+0xngUK00ilH1/JW0xIHig0wx/1bFcUH9N/b X-Google-Smtp-Source: AGHT+IELmxrk4523zBSf1FFZkXkZUpHU8oDBhO9NrOW3GWA7LtkiZQR4xncIFbmMs1uk4bDR/pTxfZ6JreULgvkbiCo= X-Received: by 2002:a05:6102:549f:b0:471:c458:f6f9 with SMTP id bk31-20020a056102549f00b00471c458f6f9mr1252119vsb.7.1708664794858; Thu, 22 Feb 2024 21:06:34 -0800 (PST) MIME-Version: 1.0 References: <20240223044808.GK11472@google.com> <20240223045639.GM11472@google.com> <20240223045845.GN11472@google.com> In-Reply-To: <20240223045845.GN11472@google.com> From: Yosry Ahmed Date: Thu, 22 Feb 2024 21:05:58 -0800 Message-ID: Subject: Re: [mm/page_alloc or mm/vmscan or mm/zswap] use-after-free in obj_malloc() To: Sergey Senozhatsky Cc: Tetsuo Handa , Johannes Weiner , Nhat Pham , Minchan Kim , linux-mm Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 00CC340005 X-Stat-Signature: nzk1a9uashzrh3kkooxcn7c4mt75r1qy X-HE-Tag: 1708664795-581469 X-HE-Meta: U2FsdGVkX19SffF6YyXdfyApZHdLqKVDDeR5tQSQ8auNwgv2sqjTT3wZo26mY/gO44XEi879LjHur5fVnckB682PpHITGinmPS4iUEGCbysSGa9yQ5ne5GmMtNQEU9gfe+rIQC+qAVtoWxlS746NrHAAOhQvxMEHVzcGrXtaMSrYyZ241wGF2E+7v3Rxk8zAGuKJ6xCV8QlbnNh/t87IBmqAG2dIy1sv57bbzhTPNJKZ3Rvkmq5tJrAAilYdFrOZha9nt0WLuml2hemvED/TL00F2OQooEWv/7WMDaQeUSoMATFa9cDwHyXrx/QWhZSG3WxQ1YxKcDeJojoBtAWcPpcGQrmpCTkEgRA7xuwGZmlPThwvy4Rskardevb6gh13BkgtMkTQIizUjavSDGGOPgKF9B8W9gAifa2wMGaSs7hDxQtMo2HcyN8t6KK2GVAnOy+M3vK+gram0B8jny8QWhMSNH+dPdcJ18Qf6rbeD+ya260KTxQosReOds/bc6HbMjwyaj6FUN4R4yMVOgRagDWpiIuuRurjCP2gPkaABSnQ2bDFXvtLxP01IApqakinN18NSwOtFrKE4u7EK5tcNFXvT7BxjG8fKjvG/tsQMZnRArZ41ZA0gaCtQ/Ve0KjmFPKHC+RwFjVLTuEyV/HgH8l4RBqxl/B4bmMhmTHbgYAw/EX8wMjY7nKoAlPqx+PrMwxM2EZfILo+llSOi2U8IZZXx+9h6VW7DZQh2rXEkBMLDzmpcGULXgUGJoQbmVVQbA3MWsAhBuRcYnOM7mMYo/doVfAi9gM0f9T72ZW4qWNGPzAo5PlDZQWsoCZkTMsQKEfurdC62Oa57ClUj2al3f+FZKwCpY7NjArOyOGhHVjeqNyJvluRSAi9suS0EWrrtjL543vrOGdgT036VfdaGrNsdD0gDDjEF2lbjYD8fhJWOXjGKnVh/ZsioxaGRiGqfJTfKSckSb5l6k1snCm VRiNxg2t oHfXEWfpFVv2zls7/5Zg3ithDPaWdO0nuAbh0XBbtvlbEWEz9fJfOxxhmMX3RqZ1nl6bag8D8QRzVI7+D7IMKYXlxGMyfAt0qfvAwuCoVMD3omm/59xAvEtdsffpI34slULRSLgqhayuem9hA0ZNMfuGg3r3xY3xMv0RdB50LZFhaQZwEMv+r6gpukpyKoIvz0Mhtx0k5ACnqFo7cbyO0UIEFFkGOq4m91YA52+Qhd7g9krzf8nOnerWk6okCTqW5HgT2pECkrD83D7jhBrZqtM2w/H3IfGklDgg7JIs3JT+sQVfPSos7JiYbH5erdYk14jIdobxxbrNIPmaMFIxljmL5YMFoTv8c0euM83M5maZXkzT+PJCAPh+NvrFQ+0BSwGl7N2e1T2U2t294YKqYpie/SmeP+clLqeqSZFFytbHP29X4DlWknLkhXnvBh1siAMFK X-Bogosity: Ham, tests=bogofilter, spamicity=0.003097, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Feb 22, 2024 at 8:58=E2=80=AFPM Sergey Senozhatsky wrote: > > On (24/02/23 13:56), Sergey Senozhatsky wrote: > > On (24/02/22 20:50), Yosry Ahmed wrote: > > > On Thu, Feb 22, 2024 at 8:48=E2=80=AFPM Sergey Senozhatsky > > > wrote: > > > > > > > > On (24/02/22 18:27), Yosry Ahmed wrote: > > > > > I also don't see any recent changes in mm/zsmalloc.c that modify = this > > > > > code, so maybe it wasn't introduce in 6.7. I will defer to Mincha= n and > > > > > Sergey, I don't think zswap is an active actor in this bug report= . > > > > > > > > Yeah. [1] are the only recent zsmalloc patches I can recall, and th= ose > > > > patches touch zsmalloc locking (zspages migration/compaction). > > > > > > > > https://lore.kernel.org/lkml/20240219-b4-szmalloc-migrate-v1-0-34cd= 49c6545b@bytedance.com/ > > > > > > These are not in 6.8.0-rc5 anyway, right? > > > > I see them in next-20240223, which seems to be 6.8-rc6 (according to > ^ -rc5 > > But they look more or less correct to me, so I'm not blaming those > patches. We should be protected by pool->look. Bisection would help > us a lot, I think. Andrew picked up those patches in mm-unstable, which is included in linux-next at some point IIUC, but the patches there don't all end up in the next rc unless I am misunderstanding something here. These patches should be headed to v6.9 AFAICT. Actually, if I am not mistaken the patches were sent *after* v.6.8-rc5 was out, and it's not common for non-fixes to make it into rc releases anyway, right?