From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A642C2D0CD for ; Mon, 19 May 2025 23:13:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 184976B0092; Mon, 19 May 2025 19:13:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 155FB6B009A; Mon, 19 May 2025 19:13:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 01DB56B009E; Mon, 19 May 2025 19:13:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D1CCA6B0092 for ; Mon, 19 May 2025 19:13:43 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 4FB335F944 for ; Mon, 19 May 2025 23:13:42 +0000 (UTC) X-FDA: 83461211484.15.565B18F Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by imf02.hostedemail.com (Postfix) with ESMTP id 6F6BA80012 for ; Mon, 19 May 2025 23:13:40 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=lJZuHzYA; spf=pass (imf02.hostedemail.com: domain of surenb@google.com designates 209.85.160.172 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=lJZuHzYA; spf=pass (imf02.hostedemail.com: domain of surenb@google.com designates 209.85.160.172 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747696420; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=96QhpfT7HLpgu1bm5sM7t0c4BUdOSmJYmksk0t5SGLk=; b=Rm83C1+Cj6ludlh3jVyw1Uo6XQUxS8P15ZqHwY2BgXP886YBG5TxNEHJxigRBuZMvBJVzP jmjpFr5JuU0GhNPqLudatVC3du8FK6YkKnFxMK64oa6R04f+6VGvqUAzoyLKaMAp7DJZkq ElQgfWtcFr+CVGdqhqLHq3UrmdGbgyY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747696420; a=rsa-sha256; cv=none; b=Yn17OH3RdyV3nGKSQ/6Uky5N+xhAPTtQYl8Z+BMmO6/EEpWEfjajYMSjh3JsqePXi2Xotw LKAvurUqinvyVFYWwyW3drubYnMLssy+eJLAVBbCJG+a7MNhMWm7WGzRMLN7gqPbhFmcEQ CMaPCGqO0G0LiNKOAOskU/KZKN8e5qM= Received: by mail-qt1-f172.google.com with SMTP id d75a77b69052e-47e9fea29easo948901cf.1 for ; Mon, 19 May 2025 16:13:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747696419; x=1748301219; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=96QhpfT7HLpgu1bm5sM7t0c4BUdOSmJYmksk0t5SGLk=; b=lJZuHzYASVvKBeI4XQFX8ck2e8QvnOCr5YSxAj/r29xc3nSBb7Z51iMatzLW58cdKB r0O5PliM1Qv7D/RJ4fenj+qsx5XOy+sC9E+6MnhXVjHrhzvR+MpFffQZGCrwuOUR2VM2 j59dXf9F5zGzWcmy53m3wKh+Oy9/eWBVC9dlVfOfi+/zxhePOESjjxqH29zyi6IqBcyf muV170pyVurZTnOJIMiDA0TkUCiSAPoHAa3gd2W1BvpPY/uqzOwR1K8ACeGE9o6O0UgH QS/C9tpbM0E7c1OEalLX34uwaOTYF4VQk+js8aEwyWKM/Nywaw49/R2YREXY/27EIxG+ NIVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747696419; x=1748301219; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=96QhpfT7HLpgu1bm5sM7t0c4BUdOSmJYmksk0t5SGLk=; b=F2wlFzCm3kZk5aLIkZIIxu9jTHsTrckfUvJ53PyugpIKDhxYFl/ATinstEFDx0V9Qf GKzCQh6OL4hHG1s1BOJV1vRb8fC8M4OFru2wkk9+z74gkipYRAxrvnLfOtc5PZBmKEui SwVGLZd5ZOpOI6IU2W1AKpyOtF5Sy8Dkz0ZV9dC9jMH3MhqOAPXKwSwkfGYK8LHcGsQc JoAap/qs4178LA9aHVGEQx2O3Zn69BD3MMF7E5HsA7eaeQ/C9f7xMGeW+5fB+3oICGmS 7kbCQ/IZoupVSRvfl0V8qoMJJbIeTcgC6BYr3cPNdS0pLVpvVKHFOmOZgA34bDEbtrdm 1Hfw== X-Forwarded-Encrypted: i=1; AJvYcCX4AL0BDw2f51b8PWgu9UfFpPQLhPAGMX3MTa8alR4KvGv9GW7UVDJcf6l5ZdGU3vlwWJI4VRIU/Q==@kvack.org X-Gm-Message-State: AOJu0YwQLHlPfze74p+Onv/XnY4MjHbZUeaC49SFQD0//whEKeGOOHON hke7gxrciLG9bcUHlehucv0FP9T4s0JgI39ansKdk0p2+8vOgQcjo+5wN22ywIBZsSm8hvSiDn9 mEu0P+GnxuMRIFJCZQ01zsRmCQwNHc/8LZu1NZ+sd X-Gm-Gg: ASbGncvU43feyPIbyDqsHUu78rJchHsKqLUuLX2lOtvDeM2nuua4YLL+Hpkf/kGHkp/ qHkpjkN2pA4MZcwdDn0TdtfqpNwZByE0vrHlIUBIE8yIxLqWFzO8418gu/GozW2+hboaUinFWdj vQ13gECaWhENsWoB39hZkoUBBV0V+bPoLaWrCyadXBwts9QnsDKA1a X-Google-Smtp-Source: AGHT+IF57nfwe9+Ni9aS4cql01icCikdr/rObzQditniv4g0OFPrlzoeR9R2prMBSzAR9w7nlZ6VQZBdTeONO1Fh0lA= X-Received: by 2002:a05:622a:28c:b0:47e:b278:2e07 with SMTP id d75a77b69052e-49595c5da5bmr8030691cf.20.1747696419118; Mon, 19 May 2025 16:13:39 -0700 (PDT) MIME-Version: 1.0 References: <20250517000739.5930-1-surenb@google.com> <20250519155145.8378a397a755c1cc5a3e2d4e@linux-foundation.org> In-Reply-To: <20250519155145.8378a397a755c1cc5a3e2d4e@linux-foundation.org> From: Suren Baghdasaryan Date: Mon, 19 May 2025 16:13:28 -0700 X-Gm-Features: AX0GCFtyKbje5C9HGVN9HvLhSgtRMvDYAmrBJ9ZPORcHkDdOH464cLAvkeUee8Y Message-ID: Subject: Re: [PATCH 1/1] alloc_tag: allocate percpu counters for module tags dynamically To: Andrew Morton Cc: kent.overstreet@linux.dev, 00107082@163.com, dennis@kernel.org, tj@kernel.org, cl@gentwo.org, pasha.tatashin@soleen.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 6F6BA80012 X-Stat-Signature: xo857uqmifso6ntsekyezdyshsmrub78 X-Rspam-User: X-HE-Tag: 1747696420-591610 X-HE-Meta: U2FsdGVkX1/bU76tggqOeiz7wjrI6nO0J3k5PXkVe0LsadDwTtM5Tf3uHDDYRh6wd4+229xOU1QDBa2bkye3ddo/1dE/QmQ/DglFtCBgxhF3TG/xuiPA/RSeGYZQ5vTgH82SkB31j2B+P4Lj8n93GRddghnujYcBDWryfnVlMEy9Y40D99M6+khQy/dgJQqSS/WsR/Dkb/gEwXt+F8mCfgVHiddNsV1zv+c7/Nu3BZhf+1jA3jHkZXbIM5i+EMICAy7chsbzIy//QiexICl3DaPQr9wRNm3EPFDr0NW0jX9/E0jJzTgCNHF1+vpeH8983OEzYQGah1JvIkL2EakZBEmtHF75sedW+rh9NoO/Dj++ida7SMDEEyBt9kpTo3VebApQHtZMHcRH9LBAQb/62FAPWYIh4bviKrMoA/T1US9xNt9UkXQ1cem1Mp4Butumlgyr8xBASx5G+qKFNa/q9hV1Gfv/xx4luabVoZq9BYXAvu23pYBwxSBv4aZWAIMa2BszmKBBS9S+lJ2et/7FDpN/ZcnNBowaN1PeLNucwZBxzytTtc1MIW20YkVUfuP6aP77JknrD83VICyjWSZJP/U/LosmfA8xeqedb3aSGX43/odL3MhuQcl26ZVaF7rtiN7g+RWrtsGXlpkg6PZ86OXtSDSNXFsKNwrZSX8tpywQIq78lw9CFy+kyLem63vJQbqJfUDo7WMqpuROrF6CBBEYklIA3Fqj6Vf05LKeEpNqoPV+SbFw80ibu1IFY9jJ+EJ2354dBPAGms6gTSFK1GkSHvXPkC66Hj3L1vklpuW0uD/RSJ0Bv/IKr3QQko+q09e8c3vUvo5BlAEEavBAIcmlcxv96GFfJIYPTqg1jlqhvDrNYbE7h6xIqp9lAp22IDZBp9heMeXEWhsJxo4jhvgyDzHpywQ68H/T6TEXyeubiZAqac/Z/E8XadFfuxJN7Cs6HlhkOS/ZFzO6sC4 xbH6qziA slpzADj3ePpziK/UAJjRj7GTI5nM3JetBUw1w+8FPoKuKznvN0nNFbSsieAyF+g+ew6ru6yhdrQyzcu/deGETS10E9E0akakm1NM6Dsb7D0Os32/6gW/TbcGDrM7fja+z3uhM2jlC84NyJG+ry6JfqqceF+aV1kLRz3qPdPJ+dKL1iMGgI7scfis7e2Z+2yPA9eFOmo8/Cw/fxTRNkrF3BC8qcLZE7DOK9mF9skSJjACK1oJ7Zik9+DT8b0muiQyjphoqwSE9GUYr8ZI1RZOm8961/kSY4wfk8805WTeLItdmiTrRNJvOvIKU0I7gue7o3tKeSH3xXfiPbT77GhlhBOfa1Pov8bOi/UZ66gsfNya74xHS7u5Y5VRjdFKxkByy5rg8RuRvipGKYu3Po3OTnJ6QcZOIuYNSQ6tSOEFUSzFnZS5paZ2D/Ohq0gZ4HaCXWeMBQBqKKNHaaqA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, May 19, 2025 at 3:51=E2=80=AFPM Andrew Morton wrote: > > On Fri, 16 May 2025 17:07:39 -0700 Suren Baghdasaryan = wrote: > > > When a module gets unloaded it checks whether any of its tags are still > > in use and if so, we keep the memory containing module's allocation tag= s > > alive until all tags are unused. However percpu counters referenced by > > the tags are freed by free_module(). This will lead to UAF if the memor= y > > allocated by a module is accessed after module was unloaded. To fix thi= s > > we allocate percpu counters for module allocation tags dynamically and > > we keep it alive for tags which are still in use after module unloading= . > > This also removes the requirement of a larger PERCPU_MODULE_RESERVE whe= n > > memory allocation profiling is enabled because percpu memory for counte= rs > > does not need to be reserved anymore. > > > > Fixes: 0db6f8d7820a ("alloc_tag: load module tags into separate contigu= ous memory") > > Reported-by: David Wang <00107082@163.com> > > Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.= com/ > > Signed-off-by: Suren Baghdasaryan > > --- > > include/linux/alloc_tag.h | 12 ++++++ > > include/linux/codetag.h | 8 ++-- > > include/linux/percpu.h | 4 -- > > lib/alloc_tag.c | 87 +++++++++++++++++++++++++++++++-------- > > lib/codetag.c | 5 ++- > > 5 files changed, 88 insertions(+), 28 deletions(-) > > Should we backport this fix into -stable kernels? I'm thinking yes. Yes, I should have CC'ed stable. The patch this one is fixing was first introduced in 6.13. I just tried and it applies cleanly to stable linux-6.13.y and linux-6.14.y. Should I forward this email to stable or send a separate patch to them?