From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13F8FC021B6 for ; Sat, 22 Feb 2025 03:58:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 81F9D6B007B; Fri, 21 Feb 2025 22:58:42 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7A8A56B0082; Fri, 21 Feb 2025 22:58:42 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5FC706B0083; Fri, 21 Feb 2025 22:58:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 3F7616B007B for ; Fri, 21 Feb 2025 22:58:42 -0500 (EST) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B7F1C160279 for ; Sat, 22 Feb 2025 03:58:41 +0000 (UTC) X-FDA: 83146224042.28.C3204F5 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by imf11.hostedemail.com (Postfix) with ESMTP id 65B9240003 for ; Sat, 22 Feb 2025 03:58:38 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=JIHHD6yr; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=KiHFSYEg; arc=pass ("microsoft.com:s=arcselector10001:i=1"); spf=pass (imf11.hostedemail.com: domain of harry.yoo@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=harry.yoo@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740196718; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6qg10VT7SMZQGAjxSGU2YjNTIMTpwipWsyVZEDeUbT8=; b=6y56oonvOxSFAfx6ee/o0Z+9KSOM/ZboIG+bgNG6EQcPh+KjKi73XNYfoXgMf1APK/Zl4M iT2Irmd0WqumZRfG6K7rQeb0UtIqeJ8hbLOvCOI9e/DGiEdod9Ny5/XgYaZRNIQt//7Bi4 jjsTg/S8ncIrQEnHyDm+Vx/eC7tKAQM= ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1740196718; a=rsa-sha256; cv=pass; b=sC4S+IOlXRzbTBdxWt34idGSQlYi61wzMjQRt6hps59izt70h2KU4f4a89fdyaZ+ASIzUb RAxu5PlarPzJDfzuXgrP7JLUfFBTHMyI6YOVWhtgI58x480yY8kTmuBP6zX/RWpQiSM5Ml mROL0AKEOgMMRVAoVwIfqt3Rp7bfeiQ= ARC-Authentication-Results: i=2; imf11.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=JIHHD6yr; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=KiHFSYEg; arc=pass ("microsoft.com:s=arcselector10001:i=1"); spf=pass (imf11.hostedemail.com: domain of harry.yoo@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=harry.yoo@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 51M3wJJU012105; Sat, 22 Feb 2025 03:58:33 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=corp-2023-11-20; bh=6qg10VT7SMZQGAjxSG U2YjNTIMTpwipWsyVZEDeUbT8=; b=JIHHD6yrYH5lhWcwmo+cu/ClEcN1u1LASi kqO5TxNtAmwtNZ+r5TLdxr4uiLb5u9rf8UfL1oGy4lks5chRhKwh3+6Vdb11p2al 5wjkIdsWRBXuvVPijy+aG0H6nAzGqts3keo/ZHTkgy6PJFOwqTWVg8l07aogTtxF bljtx1U/HG+uhn+Q1kptbgLZYTcQUln8FvFC/CQmH92RkOrB5xUwpOQ/3ryOFGyH coCUuhbNiu+Mez8Hd4EAy+YKBeYrOMfWNhqnYpbHzrf5kvtWJWipQakQUAcMrenz 28QIWe1scmcHW3ZrBwG42KEmr69BA6zFUG7KqxlWBF/4Le8DOFCA== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 44y50bg20j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 22 Feb 2025 03:58:33 +0000 (GMT) Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 51M1XiP1012623; Sat, 22 Feb 2025 03:58:32 GMT Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam02lp2041.outbound.protection.outlook.com [104.47.56.41]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 44y5172e5x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 22 Feb 2025 03:58:32 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=b49m+FQs44/gd4a1C9rWit95yT4fCvvQJuaNOrD0TblhVCzEyOJ6x7MbdOJL4pyUkzvf9iRxOQn5QkIRvya3Kdfk6X58Wzcx+u7MxhFipcTMpzVB9k9MBYsFlxYtQcbkVkvJVbpwzo41zcfLaRiL3yEQzGcuIf743BGrJ5V68/6HZUXXMWkmKHY7DwD+FHmhM6gU0vPTB7jsWb+yTY1I4IMFJuC+P0AS20Wai5N8mZLS79q4w1k87QKSy/V61YwIrnmvau2VeCxzTLRSdr6gDoNKM6m9JYGdbufGTz26GeuooWGhRxOXT55j5YmbIW95kPmfvMWnQxQx7vi0T/eJEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6qg10VT7SMZQGAjxSGU2YjNTIMTpwipWsyVZEDeUbT8=; b=BzaT2055Zvy8hvHhqO/6nPdVgbMvgcxpkvier01zHeKxLjQBbOLSDb25NWlMTorD5TwDO1d0JX7J1MkncR9zPW3e+aAiVxdi12KRZSPl5yPz88oimItp2uNX5EFmolvJPloWm/QtuAU0lB95CaWce363caxjT0GrhX2ckql2w9UmyIMn7QvrxsNxRQdAkFogU4Ll0D2vUQ0dZDLRksIt8SMhUrvjRJf8mMLrwtfBw0F1hptEBP9UYjmQhG9Jw3YUWijXpOKXsjgOX+c2nquVAK5kEh8Mq05HP3nrG9Zr4mWppPVfDYQ/a4Mn/DfCZGHuD0Zp8+SAx+6Mc/kAK5Thug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6qg10VT7SMZQGAjxSGU2YjNTIMTpwipWsyVZEDeUbT8=; b=KiHFSYEgrn98cuqifw0xCz1SpVXHUABA+on1Z2VuJKeuGce3uzX5AvI3kBQqgRC34xj5PlVFLUqqJhadFZ0fTlsJixLlAWJMz/vPrth22nJsQu3827MfI8OcT/15qNccqOC1nIvKkh3rOUwGdB+4wQEyr58iizRXyW6p+9ltfqY= Received: from CH3PR10MB7329.namprd10.prod.outlook.com (2603:10b6:610:12c::16) by DS7PR10MB4848.namprd10.prod.outlook.com (2603:10b6:5:3a2::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.16; Sat, 22 Feb 2025 03:58:28 +0000 Received: from CH3PR10MB7329.namprd10.prod.outlook.com ([fe80::f238:6143:104c:da23]) by CH3PR10MB7329.namprd10.prod.outlook.com ([fe80::f238:6143:104c:da23%6]) with mapi id 15.20.8466.015; Sat, 22 Feb 2025 03:58:28 +0000 Date: Sat, 22 Feb 2025 12:58:20 +0900 From: Harry Yoo To: Lilith Gkini Cc: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] slub: Fix Off-By-One in the While condition in on_freelist() Message-ID: References: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: SL2P216CA0188.KORP216.PROD.OUTLOOK.COM (2603:1096:101:1a::17) To CH3PR10MB7329.namprd10.prod.outlook.com (2603:10b6:610:12c::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR10MB7329:EE_|DS7PR10MB4848:EE_ X-MS-Office365-Filtering-Correlation-Id: 7c97c497-d8de-477f-a855-08dd52f529cc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|1800799024|366016|7053199007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?VL7v/5d+7IrsrtFthKmB5KRjhi1v5wGw+CKS4w8SY5H0QorjuPt1A3euGjAf?= =?us-ascii?Q?jhB7TJuilgDDPoDtPG/cgboxqQAfaIH4LlxvJgMu3kC4dtsI5E7YRjISw4nN?= =?us-ascii?Q?f8F97tHmMiId8nrOTCNYjx3oLI3ar5bTP2LO8XAamWlCqCO7cplcLkv5SVcv?= =?us-ascii?Q?zRGCVe1UdOC8A/CWEFJU50J5bxif72pIncJcGu3YXvDWek15KXZv1r8NpvSD?= =?us-ascii?Q?FWIOV8O5xbODNbpGk9jDv5iCsVvgESmnSFjSfNbvKy4PejYM7U1dyz5QSKOY?= =?us-ascii?Q?oHIbwykJQ36eJ7EajjJ6m/o5gSxBsUJfVQZq4ieGkZ9UR6HjOlCFflszMZKf?= =?us-ascii?Q?ziF0yx34DJXtOVVdDM0kMGOATitLo4cZqW6WcKgi9DnQ4wCj/wUHfM+xqTLf?= =?us-ascii?Q?Oi+Wt1oMLHXlEtTubm2AJTo+aTCrW8/DrnRI28iUwgkWZnrCRbKXc446B1V1?= =?us-ascii?Q?q4RpUESK7IAuX2FaZL/d0HWah2Htf7RdtsHgwdpwqRwk6UOBmVNwefnVXHor?= =?us-ascii?Q?Q1oEm5HhMKvJHeOu9UlGKG6/MsJCH9XbRSQt6vsJ/t/VX3Ts8dkvWDcxest4?= =?us-ascii?Q?8SGOhgyQQJVcDc2rUYTxMz2gl1wlNMXQ3yrQr49szVEJHGF7pDByTtXpVOh1?= =?us-ascii?Q?+RZ+har+XfmZzeCNnH6PIW5UvT+KJ27Iy46YvXk6INppE1JAyiQmeSTMzEzY?= =?us-ascii?Q?iDrM7TdWiE86iNZ8NacJXNdssTJ0L5XRGajozzZNpiAQiiUx5KN9YO2obuKD?= =?us-ascii?Q?Pg9LuurSDLrtP4Zrl6zZd/16L8JOD+hBE/GAXyeOsXRF5umX8rej6dKLOnte?= =?us-ascii?Q?TlspS0V28QYvAmmR8L2HJge4vE9qvUeutujxNwsL+TTMjp1Zto0CCFW2lTpe?= =?us-ascii?Q?6aCbX0vLwqbZdzr3boDcDgREM9qUdUJZxGE77rSaiNLG/A4ayiBx2Qgtf+An?= =?us-ascii?Q?cPkf6VQXtGxlckFcwSN+WKfCCp2YaDwnSrLEo6pxxcmU8NQF/RmBw+zj736d?= =?us-ascii?Q?Oc+Q+lOYUjkfjIU/TUvdX9xGvDcw4G2ZPKcKkV3W4D9AnX365QZkYuICimT0?= =?us-ascii?Q?emi+JxjpwTdkOlWtY4UEgtnh3vbSUQAmCUdskm6Gf350VBKwGqDnD08vTozG?= =?us-ascii?Q?lcKH9Sy9S6COAiyp6/0SBk5/4tmwjolPFGIXqvwPBu/6YvX3uxFbbsfr51u9?= =?us-ascii?Q?ZKj5q0u4PP4F/+NFf4+mdVrEyJUCWBr16fUkuTu5z1vsqVUe2gOV/PW4to4j?= =?us-ascii?Q?wFCkLXt9Pab2aQsXgMWdrAgV9Hi4l4wNMjm53nBlS6x/v6u5JpZLln9xTDS8?= =?us-ascii?Q?a4Xd+riXBPp8maCA1OzgrKBmU96vcZRMhj4Zgzgc0lpDmubGsk6pSos503mV?= =?us-ascii?Q?XRI6Q90CrJe+Cf3Y4QLXpYLXORxD?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR10MB7329.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(1800799024)(366016)(7053199007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?LwcHiOzNEwSiddaUh+Zu6qRUuI7mzCCHNm5kuHvLgdsFBqDmc2P90cnB+tPp?= =?us-ascii?Q?MGygYiUNsu7JWIrVdDZvxnrn2Gbv3sb91AhJ7JqanMDo6c6ttkblHEQWNDJy?= =?us-ascii?Q?FBR2RI2qA915qNRC13q7o3MnelFTRMzh8u3MWmklrbCndoSSYW5MpvOe1+C9?= =?us-ascii?Q?sHsYPcbz67lMMqDMYrwfNMSaV++Ta8TBGFSHWNiJD+uRNWYfRC0zlqFtXzRZ?= =?us-ascii?Q?AdbKCa3uegG8DzcsIkUcNuq2wFlRIvFyE/OAE2q7E757iICxNYygun1W9Uyr?= =?us-ascii?Q?v5Oh7Oh+76o8knQwLroGDMsyUK0W3tE019S2TnOk+V+FqvKbw2nTdnZGXD69?= =?us-ascii?Q?XypSqHyO1IiGjRGXAMIH82eNwiEMyr3jAo7bI/2fkZNKmnLmg0d0NW0PQmwJ?= =?us-ascii?Q?flQDyCrmnvOSk3oRTN2eDFUI8thxpTsxFaqhNqK0tE+qeUKganXU96+h0VkW?= =?us-ascii?Q?pmKL295eQyJrKxpOYbaAGnUcZKgVnSLUambrtnQY1bf6gHT13CvpqCHhC3Ro?= =?us-ascii?Q?7g4W4A2wVrJqWZNrVk6Wq5bHLRJhszXg7gSRNPjg0fVwVv48gRFKnpeiSyHV?= =?us-ascii?Q?y4CMQXISh8T0VrhfItC3TkKp61uIrFrIYhW3ApiV2iXk90J9XnivniWj1H3I?= =?us-ascii?Q?lRJuMw++F5UEdVQgki1OIbwLbhFdcVMA5Gz4x9XcIGVPLRmTaVnMYWfLyj5g?= =?us-ascii?Q?G+Xn7RgSIQ/9B2HFuMpr9Ml8CIRXW7G5BEiMGqOrtaUAOUCXwMmheiLADV+L?= =?us-ascii?Q?qasl9fmQfvtUmQdNxrrz6ncBpO/nlOp72N7Q03MhnucLuhKVGcNZ6cHOfIzA?= =?us-ascii?Q?JYL4SmafpQSEuBCIGbbdn15vRx98ygjPybdLmPPKkkSmA+UE5ipcGZCm9Irp?= =?us-ascii?Q?dxSUqGiVMu/kCniLSFp9Dmn2PjeAk2imYGzOTy6E82i4SSZu0iMEx5qqA1g0?= =?us-ascii?Q?rNVLi6FIWCXhFNooeoBloSZ+CpfYlRnM+dj5btT2x/dlp0epiP/RB81k6+Fd?= =?us-ascii?Q?hgXh4xkUbag1YvGnREDXJzBZI8AH/0NFWpWyaMHD45eYqknVoJ9GCkJaqMhG?= =?us-ascii?Q?lYUnHdtsNbfRjBb+oLC54yTMsSKKOQQ6RdcnjN+C5PoGZcD8XKA9wO0A3oGf?= =?us-ascii?Q?3XF5bDZitlFlj4EMfpkdOf8mklJ6TMi3hjEkSvLVjyax3xCwzYYvmyhk7Rdx?= =?us-ascii?Q?/1kqXp2Dym6Dz9x9uFDJwFCMiGft8KNFsLU4WI9o66s/rig+yIaCTNmPsPQK?= =?us-ascii?Q?R4Y2sV5fArYqEr7tKbwGgCJ6u/l/tnE8HRvLWrIdUPUt+knEbhJCb6zpwfKN?= =?us-ascii?Q?/nsX4hDdf2LvjShr/TfvbYS3wSDtMNCebqzDfEOL/ceMH4uKwPNX22EVx5x8?= =?us-ascii?Q?Pi6xYObVNdKceEvaNVGuj6IhrfJ5Pft0VcyvVs+UAgrG1MTSlr+7acFqqgu8?= =?us-ascii?Q?M1QclHEucUjZhJe4bvRZix5S8DxcgerFU5C/Yi0BguXtZvVztDbyNJq+yO5k?= =?us-ascii?Q?gkfa9AgElgEupdkVJGvNV4Hf3Esc3vighClFEqnpTAiUuYYRAY2KKUyLpmgu?= =?us-ascii?Q?i4ZSE7OF8ioNXFlTCjonTqo0xC8jR40rUzFcT1oG?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: a/sxbXy4TeyfXpi6Tc0YrERuL1V6vgDzzQaO4hbgLrrWslwVr+qzDtqohK6rJ+AYDJVjk5nXT+vOiYQp6XDjimskyLQQlvq7X5am5iD55i8djymPou9BcMsMV4PbEY79gmBS/xcu351F7ac6Wwi8zED7CfnZnsa4Egwy1wru9zRMLS1fEccJglhCuz61l1kYuJX7wDSRnKe3pdVOdr9lJOtaDQt6gT7QJJGQAmoNj201xR8E8Id02wlUJ0xyqNBIfCHzIE3xesFgDWkssccsXLCCY32ToUkNDiXO5Kqy5BlifhsZNmWAa7MuVedNYQ8/9CJKeIqZUc4x5bIapp+5ImWM4VcrvrV5lLwr6V3J2f+uyEup6Q/R7WDMeWcJ2XEUWVrWfP/xK03LwPSAwO3wRFlBCy1YkB9wW//bcllvLkwgymjjQXWs8gStBkAdn1TThZC/HW7Bd+5rRPTZPUqNO+elhuXyIMoUEvUCTZ7zfRy1PcL0sDe45+PIV3xy3yTkIzh07m2wBVyazTSW9f3e38dtIr2eP6kEyINKBpQbkBZbPYvllT3yun0R59UjasXls28gpeytuHID6gQ7y6JlHbdAuPliZq+Fsr5TjHDfd88= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c97c497-d8de-477f-a855-08dd52f529cc X-MS-Exchange-CrossTenant-AuthSource: CH3PR10MB7329.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2025 03:58:28.2758 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: r2HtEdwNctU/P+EgK87c2AEcNYeliFs4BmcqPlrr5+F0Zwa3+WtZXTXUdNZZIkHLWbAmO5zLHZW+uKbleOnfnw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR10MB4848 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-02-22_01,2025-02-20_02,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 mlxscore=0 adultscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2502100000 definitions=main-2502220028 X-Proofpoint-ORIG-GUID: wl6HlmGt1cW69j-ZkHMtZ7QZahLGyyiN X-Proofpoint-GUID: wl6HlmGt1cW69j-ZkHMtZ7QZahLGyyiN X-Rspam-User: X-Rspamd-Queue-Id: 65B9240003 X-Rspamd-Server: rspam07 X-Stat-Signature: g4epd71f44y6koccwfqo6k4rs6o5qgq8 X-HE-Tag: 1740196718-248126 X-HE-Meta: U2FsdGVkX1+v+PtEnqTyLf9RtS0fk5kX6qb8w+iEXaI+fnEjwm2SSHHe4VNljCUpgnXhFKRHHyeXdddUgBy7XEbedwvJI8+13lsINjT8gGHWb3uNTzugfpIlRtq6S/QUA2UcpJ/UuXajn+AYVKMETqyKmhmED0EpRjpLaulWPfeTrkRZNpGKSRl/FpIqsE6vXxXUbliCfZkq+mXMjENj956Txl7Ygu8S/1bmuUbDsAhaxXJ+kVrXevQL2AIL+ey+3r2kQ+FiQlZ5c7i8eXpsRPjjocACFDJhvZM2mCX6MvY3VR/jmfDeSZjBo/DwOA46wettqzVpjArlC6YQBh4niVFlN7dwNku1A1EV5n5+H7d3OsjB7by9sVKswrZUn5GjrnmQU2mR6d3T4x/h5TZp28WOBrnYfsjYRY+QoXeZ2mklX4cF/oiQTwbXIGkJ2CbNTG/C2Sxqd81QW5BFVlitJ/8gectX2E1x82uQC5LxHhblNfhLZkXSkaoC15ZjKqeU3TqiL3QMKKwapgzQ3dhb9FSMdZPXQAXUKqXaJPh1lbD0YNNFE7CDKVx0hC7rV5tKdLAuD0wdqw5558SXV3kvEVL8NW4Z4yO5E0ckWws8XHDeV8XfvFW7dScqEnXWLY7e4QUYADlaHwFxH8vtwHcmhhO2q+gdUfjpJaP1DOZlJ5xxkFiXhvqje/jmXaWyDimM9iJWLYHA/Ljv6Av7L2cwYk14ACeJ++anr8lWCbGEdZ5fUyH3NxEZblPMe2l5ftQz0oXylQsE6RiBGo4EeFeXdPjpNaY9xyhnpEQAkA1IjI5Upic4zh2canzWNM/n0/zw8TBpYlCeUh+8BSgXFO1cX429g4IK1s84Q23KcQn1XwMdu8Hs710jfUSDFZ+S5WxNBMltBEGZvBR0za4nNn1BfJ7hbSHsfAzfq0Zptjna9rGPwu9pS6yjS/9fxnrhxlp9yDRIupXoRe2/0EwJ415 fQwnnhe6 Ol0l5ctmg/3M8wBNJ4W54kcKhhfiLqXHAAvwhUQ9Msm46p9w6ECGE6gw4CAuU3wJBqKsN3N0Q7l8rwR2WYhxSjmwVSunb0kAJUi7a6woPCeYCUAAosp4yR+sK8OVok3itVNSLWqhqBlphjFkpHmYZQHcFboV8ZAsyH5/XbDZtnvzx0z+ykRY9gy2OOo5Hqq45RPSL9+uuF1UOx1Uvo+u/1d1AflfsdcUkNvDOxu5YVV9y0XuCWyWk/ccBceCiTqYAVMexfFtGFDVrNuwSDuyF02p0WzBd6qPMJuaGpdMO93gIypDAvGoWEnjR66TPSIB85t9tVaUxKdOVXaG1WV/k9egH2BunHQUfAQRTSSonUayj9UHbJBp8tAuovAsiW5YcblCUXghzOpOHgrJwsOOOmEKIAs4bXM0CXyV8ebwgXeKAdnQ9/6WixKTVw+sxBnvMGvwKzTBt+OOKCA2+fjUtpqA6IyG078sLoii2yloleCoPPEEBw1YdFoH6V2aicNobC1a0V55xhoLrGDRDbXb7bPU7Uvfp8Hoi3q6nTU6Vl12ad3Z7izSDbd35ZrgoQ24Jb0Z4Hovyy3xvy+0regsYHhWZmDtGPZHrUsC3TUiZLW5mYpe6NgppG3wXEFhV+HL8m3lvxIczRkp6b5JKgED5Y2Kr2IhPHyCuot5BIxWiny+/wBQIi5Gnc1QvQsYgkxxrag+8eIG8sYIodAta/xd6wjrlZg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Feb 21, 2025 at 04:57:24PM +0200, Lilith Gkini wrote: > On Thu, Feb 20, 2025 at 06:21:14PM +0900, Harry Yoo wrote: > > On Thu, Feb 20, 2025 at 05:20:00PM +0900, Harry Yoo wrote: > > > On Sat, Feb 15, 2025 at 06:57:01PM +0200, Lilitha Persefoni Gkini wrote: > > > > The condition `nr <= slab->objects` in the `on_freelist()` serves as > > > > bound while walking through the `freelist` linked list because we can't > > > > have more free objects than the maximum amount of objects in the slab. > > > > But the `=` can result in an extra unnecessary iteration. > > > > > > > > The patch changes it to `nr < slab->objects` to ensure it iterates > > > > at most `slab->objects` number of times. > > > > > > > > Signed-off-by: Lilitha Persefoni Gkini > > > > --- > > > > mm/slub.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/mm/slub.c b/mm/slub.c > > > > index 1f50129dcfb3..ad42450d4b0f 100644 > > > > --- a/mm/slub.c > > > > +++ b/mm/slub.c > > > > @@ -1435,7 +1435,7 @@ static int on_freelist(struct kmem_cache *s, struct slab *slab, void *search) > > > > int max_objects; > > > > > > > > fp = slab->freelist; > > > > - while (fp && nr <= slab->objects) { > > > > + while (fp && nr < slab->objects) { > > > > > > Hi, this makes sense to me. > > > > > > But based on what the name of the variable suggests (nr of objects), > > > I think it makes clearer to initialize it to 1 instead? > > > > Oh, actually iterating at most (slab->objects + 1) times allows it to catch > > cases where the freelist does not end with NULL (see how validate_slab() > > calls on_freelist(), passing search = NULL). > > > > It's very subtle. A comment like this would help: > > > > /* > > * Iterate at most slab->objects + 1 times to handle cases > > * where the freelist does not end with NULL. > > */ > > > > -- > > Cheers, > > Harry > > nr is the number of "free objects" in the freelist, so it should start > from zero for the case when there are no free objects. Hi Lilith, You're right. It was an oversight. > Oh, you think its on purpose to catch edgecases, like a defensive > programing sort of way? Huh, thats interesting! > > In that case it would prevent a case where every object in the slab is > freed and the tail of the freelist isnt NULL like it should be, maybe because > of some Out-Of-Bounds write from another object, or a Use-After-Free. > If that pointer is some gibberish then the chech_valid_pointer() check > on line 1441 will catch it, set it as NULL in line 1445 with > set_freepointer() and then break from the While and continue with the > rest of the program. nr will correctly remain as the number of freed > objects and the freelist will have a NULL in its tail, as it should! Yes, but corrupted freelist implies that the number of the free objects (nr) may be invalid? (if free pointer in the middle is corrupted). But that's another story... > But if the pointer isn't some random address and instead is an address in > the slab, lets say as an example the address of a free object in the > linked list (making the freelist cicrular) it wont get caught by the > check_valid_pointer() since technically it is a valid pointer, it will > increment nr to slab->objects + 1 and then exit the While loop because > it will fail the conditional nr <= slab->objects. > > Then later on, in line 1470 slab->objects - nr will be -1 which is not > equals to slab->inuse and enter the If case where it will set the > slab->inuse to -1, but because slab-inuse is an unsinged short it will > be stored as 0xFFFF, ie 65535, corrupting the slab struct with an > unreasonably large "inuse" value. While (slab->inuse + nr != slab->objects) will prevent overflow, I think either way is functional, because it prints error when there are more or less objects than it should have on the freelist. > You mentioned validate_slab(), I assume you are refering to how it > searches for NULL when it calls on_freelist() and if it does find NULL > in the freelist it will return 1 (basicaly TRUE). Yes. > In the example where every object is freed it will return TRUE > regardless if NULL is in the freelist or not, because on_freelist() > returns search == NULL if it doesnt find the search in the freelist. In > this case it would be NULL == NULL which is TRUE again. > This will have the same behavior even if we remove the equals sign from > the While, like the Patch suggests. Ok. that's actually a good point. But as validate_slab() expects to return false if there is no NULL in the freelist, I think we need to fix on_freelist() to support that? I'm not sure why on_freelist() returns (search == NULL). It has been there since the beginning of the SLUB allocator (commit 81819f0fc828). Since commit 53e15af03be4 ("slub: validation of slabs (metadata and guard zones)"), validate_slab() started passing NULL to on_freelist(). Looks like passing NULL to on_freelist() has never worked as intended... Can we return false in on_freelist(), if it could not find target object (search) in the loop? (need some testing to verify, though...) regardless of search is NULL or not? > I am still pretty new to this so I apologize for any mistakes. I > appreciate the feedback! Your questions are valid. > Is it ok to refer to lines of code, or should I copy paste the entire line? I prefer copy-and-paste because sometimes it's not obvious what commit is HEAD of your repository. > I understand that even small changes could have a huge effect to some > other function or subsystem in ways that might not be obvious to someone > not as familiar with the codebase. That's why we need to be as careful as possible and test the code ;-) > I hope I am not coming off to strong or anything. It's ok. I don't think so. -- Cheers, Harry