From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0ABD2D0EE19 for ; Fri, 11 Oct 2024 18:15:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 91EF26B00AE; Fri, 11 Oct 2024 14:15:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8D8CA6B00B2; Fri, 11 Oct 2024 14:15:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 796FB6B00B4; Fri, 11 Oct 2024 14:15:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 59D406B00AE for ; Fri, 11 Oct 2024 14:15:32 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id DE09241532 for ; Fri, 11 Oct 2024 18:15:28 +0000 (UTC) X-FDA: 82662124020.20.972622C Received: from gentwo.org (gentwo.org [62.72.0.81]) by imf16.hostedemail.com (Postfix) with ESMTP id BF2F518000A for ; Fri, 11 Oct 2024 18:15:27 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=gentwo.org header.s=default header.b=DksTBdiE; dmarc=pass (policy=reject) header.from=gentwo.org; spf=pass (imf16.hostedemail.com: domain of cl@gentwo.org designates 62.72.0.81 as permitted sender) smtp.mailfrom=cl@gentwo.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728670501; a=rsa-sha256; cv=none; b=vcG763i5KjEX7F6lgqnzwK/JKFIW3E7HCp2Vba0AWXxatpQZ5vpFbMFufM4yJN2/DR56Np pG2HS1vXds0bzxuOvjqKnby15ESD0S4staQ68hHxoz2DpAtINJeDo11885u+A9fmF4t7yT xcPvg7aBKYOsZuPCjRsHna1HX1YA30k= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=gentwo.org header.s=default header.b=DksTBdiE; dmarc=pass (policy=reject) header.from=gentwo.org; spf=pass (imf16.hostedemail.com: domain of cl@gentwo.org designates 62.72.0.81 as permitted sender) smtp.mailfrom=cl@gentwo.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728670501; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=b8zfaPs1qamClhIBfkOMBMSCO6oba48jtcAGje6CbTE=; b=sdOAGez4MJhKeRL6SYppKOeF7KsUU3gWs2O6j5w1VoGjoSV+jsR2aXZKdPx8QBH7wjfMPH bdsTCZsbHRrXPnC2suunM11KcZoc0iYH4BWcOpxmYG49W3PmPmXQdhuLJjWHXZLJKrlAWd ksFMMtFMaxdUr7cJ4IDEcwjw8ue1djs= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gentwo.org; s=default; t=1728670064; bh=jN72lK63r7hiXDJA6UaJSN5EUVaw0AcWfoPw0fLqre8=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=DksTBdiExM67haKxoZ3ghjy6kj3KhEHmEdeC4IKsLp5uN4tlb5XmYLsCDgTjTg1cj BObMkInrvz0L4U/jgL9IJkH+00iaiK9U5cnIDKMLq0qV/KDqXUgsOXlOM9voGZR5RR wCrEj3UEgugbcAuH8xVumuS3FCuABaOF4gluosJI= Received: by gentwo.org (Postfix, from userid 1003) id DE23C4026E; Fri, 11 Oct 2024 11:07:44 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by gentwo.org (Postfix) with ESMTP id DB77E401CB; Fri, 11 Oct 2024 11:07:44 -0700 (PDT) Date: Fri, 11 Oct 2024 11:07:44 -0700 (PDT) From: "Christoph Lameter (Ampere)" To: "yuan.gao" cc: penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, vbabka@suse.cz, roman.gushchin@linux.dev, 42.hyeyoo@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3] mm/slub: Avoid list corruption when removing a slab from the full list In-Reply-To: <20241011102020.58087-1-yuan.gao@ucloud.cn> Message-ID: References: <20241011102020.58087-1-yuan.gao@ucloud.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Rspam-User: X-Stat-Signature: acn4x1foqd5s9ichpa7ipc64stbconja X-Rspamd-Queue-Id: BF2F518000A X-Rspamd-Server: rspam02 X-HE-Tag: 1728670527-28991 X-HE-Meta: U2FsdGVkX1/DfSDwwktunyOiVwFqmMQTln/WJIiGjnNRJWXoDUC1i6CC9MG26jEUQTJyplBu4wFMXxd/iTCfEm41BGxRjzRWmOVAJVN194HJvJSMWd17sTbXMz/pmrHPa/RxE+r0EVWZLsnzqsD8oq7dnM/4QaJs0Pqd1QZzokwADWbobwDaS8V7jZuFg6csnajWGcW8r6A7PTuzEomVJCmzSVM/8V2pP+O/hXUgy2WTj4LcESjOCaqMmfart2v5Dxf2HoCIo8fG8NAbvGTWvb52dqiL4Tc6fqThKlctZuworvwHJVBuHo1ymUaVCk7pBj2irSZxzBSZcrPk/a7mHH69wOR9fb5dJUPvk/lJdtEXBJ6oZBZ6oUBXHJRjqvFtqyG4E0Eo8RFy/l7qI8+p0gHxf7PjZE7CwFep9dgkLH9xyPepf+VdLP+paGpUSl3EEYDHfTM0Z/+cXDCSluitK1eVj28t/gYPGovKChpg+mVZfB3xIU3lFSUQuSIzOkOx5DYvXA6JINDVvNI2eypDKFGkdKHVIFCC//WM6/bZQfhsUtPuiHb2WGcDIJCwsw5qK+parRIw1jyu255mqM19ZTD0S2wteydN+4cKEVrVpvOA78sUwO4/D+qFeKJA48C3MwpXAcVctYMI1T7T+1b0gJ88PaMVy9k6li0lt2cBi+eFvQAAFOD9h4FBbYWeU33SzTnMeUepEfHGjdu0exdg4tZPDIAVTkqWAWSzxvSSdW5wk6XJArurRaKYGKvgADFeUuFE2dJj7vpAmg/E0AqbzeLSKc5KftvmAyv9rhIeMKjfp8NzLhpzCK//rvXSgMQStJZUV1rTaQyozt8lmh/dkw+I8e6frJhR4IZDtXZ9JJ7iTs8OQ9MXd93kqDt2L72zgvzgIb43GvUgjv4O3pvcn0/8DtunC/bch+O8f0GNi+5a0a8s+y/vWGL08mFbSTg6GtqSx/GNq5T8lW8SXSA eznvMQkh oL12eGJSTJcmO84sX0+CULR3LSvk69LwX3IUw5V8quOaC3E6wClhgNtBQK+pyTtFMMygg5zYaP9RroJVw5LImfoO2zNYAP97tFX8lWKqnOWblA1Pc8Lmo+4Pk706VPLZcyq+/LA/KGW09F+Bv96V5ifPvYBBE9XfWAngD3d/h57CilTrG7m276pUu7w6x5iYZM+vWmEnlpGag0MF8Pc33A/w1zzjOZSgKNU40Q7LgoUaO9Irox2l1KMnGsQhFilEO5Nm2VkuWii1W1ikjFaPRK5zUaUGQOYUQbvGGGl1XHrOrkn8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, 11 Oct 2024, yuan.gao wrote: > When an object belonging to the slab got freed later, the remove_full() > function is called. Because the slab is neither on the partial list nor > on the full list, it eventually lead to a list corruption. We detect list poison.... > diff --git a/mm/slab.h b/mm/slab.h > index 6c6fe6d630ce..7681e71d9a13 100644 > --- a/mm/slab.h > +++ b/mm/slab.h > @@ -73,6 +73,10 @@ struct slab { > struct { > unsigned inuse:16; > unsigned objects:15; > + /* > + * Reuse frozen bit for slab with debug enabled: "If slab debugging is enabled then the frozen bit can bereused to indicate that the slab was corrupted" > index 5b832512044e..b9265e9f11aa 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -1423,6 +1423,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) > slab->inuse, slab->objects); > return 0; > } > + if (slab->frozen) { > + slab_err(s, slab, "Corrupted slab"); "Slab folio disabled due to metadata corruption" ? > @@ -2744,7 +2750,10 @@ static void *alloc_single_from_partial(struct kmem_cache *s, > slab->inuse++; > > if (!alloc_debug_processing(s, slab, object, orig_size)) { > - remove_partial(n, slab); > + if (folio_test_slab(slab_folio(slab))) { Does folio_test_slab test for the frozen bit??