Received: by 10.213.65.68 with SMTP id h4csp2123924imn; Sun, 8 Apr 2018 20:17:48 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+P8X234nQrpYlNE/iFMvRkxHS4XvSZ8lG392Pb1oFgqbWe6wpscQ39gTspYleuD6BTbIRK X-Received: by 10.98.21.209 with SMTP id 200mr27362522pfv.232.1523243868560; Sun, 08 Apr 2018 20:17:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523243868; cv=none; d=google.com; s=arc-20160816; b=oNWAte0vSqw5bsd4qVO1XFlUVBQPBFeOR0zDiFbXDirzh5de9qG6r4hr8qAgWQUdoC ZlV8vhdL3fFTUyFXOq6tHPC6HDre5ETByIjGNFItbF4esAg4AElFx/PWYoB9C4TSc0Zz Vvm+ZqlaJMhNXecGNX3gn4TEw0WXyPPzuX/fWwG5X1xi0H5cBoZkOLdn0BumZjwXhaL3 WeMN9eHO5XM+prFXmoEtg85ea7iGCcpKNkgwvI8JYHeigUuiv7Wx6SUQz5v2JdQxqMDm 9h1r7VV6i/w2cfJW8FnLzAYgpTDocHr8qJehy3fH7I73EhqbDBjTJjEBUFDrCw7P3vJs TAaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=gS4FuYr4FjWpqjnffnUyM5tzT5demJdrA1k0x61jHD8=; b=k18ldoOtq7PpzvMlIEnlt4D1MuZRfZixArJP2IAYA/rHFFZf+3cUdu07CnESjMzRxJ zHom864+IEf3fZQRZ4iC4FwW4uMyWQIo+IED4FJxX2o+ZrVahGbfzgGEN7UaLDd4A2mo WK48q1i/imglVjOaIjEXEZqB5WBXhUzZR3HA96dKEE3F4TUGyBNEa8zuPxMORvZRoTB8 llxbfuosgfk6vU3mavzF4k0IYzMTUib+D3XYAqlYAD964Uo+aWbETR9yTJ0Vlw8xxFTd Ip7fYbi0BJa11AYeg4vXKB6PR08irL1WHST80O82w+0uCVJv+7Ji9icfFk0lItjW8ski g4jA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=YZ0LvVs3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1-v6si16204974pld.168.2018.04.08.20.17.12; Sun, 08 Apr 2018 20:17:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=YZ0LvVs3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754673AbeDIDJk (ORCPT + 99 others); Sun, 8 Apr 2018 23:09:40 -0400 Received: from mail-pf0-f195.google.com ([209.85.192.195]:43114 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752646AbeDIDJh (ORCPT ); Sun, 8 Apr 2018 23:09:37 -0400 Received: by mail-pf0-f195.google.com with SMTP id j2so4996375pff.10 for ; Sun, 08 Apr 2018 20:09:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=gS4FuYr4FjWpqjnffnUyM5tzT5demJdrA1k0x61jHD8=; b=YZ0LvVs30whUKD/yMQTLIlFX5feHfVWE6y9c71AbYC+4/8vpKNDnyzHwdR8px5s+lP n+SrodKtY768yGOaqv6HQ1pgvC/6EjrCyQiSDl8yNUjbxqYhxy9snmir0bMX3VvsXh3O aEBletqvfgKM4BvtGAI4GA1qxsAMyQykfB16O0kBPnGAIJYC2gqxdUU9lsvcnMVEoIfo 3gkn0IW87jhu809xcFJstbQFE6waNn9+ZljQoK9xDZO46KRqUYLHwCUiv0OwwOt5K6Aj DvTfWur4JOx6TmbbdxAHgt3uZc7ww9JGQwWw7HELmWoJZkrgxHGp/APAsBky07t6ul7w A+jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=gS4FuYr4FjWpqjnffnUyM5tzT5demJdrA1k0x61jHD8=; b=BJ6dZdMO5pI6gfDa5kAKkYZyJYQKU2lA2dOYgqNa0Q55cQQVs+epPvrNuG2HevuXd4 hS4P1PwCAQcevtecRQ78vXGJRv8TnffE0gcwi4B/7Ub+1gkV2tX3qhSNZib8BFcQRexQ L3h3qzjH/Bj+2/62pMptggfqOhWC/QjS5twAgqAM+DhBcrFX+j0XF4LHnzgNsT6C4s90 NDDQpTI1un/pc+kFSnpHvx0ySqzuM7H3H41FmFHDNzjOUPlHjS6NBgmosv3ypjz9RyA/ GAUE1Kn67okQnudO+JGUR0V3xsKk3uRdaTW5L44hi/hHwbofub60cOScyt5SPPJuUtBL xzWA== X-Gm-Message-State: AElRT7Gmdbe519aTjkq6IL6KxHUBLfGPV0LjGJa4scdnsrhyMbj5Psle DfsHterEJVO6PdfLFfyYCxeHI3la X-Received: by 10.98.60.4 with SMTP id j4mr27604719pfa.229.1523243376713; Sun, 08 Apr 2018 20:09:36 -0700 (PDT) Received: from rodete-desktop-imager.corp.google.com ([2401:fa00:d:0:7630:de9:f6f2:276f]) by smtp.gmail.com with ESMTPSA id j3sm29889250pfj.60.2018.04.08.20.09.32 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 08 Apr 2018 20:09:35 -0700 (PDT) Date: Mon, 9 Apr 2018 12:09:30 +0900 From: Minchan Kim To: Matthew Wilcox Cc: Christopher Lameter , Andrew Morton , linux-mm , LKML , Johannes Weiner , Jan Kara , Chris Fries Subject: Re: [PATCH] mm: workingset: fix NULL ptr dereference Message-ID: <20180409030930.GA214930@rodete-desktop-imager.corp.google.com> References: <20180409015815.235943-1-minchan@kernel.org> <20180409024925.GA21889@bombadil.infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180409024925.GA21889@bombadil.infradead.org> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 08, 2018 at 07:49:25PM -0700, Matthew Wilcox wrote: > On Mon, Apr 09, 2018 at 10:58:15AM +0900, Minchan Kim wrote: > > It assumes shadow entry of radix tree relies on the init state > > that node->private_list allocated should be list_empty state. > > Currently, it's initailized in SLAB constructor which means > > node of radix tree would be initialized only when *slub allocates > > new page*, not *new object*. So, if some FS or subsystem pass > > gfp_mask to __GFP_ZERO, slub allocator will do memset blindly. > > Wait, what? Who's declaring their radix tree with GFP_ZERO flags? > I don't see anyone using INIT_RADIX_TREE or RADIX_TREE or RADIX_TREE_INIT > with GFP_ZERO. Look at fs/f2fs/inode.c mapping_set_gfp_mask(inode->i_mapping, GFP_F2FS_ZERO); __add_to_page_cache_locked radix_tree_maybe_preload add_to_page_cache_lru What's the wrong with setting __GFP_ZERO with mapping->gfp_mask? > > Although, even if nobody's doing that intentionally, if somebody has > a bitflip with the __GFP_ZERO bit, it's going to propagate widely. > I think something like this might be appropriate: > > diff --git a/mm/slub.c b/mm/slub.c > index 9e1100f9298f..0f55f0a0dcaa 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -2714,8 +2714,10 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, > stat(s, ALLOC_FASTPATH); > } > > - if (unlikely(gfpflags & __GFP_ZERO) && object) > - memset(object, 0, s->object_size); > + if (unlikely(gfpflags & __GFP_ZERO) && object) { > + if (!WARN_ON_ONCE(s->ctor)) > + memset(object, 0, s->object_size); > + } > > slab_post_alloc_hook(s, gfpflags, 1, &object); > > > Something you could try is checking that the list is empty when the node > is inserted into the radix tree. > > diff --git a/lib/radix-tree.c b/lib/radix-tree.c > index 8e00138d593f..580f52d0c072 100644 > --- a/lib/radix-tree.c > +++ b/lib/radix-tree.c > @@ -428,6 +428,7 @@ radix_tree_node_alloc(gfp_t gfp_mask, struct radix_tree_node *parent, > ret->exceptional = exceptional; > ret->parent = parent; > ret->root = root; > + BUG_ON(!list_empty(&ret->private_list)); > } > return ret; > }