Received: by 2002:a17:90a:1609:0:0:0:0 with SMTP id n9csp856034pja; Wed, 1 Apr 2020 09:55:21 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuLtyJ14TW9Sa9ZBaBZ13aNGpqUeRGfos5KHuiIT2nj6iP0su+KX3+ShawJq03TEGXftShu X-Received: by 2002:a9d:850:: with SMTP id 74mr16345421oty.279.1585760121239; Wed, 01 Apr 2020 09:55:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585760121; cv=none; d=google.com; s=arc-20160816; b=xveM+IXK6qJ9BfTQPhxn51RWnyHpobcpZ9YX9HftPZ55ylatDg9qyQG/8sSEIxrHzJ 0LWIG5UCxKNRjmEDlgKD5HaagNaCj12Og/J5xEw9iiLBwngUqJCs56cYDg8bcjG+CfsR +gXeUCD5fNUSrzOZRQABMjZKGT26Qq9SScSyFhmEKiXxv5q1no7evFNgXqYQNtz7JgXe PjlMZCtqMueHqcWOnp0S0N4oczSkh13aAvmjGlh3BwHkitKQ67kN0wICBznve/z+REiV fAXHlONw2OTCVTgVeTmORQaGDX6tV7i3nm5VmYZhGcEVw14JzJBORN1z2oJKbb6iMkjz nzJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NhfhkuawvOkDg2kipQM7O787L8BXNVQnxTyXwTQR5v0=; b=mr0zWioPENKC+hS748tAF4Tqr4yc1IM9f4E5VCDKxeQeE+JWtF0yRPzAExN6iOn1ZZ MLFPa0CYQTwPB8Ym+STymT6TeekFCGaNmhqogK/7UH2z46fKABEwP4WM67yn9TCbBhUF 9f/dWcWsRN5MIF8aBRpGnnLT9dmV1FK5LCeoGcXuvXjffRnEDe8TG81m7o1DqLJiDBKv zCuRPYQI+4tEGRvhCe9R5RTnBIbSr1a8ZDTK13Df50wOMilVYssQodoRZpvrXpQ0zdz/ 3Hbelzci9wd402HwziTKL4u15uowkg+1C7517+VpIpYs9SLq1MtTw0ZyAqpmDl7CYdAL Pvjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kDhOkNg4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u16si1121615oth.230.2020.04.01.09.55.08; Wed, 01 Apr 2020 09:55:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kDhOkNg4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387803AbgDAQc0 (ORCPT + 99 others); Wed, 1 Apr 2020 12:32:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:58758 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733300AbgDAQcY (ORCPT ); Wed, 1 Apr 2020 12:32:24 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BA358212CC; Wed, 1 Apr 2020 16:32:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1585758743; bh=If+2ef+MMU2/Y/HWgpdpuL8hH5GfqGQEDo6IN9aP8sA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kDhOkNg4qRZDTEyUgHbcRrtmtOcjp8u1OUs8FItfaE1PQn9rdmAhgxMxDoDP07MYP +8TVyTMWfHh9NQA4o/l8JljOmqNE6bjnOoUJ/gQtwyY2Tx+3UFk0bbMMKE4yyK/D43 6zOl8j1lzj+qZkr8SWeeuyxdqSUpLVKKhVsaATSc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jann Horn , Linus Torvalds Subject: [PATCH 4.4 23/91] mm: slub: be more careful about the double cmpxchg of freelist Date: Wed, 1 Apr 2020 18:17:19 +0200 Message-Id: <20200401161521.226572987@linuxfoundation.org> X-Mailer: git-send-email 2.26.0 In-Reply-To: <20200401161512.917494101@linuxfoundation.org> References: <20200401161512.917494101@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Linus Torvalds commit 5076190daded2197f62fe92cf69674488be44175 upstream. This is just a cleanup addition to Jann's fix to properly update the transaction ID for the slub slowpath in commit fd4d9c7d0c71 ("mm: slub: add missing TID bump.."). The transaction ID is what protects us against any concurrent accesses, but we should really also make sure to make the 'freelist' comparison itself always use the same freelist value that we then used as the new next free pointer. Jann points out that if we do all of this carefully, we could skip the transaction ID update for all the paths that only remove entries from the lists, and only update the TID when adding entries (to avoid the ABA issue with cmpxchg and list handling re-adding a previously seen value). But this patch just does the "make sure to cmpxchg the same value we used" rather than then try to be clever. Acked-by: Jann Horn Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/slub.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/mm/slub.c +++ b/mm/slub.c @@ -2788,11 +2788,13 @@ redo: barrier(); if (likely(page == c->page)) { - set_freepointer(s, tail_obj, c->freelist); + void **freelist = READ_ONCE(c->freelist); + + set_freepointer(s, tail_obj, freelist); if (unlikely(!this_cpu_cmpxchg_double( s->cpu_slab->freelist, s->cpu_slab->tid, - c->freelist, tid, + freelist, tid, head, next_tid(tid)))) { note_cmpxchg_failure("slab_free", s, tid);