Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4455700pxb; Sun, 27 Mar 2022 19:30:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwu7FkVzyRPwk4U0EdyzY96EbGlOhCRYMV2zEdOsrzGOoxx4omJRK8nGbxaSSde10Hjf/k6 X-Received: by 2002:a05:6402:27cb:b0:419:7c76:8e6f with SMTP id c11-20020a05640227cb00b004197c768e6fmr13642264ede.410.1648434623894; Sun, 27 Mar 2022 19:30:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648434623; cv=none; d=google.com; s=arc-20160816; b=gsSbccj5V7ASY6d5IOMITYJPWhuaTfz35WOqyGrWKDjZ6fNly6FPGBllx4zIyt9nKL ydZG3GD3nku68y9hof+tWanjR1EQzKPJgP6OgZGtX66ZJ9l5ufDWWaNiOle4jlDhzm0V 3JVOcEBSyw146UrUqKdZ4Atsgtpeeg86rwdT/IXDAztxtNoJB6FHiRkyzm0uH+DLaINH T60m8s1hz8Hg6MP+uTi6wjSlpJIyP+QQWHKnCkZhy+i8nJzD6+WnH9f0Up2X7tsZqSJS dXxBK1BrC0BRPqzDE/hhl/d2DvGvz/njtedAl2G2+KoiueEoKn4nu0okkdJh5M3T6xIZ MIug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=HsWH6DZnRrNBpmi3G0N/Bk/YRNIz8b7c67Ar9vl8sBo=; b=Ko0r+N0Ob991FVuQbiQQiXs7SYr9HypI4hx07MHfUr6lAwhahhytrcWY8x3SLfKX/8 bin1yVSbeCsfyXkHnoVtetEj08uLW/Jz5185Wb0CZN+aQz6iEs6iB1tU7Prna/4PiRqu q4wraS/Nf7wulu6bruuTTuArrYHWp27V3MLobpX40MmD4bEqPsxW05VzW7x1cMnIB0x7 ifohyfCPkfIkc3xprZh4j9LLBi1/AUy5Fy7XetbReHJGcRJVJgMO8oZFBAKB1eZpw1SN n7Wsp8ctW14xLO5NsjsnjXPZQvP8IWH+mgWrL1BExxRL1A46/Ve+sfENMfKqudwsO691 sW6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=TnbXlHjs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f14-20020a1709062c4e00b006df76385c0asi10807715ejh.170.2022.03.27.19.29.58; Sun, 27 Mar 2022 19:30:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=TnbXlHjs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235195AbiC0VKg (ORCPT + 99 others); Sun, 27 Mar 2022 17:10:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44290 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229878AbiC0VKf (ORCPT ); Sun, 27 Mar 2022 17:10:35 -0400 Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6A0EE0DE for ; Sun, 27 Mar 2022 14:08:53 -0700 (PDT) Received: by mail-lf1-x135.google.com with SMTP id t25so21625777lfg.7 for ; Sun, 27 Mar 2022 14:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HsWH6DZnRrNBpmi3G0N/Bk/YRNIz8b7c67Ar9vl8sBo=; b=TnbXlHjsdNPdi4vQH++dmDky/x1SOl8XVjuuusaeB/JzY2ejhTw4rz/mcR2ahfMHN9 R9xC9ktEWntbtfkn05iSIa4WdosCkaasTCqzvw5QGreY3owoCwV5QOt/nruGyEfwAWpX SVJLxWfORlkHWVoYmzNXVHsa85zmrVlPfwOp8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HsWH6DZnRrNBpmi3G0N/Bk/YRNIz8b7c67Ar9vl8sBo=; b=VH5S2NxRTHyrMUKJmVpiQHVZmmZPsfuBsQVUtWA29rFXa1scu4ihgBda5AOy0pp/DB jh+MTwAAJljzrl9eQL5JNQrNHXTogju5UeY6dJYNHpb0YDI7d1QyLwBJRtJ2BGgs9quz qE9U6JeWSijbqtm0zepNf3BpX03z8weWRekX5EpFI7W+fB/GI+Ce5xkT/cLoqhXjLEIu zonbhKQgvUxj8Zf9v2BLlKBOP6XY6cFaaoDphoAuFeL3WWncpRPvuLmP0ZWS2CrpA8Kw XUmLa4A0qvhON32mREkclEzk7ILGx0tjXWuB320njIXGEFA1zOA0pO1ym5w1g0voti1c F14g== X-Gm-Message-State: AOAM530YuR7eMW5QxhoAOxfRC3Rs7kcd5bs9gfeV/uuWbcHcYr1Wcm+Q faCocCWkG5AIOsVhN0htp8GOFJcyzDQNfJoav6s= X-Received: by 2002:a05:6512:1112:b0:44a:4096:39b0 with SMTP id l18-20020a056512111200b0044a409639b0mr16771670lfg.35.1648415331837; Sun, 27 Mar 2022 14:08:51 -0700 (PDT) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com. [209.85.167.49]) by smtp.gmail.com with ESMTPSA id q22-20020a194316000000b0044a93059aa9sm228223lfa.260.2022.03.27.14.08.50 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 27 Mar 2022 14:08:50 -0700 (PDT) Received: by mail-lf1-f49.google.com with SMTP id k21so21644235lfe.4 for ; Sun, 27 Mar 2022 14:08:50 -0700 (PDT) X-Received: by 2002:a05:6512:2296:b0:44a:6aaf:b330 with SMTP id f22-20020a056512229600b0044a6aafb330mr13637755lfu.531.1648415329700; Sun, 27 Mar 2022 14:08:49 -0700 (PDT) MIME-Version: 1.0 References: <20220327051853.57647-1-songmuchun@bytedance.com> In-Reply-To: <20220327051853.57647-1-songmuchun@bytedance.com> From: Linus Torvalds Date: Sun, 27 Mar 2022 14:08:33 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/2] mm: kfence: fix missing objcg housekeeping for SLAB To: Muchun Song Cc: Alexander Potapenko , Marco Elver , Dmitry Vyukov , Andrew Morton , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , roman.gushchin@linux.dev, kasan-dev , Linux-MM , Linux Kernel Mailing List , syzbot Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 26, 2022 at 10:19 PM Muchun Song wrote: > > The objcg is not cleared and put for kfence object when it is freed, which > could lead to memory leak for struct obj_cgroup and wrong statistics of > NR_SLAB_RECLAIMABLE_B or NR_SLAB_UNRECLAIMABLE_B. Since the last freed > object's objcg is not cleared, mem_cgroup_from_obj() could return the wrong > memcg when this kfence object, which is not charged to any objcgs, is > reallocated to other users. A real word issue [1] is caused by this bug. Good that this looks sorted out. Patch 2/2 seems to still be up in the air. The patch not only causes build errors, but it looks really very odd to me. In particular, you do that loop with __SetPageSlab(&pages[i]); in kfence_init_pool(), but that is *not* where you set the MEMCG_DATA_OBJCGS, and instead do that virt_to_slab(addr) dance later. That looks very odd to me. I think the two should go hand-in-hand, since that __SetPageSlab() really is what makes it a slab thing, and I think it should go together with setting the slab state correctly. Finally, is there a syzbot report for that second problem? Anyway, should I apply this PATCH 1/2 now directly as the solution for the dentry issue, or should I wait for that second patch? They seem to be related only indirectly, in that the problems were both introduced by the same commit. Linus