Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp173372pxb; Tue, 29 Mar 2022 02:04:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxnd3f1q2jHIwNiCAIMUpKTddXLby4LtbT1smjon1RzuqAc/SIwkCprG4Y6l6pp3hWlSVEj X-Received: by 2002:a17:906:4783:b0:6d0:9b6e:b5a5 with SMTP id cw3-20020a170906478300b006d09b6eb5a5mr34417726ejc.526.1648544698741; Tue, 29 Mar 2022 02:04:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648544698; cv=none; d=google.com; s=arc-20160816; b=fi36jcp84xzPtw8dkNnKKvMYLxqhkVQEQHxJGWpBFUI+UHXTrSTjFpSNbVAfKL8/QU 5hiuQY7dnXfEWTWqYm0eukH7H3lAX8mOzLUr5JExuIt5UuD0ptaGxRWF0DMTKw5BGj2k 42yFJFG0xT21ok50fVKgiY787wNXeMvlF6ORxGIE3ggZyHiLhXl4QcKUIWDIXOaQNxce urumM4/eFzcZAAG6C4IXDWSXikgmlWcMk1HnUZT4IT4/bYez7FmIgGYyzDtQxg1LxjFw sLETJ+Z90fmMkOZbaSJQFdrdwYc8JLLlf6MXCcwZ+zuDN1ea5JV/P5868EGMBlbJpfPA mXdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ZJF2ROwWswfObVh+2bG7an1ccg+/dGsZVnoMIY0qAho=; b=h6aPWSpamaJtUP9q9ALKsyxsPM5y6h1HpnLhDHsEOCFwElIgJC3CX4oiY4GafQC8QV MotFyJIkG1uDq4K369QM6Kej8Ef+6nctDvV3R/jFsOQLzza0Q3fiiRvAnnLsT6pYTQp9 IQiurZ/URZetxXnwG/PR3gxOo2PmyaKhrsRsnEFq5T0x3Fo9DDrRyuF7gVCdUzzNRIzV 6gkC4wWVq1fbPnofXx0QRWuuMrCPt5O4wPp+b04FNUM7+Vr/NCjQ5HpF4w8PbO8mDn7j v+ZVS4nLlpJnnagehg4Zg0krMvxzUOp0SyfSPhc9TWox8Dezlkde6Ka4qwnyxQmIu9ZH YQpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=gSJ30XwF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q7-20020aa7d447000000b00418ee342277si17189679edr.489.2022.03.29.02.04.31; Tue, 29 Mar 2022 02:04:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=gSJ30XwF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=bytedance.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231375AbiC2DEJ (ORCPT + 99 others); Mon, 28 Mar 2022 23:04:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34832 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230050AbiC2DEH (ORCPT ); Mon, 28 Mar 2022 23:04:07 -0400 Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1F5D1FE55C for ; Mon, 28 Mar 2022 20:02:24 -0700 (PDT) Received: by mail-yb1-xb2f.google.com with SMTP id e203so20511215ybc.12 for ; Mon, 28 Mar 2022 20:02:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZJF2ROwWswfObVh+2bG7an1ccg+/dGsZVnoMIY0qAho=; b=gSJ30XwFfgCjoj7FODAJINpGCvebtxMjLRGGevotz+9ZlBRkCUMeU8L9h6Bnq4EbdD 9mlPKz6SV+vXTltegjU1HzpHmPAcimoAChXTplAr29Yo3iT2YnWV8F1wvC2scvGK8NfH oox99sFrFwk6+yWK0lR5qBeAlnNKyjBsDOX5XwmMR8UH6piEfvXDOEkd/XJ1WNiyt+dS d5kTuz1eBV1QwXKxN67DbDIAoE122Q2X7jUNHB74UY4t51ikyj8aVEU1w4Rh9fJMFetX /QHNt0pSkoMhCW4VQJqY1Zo6idopu36g3Em7DYg1Ql5qdWkZpbMJC8vkBzbay9DbREp4 rK7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZJF2ROwWswfObVh+2bG7an1ccg+/dGsZVnoMIY0qAho=; b=JbzF2kH0dn8NQkrAgpSlngaJ820KgwybPJ97o9OjsNOPSlfEe33LE2QgIJHu7gKBR4 RYto2SKs+1Oc+4dqncMfGwBpB/3jjSvGvhYOnN5uvc7hofyfa/U8cKhF2D4FFeznUHIC CI72URa58QjJ1PxDidDxmPqmNg9qThioHEru9ZJPfYo0qz/LrLH2Xtg9eKWB6dazka2o ZDtml+YxgGhJUY0caw/Hqli750pL4TyakqpcBznVgpiRiLYNpToup45mKBvA7v7feRlw L9zmvPw5sdsiDOWrII9xSrIQK3p/3M2on5Fwp1G74gULnj2idmVatrx24Hma5kwrnR9p GTCw== X-Gm-Message-State: AOAM530ayGDcbDl2H9oWxUND7xtseyoSTsPUh2kxmR499mE+dF+LT/iQ KFrgcP6z8K7xF03cyVHIbgl51LmHRXAB/vildP2gIw== X-Received: by 2002:a25:cdca:0:b0:633:c810:6ca with SMTP id d193-20020a25cdca000000b00633c81006camr26311135ybf.261.1648522944149; Mon, 28 Mar 2022 20:02:24 -0700 (PDT) MIME-Version: 1.0 References: <20220328132843.16624-1-songmuchun@bytedance.com> In-Reply-To: From: Muchun Song Date: Tue, 29 Mar 2022 11:01:45 +0800 Message-ID: Subject: Re: [External] Re: [PATCH v2] mm: kfence: fix objcgs vector allocation To: Marco Elver Cc: Alexander Potapenko , Dmitry Vyukov , Andrew Morton , kasan-dev , Linux Memory Management List , LKML , Xiongchun duan Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 29, 2022 at 2:58 AM Marco Elver wrote: > > On Mon, 28 Mar 2022 at 17:54, Muchun Song wrote: > [...] > > > > > > > > Btw, how did you test this? > > > > > > > > I have tested it with syzkaller with the following configs. > > And I didn't find any issues. > > > > CONFIG_KFENCE=y > > CONFIG_KFENCE_SAMPLE_INTERVAL=10 > > CONFIG_KFENCE_NUM_OBJECTS=2550 > > CONFIG_KFENCE_DEFERRABLE=n > > CONFIG_KFENCE_STATIC_KEYS=y > > CONFIG_KFENCE_STRESS_TEST_FAULTS=0 > > Hmm, I would have expected that you have some definitive test case > that shows the issue, and with the patch the issue is gone. Were there > issues triggered by syzkaller w/o this patch? > I have tested this patch with the following patch and without this patch. Then we'll see the BUG_ON meaning both objcg vector and object are allocated from kfence pool. diff --git a/mm/slab.h b/mm/slab.h index c7f2abc2b154..1d8d15522a2e 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -519,6 +519,8 @@ static inline void memcg_slab_post_alloc_hook(struct kmem_cache *s, continue; } + BUG_ON(is_kfence_address(p[i]) && is_kfence_address(slab_objcgs(slab))); + off = obj_to_index(s, slab, p[i]); obj_cgroup_get(objcg); slab_objcgs(slab)[off] = objcg;