Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp421978imw; Fri, 15 Jul 2022 06:00:40 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vyOqd9YnnDYA7E5zUJlnc7JE7riD17gkGT+VxHzRFhWTP9jRjWosgJZjYgnmfPxeKibLIy X-Received: by 2002:a17:906:2086:b0:717:4e91:f1db with SMTP id 6-20020a170906208600b007174e91f1dbmr13363237ejq.345.1657890040504; Fri, 15 Jul 2022 06:00:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657890040; cv=none; d=google.com; s=arc-20160816; b=OLqbx/FzGsj0wSattb8guq4kZuacM5YpKFAIpIhSPzJyfBRh4GzMv3jvkPBSO6LOPy POG4li4bOkU8mSGCNTftqlat5OxqqwUD+CNGfeJXgDWss9H6Ue+2cz2+bUBbSYdj6oFC Zo7+y65dwRZ55JYZ/v3D7yoYi4Jmscbuj/L/sk9WyIbqz61c1GQDoOeej4RcUdg+uPnw rVlrv/NEpoSbolp1eiX6Ie8NOeTdfs603Z5AMQVCdGuFsJzl+7AF+OHO4WoiqkQXqmci 2LgYxPZV50Um1OMB/ZBl2aKBPlzTM3kiSAhSWwWu5V2P8koCtH6zMfy6xazO4Hjjo+bS rRxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=GawmyZJSRrTWB3vbdXOQvwH/knbkcC1jFst0zBiD7gY=; b=E9cHgixiSATsjfAwQaGirGuHJIQNTlJ9byhhGMu9+XqAcTSKI+Jaw2E8/TXzXrSwFZ LhRgIoL1x7tXFHoJr9myx/Mb/wz9ZFPDCEXvc1pJZhbEPCYMEpWpOb260Zl3iSj1kgmn TnNQJNA8e2e30YkKSr4Ff0nP5WvaJFuol4+uHLQtpzxwYKXuN477BC48vu8+aSYDEmKy 9R2HrJS/UrbDprgOH+VvIvqYrPo+ehRxCf14j0X17QV4pFl8BHQnFbjJZL8RFd5OgyI3 Lf3LKX+xB/iTSlnZasVUZoJyuUISRwsrKmI21MEyH9lg/NDAzC2fmAoPozS8s1Q7XS82 NvyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=IjJ3Az7d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eb11-20020a0564020d0b00b0043a7fac2daesi165206edb.514.2022.07.15.06.00.12; Fri, 15 Jul 2022 06:00:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=IjJ3Az7d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232839AbiGOMcs (ORCPT + 99 others); Fri, 15 Jul 2022 08:32:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47038 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233319AbiGOMcq (ORCPT ); Fri, 15 Jul 2022 08:32:46 -0400 Received: from alexa-out-sd-02.qualcomm.com (alexa-out-sd-02.qualcomm.com [199.106.114.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C5997820B for ; Fri, 15 Jul 2022 05:32:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; i=@quicinc.com; q=dns/txt; s=qcdkim; t=1657888363; x=1689424363; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=GawmyZJSRrTWB3vbdXOQvwH/knbkcC1jFst0zBiD7gY=; b=IjJ3Az7dM7K8d3o4hEV+dqq0PMVR7UjR+CChko46l+fXZ7JrEWC42SBL 8fD5LGofbYED6u+vI5t7+hvZ6tPBj+W7kyD5QpJR2y3WgVy38OrHX3zsr 9rqKtvxu/6o1Wu4HT0qKgHhTVbGkDOiyTeiNfZZNvgJVAN4JYy59qRP3O 4=; Received: from unknown (HELO ironmsg-SD-alpha.qualcomm.com) ([10.53.140.30]) by alexa-out-sd-02.qualcomm.com with ESMTP; 15 Jul 2022 05:32:43 -0700 X-QCInternal: smtphost Received: from nasanex01c.na.qualcomm.com ([10.47.97.222]) by ironmsg-SD-alpha.qualcomm.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jul 2022 05:32:43 -0700 Received: from nalasex01a.na.qualcomm.com (10.47.209.196) by nasanex01c.na.qualcomm.com (10.47.97.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Fri, 15 Jul 2022 05:32:42 -0700 Received: from [10.216.17.18] (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Fri, 15 Jul 2022 05:32:37 -0700 Message-ID: Date: Fri, 15 Jul 2022 18:02:34 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCH] mm: fix use-after free of page_ext after race with memory-offline Content-Language: en-US To: Andrew Morton CC: , , , , , , , , , , , , Pavan Kondeti References: <1657810063-28938-1-git-send-email-quic_charante@quicinc.com> <20220714180418.6d546650b3e5ae745f09814d@linux-foundation.org> From: Charan Teja Kalla In-Reply-To: <20220714180418.6d546650b3e5ae745f09814d@linux-foundation.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thanks Andrew for the review!! On 7/15/2022 6:34 AM, Andrew Morton wrote: > On Thu, 14 Jul 2022 20:17:43 +0530 Charan Teja Kalla wrote: > >> The below is one path where race between page_ext and offline of the >> respective memory blocks will cause use-after-free on the access of >> page_ext structure. >> >> ... >> >> --- a/include/linux/page_ext.h >> +++ b/include/linux/page_ext.h >> @@ -64,6 +64,25 @@ static inline struct page_ext *page_ext_next(struct page_ext *curr) >> return next; >> } >> >> +static inline struct page_ext *get_page_ext(struct page *page) >> +{ >> + struct page_ext *page_ext; >> + >> + rcu_read_lock(); > If page_ext.h is to call rcu functions then it will need to include > appropriate header files. > Will add them!! >> + page_ext = lookup_page_ext(page); >> + if (!page_ext) { >> + rcu_read_unlock(); >> + return NULL; >> + } >> + >> + return page_ext; >> +} >> + >> +static inline void put_page_ext(void) >> +{ >> + rcu_read_unlock(); >> +} > Better names would be page_ext_get() and page_ext_put(). The rest of > the page_ext API appears to have got this right, so let's not mess that > up. I see naming convention is not consistent in page_ext.c. For couple of them I see page_ext_xxx() and for the rest it is xxx_page_ext(). Sure I will follow the page_ext_xxx() convention in V2. > > Also, these aren't really get and put functions - page_ext doesn't have > a refcount. But I can't immediately think of a name that better > communicates what we're doing here so I guess get and put will do. >> And are we able to add some comments here explaining why these > functions exist and what they do? Sure will add then in V2. > >> #else /* !CONFIG_PAGE_EXTENSION */ >> struct page_ext; > Are you sure we didn't need CONFIG_PAGE_EXTENSION=n stubs for these two > functions? I think it does need. Will add them in v2. > >