From: Matthew Wilcox <willy@infradead.org>
To: David Wysochanski <dwysocha@redhat.com>
Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>,
David Howells <dhowells@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Jeff Layton <jlayton@kernel.org>,
Christoph Hellwig <hch@infradead.org>,
linux-afs@lists.infradead.org, linux-nfs@vger.kernel.org,
linux-cifs@vger.kernel.org, ceph-devel@vger.kernel.org,
v9fs-developer@lists.sourceforge.net,
linux-erofs@lists.ozlabs.org, linux-ext4@vger.kernel.org,
linux-cachefs@redhat.com, linux-fsdevel@vger.kernel.org,
Rohith Surabattula <rohiths.msft@gmail.com>,
Steve French <sfrench@samba.org>,
Shyam Prasad N <nspmangalore@gmail.com>,
Dominique Martinet <asmadeus@codewreck.org>,
Ilya Dryomov <idryomov@gmail.com>,
linux-mm@kvack.org, Daire Byrne <daire.byrne@gmail.com>
Subject: Re: [BUG mm-unstable] BUG: KASAN: use-after-free in shrink_folio_list+0x9f4/0x1ae0
Date: Fri, 7 Jul 2023 19:33:15 +0100 [thread overview]
Message-ID: <ZKhaa7xn9aaZYicR@casper.infradead.org> (raw)
In-Reply-To: <CALF+zO=nGdoxcT-ya3aaUCBi-4iKPo3kZyzcWYCKMCf4n2wVbA@mail.gmail.com>
On Fri, Jul 07, 2023 at 02:12:06PM -0400, David Wysochanski wrote:
> I think myself / Daire Byrne may have already tracked this down and I
> found a 1-liner that fixed a similar crash in his environment.
>
> Can you try this patch on top and let me know if it still crashes?
> https://github.com/DaveWysochanskiRH/kernel/commit/902c990e311120179fa5de99d68364b2947b79ec
Said one-liner:
- struct address_space *mapping = folio->mapping;
+ struct address_space *mapping = folio_mapping(folio);
This will definitely fix the problem. shrink_folio_list() sees
anonymous folios as well as file folios.
I wonder if we want to go a step further and introduce ...
+static inline bool __folio_needs_release(struct address_space *mapping,
+ struct folio *folio)
+{
+ return folio_has_private(folio) ||
+ (mapping && mapping_release_always(mapping));
+}
+
/*
* Return true if a folio needs ->release_folio() calling upon it.
*/
static inline bool folio_needs_release(struct folio *folio)
{
- struct address_space *mapping = folio->mapping;
-
- return folio_has_private(folio) ||
- (mapping && mapping_release_always(mapping));
+ return __folio_needs_release(folio_mapping(folio), folio);
}
since two of the three callers already have done the necessary dance to
get the mapping (and they're the two which happen regularly; the third
is an unusual situation).
WARNING: multiple messages have this Message-ID (diff)
From: Matthew Wilcox <willy@infradead.org>
To: David Wysochanski <dwysocha@redhat.com>
Cc: Dominique Martinet <asmadeus@codewreck.org>,
David Howells <dhowells@redhat.com>,
linux-mm@kvack.org, Hyeonggon Yoo <42.hyeyoo@gmail.com>,
linux-afs@lists.infradead.org,
Shyam Prasad N <nspmangalore@gmail.com>,
linux-cifs@vger.kernel.org, Christoph Hellwig <hch@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-cachefs@redhat.com, v9fs-developer@lists.sourceforge.net,
Ilya Dryomov <idryomov@gmail.com>,
linux-ext4@vger.kernel.org, ceph-devel@vger.kernel.org,
linux-nfs@vger.kernel.org,
Rohith Surabattula <rohiths.msft@gmail.com>,
Daire Byrne <daire.byrne@gmail.com>,
Jeff Layton <jlayton@kernel.org>,
Steve French <sfrench@samba.org>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
linux-erofs@lists.ozlabs.org
Subject: Re: [BUG mm-unstable] BUG: KASAN: use-after-free in shrink_folio_list+0x9f4/0x1ae0
Date: Fri, 7 Jul 2023 19:33:15 +0100 [thread overview]
Message-ID: <ZKhaa7xn9aaZYicR@casper.infradead.org> (raw)
In-Reply-To: <CALF+zO=nGdoxcT-ya3aaUCBi-4iKPo3kZyzcWYCKMCf4n2wVbA@mail.gmail.com>
On Fri, Jul 07, 2023 at 02:12:06PM -0400, David Wysochanski wrote:
> I think myself / Daire Byrne may have already tracked this down and I
> found a 1-liner that fixed a similar crash in his environment.
>
> Can you try this patch on top and let me know if it still crashes?
> https://github.com/DaveWysochanskiRH/kernel/commit/902c990e311120179fa5de99d68364b2947b79ec
Said one-liner:
- struct address_space *mapping = folio->mapping;
+ struct address_space *mapping = folio_mapping(folio);
This will definitely fix the problem. shrink_folio_list() sees
anonymous folios as well as file folios.
I wonder if we want to go a step further and introduce ...
+static inline bool __folio_needs_release(struct address_space *mapping,
+ struct folio *folio)
+{
+ return folio_has_private(folio) ||
+ (mapping && mapping_release_always(mapping));
+}
+
/*
* Return true if a folio needs ->release_folio() calling upon it.
*/
static inline bool folio_needs_release(struct folio *folio)
{
- struct address_space *mapping = folio->mapping;
-
- return folio_has_private(folio) ||
- (mapping && mapping_release_always(mapping));
+ return __folio_needs_release(folio_mapping(folio), folio);
}
since two of the three callers already have done the necessary dance to
get the mapping (and they're the two which happen regularly; the third
is an unusual situation).
next prev parent reply other threads:[~2023-07-07 18:33 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-28 10:48 [PATCH v7 0/2] mm, netfs, fscache: Stop read optimisation when folio removed from pagecache David Howells
2023-06-28 10:48 ` David Howells
2023-06-28 10:48 ` [PATCH v7 1/2] mm: Merge folio_has_private()/filemap_release_folio() call pairs David Howells
2023-06-28 10:48 ` David Howells
2023-06-28 10:48 ` [PATCH v7 2/2] mm, netfs, fscache: Stop read optimisation when folio removed from pagecache David Howells
2023-06-28 10:48 ` David Howells
2023-06-29 0:39 ` [Linux-cachefs] " Xiubo Li
2023-06-29 0:39 ` Xiubo Li
2023-06-30 3:20 ` Jingbo Xu
2023-06-30 3:20 ` Jingbo Xu
2023-07-07 16:38 ` [BUG mm-unstable] BUG: KASAN: use-after-free in shrink_folio_list+0x9f4/0x1ae0 Hyeonggon Yoo
2023-07-07 16:38 ` Hyeonggon Yoo
2023-07-07 16:46 ` Hyeonggon Yoo
2023-07-07 16:46 ` Hyeonggon Yoo
2023-07-07 18:12 ` David Wysochanski
2023-07-07 18:12 ` David Wysochanski
2023-07-07 18:27 ` Hyeonggon Yoo
2023-07-07 18:27 ` Hyeonggon Yoo
2023-07-07 18:40 ` Matthew Wilcox
2023-07-07 18:40 ` Matthew Wilcox
2023-07-07 18:33 ` Matthew Wilcox [this message]
2023-07-07 18:33 ` Matthew Wilcox
2023-07-07 19:23 ` SeongJae Park
2023-07-07 19:23 ` SeongJae Park
2023-07-17 7:34 ` [PATCH v7 2/2] mm, netfs, fscache: Stop read optimisation when folio removed from pagecache kernel test robot
2023-07-17 7:34 ` kernel test robot
2023-07-17 12:43 ` David Wysochanski
2023-07-17 12:43 ` David Wysochanski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZKhaa7xn9aaZYicR@casper.infradead.org \
--to=willy@infradead.org \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=asmadeus@codewreck.org \
--cc=ceph-devel@vger.kernel.org \
--cc=daire.byrne@gmail.com \
--cc=dhowells@redhat.com \
--cc=dwysocha@redhat.com \
--cc=hch@infradead.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-afs@lists.infradead.org \
--cc=linux-cachefs@redhat.com \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nfs@vger.kernel.org \
--cc=nspmangalore@gmail.com \
--cc=rohiths.msft@gmail.com \
--cc=sfrench@samba.org \
--cc=torvalds@linux-foundation.org \
--cc=v9fs-developer@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.