All of lore.kernel.org
 help / color / mirror / Atom feed
From: Byungchul Park <byungchul@sk.com>
To: "David Hildenbrand (Red Hat)" <david@kernel.org>
Cc: Jesper Dangaard Brouer <hawk@kernel.org>,
	linux-mm@kvack.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, kernel_team@skhynix.com,
	harry.yoo@oracle.com, ast@kernel.org, daniel@iogearbox.net,
	davem@davemloft.net, kuba@kernel.org, john.fastabend@gmail.com,
	sdf@fomichev.me, saeedm@nvidia.com, leon@kernel.org,
	tariqt@nvidia.com, mbloch@nvidia.com, andrew+netdev@lunn.ch,
	edumazet@google.com, pabeni@redhat.com,
	akpm@linux-foundation.org, lorenzo.stoakes@oracle.com,
	Liam.Howlett@oracle.com, vbabka@suse.cz, rppt@kernel.org,
	surenb@google.com, mhocko@suse.com, horms@kernel.org,
	jackmanb@google.com, hannes@cmpxchg.org, ziy@nvidia.com,
	ilias.apalodimas@linaro.org, willy@infradead.org,
	brauner@kernel.org, kas@kernel.org, yuzhao@google.com,
	usamaarif642@gmail.com, baolin.wang@linux.alibaba.com,
	almasrymina@google.com, toke@redhat.com, asml.silence@gmail.com,
	bpf@vger.kernel.org, linux-rdma@vger.kernel.org,
	sfr@canb.auug.org.au, dw@davidwei.uk, ap420073@gmail.com,
	dtatulea@nvidia.com
Subject: Re: [RFC mm v6] mm: introduce a new page type for page pool in page type
Date: Tue, 18 Nov 2025 10:07:35 +0900	[thread overview]
Message-ID: <20251118010735.GA73807@system.software.com> (raw)
In-Reply-To: <e470c73a-9867-4387-9a9a-a63cd3b2654f@kernel.org>

On Mon, Nov 17, 2025 at 05:47:05PM +0100, David Hildenbrand (Red Hat) wrote:
> On 17.11.25 17:02, Jesper Dangaard Brouer wrote:
> > 
> > On 17/11/2025 06.20, Byungchul Park wrote:
> > > diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> > > index 600d9e981c23..01dd14123065 100644
> > > --- a/mm/page_alloc.c
> > > +++ b/mm/page_alloc.c
> > > @@ -1041,7 +1041,6 @@ static inline bool page_expected_state(struct page *page,
> > >    #ifdef CONFIG_MEMCG
> > >                      page->memcg_data |
> > >    #endif
> > > -                    page_pool_page_is_pp(page) |
> > >                      (page->flags.f & check_flags)))
> > >              return false;
> > > 
> > > @@ -1068,8 +1067,6 @@ static const char *page_bad_reason(struct page *page, unsigned long flags)
> > >      if (unlikely(page->memcg_data))
> > >              bad_reason = "page still charged to cgroup";
> > >    #endif
> > > -    if (unlikely(page_pool_page_is_pp(page)))
> > > -            bad_reason = "page_pool leak";
> > >      return bad_reason;
> > >    }
> > 
> > This code have helped us catch leaks in the past.
> > When this happens the result is that the page is marked as a bad page.
> > 
> > > 
> > > @@ -1378,9 +1375,12 @@ __always_inline bool free_pages_prepare(struct page *page,
> > >              mod_mthp_stat(order, MTHP_STAT_NR_ANON, -1);
> > >              folio->mapping = NULL;
> > >      }
> > > -    if (unlikely(page_has_type(page)))
> > > +    if (unlikely(page_has_type(page))) {
> > > +            /* networking expects to clear its page type before releasing */
> > > +            WARN_ON_ONCE(PageNetpp(page));
> > >              /* Reset the page_type (which overlays _mapcount) */
> > >              page->page_type = UINT_MAX;
> > > +    }
> > > 
> > >      if (is_check_pages_enabled()) {
> > >              if (free_page_is_bad(page))
> > 
> > What happens to the page? ... when it gets marked with:
> >     page->page_type = UINT_MAX
> > 
> > Will it get freed and allowed to be used by others?
> > - if so it can result in other hard-to-catch bugs
> 
> Yes, just like most other use-after-free from any other subsystem in the
> kernel :)
> 
> The expectation is that such BUGs are found early during testing
> (triggering a WARN) such that they can be fixed early.
> 
> But we could also report a bad page here and just stop (return false).

I think the WARN_ON_ONCE() makes the problematic situation detectable.
However, if we should prevent the page from being used on the detection,
sure, I can update the patch.

Thanks,
	Byungchul

> 
> --
> Cheers
> 
> David

  reply	other threads:[~2025-11-18  1:07 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-17  5:20 [RFC mm v6] mm: introduce a new page type for page pool in page type Byungchul Park
2025-11-17 11:20 ` Toke Høiland-Jørgensen
2025-11-17 16:02 ` Jesper Dangaard Brouer
2025-11-17 16:47   ` David Hildenbrand (Red Hat)
2025-11-18  1:07     ` Byungchul Park [this message]
2025-11-18  1:18       ` Byungchul Park
2025-11-18  9:41         ` Jesper Dangaard Brouer
2025-11-18 10:20           ` Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251118010735.GA73807@system.software.com \
    --to=byungchul@sk.com \
    --cc=Liam.Howlett@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=almasrymina@google.com \
    --cc=andrew+netdev@lunn.ch \
    --cc=ap420073@gmail.com \
    --cc=asml.silence@gmail.com \
    --cc=ast@kernel.org \
    --cc=baolin.wang@linux.alibaba.com \
    --cc=bpf@vger.kernel.org \
    --cc=brauner@kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=david@kernel.org \
    --cc=dtatulea@nvidia.com \
    --cc=dw@davidwei.uk \
    --cc=edumazet@google.com \
    --cc=hannes@cmpxchg.org \
    --cc=harry.yoo@oracle.com \
    --cc=hawk@kernel.org \
    --cc=horms@kernel.org \
    --cc=ilias.apalodimas@linaro.org \
    --cc=jackmanb@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=kas@kernel.org \
    --cc=kernel_team@skhynix.com \
    --cc=kuba@kernel.org \
    --cc=leon@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-rdma@vger.kernel.org \
    --cc=lorenzo.stoakes@oracle.com \
    --cc=mbloch@nvidia.com \
    --cc=mhocko@suse.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=rppt@kernel.org \
    --cc=saeedm@nvidia.com \
    --cc=sdf@fomichev.me \
    --cc=sfr@canb.auug.org.au \
    --cc=surenb@google.com \
    --cc=tariqt@nvidia.com \
    --cc=toke@redhat.com \
    --cc=usamaarif642@gmail.com \
    --cc=vbabka@suse.cz \
    --cc=willy@infradead.org \
    --cc=yuzhao@google.com \
    --cc=ziy@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.