From: Matthew Wilcox <willy@infradead.org>
To: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Vlastimil Babka <vbabka@suse.cz>,
shakeelb@google.com, Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH resend] slub: Add back check for free nonslab objects
Date: Tue, 28 Sep 2021 16:43:48 +0100 [thread overview]
Message-ID: <YVM4NJZWNyOhZIIP@casper.infradead.org> (raw)
In-Reply-To: <73b662cc-ab1f-b3bf-468a-4cd744e92d71@huawei.com>
On Mon, Sep 27, 2021 at 03:53:47PM +0800, Kefeng Wang wrote:
> On 2021/9/27 15:22, Vlastimil Babka wrote:
> > On 9/27/21 04:15, Kefeng Wang wrote:
> > > After commit ("f227f0faf63b slub: fix unreclaimable slab stat for bulk
> > > free"), the check for free nonslab page is replaced by VM_BUG_ON_PAGE,
> > > which only check with CONFIG_DEBUG_VM enabled, but this config may
> > > impact performance, so it only for debug.
> > >
> > > Commit ("0937502af7c9 slub: Add check for kfree() of non slab objects.")
> > > add the ability, which should be needed in any configs to catch the
> > > invalid free, they even could be potential issue, eg, memory corruption,
> > > use after free and double-free, so replace VM_BUG_ON_PAGE to WARN_ON, and
> > > add dump_page() to help use to debug the issue.
> > There are other situations in SLUB (such as with smaller allocations that
> > don't go directly to page allocator) where use after free and double-free
> > are undetected in non-debug configs, and it's expected that anyone debugging
> > them will enable slub_debug or even DEBUG_VM. Why should this special case
> > with nonslab pages be different?
>
> I want the check back in kfree, this one is used widely in driver, and the
> probability
>
> of problem occurred is bigger in driver, especially in some out of tree
> drivers.
Why would we want to improve life for out of tree drivers? Drivers should
be in-tree. That's been the Linux Way for thirty years.
I remain sceptical that dump_page() is actually useful for debugging
drivers anyway. dump_stack(), I could see -- that'll tell you which
driver called kfree() on a bogus pointer. But how does dump_page() help?
next prev parent reply other threads:[~2021-09-28 15:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-27 2:15 [PATCH resend] slub: Add back check for free nonslab objects Kefeng Wang
2021-09-27 2:42 ` Matthew Wilcox
2021-09-27 3:06 ` Kefeng Wang
2021-09-27 7:22 ` Vlastimil Babka
2021-09-27 7:53 ` Kefeng Wang
2021-09-28 15:43 ` Matthew Wilcox [this message]
2021-09-29 2:06 ` Kefeng Wang
2021-09-29 16:39 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YVM4NJZWNyOhZIIP@casper.infradead.org \
--to=willy@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=shakeelb@google.com \
--cc=vbabka@suse.cz \
--cc=wangkefeng.wang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.