From: Vegard Nossum <vegard.nossum@oracle.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
linux-acpi@vger.kernel.org, stable@vger.kernel.org,
rafael@kernel.org, gregkh@linuxfoundation.org,
linux-kernel@vger.kernel.org
Cc: Jan Kiszka <jan.kiszka@siemens.com>,
Vlastimil Babka <vbabka@suse.cz>,
Kees Cook <keescook@chromium.org>,
Bob Moore <robert.moore@intel.com>,
Erik Kaneda <erik.kaneda@intel.com>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>
Subject: Re: [PATCH 5.4] ACPICA: Always create namespace nodes using acpi_ns_create_node()
Date: Thu, 5 May 2022 17:34:47 +0200 [thread overview]
Message-ID: <c20cc64b-d622-ebe7-2a54-9f5e291d988f@oracle.com> (raw)
In-Reply-To: <20220505150140.159449-1-Jason@zx2c4.com>
On 5/5/22 17:01, Jason A. Donenfeld wrote:
> From: Vegard Nossum <vegard.nossum@oracle.com>
>
> commit 25928deeb1e4e2cdae1dccff349320c6841eb5f8 upstream.
>
> ACPICA commit 29da9a2a3f5b2c60420893e5c6309a0586d7a329
>
> ACPI is allocating an object using kmalloc(), but then frees it
> using kmem_cache_free(<"Acpi-Namespace" kmem_cache>).
>
[...]
> Link: https://lore.kernel.org/lkml/4dc93ff8-f86e-f4c9-ebeb-6d3153a78d03@oracle.com/
> Link: https://lore.kernel.org/r/a1461e21-c744-767d-6dfc-6641fd3e3ce2@siemens.com
> Link: https://github.com/acpica/acpica/commit/29da9a2a
> Fixes: f79c8e4136ea ("ACPICA: Namespace: simplify creation of the initial/default namespace")
> Reported-by: Jan Kiszka <jan.kiszka@siemens.com>
> Diagnosed-by: Vlastimil Babka <vbabka@suse.cz>
> Diagnosed-by: Kees Cook <keescook@chromium.org>
> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
> Signed-off-by: Bob Moore <robert.moore@intel.com>
> Signed-off-by: Erik Kaneda <erik.kaneda@intel.com>
> Cc: 5.10+ <stable@vger.kernel.org> # 5.10+
> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
> ---
> Greg/Rafael - tihs was marked as 5.10, but 5.4 crashes without it. So
> maybe it was mistagged? Will let you guys decide. -Jason
If I look up the Fixes: commit I get:
$ git name-rev f79c8e4136eac37255ead8875593ae33a2c16d20
f79c8e4136eac37255ead8875593ae33a2c16d20 tags/linus/v5.3-rc1~166^2~1^2~4
so it looks like the buggy commit actually went into v5.3.
I think maybe the bug was there since v5.3 but it was merely exposed by
some unrelated SLUB change that went in later, maybe that's where the
version number confusion came from, see
<https://lore.kernel.org/lkml/ce333dcb-2b2c-3e1f-2a7e-02a7819b1db4@suse.cz/>
as well. The commit I had bisected to it was:
$ git name-rev --refs='v5.*' 67a72420a326b45514deb3f212085fb2cd1595b5
67a72420a326b45514deb3f212085fb2cd1595b5 linus/v5.4-rc1~141^2~2^2~7
But as Vlastimil Babka pointed out, the bug is sensitive to slab merging.
Anyway, thanks for spotting that.
Vegard
next prev parent reply other threads:[~2022-05-05 15:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-05 14:50 cache_from_obj: Wrong slab cache. Acpi-Namespace but object is from kmalloc-64 Jason A. Donenfeld
2022-05-05 14:58 ` Jason A. Donenfeld
2022-05-05 15:01 ` [PATCH 5.4] ACPICA: Always create namespace nodes using acpi_ns_create_node() Jason A. Donenfeld
2022-05-05 15:34 ` Vegard Nossum [this message]
2022-05-09 8:43 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c20cc64b-d622-ebe7-2a54-9f5e291d988f@oracle.com \
--to=vegard.nossum@oracle.com \
--cc=Jason@zx2c4.com \
--cc=erik.kaneda@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jan.kiszka@siemens.com \
--cc=keescook@chromium.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=robert.moore@intel.com \
--cc=stable@vger.kernel.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox