From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05069D65C53 for ; Thu, 14 Nov 2024 07:24:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4C7166B008A; Thu, 14 Nov 2024 02:24:40 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 477526B008C; Thu, 14 Nov 2024 02:24:40 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 33EAB6B0093; Thu, 14 Nov 2024 02:24:40 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 155926B008A for ; Thu, 14 Nov 2024 02:24:40 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id B82CB140566 for ; Thu, 14 Nov 2024 07:24:39 +0000 (UTC) X-FDA: 82783860852.07.213C458 Received: from out-172.mta0.migadu.com (out-172.mta0.migadu.com [91.218.175.172]) by imf23.hostedemail.com (Postfix) with ESMTP id 03A5F14048A for ; Thu, 14 Nov 2024 07:24:08 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=OmhenwFx; spf=pass (imf23.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.172 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731568989; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3JpPiLXj9tOb+MaLA4ZmbYFoZeOfrmnX3jkfIXiyJdA=; b=yrm7beVhRXBq6ST3qLn3y9M++FTlkPaiKygSJig7xQp2KlvvX+VmfbaPaeTwubzO8h1tJC ka5RDyoQiyT9UJT+Wg5upThAy6+QzAWvUK/8qqCoKiQIWzU2P3O7/tG9VQmM/q8sb0NWxl 5Y++vD6WnJZftlBweNHegEnmJWtl3A0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731568989; a=rsa-sha256; cv=none; b=CY8JkmORwsNAMQDH5aDsbYNP64BUIbT9VlHXoWvCgcT+/vCe7Gp15fXyc5f22mKDyCzsoT T462EAeNVX1sKIt1WGT8N/heH4p/r1G8Fkgca1o0tzxRSwy4Dp/AaLEuadyJQpDmZnFMfz hlU8prA4MFaT2HIHq5YyKzRdzpEqLSc= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=OmhenwFx; spf=pass (imf23.hostedemail.com: domain of chengming.zhou@linux.dev designates 91.218.175.172 as permitted sender) smtp.mailfrom=chengming.zhou@linux.dev; dmarc=pass (policy=none) header.from=linux.dev Message-ID: <9a807484-6693-4e2a-a087-97bbc5ee4ed9@linux.dev> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1731569074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3JpPiLXj9tOb+MaLA4ZmbYFoZeOfrmnX3jkfIXiyJdA=; b=OmhenwFx3IE/B8liNUfMehNSM08DpoAYCy1ypNJ9YnfwfgtgKKApC8fsPw8QdUBhjbFIVx x+TdTtkvRYyaRyxwNHTmcP5L16BA07b5RvOhcChqWB9DkNLx8dRKQ8gKL6ScJkRRf25t6C ql32e4Wn4IZllpCG1Aav5rASztsuRyY= Date: Thu, 14 Nov 2024 15:24:15 +0800 MIME-Version: 1.0 Subject: Re: [PATCH v1] mm: zswap: Fix a potential memory leak in zswap_decompress(). To: "Sridhar, Kanchana P" , Johannes Weiner Cc: Nhat Pham , Yosry Ahmed , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , "usamaarif642@gmail.com" , "ryan.roberts@arm.com" , "Huang, Ying" , "21cnbao@gmail.com" <21cnbao@gmail.com>, "akpm@linux-foundation.org" , "Feghali, Wajdi K" , "Gopal, Vinodh" References: <20241113052413.157039-1-kanchana.p.sridhar@intel.com> <20241113213007.GB1564047@cmpxchg.org> <20241114051149.GC1564047@cmpxchg.org> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Chengming Zhou In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_OUT X-Rspamd-Server: rspam10 X-Stat-Signature: kqefukjffhcnfgaydezfzpbedzho4ctk X-Rspamd-Queue-Id: 03A5F14048A X-Rspam-User: X-HE-Tag: 1731569048-555393 X-HE-Meta: U2FsdGVkX1/IXwbrZJiGUEvm8IVvAndcDQ2Ki7xo31uIY8SVMO6NgrWe7Cx9diGQ1QCCLdZWwLzPjpjxmLUgk1ndZ0QieUygQYB4ARZdXA4XEo1eGYMeH+KovcBSRLFXiVqWaQ6lS3OR5Nbp3ZP3Vm3Sn6cDY6EhP2ngoneSwo3r28E6Z+uTKdj2pWMnHbtYNUMtyT3yb/oyh0TulO0wTwxm8bQ8Z9beFpSEorH1cyWJzAr5s3J3N8dh8PKMkFa1u4DvsvS3KSVeGemOt6ihxuIGRzLV9DY/ac5vCwT3Z/5/iP9EEJOGpZYq7FeTOyonxPXf3usjLcEsDDq6jcEfcAEMntd1OovDJVQla9ol7Fl4nfYRL3B3rbUHpPG9D871nQMEsyEyQ93K1v9i0w/3YPasXcH2epf/rO0Nfo185qpN2X/mZystU3fgFjxeZ6UuRjg3cQbcJDjjwgZ1WMh37szvx8gBdzk8uYnDNHqzKu5/DOxxxCnJnGAcJRJI/gftvDvcHVpXL7CxVwVr5OwkGAKDQQExbdbDtI2rpkmPvK91fEk5aqWnPmbFcAnSPOlIjsBE4XsB6Z8o3rVdtswpFRWrFwvCddFF/CfucqXrOQHNcV/RrRN9pR2Wt3Y7+ESmmNDUT/0jzIR9nluQ7sKfk+ZsGbUKGVka0CDGos8jdYaMJiHWsRUatxjvBr8GmQEE7y3n2c8X3A/XCdq2MGd6EjnrxT4kGWX2Pie2G6VorN82CeaFik0rGr8ITB/JYa9ekDZFe4wRX1drHVVR7aiB5iSmvbYnGejHEeriCeFCf6IuZ90lhd0nVHY40P+lGiaV0+ubwGV8Op7H0AMf64prv0VkX5l3PZDWGsPO+hJEtPs4fN8X/SWAxzMyaOhT3CJf6sYtePmX4MXYwJ0u+zUOr3RIpKJYVVdQMmkBvFp7QcC9hKQkdE4q62psB33i6N13LhobmUY93ZEm1qKiqcF yOzaLZu4 YA/z51dNgOuIgZwrbw+SsWSPbqsFkvjKzBSd7z1uoaAOMSfUMMjm/rbe12fle2GCA+ukJ3XW5DfiBpYQSxLADJ5+4spDp2kQJKCyQlstMZv2fJHUqeNTC+Ff3K35GJkaUorMXnYuIi9fRRAhA62XKzR4os+4VooeqLqCeAMYe476vx9yEpqSAxLeoNZv7iw+QJ9X+Cn9D6LDg9hTIdMnKtATuEyubTUH7yuSzjWQcS6ISRBtIesLoc0VDhH2C4QNU6oJ0OXCh+7a2NunZR/EZlPf5osRwqTcIJjsbw0bSRxa2Hx84LkrS9fdtUEVH2ckXYxBFnx1vCQvj037V7YTVjFbD3M+NSVoO3ah432OszEmlcE2cpWji3o28oM2gap3qN+WL3RfNegCYf/kR27zILnbWxNmf9s5Hk7WeVERtyjuEWoosvYTEOLjkcNlMQ3sd01HdY7KfliSzf7pKOoygnktUXrmgNskBPlJxqsCl4o7xOJv4+uax+9iVggY0j9f+9d+p4SZerpDzkEsqwD97U+8lSlimFevp48bLbwtOE0jJRldBrnPyjAymWsN9QYJKJqsh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, On 2024/11/14 14:37, Sridhar, Kanchana P wrote: > >> -----Original Message----- >> From: Johannes Weiner >> Sent: Wednesday, November 13, 2024 9:12 PM >> To: Sridhar, Kanchana P >> Cc: Nhat Pham ; Yosry Ahmed >> ; linux-kernel@vger.kernel.org; linux- >> mm@kvack.org; chengming.zhou@linux.dev; usamaarif642@gmail.com; >> ryan.roberts@arm.com; Huang, Ying ; >> 21cnbao@gmail.com; akpm@linux-foundation.org; Feghali, Wajdi K >> ; Gopal, Vinodh >> Subject: Re: [PATCH v1] mm: zswap: Fix a potential memory leak in >> zswap_decompress(). >> >> On Thu, Nov 14, 2024 at 01:56:16AM +0000, Sridhar, Kanchana P wrote: >>> So my question was, can we prevent the migration to a different cpu >>> by relinquishing the mutex lock after this conditional >> >> Holding the mutex doesn't prevent preemption/migration. > > Sure, however, is this also applicable to holding the mutex of a per-cpu > structure obtained via raw_cpu_ptr()? Yes, unless you use migration_disable() or cpus_read_lock() to protect this section. > > Would holding the mutex prevent the acomp_ctx of the cpu prior to > the migration (in the UAF scenario you described) from being deleted? No, cpu offline can kick in anytime to free the acomp_ctx->buffer. > > If holding the per-cpu acomp_ctx's mutex isn't sufficient to prevent the > UAF, I agree, we might need a way to prevent the acomp_ctx from being > deleted, e.g. with refcounts as you've suggested, or to not use the Right, refcount solution from Johannes is very good IMHO. > acomp_ctx at all for the check, instead use a boolean. But this is not enough to just avoid using acomp_ctx for the check, the usage of acomp_ctx inside the mutex is also UAF, since cpu offline can kick in anytime to free the acomp_ctx->buffer. Thanks.