From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8578BC0015E for ; Fri, 7 Jul 2023 18:33:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BDF628D0001; Fri, 7 Jul 2023 14:33:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B900E6B0074; Fri, 7 Jul 2023 14:33:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A56E78D0001; Fri, 7 Jul 2023 14:33:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8BD046B0072 for ; Fri, 7 Jul 2023 14:33:53 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5A7D11A0546 for ; Fri, 7 Jul 2023 18:33:53 +0000 (UTC) X-FDA: 80985664746.24.58501C9 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf09.hostedemail.com (Postfix) with ESMTP id 4AF53140007 for ; Fri, 7 Jul 2023 18:33:50 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=hSZgYMr3; spf=none (imf09.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688754831; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EnPO7iYPqwnxTqwStZEfw5T07yWJQFIQid3g9b9XqJw=; b=FL/NQ09ZzB6r/+wARrNmCiuVUEETU7Xtx8MeqMfgpe6JgHDLWRRnZtK5pA17jE+DZaDQgJ HAoIM1veNZM/MfTqz7s3oqKDi2PF/j8q0HqLsUBgmPf7VaqyTJbpHtEkW2MPZhB6tA4YAt LNskgYIQcqDINv18qD05D8j2Y6CrYrc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688754831; a=rsa-sha256; cv=none; b=uu/RvFQr3TnaCm53j+fY1VcIWhAaxb+TER5T42DxNRAJQU4zjKIxnsNmAa7aunOP0ivJqC 6QhGgwqoStuau1EwN06b7YH31yxD/K8pdujkVoIvjYRblqk0gvM1YUfxLxcu33gpJY1WyF fFER59g4qW3RveXx13/RfqjLiHcdOpg= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=hSZgYMr3; spf=none (imf09.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=EnPO7iYPqwnxTqwStZEfw5T07yWJQFIQid3g9b9XqJw=; b=hSZgYMr3UKHKYIY/VL4ipIs0vS 61IBklPoCl4A108p1gsJG4vlTkCOJoen6cWDC43+6NTkr8YGNcmQcJs1O3p4OQtb1NXVR4LAls2Ng /p4TPNlO1XctYmGGMC+rkDVIiNqlriS/EFc8QPJBD4SL1Z2nsXdTYGKpye4UmT0WkXCONgtsxFIeV ZzegUWujwBx4r5ew4D2ZYlNPZ/o9jjAmGtG3ZcwrWDutua9YtWwESK4CTJ8bWQsA8XK+GJhZTgRVa CxK9+UPVL47g+ChIlgIr9kUvKuQXq0PFhjJDDTHlObVTxnMgijgaiIZJ6uLFDdPe7Ztq+0PZAnrFh +1A2zrEQ==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1qHqGZ-00CFvk-6N; Fri, 07 Jul 2023 18:33:15 +0000 Date: Fri, 7 Jul 2023 19:33:15 +0100 From: Matthew Wilcox To: David Wysochanski Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>, David Howells , Andrew Morton , Linus Torvalds , Jeff Layton , Christoph Hellwig , linux-afs@lists.infradead.org, linux-nfs@vger.kernel.org, linux-cifs@vger.kernel.org, ceph-devel@vger.kernel.org, v9fs-developer@lists.sourceforge.net, linux-erofs@lists.ozlabs.org, linux-ext4@vger.kernel.org, linux-cachefs@redhat.com, linux-fsdevel@vger.kernel.org, Rohith Surabattula , Steve French , Shyam Prasad N , Dominique Martinet , Ilya Dryomov , linux-mm@kvack.org, Daire Byrne Subject: Re: [BUG mm-unstable] BUG: KASAN: use-after-free in shrink_folio_list+0x9f4/0x1ae0 Message-ID: References: <20230628104852.3391651-1-dhowells@redhat.com> <20230628104852.3391651-3-dhowells@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Stat-Signature: ccgtiap1a7ga8a61c5y1jbqmn6q87i4z X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 4AF53140007 X-Rspam-User: X-HE-Tag: 1688754830-88059 X-HE-Meta: U2FsdGVkX1+E4d4ciGyV8elXpacmgrUovgDTGrycdMMQz/VHdiciOx8kuVuP2lBAUBfxR+Yp6EJgMvVO7fKO69n/L4egjrTxAh2T9A/vv0n288ybUs9uVP7kcoHChQ3rN3Ag3xAV+cvF2EziLilYNFHaqjGlP1l9fkHJ2PnuE67O3ifug5IcjvqTSLFE5ZSJBSLVImKXeSflB7HiUGGUDXWHyVX/I+YtU+5fsV/rz55bwSiUbPj4IJ446e//5N8z362F1x/XPTs3331yZggn69pWnZKB5DMlp90Mbp2meXilTZDo3OiBshIRE8Lk8cUIyi6+vhUUQSnABtG5/V6sd+dsX64ENuM7lI6sfyLU6eY/wgExTrDt4MawnDkT18i1xqYzMQk8WdBXIzlYt+HsFFrnppY9T8iabUSJ54AIj8FDCYvsxjpdjRvRnv3WzAPsLN0nuMWTVfSihl8y/Vx+VNhyhncW5qTtkRuNEU99DUcaA5llCXbbOwjL7IeDD0QegSYL4wPKQPe5F83yjQbBcZ6remnrnpnJqwXrTo29AtmC29Zg61yqJLBpVWt+uW+lO6JO73eFkuFHcAPZHuSPVcbfpeg577rSxYiYrBCFunpvO99xmqnjOq30DT+FCg6SuRqiWVdTc726HpC9IyHirf8BwmF1NWmWf835tKjqYqw9UKejHpbWoFd24nOyuE1DwQSmr+sk3IcPRhawV+OpJATZ7v4MxhBXOSMmpeWoR3AZIeERa5zeeoZq1fxJUmTqB8I/Tq5er/nIZHs/29Aw1wbhrdLknjuvFOVY5vbs8DrjuY5zgz2ccAOutHal+NimA3gEf6VjI/6grd9VyCWfLKN2QwCau3oqQBwD2+44+Url7T4u0a65mZEKRPaMRgfEZQh6V1scNwR0rjvExavfczGQztcSIH+UcTguWQ52DBsl+HmZc0rSaSn9/l1cyxxZVSYIZk6O5Y1k4SKlRK0 6AsdIKRa SGF0at9GQyvov3agkN3S+Mwyk/7upPvhRWNwvIWe3cowjLHzhyhj+uzro/fYhGKPexyKKb0i1Z6AEyTndzOcUPLteCBtUbO/sjr815bKG3AF+lUplLdP48TIBQrhiC4jK15dUIYtPgsITRHSj9WJECyBlUfMdrK1921sYM/dquMQ9XOYj30iDE9Jrqia6t/KipOqfl4/6j+RBEpk6xhejsWon4BvPiXP+z/ZTVtseyh5GnGVVjH8A6pA6yo0B1/CmOz/VfM4zRHOVbQu4AFtf/uZIew== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Jul 07, 2023 at 02:12:06PM -0400, David Wysochanski wrote: > I think myself / Daire Byrne may have already tracked this down and I > found a 1-liner that fixed a similar crash in his environment. > > Can you try this patch on top and let me know if it still crashes? > https://github.com/DaveWysochanskiRH/kernel/commit/902c990e311120179fa5de99d68364b2947b79ec Said one-liner: - struct address_space *mapping = folio->mapping; + struct address_space *mapping = folio_mapping(folio); This will definitely fix the problem. shrink_folio_list() sees anonymous folios as well as file folios. I wonder if we want to go a step further and introduce ... +static inline bool __folio_needs_release(struct address_space *mapping, + struct folio *folio) +{ + return folio_has_private(folio) || + (mapping && mapping_release_always(mapping)); +} + /* * Return true if a folio needs ->release_folio() calling upon it. */ static inline bool folio_needs_release(struct folio *folio) { - struct address_space *mapping = folio->mapping; - - return folio_has_private(folio) || - (mapping && mapping_release_always(mapping)); + return __folio_needs_release(folio_mapping(folio), folio); } since two of the three callers already have done the necessary dance to get the mapping (and they're the two which happen regularly; the third is an unusual situation).