From patchwork Mon Oct 7 09:18:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "yuan.gao" X-Patchwork-Id: 13824378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83A2FCFB43F for ; Mon, 7 Oct 2024 09:19:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 086EA6B00B7; Mon, 7 Oct 2024 05:19:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 035F76B00EB; Mon, 7 Oct 2024 05:19:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E19426B00BA; Mon, 7 Oct 2024 05:19:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id C14A16B00B6 for ; Mon, 7 Oct 2024 05:19:43 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 3D5B1141506 for ; Mon, 7 Oct 2024 09:19:43 +0000 (UTC) X-FDA: 82646258646.06.AC446D9 Received: from mail-m127206.xmail.ntesmail.com (mail-m127206.xmail.ntesmail.com [115.236.127.206]) by imf01.hostedemail.com (Postfix) with ESMTP id BE9794000D for ; Mon, 7 Oct 2024 09:19:40 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=ucloud.cn header.s=default header.b=B+56ATgP; spf=pass (imf01.hostedemail.com: domain of yuan.gao@ucloud.cn designates 115.236.127.206 as permitted sender) smtp.mailfrom=yuan.gao@ucloud.cn; dmarc=pass (policy=quarantine) header.from=ucloud.cn ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728292713; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=CJxluDCdlvSWSf6TQdEXqcR9qZO7r70ls/cHCmcBZQk=; b=km8pqjuIN2/H+Z6BOizzxnCwwsSmbOWWpT2NQHd7BWFWGoGtk6RacU3oyNPiMjAuAAip5K mJlKhGbap6X1tIgp5rrffvsKQTKYqgpv8feNit87cBWhDTswnqvA+EqKgKZrAjk/GELzvN d62gcDCSXTfWdK7nRcNNGEj0/5yD0oI= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=ucloud.cn header.s=default header.b=B+56ATgP; spf=pass (imf01.hostedemail.com: domain of yuan.gao@ucloud.cn designates 115.236.127.206 as permitted sender) smtp.mailfrom=yuan.gao@ucloud.cn; dmarc=pass (policy=quarantine) header.from=ucloud.cn ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728292713; a=rsa-sha256; cv=none; b=YuCBgNu4NaE/EZTffGG+0V3/sH50h769o1PIoU5Xn8EdPBHUzS1kO+/Gnz38RIhyIEZqGD iw1joNlFQ5fcqnbJH2asdmFOlr3HahQTb8+IZtpJ/SJOl2JrZrZCn8FZqTSOzY9FKOVEg1 y5mVrV19qy1PDnrseBJpsyKUUhMJySA= DKIM-Signature: a=rsa-sha256; b=B+56ATgPYsColIFjbF6E2igJ+ddrlaYvhEg7yMEzJB+hIg1z+RiZ5g5Su2O+NMFCw98BZKryovPdg0H4YnGgZtv/bGm4xqh2iGkFyAb7Zoe9poTW8bWhhpGOJeNdq0DCR6QlNHD9N88YNywmcornQuXBiohVqbq16Z44ob7fYuk=; s=default; c=relaxed/relaxed; d=ucloud.cn; v=1; bh=CJxluDCdlvSWSf6TQdEXqcR9qZO7r70ls/cHCmcBZQk=; h=date:mime-version:subject:message-id:from; Received: from localhost.localdomain (unknown [101.93.48.31]) by smtp.qiye.163.com (Hmail) with ESMTPA id 71B9774047E; Mon, 7 Oct 2024 17:18:54 +0800 (CST) From: "yuan.gao" To: cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, vbabka@suse.cz, roman.gushchin@linux.dev, 42.hyeyoo@gmail.com Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, yuan.gao@ucloud.cn Subject: [PATCH v2] mm/slub: Avoid list corruption when removing a slab from the full list Date: Mon, 7 Oct 2024 17:18:50 +0800 Message-Id: <20241007091850.16959-1-yuan.gao@ucloud.cn> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly tZV1koWUFJQjdXWS1ZQUlXWQ8JGhUIEh9ZQVlCHkhCVkhMThpOQhhKQ0NDHlYVFAkWGhdVGRETFh oSFyQUDg9ZV1kYEgtZQVlKS0pVQkhVT0NVSEpZV1kWGg8SFR0UWUFZT0tIVUpLSU9PT0hVSktLVU pCS0tZBg++ X-HM-Tid: 0a92664647d80236kunm71b9774047e X-HM-MType: 1 X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Mgg6Lww4NDchS0whTD5ODlEu SAoaCjdVSlVKTElDSUJJTEhOTUhLVTMWGhIXVQIOGhVVHBoUOw4YFxQOH1UYFUVZV1kSC1lBWUpL SlVCSFVPQ1VISllXWQgBWUFOSUhNNwY+ X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: BE9794000D X-Stat-Signature: k6kjunpk93ccqawpk956yf7w9ygq178m X-HE-Tag: 1728292780-276990 X-HE-Meta: U2FsdGVkX1+DeP8t0hti3Aac8mugPVIh8C2uGZTgbAMfZs95kP9maurCTlWTQ54JBRht6MmJrAzcIq7dz1Au7XsIdBe7BN/q+8QHVwCQx26neRonybKNbwpC/X1RYA53ahiOtEj8K91I0V2di9ls0gBfwam+LgqrV2AlI7hsELYQeTFOcaNo+N8pn+LiHuNYQSPFYsrI2B/HfUgFSTtZxE1jvLwRk1U98xWLt8GUY6KkjIk2owKum+m5PJgrvgCieFJr05lxZoUv6OYs3k4tyE21qRiPOAFX/WP0Q7wm32F4xrHHmeeuJYP5yzZbwnSX9JKX4qGRtTi8zoK+O0vx66OJouevzdVsSOb1i9+bncR1ZvkZORCebtSKRO9FhCqwYpQQZJU7OCHKYWdjU6SirGTGUad7R/Vdk7/P0cUe4PPkcfmd29rLyikWu8se3SueJ8MeWsKuYW1V2uIKJRtXOSvwbL3bVA8qM8DIkfqgxTx+BnI3/cbVWRWpaIzV8bvWbAO/3NA2xjtYlTQ7Tm82hgL4YvBeOPawFgYUFYlnY/PpdpzKxeOMr5kh7YGA1Baxd/a6s2QK1Xg3Zp7MibN8ewqtza2EsWitmVqJcYZuLePqeTN0T2LzuzSxoYX3N708qjna/OrdUmiI60czDmGHCY6PhetqPZdZsnO8oDLvGhorOQJxPCMByuTmFIw1+bSzjoL/sbxYD6BIBzK3caRmhwwYTPoJAHYOPc/a0h762/vcBC+KxafOIo647hhBxqkgAmgqL2zKvdsd4kbGldJcvGxfxkwgCxZumQStLiz6q4oi3M4uiVNMZFjfc1Apw++exLFiToD0CeZNmiQV0mqLqYRQQxaLhVhFG03S3JQNthgEcFISwYLBzKqd/4jkNEZxh3Nhy/aYqX0sWL9XO6l92+06GcMdlPbebLwJ/Wh8LgJVuZrC0VTfGp+3M7NE/ViJgO1eDpLRBwR3zkHU0KG zVYqPojQ etn0rnwgNBSyc0UPQwnui6kdWay9hqDlBT4qGsnmtZktAq6jxrpz8Ag/kxcZDMUOUPaD5K3MUiWjvFuaNy6AEqUczCYvdBKZOilfTeVhOMaYPQ208Dw0KCYas4r0BcTn8oYAq9vUV3BIAtQaCOSAy0TBgxevi/XsEz0beJJzMFp3xLF9xsovLCsoq7R+mn08zG0xVIAI5WbB21cFpBLkCfzCsTgwbZx1agVsSpk2VexNNtng7ER1VoMXx+SPhxaoBXf8ScWcpyq+XyUjs0GgA+ERNtf5l8JhzzbZ2O3yluHUNJAgEllw/LPgbKiXH8RXlZ89XEzAvOpnFpgW1ZUmzVRiScg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption. So we need to add the slab to full list in this case. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] v2: * Call remove_partial() and add_full() only for slab folios. v1: https://lore.kernel.org/linux-mm/20241006044755.79634-1-yuan.gao@ucloud.cn/ Signed-off-by: yuan.gao --- mm/slub.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index 21f71cb6cc06..2992388c00f4 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2745,7 +2745,10 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) { + remove_partial(n, slab); + add_full(s, n, slab); + } return NULL; }