From patchwork Wed Nov 27 14:21:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Wool X-Patchwork-Id: 11264171 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 604976C1 for ; Wed, 27 Nov 2019 14:21:23 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2C4E8207DD for ; Wed, 27 Nov 2019 14:21:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ftBPOest" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C4E8207DD Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 516226B03C1; Wed, 27 Nov 2019 09:21:22 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4ED176B0495; Wed, 27 Nov 2019 09:21:22 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 403B16B0496; Wed, 27 Nov 2019 09:21:22 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0050.hostedemail.com [216.40.44.50]) by kanga.kvack.org (Postfix) with ESMTP id 2A7786B03C1 for ; Wed, 27 Nov 2019 09:21:22 -0500 (EST) Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with SMTP id E1A0A3ABF for ; Wed, 27 Nov 2019 14:21:21 +0000 (UTC) X-FDA: 76202269962.28.table92_46118f0700c31 X-Spam-Summary: 2,0,0,4fd12a4d7f73c4ea,d41d8cd98f00b204,vitalywool@gmail.com,::linux-kernel@vger.kernel.org:akpm@linux-foundation.org,RULES_HIT:41:355:379:541:800:960:965:966:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2196:2198:2199:2200:2393:2559:2562:3138:3139:3140:3141:3142:3352:3865:3867:3868:3871:3874:4250:4321:4385:4390:4395:5007:6261:6653:7558:8540:9413:10004:10400:11026:11658:11914:12043:12297:12438:12517:12519:12555:12760:12895:12986:13069:13161:13229:13311:13357:13439:14181:14394:14659:14687:14721:21080:21444:21451:21627:21666:30054,0,RBL:209.85.167.67:@gmail.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none X-HE-Tag: table92_46118f0700c31 X-Filterd-Recvd-Size: 4497 Received: from mail-lf1-f67.google.com (mail-lf1-f67.google.com [209.85.167.67]) by imf03.hostedemail.com (Postfix) with ESMTP for ; Wed, 27 Nov 2019 14:21:21 +0000 (UTC) Received: by mail-lf1-f67.google.com with SMTP id m30so15460956lfp.8 for ; Wed, 27 Nov 2019 06:21:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=khh+69lU2KetWdK6CIdAngBwxv5Htih9yoOaJIYwrW8=; b=ftBPOestA1Q2O3T/wJCQP91u9a+2dv+PtGe5TXzBmISBuZ5b8P2VlrypUP01v211oP nl3iaJhqv6FvwSmNQPqJB7Txw2QNsCmzmV35nFVmwl5MDicV0eROeLjyUVEaXkOsR+h2 f45wdasQw+eaFsW9GSQ61qqDV3WDk9B8XPgf2KN95w/QiBxI2yNHKug4xluvp2YsajaP TFJj/kYr1CZhukiFlbAhwZ6vINcB/o/2cUPDUIaiDQzU7o1rMcgtLOwC3O6aPqsbWtz2 28X6v0bwEgr4umyZPKKYStMmM8HGY9mcGC71AtaTu2tKWTi6M5COaYz0MXZbOWmryi7P aU+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=khh+69lU2KetWdK6CIdAngBwxv5Htih9yoOaJIYwrW8=; b=R4gQNOrTVLjF7H+3efAey5saSLS+DhEdZo0jZAzjxRvTAn3WFY8Eb/pK44fWOmTuK3 YNoCMGgPPY7qXGBUbzUCJ8zmU3TmJxd9HUJZVjfdgv5FXLYFzjGP0oL+j64fDN4SDMxY 8MmjCj9dZkxCbEg6CnqZwQIkXnZ7sfcbcQeMFS9rVACj0bmRZ07W7puMakHow0Hs9o+q c99EXWo4WFYZ2llBA918l2f66wqaXvas/RAMUBjqeC/wqSUURTN5K2Ib3Dw+ANSqZUGh Rm5CQoJQxIhhc13EXFNWst9MFCDgqQQV7L4kpOjg4KD2YAL/xbOxKiNeDU3EHFF/vJRH s6IQ== X-Gm-Message-State: APjAAAVRlaQ9ditkEG2LlM9JXmMReAK3I/chKGhLe2AlAO5nLmRAXGSp XjgfZagluSZv73MIgebvIkDlJpJ1 X-Google-Smtp-Source: APXvYqz42pCtuhbTJGlQld5BLHIqvNKuF+iMyZlJdqMynm4sPrUp72H7xXc79jeihCejanakTg3SIQ== X-Received: by 2002:a19:c10f:: with SMTP id r15mr20815139lff.172.1574864479752; Wed, 27 Nov 2019 06:21:19 -0800 (PST) Received: from seldlx21914.corpusers.net ([37.139.156.40]) by smtp.gmail.com with ESMTPSA id c20sm1879200ljj.55.2019.11.27.06.21.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Nov 2019 06:21:18 -0800 (PST) Date: Wed, 27 Nov 2019 15:21:18 +0100 From: Vitaly Wool To: , linux-kernel@vger.kernel.org Cc: Andrew Morton Subject: [PATCH 1/3] z3fold: avoid subtle race when freeing slots Message-Id: <20191127152118.6314b99074b0626d4c5a8835@gmail.com> In-Reply-To: <20191127152012.17a4b35f9e7f6e50f9aaca9c@gmail.com> References: <20191127152012.17a4b35f9e7f6e50f9aaca9c@gmail.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; x86_64-unknown-linux-gnu) Mime-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There is a subtle race between freeing slots and setting the last slot to zero since the OPRPHANED flag was set after the rwlock had been released. Fix that to avoid rare memory leaks caused by this race. Signed-off-by: Vitaly Wool --- mm/z3fold.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mm/z3fold.c b/mm/z3fold.c index d48d0ec3bcdd..36bd2612f609 100644 --- a/mm/z3fold.c +++ b/mm/z3fold.c @@ -327,6 +327,10 @@ static inline void free_handle(unsigned long handle) zhdr->foreign_handles--; is_free = true; read_lock(&slots->lock); + if (!test_bit(HANDLES_ORPHANED, &slots->pool)) { + read_unlock(&slots->lock); + return; + } for (i = 0; i <= BUDDY_MASK; i++) { if (slots->slot[i]) { is_free = false; @@ -335,7 +339,7 @@ static inline void free_handle(unsigned long handle) } read_unlock(&slots->lock); - if (is_free && test_and_clear_bit(HANDLES_ORPHANED, &slots->pool)) { + if (is_free) { struct z3fold_pool *pool = slots_to_pool(slots); kmem_cache_free(pool->c_handle, slots); @@ -531,12 +535,12 @@ static void __release_z3fold_page(struct z3fold_header *zhdr, bool locked) break; } } + if (!is_free) + set_bit(HANDLES_ORPHANED, &zhdr->slots->pool); read_unlock(&zhdr->slots->lock); if (is_free) kmem_cache_free(pool->c_handle, zhdr->slots); - else - set_bit(HANDLES_ORPHANED, &zhdr->slots->pool); if (locked) z3fold_page_unlock(zhdr);