From patchwork Sun Mar 27 05:18:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Muchun Song X-Patchwork-Id: 12792718 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 307D7C433EF for ; Sun, 27 Mar 2022 05:19:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1DAA48D0002; Sun, 27 Mar 2022 01:19:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 18A878D0001; Sun, 27 Mar 2022 01:19:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 02AB78D0002; Sun, 27 Mar 2022 01:19:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.26]) by kanga.kvack.org (Postfix) with ESMTP id E50518D0001 for ; Sun, 27 Mar 2022 01:19:43 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 16DFD6093E for ; Sun, 27 Mar 2022 05:19:43 +0000 (UTC) X-FDA: 79289013846.13.AF63074 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by imf14.hostedemail.com (Postfix) with ESMTP id BCD2C100037 for ; Sun, 27 Mar 2022 05:19:41 +0000 (UTC) Received: by mail-pj1-f47.google.com with SMTP id v4so11132272pjh.2 for ; Sat, 26 Mar 2022 22:19:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ZjNFjTqwpOuk0OmVp2LI3cxltEk8fTUHQ4QbOFB4vvk=; b=LmvEja9mugbtDUHpUoc6c/SMiY+gvn5CIc1JrYU1LpPlA1fZ/lwx3cDp5g9ZZ0kAX2 LB7IhD2aeiOjOyVZvhz9yWm/4APxJCmwIzs0bB+wNy4h8PCYWV5KfUKVedXKnl17Ofyf 4QbMDPTjcj8I6iR2fDXrKf2anSAUUhG3L9gIG/6fJzN67eQSKz80CfpC+CxBov5bF+MZ WvQSZhmx/VF155myPPH7p1tUR8goojEfUZDNf+2HbaPB8oU0hMnIekjfN9xc+4DYYGss jSZrB0XeBIWi/YXLtJXR0OIn71Ma+xaNpTKTn9ItCnYit2hrW3vE2bBWWpDNFsKlFrCN CxOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ZjNFjTqwpOuk0OmVp2LI3cxltEk8fTUHQ4QbOFB4vvk=; b=dh5M38RrgIctLZLfYg9MaSnwHbD145g30vgXYkpWgkzDOD+6SAG1VWZT3ZdqqVMaUV Zb+r08SuyfuJYAzT7W4umwQss92wHLQneZ0pPqjbw2x4lMbeTcE5aljFIQOdLWIRvQli E6ULe4bfTAlzf+ksFNUD0V4THhRRoTqQ2cpLhV8gdo+X/Hcn1GXnfAJELAOSbfKeLHlP G9CIa+jaUlcJeT/Zt2dks6XPBiDZKTGAYaeAk8GDZyoJnG+Y7zTtM/MSCXLChTTbzHyv Yia03GcVn6tLj8UnMrIk15ibW6J+Tu9VdEEDIlffNZXN3SEC3tlU6jsbSFCdYIwDeHn6 uhMw== X-Gm-Message-State: AOAM531w1cvljQ09sjT4gxWuS0KNof6RrDSXhCN0Gim+8UmSQibjegdv iCLciYDDJyLAksCrbzWWRIH6Yg== X-Google-Smtp-Source: ABdhPJz2aB98Y3G5VOc6lG3pkMti4Fm7JWuWCF/dRTNBFesRHgg0rKRc2zn7znE6t3o5dBxP3GJudQ== X-Received: by 2002:a17:902:c94c:b0:154:58e4:6f5a with SMTP id i12-20020a170902c94c00b0015458e46f5amr20586217pla.142.1648358380557; Sat, 26 Mar 2022 22:19:40 -0700 (PDT) Received: from localhost.localdomain ([139.177.225.239]) by smtp.gmail.com with ESMTPSA id m18-20020a056a00081200b004faeae3a291sm11115940pfk.26.2022.03.26.22.19.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 26 Mar 2022 22:19:40 -0700 (PDT) From: Muchun Song To: torvalds@linux-foundation.org, glider@google.com, elver@google.com, dvyukov@google.com, akpm@linux-foundation.org, cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, vbabka@suse.cz, roman.gushchin@linux.dev Cc: kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Muchun Song , syzbot+f8c45ccc7d5d45fc5965@syzkaller.appspotmail.com Subject: [PATCH 1/2] mm: kfence: fix missing objcg housekeeping for SLAB Date: Sun, 27 Mar 2022 13:18:52 +0800 Message-Id: <20220327051853.57647-1-songmuchun@bytedance.com> X-Mailer: git-send-email 2.32.0 (Apple Git-132) MIME-Version: 1.0 X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: BCD2C100037 X-Stat-Signature: ze3cae9f7datp9ewgxrqjziq9oz7w9qo X-Rspam-User: Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=bytedance-com.20210112.gappssmtp.com header.s=20210112 header.b=LmvEja9m; dmarc=pass (policy=none) header.from=bytedance.com; spf=pass (imf14.hostedemail.com: domain of songmuchun@bytedance.com designates 209.85.216.47 as permitted sender) smtp.mailfrom=songmuchun@bytedance.com X-HE-Tag: 1648358381-39242 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The objcg is not cleared and put for kfence object when it is freed, which could lead to memory leak for struct obj_cgroup and wrong statistics of NR_SLAB_RECLAIMABLE_B or NR_SLAB_UNRECLAIMABLE_B. Since the last freed object's objcg is not cleared, mem_cgroup_from_obj() could return the wrong memcg when this kfence object, which is not charged to any objcgs, is reallocated to other users. A real word issue [1] is caused by this bug. [1] https://groups.google.com/g/syzkaller-bugs/c/BBQFy2QraoY/m/HtBd5gbyAQAJ Reported-by: syzbot+f8c45ccc7d5d45fc5965@syzkaller.appspotmail.com Fixes: d3fb45f370d9 ("mm, kfence: insert KFENCE hooks for SLAB") Signed-off-by: Muchun Song --- mm/slab.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/slab.c b/mm/slab.c index d9dec7a8fd79..b04e40078bdf 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -3422,6 +3422,7 @@ static __always_inline void __cache_free(struct kmem_cache *cachep, void *objp, if (is_kfence_address(objp)) { kmemleak_free_recursive(objp, cachep->flags); + memcg_slab_free_hook(cachep, &objp, 1); __kfence_free(objp); return; }