* [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs
@ 2023-03-04 19:39 SeongJae Park
2023-03-04 19:39 ` [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young() SeongJae Park
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: SeongJae Park @ 2023-03-04 19:39 UTC (permalink / raw)
To: Andrew Morton
Cc: SeongJae Park, Matthew Wilcox (Oracle), Vishal Moola (Oracle),
Kefeng Wang, damon, linux-mm, linux-kernel
There are two folio accesses after folio_put() in mm/damon/paddr.c file.
Fix those.
SeongJae Park (2):
mm/damon/paddr: fix folio_size() call after folio_put() in
damon_pa_young()
mm/damon/paddr: fix folio_nr_pages() after folio_put() in
damon_pa_mark_accessed_or_deactivate()
mm/damon/paddr.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young()
2023-03-04 19:39 [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs SeongJae Park
@ 2023-03-04 19:39 ` SeongJae Park
2023-03-05 0:00 ` Matthew Wilcox
2023-03-06 2:09 ` Kefeng Wang
2023-03-04 19:39 ` [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate() SeongJae Park
2023-03-06 2:04 ` [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs Kefeng Wang
2 siblings, 2 replies; 8+ messages in thread
From: SeongJae Park @ 2023-03-04 19:39 UTC (permalink / raw)
To: Andrew Morton
Cc: SeongJae Park, Kefeng Wang, damon, linux-mm, linux-kernel, stable
damon_pa_young() is accessing a folio via folio_size() after folio_put()
for the folio has invoked. Fix it.
Fixes: 397b0c3a584b ("mm/damon/paddr: remove folio_sz field from damon_pa_access_chk_result")
Cc: <stable@vger.kernel.org> # 6.3.x
Signed-off-by: SeongJae Park <sj@kernel.org>
---
mm/damon/paddr.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/mm/damon/paddr.c b/mm/damon/paddr.c
index 3fda00a0f786..10f159b315ea 100644
--- a/mm/damon/paddr.c
+++ b/mm/damon/paddr.c
@@ -130,7 +130,6 @@ static bool damon_pa_young(unsigned long paddr, unsigned long *folio_sz)
accessed = false;
else
accessed = true;
- folio_put(folio);
goto out;
}
@@ -144,10 +143,10 @@ static bool damon_pa_young(unsigned long paddr, unsigned long *folio_sz)
if (need_lock)
folio_unlock(folio);
- folio_put(folio);
out:
*folio_sz = folio_size(folio);
+ folio_put(folio);
return accessed;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate()
2023-03-04 19:39 [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs SeongJae Park
2023-03-04 19:39 ` [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young() SeongJae Park
@ 2023-03-04 19:39 ` SeongJae Park
2023-03-05 0:00 ` Matthew Wilcox
2023-03-06 2:05 ` Kefeng Wang
2023-03-06 2:04 ` [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs Kefeng Wang
2 siblings, 2 replies; 8+ messages in thread
From: SeongJae Park @ 2023-03-04 19:39 UTC (permalink / raw)
To: Andrew Morton
Cc: SeongJae Park, Kefeng Wang, Vishal Moola (Oracle),
Matthew Wilcox (Oracle),
damon, linux-mm, linux-kernel, stable
damon_pa_mark_accessed_or_deactivate() is accessing a folio via
folio_nr_pages() after folio_put() for the folio has invoked. Fix it.
Fixes: f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios")
Cc: <stable@vger.kernel.org> # 6.3.x
Signed-off-by: SeongJae Park <sj@kernel.org>
---
mm/damon/paddr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/damon/paddr.c b/mm/damon/paddr.c
index 10f159b315ea..0db724aec5cb 100644
--- a/mm/damon/paddr.c
+++ b/mm/damon/paddr.c
@@ -277,8 +277,8 @@ static inline unsigned long damon_pa_mark_accessed_or_deactivate(
folio_mark_accessed(folio);
else
folio_deactivate(folio);
- folio_put(folio);
applied += folio_nr_pages(folio);
+ folio_put(folio);
}
return applied * PAGE_SIZE;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young()
2023-03-04 19:39 ` [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young() SeongJae Park
@ 2023-03-05 0:00 ` Matthew Wilcox
2023-03-06 2:09 ` Kefeng Wang
1 sibling, 0 replies; 8+ messages in thread
From: Matthew Wilcox @ 2023-03-05 0:00 UTC (permalink / raw)
To: SeongJae Park
Cc: Andrew Morton, Kefeng Wang, damon, linux-mm, linux-kernel, stable
On Sat, Mar 04, 2023 at 07:39:48PM +0000, SeongJae Park wrote:
> damon_pa_young() is accessing a folio via folio_size() after folio_put()
> for the folio has invoked. Fix it.
>
> Fixes: 397b0c3a584b ("mm/damon/paddr: remove folio_sz field from damon_pa_access_chk_result")
> Cc: <stable@vger.kernel.org> # 6.3.x
> Signed-off-by: SeongJae Park <sj@kernel.org>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate()
2023-03-04 19:39 ` [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate() SeongJae Park
@ 2023-03-05 0:00 ` Matthew Wilcox
2023-03-06 2:05 ` Kefeng Wang
1 sibling, 0 replies; 8+ messages in thread
From: Matthew Wilcox @ 2023-03-05 0:00 UTC (permalink / raw)
To: SeongJae Park
Cc: Andrew Morton, Kefeng Wang, Vishal Moola (Oracle),
damon, linux-mm, linux-kernel, stable
On Sat, Mar 04, 2023 at 07:39:49PM +0000, SeongJae Park wrote:
> damon_pa_mark_accessed_or_deactivate() is accessing a folio via
> folio_nr_pages() after folio_put() for the folio has invoked. Fix it.
>
> Fixes: f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios")
> Cc: <stable@vger.kernel.org> # 6.3.x
> Signed-off-by: SeongJae Park <sj@kernel.org>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs
2023-03-04 19:39 [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs SeongJae Park
2023-03-04 19:39 ` [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young() SeongJae Park
2023-03-04 19:39 ` [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate() SeongJae Park
@ 2023-03-06 2:04 ` Kefeng Wang
2 siblings, 0 replies; 8+ messages in thread
From: Kefeng Wang @ 2023-03-06 2:04 UTC (permalink / raw)
To: SeongJae Park, Andrew Morton
Cc: Matthew Wilcox (Oracle), Vishal Moola (Oracle),
damon, linux-mm, linux-kernel
On 2023/3/5 3:39, SeongJae Park wrote:
> There are two folio accesses after folio_put() in mm/damon/paddr.c file.
> Fix those.
I saw you send the bugfixes separately :)
>
> SeongJae Park (2):
> mm/damon/paddr: fix folio_size() call after folio_put() in
> damon_pa_young()
> mm/damon/paddr: fix folio_nr_pages() after folio_put() in
> damon_pa_mark_accessed_or_deactivate()
>
> mm/damon/paddr.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate()
2023-03-04 19:39 ` [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate() SeongJae Park
2023-03-05 0:00 ` Matthew Wilcox
@ 2023-03-06 2:05 ` Kefeng Wang
1 sibling, 0 replies; 8+ messages in thread
From: Kefeng Wang @ 2023-03-06 2:05 UTC (permalink / raw)
To: SeongJae Park, Andrew Morton
Cc: Vishal Moola (Oracle), Matthew Wilcox (Oracle),
damon, linux-mm, linux-kernel, stable
On 2023/3/5 3:39, SeongJae Park wrote:
> damon_pa_mark_accessed_or_deactivate() is accessing a folio via
> folio_nr_pages() after folio_put() for the folio has invoked. Fix it.
>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
> Fixes: f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios")
> Cc: <stable@vger.kernel.org> # 6.3.x
> Signed-off-by: SeongJae Park <sj@kernel.org>
> ---
> mm/damon/paddr.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/damon/paddr.c b/mm/damon/paddr.c
> index 10f159b315ea..0db724aec5cb 100644
> --- a/mm/damon/paddr.c
> +++ b/mm/damon/paddr.c
> @@ -277,8 +277,8 @@ static inline unsigned long damon_pa_mark_accessed_or_deactivate(
> folio_mark_accessed(folio);
> else
> folio_deactivate(folio);
> - folio_put(folio);
> applied += folio_nr_pages(folio);
> + folio_put(folio);
> }
> return applied * PAGE_SIZE;
> }
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young()
2023-03-04 19:39 ` [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young() SeongJae Park
2023-03-05 0:00 ` Matthew Wilcox
@ 2023-03-06 2:09 ` Kefeng Wang
1 sibling, 0 replies; 8+ messages in thread
From: Kefeng Wang @ 2023-03-06 2:09 UTC (permalink / raw)
To: SeongJae Park, Andrew Morton; +Cc: damon, linux-mm, linux-kernel, stable
On 2023/3/5 3:39, SeongJae Park wrote:
> damon_pa_young() is accessing a folio via folio_size() after folio_put()
> for the folio has invoked. Fix it.
>
Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com>
> Fixes: 397b0c3a584b ("mm/damon/paddr: remove folio_sz field from damon_pa_access_chk_result")
> Cc: <stable@vger.kernel.org> # 6.3.x
> Signed-off-by: SeongJae Park <sj@kernel.org>
> ---
> mm/damon/paddr.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/mm/damon/paddr.c b/mm/damon/paddr.c
> index 3fda00a0f786..10f159b315ea 100644
> --- a/mm/damon/paddr.c
> +++ b/mm/damon/paddr.c
> @@ -130,7 +130,6 @@ static bool damon_pa_young(unsigned long paddr, unsigned long *folio_sz)
> accessed = false;
> else
> accessed = true;
> - folio_put(folio);
> goto out;
> }
>
> @@ -144,10 +143,10 @@ static bool damon_pa_young(unsigned long paddr, unsigned long *folio_sz)
>
> if (need_lock)
> folio_unlock(folio);
> - folio_put(folio);
>
> out:
> *folio_sz = folio_size(folio);
> + folio_put(folio);
> return accessed;
> }
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-03-06 2:29 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-04 19:39 [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs SeongJae Park
2023-03-04 19:39 ` [PATCH 1/2] mm/damon/paddr: fix folio_size() call after folio_put() in damon_pa_young() SeongJae Park
2023-03-05 0:00 ` Matthew Wilcox
2023-03-06 2:09 ` Kefeng Wang
2023-03-04 19:39 ` [PATCH 2/2] mm/damon/paddr: fix folio_nr_pages() after folio_put() in damon_pa_mark_accessed_or_deactivate() SeongJae Park
2023-03-05 0:00 ` Matthew Wilcox
2023-03-06 2:05 ` Kefeng Wang
2023-03-06 2:04 ` [PATCH 0/2] mm/damon/paddr: Fix folio-use-after-put bugs Kefeng Wang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.