Re: [PATCH] zsmalloc: Fix races between modifications of fullness and isolated

From: Sergey Senozhatsky
Date: Tue Jul 25 2023 - 23:18:56 EST

Next message: Jakub Kicinski: "Re: [PATCH v4] net: ravb: Fix possible UAF bug in ravb_remove"
Previous message: Michael Kelley (LINUX): "RE: [PATCHv3 0/3] x86/tdx: Fix one more load_unaligned_zeropad() issue"
In reply to: Sergey Senozhatsky: "Re: [PATCH] zsmalloc: Fix races between modifications of fullness and isolated"
Next in thread: Andrew Yang (楊智強): "Re: [PATCH] zsmalloc: Fix races between modifications of fullness and isolated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On (23/07/21 14:37), Andrew Yang wrote:
>
> Since fullness and isolated share the same unsigned int,
> modifications of them should be protected by the same lock.
>
> Signed-off-by: Andrew Yang <andrew.yang@xxxxxxxxxxxx>
> Fixes: c4549b871102 ("zsmalloc: remove zspage isolation for migration")

Have you observed issues in real life? That commit is more than a year
and a half old, so I wonder.

> @@ -1858,8 +1860,8 @@ static int zs_page_migrate(struct page *newpage, struct page *page,
> * Since we complete the data copy and set up new zspage structure,
> * it's okay to release the pool's lock.
> */

This comment should be moved too, because this is not where we unlock the
pool anymore.

> - spin_unlock(&pool->lock);
> dec_zspage_isolation(zspage);
> + spin_unlock(&pool->lock);
> migrate_write_unlock(zspage);

Next message: Jakub Kicinski: "Re: [PATCH v4] net: ravb: Fix possible UAF bug in ravb_remove"
Previous message: Michael Kelley (LINUX): "RE: [PATCHv3 0/3] x86/tdx: Fix one more load_unaligned_zeropad() issue"
In reply to: Sergey Senozhatsky: "Re: [PATCH] zsmalloc: Fix races between modifications of fullness and isolated"
Next in thread: Andrew Yang (楊智強): "Re: [PATCH] zsmalloc: Fix races between modifications of fullness and isolated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]