[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f38cef22-d3e8-4f73-a8ba-1a2cb0f4808e@suse.cz>
Date: Thu, 10 Jul 2025 19:42:16 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: Suren Baghdasaryan <surenb@...gle.com>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, akpm@...ux-foundation.org,
david@...hat.com, peterx@...hat.com, jannh@...gle.com, hannes@...xchg.org,
mhocko@...nel.org, paulmck@...nel.org, shuah@...nel.org,
adobriyan@...il.com, brauner@...nel.org, josef@...icpanda.com,
yebin10@...wei.com, linux@...ssschuh.net, willy@...radead.org,
osalvador@...e.de, andrii@...nel.org, ryan.roberts@....com,
christophe.leroy@...roup.eu, tjmercier@...gle.com, kaleshsingh@...gle.com,
aha310510@...il.com, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v6 7/8] fs/proc/task_mmu: read proc/pid/maps under per-vma
lock
On 7/10/25 19:02, Suren Baghdasaryan wrote:
> On Thu, Jul 10, 2025 at 12:03 AM Suren Baghdasaryan <surenb@...gle.com> wrote:
>>
>>
>> I have the patchset ready but would like to test it some more. Will
>> post it tomorrow.
>
> Ok, I found a couple of issues using the syzbot reproducer [1] (which
> is awesome BTW!):
> 1. rwsem_acquire_read() inside vma_start_read() at [2] should be moved
> after the last check, otherwise the lock is considered taken on
> vma->vm_refcnt overflow;
> 2. query_matching_vma() is missing unlock_vma() call when it does
> "goto next_vma;" and re-issues query_vma_find_by_addr(). The previous
> vma is left locked;
How does that happen? query_vma_find_by_addr() does get_next_vma() which
does unlock_vma()?
Powered by blists - more mailing lists