| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260112165001.GG745888@ziepe.ca> Date: Mon, 12 Jan 2026 12:50:01 -0400 From: Jason Gunthorpe <jgg@...pe.ca> To: Zi Yan <ziy@...dia.com> Cc: Matthew Wilcox <willy@...radead.org>, Balbir Singh <balbirs@...dia.com>, Francois Dugast <francois.dugast@...el.com>, intel-xe@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org, Matthew Brost <matthew.brost@...el.com>, Madhavan Srinivasan <maddy@...ux.ibm.com>, Nicholas Piggin <npiggin@...il.com>, Michael Ellerman <mpe@...erman.id.au>, "Christophe Leroy (CS GROUP)" <chleroy@...nel.org>, Felix Kuehling <Felix.Kuehling@....com>, Alex Deucher <alexander.deucher@....com>, Christian König <christian.koenig@....com>, David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>, Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>, Lyude Paul <lyude@...hat.com>, Danilo Krummrich <dakr@...nel.org>, Bjorn Helgaas <bhelgaas@...gle.com>, Logan Gunthorpe <logang@...tatee.com>, David Hildenbrand <david@...nel.org>, Oscar Salvador <osalvador@...e.de>, Andrew Morton <akpm@...ux-foundation.org>, Leon Romanovsky <leon@...nel.org>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, "Liam R . Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, Mike Rapoport <rppt@...nel.org>, Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko <mhocko@...e.com>, Alistair Popple <apopple@...dia.com>, linuxppc-dev@...ts.ozlabs.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, amd-gfx@...ts.freedesktop.org, nouveau@...ts.freedesktop.org, linux-pci@...r.kernel.org, linux-mm@...ck.org, linux-cxl@...r.kernel.org Subject: Re: [PATCH v4 1/7] mm/zone_device: Add order argument to folio_free callback On Mon, Jan 12, 2026 at 11:31:04AM -0500, Zi Yan wrote: > > folio_free() > > > > 1) Allocator finds free memory > > 2) zone_device_page_init() allocates the memory and makes refcount=1 > > 3) __folio_put() knows the recount 0. > > 4) free_zone_device_folio() calls folio_free(), but it doesn't > > actually need to undo prep_compound_page() because *NOTHING* can > > use the page pointer at this point. > > 5) Driver puts the memory back into the allocator and now #1 can > > happen. It knows how much memory to put back because folio->order > > is valid from #2 > > 6) #1 happens again, then #2 happens again and the folio is in the > > right state for use. The successor #2 fully undoes the work of the > > predecessor #2. > > But how can a successor #2 undo the work if the second #1 only allocates > half of the original folio? For example, an order-9 at PFN 0 is > allocated and freed, then an order-8 at PFN 0 is allocated and another > order-8 at PFN 256 is allocated. How can two #2s undo the same order-9 > without corrupting each other’s data? What do you mean? The fundamental rule is you can't read the folio or the order outside folio_free once it's refcount reaches 0. So the successor #2 will write updated heads and order to the order 8 pages at PFN 0 and the ones starting at PFN 256 will remain with garbage. This is OK because nothing is allowed to read them as their refcount is 0. If later PFN256 is allocated then it will get updated head and order at the same time it's refcount becomes 1. There is corruption and they don't corrupt each other's data. > > If the allocator is using the struct page memory then step #5 should > > also clean up the struct page with the allocator data before returning > > it to the allocator. > > Do you mean ->folio_free() callback should undo prep_compound_page() > instead? I wouldn't say undo, I was very careful to say it needs to get the struct page memory into a state that the allocator algorithm expects, whatever that means. Jason
Powered by blists - more mailing lists