Thanks Andrew/Michal!! On 8/10/2022 12:53 PM, Michal Hocko wrote: > On Tue 09-08-22 18:57:14, Andrew Morton wrote: >> On Tue, 9 Aug 2022 20:16:43 +0530 Charan Teja Kalla <quic_charante@xxxxxxxxxxx> wrote: >> >>> The below is one path where race between page_ext and offline of the >>> respective memory blocks will cause use-after-free on the access of >>> page_ext structure. >> >> Has this race ever been observed at runtime? >> >> Given the size of the fix, I'm looking for excuses to not backport it >> into -stable kernels! > > I believe this is quite theoretical for two reasons > 1) the memory hotplug (offlining) is quite rare operation > 2) with all the retries the race window is quite hard to trigger > > So this is good to have address long term but nothing really for stable > until somebody actually hits that with a real world workload. > Actually in the embedded systems the offline is not a rare operation, especially, in cases where one want to save some power through PASR[1]. This issue is caught with and in the page_pinner[2](currently being used in Android) path where it is accessing the page_ext of a page after it is freed. This is again not with the real workload but with some stress tests. So, I am also agree with Michal here to not to backport it. [1]https://lwn.net/Articles/478049/ [2] https://lore.kernel.org/all/20211228175904.3739751-1-minchan@xxxxxxxxxx/ > Btw. I plan to have a look and review this but times are busy. Hopefully > soon. > > Thanks! >
