On Thu, Apr 04, 2024 at 09:07:00AM +0200, Oscar Salvador wrote: > Current code does not contemplate scenarios were an allocation and > free operation on the same pages do not handle it in the same amount > at once. > To give an example, page_alloc_exact(), where we will allocate a page > of enough order to stafisfy the size request, but we will free the > remainings right away. > > In the above example, we will increment the stack_record refcount > only once, but we will decrease it the same number of times as number > of unused pages we have to free. > This will lead to a warning because of refcount imbalance. > > Fix this by recording the number of base pages in the refcount field. > > Reported-by: syzbot+41bbfdb8d41003d12c0f@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://lore.kernel.org/linux-mm/00000000000090e8ff0613eda0e5@xxxxxxxxxx > Fixes: 217b2119b9e2 ("mm,page_owner: implement the tracking of the stacks count") Does this also fix this? https://lore.kernel.org/all/202405061514.23fedba1-oliver.sang@xxxxxxxxx/ This is a report of the backtrace changing, but the warning was pre-existing. > [...] > -static void dec_stack_record_count(depot_stack_handle_t handle) > +static void dec_stack_record_count(depot_stack_handle_t handle, > + int nr_base_pages) > { > struct stack_record *stack_record = __stack_depot_get_stack_record(handle); > > - if (stack_record) > - refcount_dec(&stack_record->count); > + if (!stack_record) > + return; > + > + if (refcount_sub_and_test(nr_base_pages, &stack_record->count)) > + pr_warn("%s: refcount went to 0 for %u handle\n", __func__, > + handle); This pr_warn() isn't needed: refcount will very loudly say the same thing. :) -- Kees Cook
