On 2024/1/3 01:58, Andrew Morton wrote:
The patch titled
Subject: mm: shrinker: use kvzalloc_node() from memcg_expand_one_shrinker_map()
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-shrinker-use-kvzalloc_node-from-memcg_expand_one_shrinker_map.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-shrinker-use-kvzalloc_node-from-memcg_expand_one_shrinker_map.patch
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Subject: mm: shrinker: use kvzalloc_node() from memcg_expand_one_shrinker_map()
Date: Wed, 3 Jan 2024 00:46:36 +0900
syzbot is reporting uninit-value at shrinker_alloc(), for commit
307bececcd12 ("mm: shrinker: add a secondary array for
shrinker_info::{map, nr_deferred}") which assumed that the ->unit was
allocated with __GFP_ZERO forgot to replace kvmalloc_node() in
memcg_expand_one_shrinker_map() with kvzalloc_node().
Link: https://lkml.kernel.org/r/b1a78c6a-b3fa-46ed-810a-ce546e726d44@xxxxxxxxxxxxxxxxxxx
Thanks for fixing this!
Reviewed-by: Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx>
BTW, this link above seems to be inaccessible:
```
Message-ID <b1a78c6a-b3fa-46ed-810a-ce546e726d44@xxxxxxxxxxxxxxxxxxx>
not found
Perhaps try an external site:
```
And I did not find this patch in LKML.
Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for shrinker_info::{map, nr_deferred}")
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Reported-by: syzbot <syzbot+1e0ed05798af62917464@xxxxxxxxxxxxxxxxxxxxxxxxx>
Closes: https://syzkaller.appspot.com/bug?extid=1e0ed05798af62917464
Cc: Qi Zheng <zhengqi.arch@xxxxxxxxxxxxx>
Cc: Muchun Song <songmuchun@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/shrinker.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/shrinker.c~mm-shrinker-use-kvzalloc_node-from-memcg_expand_one_shrinker_map
+++ a/mm/shrinker.c
@@ -126,7 +126,7 @@ static int expand_one_shrinker_info(stru
if (new_nr_max <= old->map_nr_max)
continue;
- new = kvmalloc_node(sizeof(*new) + new_size, GFP_KERNEL, nid);
+ new = kvzalloc_node(sizeof(*new) + new_size, GFP_KERNEL, nid);
if (!new)
return -ENOMEM;
_
Patches currently in -mm which might be from penguin-kernel@xxxxxxxxxxxxxxxxxxx are
mm-shrinker-use-kvzalloc_node-from-memcg_expand_one_shrinker_map.patch
