On Mon, Mar 29, 2021 at 11:36:09AM -0700, Ira Weiny wrote: > On Mon, Mar 29, 2021 at 09:48:20AM -0400, dennis.dalessandro@xxxxxxxxxxxxxxxxxxxx wrote: > > From: Mike Marciniszyn <mike.marciniszyn@xxxxxxxxxxxxxxxxxxxx> > > > > The security code guards for non-current mm in all cases for > > updating the rb tree. > > > > That is ok for insert, but NOT ok for remove, since the insert > > has already guarded the node from being inserted and the remove > > can be called with a different mm because of a segfault other similar > > "close" issues where current-mm is NULL. > > > > Best case, is we leak pages. worst case we delete items for an lru_list > > more than once: > > [20945.911107] list_del corruption, ffffa0cd536bcac8->next is LIST_POISON1 (dead000000000100) > > > > Fix by removing the guard from any functions that remove nodes > > from the tree assuming the node was entered into the tree as valid since > > the insert is guarded. > > Does this open up a child process being able to remove nodes which the parent > added? Dennis? Jason
