Re: [PATCH 7/9] mm: Free up PG_slab
On Sun, Mar 31, 2024 at 11:11:10PM +0800, kernel test robot wrote:
> kernel test robot noticed "UBSAN:shift-out-of-bounds_in_fs/proc/page.c" on:
>
> commit: 30e5296811312a13938b83956a55839ac1e3aa40 ("[PATCH 7/9] mm: Free up
> PG_slab")
Quite right. Spotted another one while I was at it. Not able to test
right now, but this should do the trick:
diff --git a/fs/proc/page.c b/fs/proc/page.c
index 5bc82828c6aa..55b01535eb22 100644
--- a/fs/proc/page.c
+++ b/fs/proc/page.c
@@ -175,6 +175,8 @@ u64 stable_page_flags(const struct page *page)
u |= 1 << KPF_OFFLINE;
if (PageTable(page))
u |= 1 << KPF_PGTABLE;
+ if (folio_test_slab(folio))
+ u |= 1 << KPF_SLAB;
#if defined(CONFIG_PAGE_IDLE_FLAG) && defined(CONFIG_64BIT)
u |= kpf_copy_bit(k, KPF_IDLE, PG_idle);
@@ -184,7 +186,6 @@ u64 stable_page_flags(const struct page *page)
#endif
u |= kpf_copy_bit(k, KPF_LOCKED,PG_locked);
- u |= kpf_copy_bit(k, KPF_SLAB, PG_slab);
u |= kpf_copy_bit(k, KPF_ERROR, PG_error);
u |= kpf_copy_bit(k, KPF_DIRTY, PG_dirty);
u |= kpf_copy_bit(k, KPF_UPTODATE, PG_uptodate);
diff --git a/tools/cgroup/memcg_slabinfo.py b/tools/cgroup/memcg_slabinfo.py
index 1d3a90d93fe2..270c28a0d098 100644
--- a/tools/cgroup/memcg_slabinfo.py
+++ b/tools/cgroup/memcg_slabinfo.py
@@ -146,12 +146,11 @@ def detect_kernel_config():
def for_each_slab(prog):
-PGSlab = 1 << prog.constant('PG_slab')
-PGHead = 1 << prog.constant('PG_head')
+PGSlab = ~prog.constant('PG_slab')
for page in for_each_page(prog):
try:
-if page.flags.value_() & PGSlab:
+if page.page_type.value_() == PGSlab:
yield cast('struct slab *', page)
except FaultError:
pass
Re: [PATCH 7/9] mm: Free up PG_slab
Hello,
kernel test robot noticed "UBSAN:shift-out-of-bounds_in_fs/proc/page.c" on:
commit: 30e5296811312a13938b83956a55839ac1e3aa40 ("[PATCH 7/9] mm: Free up
PG_slab")
url:
https://github.com/intel-lab-lkp/linux/commits/Matthew-Wilcox-Oracle/mm-Always-initialise-folio-_deferred_list/20240321-222800
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
23956900041d968f9ad0f30db6dede4daccd7aa9
patch link:
https://lore.kernel.org/all/20240321142448.1645400-8-wi...@infradead.org/
patch subject: [PATCH 7/9] mm: Free up PG_slab
in testcase: ltp
version: ltp-x86_64-14c1f76-1_20240323
with following parameters:
disk: 1HDD
fs: ext4
test: fs-00
compiler: gcc-12
test machine: 4 threads 1 sockets Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (Ivy
Bridge) with 8G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot
| Closes:
https://lore.kernel.org/oe-lkp/202403312344.c0d273ab-oliver.s...@intel.com
kern :warn : [ 528.627387] [ cut here ]
kern :err : [ 528.627589] UBSAN: shift-out-of-bounds in
fs/proc/page.c:107:18
kern :err : [ 528.627884] shift exponent 4096 is too large for 64-bit type
'long long unsigned int'
kern :warn : [ 528.628200] CPU: 0 PID: 4703 Comm: proc01 Tainted: G S
6.8.0-11774-g30e529681131 #1
kern :warn : [ 528.628446] Hardware name: Hewlett-Packard p6-1451cx/2ADA,
BIOS 8.15 02/05/2013
kern :warn : [ 528.628659] Call Trace:
kern :warn : [ 528.628814]
kern :warn : [ 528.628960] dump_stack_lvl (lib/dump_stack.c:117 (discriminator
1))
kern :warn : [ 528.629134] __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218
lib/ubsan.c:454)
kern :warn : [ 528.629360] stable_page_flags.part.0.cold
(include/linux/page-flags.h:284 fs/proc/page.c:184)
kern :warn : [ 528.629506] kpageflags_read (fs/proc/page.c:238
fs/proc/page.c:250)
kern :warn : [ 528.629623] vfs_read (fs/read_write.c:474)
kern :warn : [ 528.629737] ? do_sys_openat2 (fs/open.c:1415)
kern :warn : [ 528.629898] ? kmem_cache_free (mm/slub.c:4280 mm/slub.c:4344)
kern :warn : [ 528.630063] ? __pfx_vfs_read (fs/read_write.c:457)
kern :warn : [ 528.630225] ? do_sys_openat2 (fs/open.c:1415)
kern :warn : [ 528.630388] ? __pfx_do_sys_openat2 (fs/open.c:1392)
kern :warn : [ 528.630552] ? __do_sys_newfstatat (fs/stat.c:464)
kern :warn : [ 528.630717] ? __fget_light
(include/linux/atomic/atomic-arch-fallback.h:479
include/linux/atomic/atomic-instrumented.h:50 fs/file.c:1145)
kern :warn : [ 528.630888] ksys_read (fs/read_write.c:619)
kern :warn : [ 528.631051] ? __pfx_ksys_read (fs/read_write.c:609)
kern :warn : [ 528.631216] ? kmem_cache_free (mm/slub.c:4280 mm/slub.c:4344)
kern :warn : [ 528.631415] do_syscall_64 (arch/x86/entry/common.c:52
arch/x86/entry/common.c:83)
kern :warn : [ 528.631555] entry_SYSCALL_64_after_hwframe
(arch/x86/entry/entry_64.S:129)
kern :warn : [ 528.631756] RIP: 0033:0x7f90bf2ba19d
kern :warn : [ 528.631913] Code: 31 c0 e9 c6 fe ff ff 50 48 8d 3d 66 54 0a 00
e8 49 ff 01 00 66 0f 1f 84 00 00 00 00 00 80 3d 41 24 0e 00 00 74 17 31 c0 0f
05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec
All code
0: 31 c0 xor%eax,%eax
2: e9 c6 fe ff ff jmpq 0xfecd
7: 50 push %rax
8: 48 8d 3d 66 54 0a 00lea0xa5466(%rip),%rdi# 0xa5475
f: e8 49 ff 01 00 callq 0x1ff5d
14: 66 0f 1f 84 00 00 00nopw 0x0(%rax,%rax,1)
1b: 00 00
1d: 80 3d 41 24 0e 00 00cmpb $0x0,0xe2441(%rip)# 0xe2465
24: 74 17 je 0x3d
26: 31 c0 xor%eax,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp$0xf000,%rax <--
trapping instruction
30: 77 5b ja 0x8d
32: c3 retq
33: 66 2e 0f 1f 84 00 00nopw %cs:0x0(%rax,%rax,1)
3a: 00 00 00
3d: 48 rex.W
3e: 83 .byte 0x83
3f: ec in (%dx),%al
Code starting with the faulting instruction
===
0: 48 3d 00 f0 ff ff cmp$0xf000,%rax
6: 77 5b ja 0x63
8: c3 retq
9: 66 2e 0f 1f 84 00 00nopw %cs:0x0(%rax,%rax,1)
10: 00 00 00
13: 48 rex.W
14: 83 .byte 0x83
15: ec in (%dx),%al
kern :warn : [ 528.632309] RSP: 002b:7ffe2eb3c008 EFLAGS: 0246
ORIG_RAX:
kern :warn : [ 528.632540] RAX: ffda RBX: 7ffe2eb3d1b0 RCX:
7f90bf2ba19d
kern :warn :
