Re: [BUG Report] KASAN: slab-use-after-free in page_pool_recycle_in_ring

From: Mina Almasry
Date: Mon May 19 2025 - 20:53:37 EST

Next message: Yury Norov: "Re: [PATCH v8 5/5] rust: add dynamic ID pool abstraction for bitmap"
Previous message: Mark Pearson: "[PATCH v2] platform/x86: think-lmi: Fix attribute name usage for non-compliant items"
In reply to: Jakub Kicinski: "Re: [BUG Report] KASAN: slab-use-after-free in page_pool_recycle_in_ring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 19, 2025 at 3:47 PM Jakub Kicinski <kuba@xxxxxxxxxx> wrote:
>
> On Mon, 19 May 2025 12:20:59 -0700 Mina Almasry wrote:
> > Clearly this is not working, but I can't tell why.
>
> I think your fix works but for the one line that collects recycling
> stats. If we put recycling stats under the producer lock we should
> be safe.

What are you referring to as recycle stats? Because I don't think
pool->recycle_stats have anything to do with freeing the page_pool.

Or do you mean that we should put all the call sites that increment
and decrement pool->pages_state_release_cnt and
pool->pages_state_hold_cnt under the producer lock?

--
Thanks,
Mina

Next message: Yury Norov: "Re: [PATCH v8 5/5] rust: add dynamic ID pool abstraction for bitmap"
Previous message: Mark Pearson: "[PATCH v2] platform/x86: think-lmi: Fix attribute name usage for non-compliant items"
In reply to: Jakub Kicinski: "Re: [BUG Report] KASAN: slab-use-after-free in page_pool_recycle_in_ring"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]