On Mon, Aug 16, 2021 at 3:53 PM Herbert Xu herbert@gondor.apana.org.au wrote:
On Mon, Aug 16, 2021 at 03:38:29PM +0800, Dongliang Mu wrote:
for_each_possible_cpu(i)
vfree(*per_cpu_ptr(scratches, i));
for_each_possible_cpu(i) {
void *scratch = *per_cpu_ptr(scratches, i);
if (!scratch)
vfree(scratch);
}
This patch is unnecessary. Please check the implementation of vfree, it already checks for NULL pointers just like most of our free primitives.
Hi Herbert,
since there is no reproducer in the syzbot, I guess the problem might be:
if vmalloc_node in the ipcomp_alloc_scratches returns a NULL pointer, it directly returns NULL without updating the per_cpu_ptr(scratches, i).
Therefore, in the ipcomp_free_scratches, vfree will take an invalid and outdated per_cpu_ptr as its argument, leading to the bug - BUG: unable to handle kernel paging request in ipcomp_free_scratches.
Any idea?
Cheers,
Email: Herbert Xu herbert@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt