On Wed, Aug 13, 2025 at 03:00:08PM +0200, Greg KH wrote: > > In this case if kho_unpreserve_folio() fails in this call chain it > > means some error unwind is wrongly happening out of sequence, and we > > are now forced to leak memory. Unwind is not something that userspace > > should be controlling, so of course we want a WARN_ON here. > > "should be" is the key here. And it's not obvious from this patch if > that's true or not, which is why I mentioned it. > > I will keep bringing this up, given the HUGE number of CVEs I keep > assigning each week for when userspace hits WARN_ON() calls until that > flow starts to die out either because we don't keep adding new calls, OR > we finally fix them all. Both would be good... WARN or not, userspace triggering permanently leaking kernel memory is a CVE worthy bug in of itself. So even if userspace triggers this I'd rather have the warn than the difficult to find leak. I don't know what your CVEs are, but I get a decent number of userspace hits a WARN bug from with syzkaller, and they are all bugs in the kernel. Bugs that should probably get CVEs even without the crash on WARN issue anyhow. The WARN made them discoverable cheaply. The most recent was a userspace triggerable arthimetic overflow corrupted a datastructure and a WARN caught it, syzkaller found it, and we fixed it before it became a splashy exploit with a web site. Removing bug catching to reduce CVEs because we don't find the bugs anymore seems like the wrong direction to me. Jason
