lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 21 Jan 2011 10:24:06 +0900
From:	Jin Dongming <jin.dongming@...css.fujitsu.com>
To:	Andi Kleen <andi@...stfloor.org>
CC:	Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
	Huang Ying <ying.huang@...el.com>,
	Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>,
	LKLM <linux-kernel@...r.kernel.org>
Subject: [PATCH 2/3] Fix poison failure for unmapped hugetlb page without
 MF_COUNT_INCREASED.

The unmapped hugetlb page could not be poisoned when the tail
page is poisoned.

The reason is because the PG_hwpoison of head page is checked
before setting PG_hwpoison on other pages of the hugetlb page.
Usually the head page here is not poisoned yet, so __memory_failure()
will return without poisoning the rest pages of hugetlb page.
If the head page is poisoned, poisoning for the hugetlb page
has been finished by other context running simultaneously.

As it is described in the comment(in __memory_failure()):
 994               /*
 995                * Check "just unpoisoned", "filter hit", and
 996                * "race with other subpage."
 997                */

I think the real checking expected here is "just unpoisoned",
whether the tail page just poisoned by this context is still
poisoned or not. It should be realized by checking against
the poisoned tail page, not against the head page.

Signed-off-by: Jin Dongming <jin.dongming@...css.fujitsu.com>
Reviewed-by: Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>
---
 mm/memory-failure.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 8665eed..824850a 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -996,7 +996,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags)
 			 * "race with other subpage."
 			 */
 			lock_page_nosync(hpage);
-			if (!PageHWPoison(hpage)
+			if (!PageHWPoison(p)
 			    || (hwpoison_filter(p) && TestClearPageHWPoison(p))
 			    || (p != hpage && TestSetPageHWPoison(hpage))) {
 				atomic_long_sub(nr_pages, &mce_bad_pages);
-- 
1.7.2.2


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ