lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Mon, 07 Feb 2011 13:47:53 +0900
From:	Jin Dongming <jin.dongming@...css.fujitsu.com>
To:	Andi Kleen <andi@...stfloor.org>
CC:	Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
	Huang Ying <ying.huang@...el.com>,
	Wu Fengguang <fengguang.wu@...el.com>,
	Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>,
	LKLM <linux-kernel@...r.kernel.org>
Subject: [Resend][PATCH -v2 2/3 -next] Fix poison failure for unmapped hugetlb
 page without MF_COUNT_INCREASED.

The unmapped hugetlb page could not be poisoned when the tail
page is poisoned.

The reason is because the PG_hwpoison of head page is checked
before setting PG_hwpoison on other pages of the hugetlb page.
  - If the head page is not poisoned, the rest pages of
    hugetlb page will not be set with PG_hwpoison;
  - If the head page is poisoned, poisoning for the hugetlb page
    has been finished by other context running simultaneously.

Usually the head page here is not poisoned yet, so __memory_failure()
will return without poisoning the rest pages of hugetlb page.

As it is described in the comment(in __memory_failure()):
 994               /*
 995                * Check "just unpoisoned", "filter hit", and
 996                * "race with other subpage."
 997                */

I think the real checking expected here is "just unpoisoned",
whether the tail page just poisoned by this context is still
poisoned or not. It should be realized by checking agaist
the poisoned tail page, not against the head page.

Signed-off-by: Jin Dongming <jin.dongming@...css.fujitsu.com>
Reviewed-by: Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@...jp.nec.com>
---
 mm/memory-failure.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index d2c2a7b..0317cb3 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1039,7 +1039,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags)
 			 * "race with other subpage."
 			 */
 			lock_page_nosync(hpage);
-			if (!PageHWPoison(hpage)
+			if (!PageHWPoison(p)
 			    || (hwpoison_filter(p) && TestClearPageHWPoison(p))
 			    || (p != hpage && TestSetPageHWPoison(hpage))) {
 				atomic_long_sub(nr_pages, &mce_bad_pages);
-- 
1.7.2.2


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ