lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Nov 2014 18:40:10 +0800
From:	Weijie Yang <weijie.yang@...sung.com>
To:	iamjoonsoo.kim@....com
Cc:	'Andrew Morton' <akpm@...ux-foundation.org>, mgorman@...e.de,
	'Rik van Riel' <riel@...hat.com>,
	'Johannes Weiner' <hannes@...xchg.org>,
	'Minchan Kim' <minchan@...nel.org>, mina86@...a86.com,
	vbabka@...e.cz, linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	'Weijie Yang' <weijie.yang.kh@...il.com>
Subject: [PATCH] mm: page_alloc: store updated page migratetype to avoid
 misusing stale value

The commit ad53f92e(fix incorrect isolation behavior by rechecking migratetype)
patch series describe the race between page isolation and free path, and try to
fix the freepage account issues.

However, there is still a little issue: freed page could have stale migratetype
in the free_list. This would cause some bad behavior if we misuse this stale
value later.
Such as: in __test_page_isolated_in_pageblock() we check the buddy page, if the
page's stale migratetype is not MIGRATE_ISOLATE, which will cause unnecessary
page move action.

This patch store the page's updated migratetype after free the page to the
free_list to avoid subsequent misusing stale value, and use a WARN_ON_ONCE
to catch a potential undetected race between isolatation and free path.


Signed-off-by: Weijie Yang <weijie.yang@...sung.com>
---
 mm/page_alloc.c     |    1 +
 mm/page_isolation.c |   17 +++++------------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 616a2c9..177fca0 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -622,6 +622,7 @@ static inline void __free_one_page(struct page *page,
 	}
 
 	list_add(&page->lru, &zone->free_area[order].free_list[migratetype]);
+	set_freepage_migratetype(page, migratetype);
 out:
 	zone->free_area[order].nr_free++;
 }
diff --git a/mm/page_isolation.c b/mm/page_isolation.c
index c8778f7..0618071 100644
--- a/mm/page_isolation.c
+++ b/mm/page_isolation.c
@@ -223,19 +223,12 @@ __test_page_isolated_in_pageblock(unsigned long pfn, unsigned long end_pfn,
 		page = pfn_to_page(pfn);
 		if (PageBuddy(page)) {
 			/*
-			 * If race between isolatation and allocation happens,
-			 * some free pages could be in MIGRATE_MOVABLE list
-			 * although pageblock's migratation type of the page
-			 * is MIGRATE_ISOLATE. Catch it and move the page into
-			 * MIGRATE_ISOLATE list.
+			 * Use a WARN_ON_ONCE to catch a potential undetected
+			 * race between isolatation and free pages, even if
+			 * we try to avoid this issue.
 			 */
-			if (get_freepage_migratetype(page) != MIGRATE_ISOLATE) {
-				struct page *end_page;
-
-				end_page = page + (1 << page_order(page)) - 1;
-				move_freepages(page_zone(page), page, end_page,
-						MIGRATE_ISOLATE);
-			}
+			WARN_ON_ONCE(get_freepage_migratetype(page) !=
+					MIGRATE_ISOLATE);
 			pfn += 1 << page_order(page);
 		}
 		else if (page_count(page) == 0 &&
-- 
1.7.0.4


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ