| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Sep 2010 11:47:23 +0100
From: Mel Gorman <mel@....ul.ie>
To: Naoya Horiguchi <n-horiguchi@...jp.nec.com>
Cc: Andi Kleen <andi@...stfloor.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Christoph Lameter <cl@...ux-foundation.org>,
Wu Fengguang <fengguang.wu@...el.com>,
Jun'ichi Nomura <j-nomura@...jp.nec.com>,
linux-mm <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 01/10] hugetlb: fix metadata corruption in
hugetlb_fault()
On Wed, Sep 08, 2010 at 10:19:32AM +0900, Naoya Horiguchi wrote:
> Since the PageHWPoison() check is for avoiding hwpoisoned page remained
> in pagecache mapping to the process, it should be done in "found in pagecache"
> branch, not in the common path.
> Otherwise, metadata corruption occurs if memory failure happens between
> alloc_huge_page() and lock_page() because page fault fails with metadata
> changes remained (such as refcount, mapcount, etc.)
>
> This patch moves the check to "found in pagecache" branch and fix the problem.
>
> ChangeLog since v2:
> - remove retry check in "new allocation" path.
> - make description more detailed
> - change patch name from "HWPOISON, hugetlb: move PG_HWPoison bit check"
>
> Signed-off-by: Naoya Horiguchi <n-horiguchi@...jp.nec.com>
> Signed-off-by: Jun'ichi Nomura <j-nomura@...jp.nec.com>
> Reviewed-by: Wu Fengguang <fengguang.wu@...el.com>
Seems reasonable.
Acked-by: Mel Gorman <mel@....ul.ie>
> ---
> mm/hugetlb.c | 21 +++++++++------------
> 1 files changed, 9 insertions(+), 12 deletions(-)
>
> diff --git v2.6.36-rc2/mm/hugetlb.c v2.6.36-rc2/mm/hugetlb.c
> index cc5be78..6871b41 100644
> --- v2.6.36-rc2/mm/hugetlb.c
> +++ v2.6.36-rc2/mm/hugetlb.c
> @@ -2518,22 +2518,19 @@ retry:
> hugepage_add_new_anon_rmap(page, vma, address);
> }
> } else {
> + /*
> + * If memory error occurs between mmap() and fault, some process
> + * don't have hwpoisoned swap entry for errored virtual address.
> + * So we need to block hugepage fault by PG_hwpoison bit check.
> + */
> + if (unlikely(PageHWPoison(page))) {
> + ret = VM_FAULT_HWPOISON;
> + goto backout_unlocked;
> + }
> page_dup_rmap(page);
> }
>
> /*
> - * Since memory error handler replaces pte into hwpoison swap entry
> - * at the time of error handling, a process which reserved but not have
> - * the mapping to the error hugepage does not have hwpoison swap entry.
> - * So we need to block accesses from such a process by checking
> - * PG_hwpoison bit here.
> - */
> - if (unlikely(PageHWPoison(page))) {
> - ret = VM_FAULT_HWPOISON;
> - goto backout_unlocked;
> - }
> -
> - /*
> * If we are going to COW a private mapping later, we examine the
> * pending reservations for this page now. This will ensure that
> * any allocations necessary to record that reservation occur outside
> --
> 1.7.2.2
>
--
Mel Gorman
Part-time Phd Student Linux Technology Center
University of Limerick IBM Dublin Software Lab
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists