lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1355140690.1821.6.camel@kernel.cn.ibm.com>
Date:	Mon, 10 Dec 2012 05:58:10 -0600
From:	Simon Jeons <simon.jeons@...il.com>
To:	Xishi Qiu <qiuxishi@...wei.com>
Cc:	Wanpeng Li <liwanp@...ux.vnet.ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	WuJianguo <wujianguo@...wei.com>,
	Liujiang <jiang.liu@...wei.com>, Vyacheslav.Dubeyko@...wei.com,
	Borislav Petkov <bp@...en8.de>, andi@...stfloor.org,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	wency@...fujitsu.com
Subject: Re: [PATCH V2] MCE: fix an error of mce_bad_pages statistics

On Mon, 2012-12-10 at 19:16 +0800, Xishi Qiu wrote:
> On 2012/12/10 18:47, Simon Jeons wrote:
> 
> > On Mon, 2012-12-10 at 17:06 +0800, Xishi Qiu wrote:
> >> On 2012/12/10 16:33, Wanpeng Li wrote:
> >>
> >>> On Fri, Dec 07, 2012 at 02:11:02PM -0800, Andrew Morton wrote:
> >>>> On Fri, 7 Dec 2012 16:48:45 +0800
> >>>> Xishi Qiu <qiuxishi@...wei.com> wrote:
> >>>>
> >>>>> On x86 platform, if we use "/sys/devices/system/memory/soft_offline_page" to offline a
> >>>>> free page twice, the value of mce_bad_pages will be added twice. So this is an error,
> >>>>> since the page was already marked HWPoison, we should skip the page and don't add the
> >>>>> value of mce_bad_pages.
> >>>>>
> >>>>> $ cat /proc/meminfo | grep HardwareCorrupted
> >>>>>
> >>>>> soft_offline_page()
> >>>>> 	get_any_page()
> >>>>> 		atomic_long_add(1, &mce_bad_pages)
> >>>>>
> >>>>> ...
> >>>>>
> >>>>> --- a/mm/memory-failure.c
> >>>>> +++ b/mm/memory-failure.c
> >>>>> @@ -1582,8 +1582,11 @@ int soft_offline_page(struct page *page, int flags)
> >>>>>  		return ret;
> >>>>>
> >>>>>  done:
> >>>>> -	atomic_long_add(1, &mce_bad_pages);
> >>>>> -	SetPageHWPoison(page);
> >>>>>  	/* keep elevated page count for bad page */
> >>>>> +	if (!PageHWPoison(page)) {
> >>>>> +		atomic_long_add(1, &mce_bad_pages);
> >>>>> +		SetPageHWPoison(page);
> >>>>> +	}
> >>>>> +
> >>>>>  	return ret;
> >>>>>  }
> >>>>
> >>>> A few things:
> >>>>
> >>>> - soft_offline_page() already checks for this case:
> >>>>
> >>>> 	if (PageHWPoison(page)) {
> >>>> 		unlock_page(page);
> >>>> 		put_page(page);
> >>>> 		pr_info("soft offline: %#lx page already poisoned\n", pfn);
> >>>> 		return -EBUSY;
> >>>> 	}
> >>>>
> >>>>  so why didn't this check work for you?
> >>>>
> >>>>  Presumably because one of the earlier "goto done" branches was
> >>>>  taken.  Which one, any why?
> >>>>
> >>>>  This function is an utter mess.  It contains six return points
> >>>>  randomly intermingled with three "goto done" return points.
> >>>>
> >>>>  This mess is probably the cause of the bug you have observed.  Can
> >>>>  we please fix it up somehow?  It *seems* that the design (lol) of
> >>>>  this function is "for errors, return immediately.  For success, goto
> >>>>  done".  In which case "done" should have been called "success".  But
> >>>>  if you just look at the function you'll see that this approach didn't
> >>>>  work.  I suggest it be converted to have two return points - one for
> >>>>  the success path, one for the failure path.  Or something.
> >>>>
> >>>> - soft_offline_huge_page() is a miniature copy of soft_offline_page()
> >>>>  and might suffer the same bug.
> >>>>
> >>>> - A cleaner, shorter and possibly faster implementation is
> >>>>
> >>>> 	if (!TestSetPageHWPoison(page))
> >>>> 		atomic_long_add(1, &mce_bad_pages);
> >>>>
> >>>
> >>> Hi Andrew,
> >>>
> >>> Since hwpoison bit for free buddy page has already be set in get_any_page, 
> >>> !TestSetPageHWPoison(page) will not increase mce_bad_pages count even for 
> >>> the first time.
> >>>
> >>> Regards,
> >>> Wanpeng Li
> >>>
> >>
> >> The poisoned page is isolated in bad_page(), I wonder whether it could be isolated
> >> immediately in soft_offline_page() and memory_failure()?
> >>
> >> buffered_rmqueue()
> >> 	prep_new_page()
> >> 		check_new_page()
> >> 			bad_page()
> > 
> > Do you mean else if(is_free_buddy_page(p)) branch is redundancy?
> > 
> 
> Hi Simon,
> 
> get_any_page() -> "else if(is_free_buddy_page(p))" branch is *not* redundancy.
> 
> It is another topic, I mean since the page is poisoned, so why not isolate it

What topic? I still can't figure out when this branch can be executed
since hwpoison inject path can't poison free buddy pages.

> from page buddy alocator in soft_offline_page() rather than in check_new_page().
> 
> I find soft_offline_page() only migrate the page and mark HWPoison, the poisoned
> page is still managed by page buddy alocator.
> 
> >>
> >> Thanks
> >> Xishi Qiu
> >>
> >>>> - We have atomic_long_inc().  Use it?
> >>>>
> >>>> - Why do we have a variable called "mce_bad_pages"?  MCE is an x86
> >>>>  concept, and this code is in mm/.  Lights are flashing, bells are
> >>>>  ringing and a loudspeaker is blaring "layering violation" at us!
> >>>>
> 
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ