lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1403806972-14267-1-git-send-email-andi@firstfloor.org>
Date:	Thu, 26 Jun 2014 11:22:52 -0700
From:	Andi Kleen <andi@...stfloor.org>
To:	linux-mm@...ck.org
Cc:	akpm@...ux-foundation.org, tony.luck@...el.com,
	linux-kernel@...r.kernel.org, Andi Kleen <ak@...ux.intel.com>,
	Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
	dave.hansen@...ux.intel.com
Subject: [PATCH] hwpoison: Fix race with changing page during offlining

From: Andi Kleen <ak@...ux.intel.com>

While running the mcelog test suite on 3.14 I hit the following VM_BUG_ON:

soft_offline: 0x56d4: unknown non LRU page type 3ffff800008000
page:ffffea000015b400 count:3 mapcount:2097169 mapping:          (null) index:0xffff8800056d7000
page flags: 0x3ffff800004081(locked|slab|head)
------------[ cut here ]------------
kernel BUG at mm/rmap.c:1495!

I think what happened is that a LRU page turned into a slab page in parallel
with offlining. memory_failure initially tests for this case, but doesn't
retest later after the page has been locked.

This patch fixes this race. It also check for the case that the page
changed compound pages.

Unfortunately since it's a race I wasn't able to reproduce later,
so the specific case is not tested.

Cc: Naoya Horiguchi <n-horiguchi@...jp.nec.com>
Cc: dave.hansen@...ux.intel.com
Signed-off-by: Andi Kleen <ak@...ux.intel.com>
---
 mm/memory-failure.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 90002ea..e277726a 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -1143,6 +1143,22 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
 	lock_page(hpage);
 
 	/*
+	 * The page could have turned into a non LRU page or
+	 * changed compound pages during the locking.
+	 * If this happens just bail out.
+	 */
+	if (compound_head(p) != hpage) {
+		action_result(pfn, "different compound page after locking", IGNORED);
+		res = -EBUSY;
+		goto out;
+	}
+	if (!PageLRU(hpage)) {
+		action_result(pfn, "non LRU after locking", IGNORED);
+		res = -EBUSY;
+		goto out;
+	}
+
+	/*
 	 * We use page flags to determine what action should be taken, but
 	 * the flags can be modified by the error containment action.  One
 	 * example is an mlocked page, where PG_mlocked is cleared by
-- 
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ