| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Oct 2019 11:40:39 +0200
From: David Hildenbrand <david@...hat.com>
To: Oscar Salvador <osalvador@...e.de>, n-horiguchi@...jp.nec.com
Cc: mhocko@...nel.org, mike.kravetz@...cle.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v2 15/16] mm/hwpoison-inject: Rip off duplicated
checks
On 17.10.19 16:21, Oscar Salvador wrote:
> memory_failure() already performs the same checks, so leave it
> to the main routine.
>
> Signed-off-by: Oscar Salvador <osalvador@...e.de>
> ---
> mm/hwpoison-inject.c | 33 +++------------------------------
> 1 file changed, 3 insertions(+), 30 deletions(-)
>
> diff --git a/mm/hwpoison-inject.c b/mm/hwpoison-inject.c
> index 0c8cdb80fd7d..fdcca3df4283 100644
> --- a/mm/hwpoison-inject.c
> +++ b/mm/hwpoison-inject.c
> @@ -14,49 +14,22 @@ static struct dentry *hwpoison_dir;
> static int hwpoison_inject(void *data, u64 val)
> {
> unsigned long pfn = val;
> - struct page *p;
> - struct page *hpage;
> - int err;
>
> if (!capable(CAP_SYS_ADMIN))
> return -EPERM;
>
> - if (!pfn_valid(pfn))
> - return -ENXIO;
> -
> - p = pfn_to_page(pfn);
> - hpage = compound_head(p);
> -
> - if (!hwpoison_filter_enable)
> - goto inject;
> -
> - shake_page(hpage, 0);
> - /*
> - * This implies unable to support non-LRU pages.
> - */
> - if (!PageLRU(hpage) && !PageHuge(p))
> - return 0;
> -
> - /*
> - * do a racy check to make sure PG_hwpoison will only be set for
> - * the targeted owner (or on a free page).
> - * memory_failure() will redo the check reliably inside page lock.
> - */
> - err = hwpoison_filter(hpage);
> - if (err)
> - return 0;
> -
> -inject:
> pr_info("Injecting memory failure at pfn %#lx\n", pfn);
> return memory_failure(pfn, 0);
> }
>
I explored somewhere already why this code was added:
commit 31d3d3484f9bd263925ecaa341500ac2df3a5d9b
Author: Wu Fengguang <fengguang.wu@...el.com>
Date: Wed Dec 16 12:19:59 2009 +0100
HWPOISON: limit hwpoison injector to known page types
__memory_failure()'s workflow is
set PG_hwpoison
//...
unset PG_hwpoison if didn't pass hwpoison filter
That could kill unrelated process if it happens to page fault on the
page with the (temporary) PG_hwpoison. The race should be big enough to
appear in stress tests.
Fix it by grabbing the page and checking filter at inject time. This
also avoids the very noisy "Injecting memory failure..." messages.
- we don't touch madvise() based injection, because the filters are
generally not necessary for it.
- if we want to apply the filters to h/w aided injection, we'd better to
rearrange the logic in __memory_failure() instead of this patch.
AK: fix documentation, use drain all, cleanups
You should justify why it is okay to do rip that code out now.
It's not just duplicate checks.
Was the documented race fixed?
Will we fix the race within memory_failure() later?
Don't we care?
Also, you should add that this fixes the access of uninitialized memmaps
now and makes the interface work correctly with devmem.
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists