lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 19 Jan 2020 14:06:18 -0800 (PST)
From:   David Rientjes <rientjes@...gle.com>
To:     Wei Yang <richardw.yang@...ux.intel.com>
cc:     akpm@...ux-foundation.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] mm/page_alloc.c: extract commom part to check page

On Sun, 19 Jan 2020, Wei Yang wrote:

> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index d047bf7d8fd4..8cd06729169f 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1025,13 +1025,9 @@ static inline bool page_expected_state(struct page *page,
>  	return true;
>  }
>  
> -static void free_pages_check_bad(struct page *page)
> +static inline const char *__check_page(struct page *page)
>  {
> -	const char *bad_reason;
> -	unsigned long bad_flags;
> -
> -	bad_reason = NULL;
> -	bad_flags = 0;
> +	const char *bad_reason = NULL;
>  
>  	if (unlikely(atomic_read(&page->_mapcount) != -1))
>  		bad_reason = "nonzero mapcount";
> @@ -1039,14 +1035,23 @@ static void free_pages_check_bad(struct page *page)
>  		bad_reason = "non-NULL mapping";
>  	if (unlikely(page_ref_count(page) != 0))
>  		bad_reason = "nonzero _refcount";
> -	if (unlikely(page->flags & PAGE_FLAGS_CHECK_AT_FREE)) {
> -		bad_reason = "PAGE_FLAGS_CHECK_AT_FREE flag(s) set";
> -		bad_flags = PAGE_FLAGS_CHECK_AT_FREE;
> -	}
>  #ifdef CONFIG_MEMCG
>  	if (unlikely(page->mem_cgroup))
>  		bad_reason = "page still charged to cgroup";
>  #endif
> +	return bad_reason;
> +}
> +
> +static void free_pages_check_bad(struct page *page)
> +{
> +	const char *bad_reason = NULL;
> +	unsigned long bad_flags = 0;
> +
> +	bad_reason = __check_page(page);
> +	if (unlikely(page->flags & PAGE_FLAGS_CHECK_AT_FREE)) {
> +		bad_reason = "PAGE_FLAGS_CHECK_AT_FREE flag(s) set";
> +		bad_flags = PAGE_FLAGS_CHECK_AT_FREE;
> +	}
>  	bad_page(page, bad_reason, bad_flags);
>  }
>  
> @@ -2044,12 +2049,7 @@ static void check_new_page_bad(struct page *page)
>  	const char *bad_reason = NULL;
>  	unsigned long bad_flags = 0;
>  
> -	if (unlikely(atomic_read(&page->_mapcount) != -1))
> -		bad_reason = "nonzero mapcount";
> -	if (unlikely(page->mapping != NULL))
> -		bad_reason = "non-NULL mapping";
> -	if (unlikely(page_ref_count(page) != 0))
> -		bad_reason = "nonzero _refcount";
> +	bad_reason = __check_page(page);
>  	if (unlikely(page->flags & __PG_HWPOISON)) {
>  		bad_reason = "HWPoisoned (hardware-corrupted)";
>  		bad_flags = __PG_HWPOISON;
> @@ -2061,10 +2061,6 @@ static void check_new_page_bad(struct page *page)
>  		bad_reason = "PAGE_FLAGS_CHECK_AT_PREP flag set";
>  		bad_flags = PAGE_FLAGS_CHECK_AT_PREP;
>  	}
> -#ifdef CONFIG_MEMCG
> -	if (unlikely(page->mem_cgroup))
> -		bad_reason = "page still charged to cgroup";
> -#endif
>  	bad_page(page, bad_reason, bad_flags);
>  }
>  

I think this is compounding a previous problem in these functions: these 
are all "if" clauses, not "else if" clauses so they are presumably ordered 
based on least significant to most significant (we only see the last 
bad_reason that we find).  For the page->mem_cgroup check, this leaves 
bad_flags set but it doesn't match bad_reason.

Could you instead fix the problem with these functions so that we actually 
list *all* the problems with the page rather than only the last 
conditional that is true?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ