lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 29 Jan 2020 22:23:10 -0800
From:   John Hubbard <jhubbard@...dia.com>
To:     Matthew Wilcox <willy@...radead.org>
CC:     "Kirill A. Shutemov" <kirill@...temov.name>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Al Viro <viro@...iv.linux.org.uk>,
        Christoph Hellwig <hch@...radead.org>,
        Dan Williams <dan.j.williams@...el.com>,
        Dave Chinner <david@...morbit.com>,
        Ira Weiny <ira.weiny@...el.com>, Jan Kara <jack@...e.cz>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Jonathan Corbet <corbet@....net>,
        Jérôme Glisse <jglisse@...hat.com>,
        Michal Hocko <mhocko@...e.com>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Shuah Khan <shuah@...nel.org>,
        Vlastimil Babka <vbabka@...e.cz>, <linux-doc@...r.kernel.org>,
        <linux-fsdevel@...r.kernel.org>, <linux-kselftest@...r.kernel.org>,
        <linux-rdma@...r.kernel.org>, <linux-mm@...ck.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/8] mm: dump_page: print head page's refcount, for
 compound pages

On 1/29/20 2:59 PM, Matthew Wilcox wrote:
...
> I have a hunk in my current tree which looks like this:
> 
> @@ -77,6 +77,11 @@ void __dump_page(struct page *page, const char *reason)
>                  pr_warn("page:%px refcount:%d mapcount:%d mapping:%px index:%#lx
> \n",
>                          page, page_ref_count(page), mapcount,
>                          page->mapping, page_to_pgoff(page));
> +       if (PageTail(page)) {
> +               struct page *head = compound_head(page);
> +               pr_warn("head:%px mapping:%px index:%#lx\n",
> +                       head, head->mapping, page_to_pgoff(head));
> +       }
>          if (PageKsm(page))
>                  pr_warn("ksm flags: %#lx(%pGp)\n", page->flags, &page->flags);
>          else if (PageAnon(page))
> 
> I wonder if we can combine these two patches in some more useful way?
> 
> I also think we probably want a sanity check that 'head' and 'page'
> are within a sane range of each other (ie head < page and head +
> MAX_ORDER_NR_PAGES > page) to protect against a struct page that contains
> complete garbage.
> 

OK, here's a go at combining those. I like the observation, implicit in your
diffs, that PageTail rather than PageCompound is the key differentiator in
deciding what to print. How's this look:

diff --git a/mm/debug.c b/mm/debug.c
index a90da5337c14..944652843e7b 100644
--- a/mm/debug.c
+++ b/mm/debug.c
@@ -75,12 +75,31 @@ void __dump_page(struct page *page, const char *reason)
  	 */
  	mapcount = PageSlab(page) ? 0 : page_mapcount(page);
  
-	if (PageCompound(page))
-		pr_warn("page:%px refcount:%d mapcount:%d mapping:%px "
-			"index:%#lx compound_mapcount: %d\n",
-			page, page_ref_count(page), mapcount,
-			page->mapping, page_to_pgoff(page),
-			compound_mapcount(page));
+	if (PageTail(page)) {
+		struct page *head = compound_head(page);
+
+		if ((page < head) || (page >= head + MAX_ORDER_NR_PAGES)) {
+			/*
+			 * Page is hopelessly corrupted, so limit any reporting
+			 * to information about the page itself. Do not attempt
+			 * to look at the head page.
+			 */
+			pr_warn("page:%px refcount:%d mapcount:%d mapping:%px "
+				"index:%#lx (corrupted tail page case)\n",
+				page, page_ref_count(page), mapcount,
+				page->mapping, page_to_pgoff(page));
+		} else {
+			pr_warn("page:%px compound refcount:%d mapcount:%d "
+				"mapping:%px index:%#lx compound_mapcount:%d\n",
+				page, page_ref_count(head),
+				mapcount, head->mapping, page_to_pgoff(head),
+				compound_mapcount(page));
+
+			if (page_ref_count(page) != 0)
+				pr_warn("page:%px PROBLEM: non-zero refcount (==%d) on "
+					"this tail page\n", page, page_ref_count(page));
+		}
+	}
  	else
  		pr_warn("page:%px refcount:%d mapcount:%d mapping:%px index:%#lx\n",
  			page, page_ref_count(page), mapcount,

?

Here's sample output for a normal page, a tail page, and a tail page with a bad
(non-zero) refcount:

============
Normal page:
============
[   38.572084] page:ffffea0011465880 refcount:2 mapcount:1 mapping:ffff888454d99001 index:0xb2
[   38.579256] anon flags: 0x17ffe0000080036(referenced|uptodate|lru|active|swapbacked)
[   38.585799] raw: 017ffe0000080036 ffffea0011460fc8 ffffea0011466d08 ffff888454d99001
[   38.592350] raw: 00000000000000b2 0000000000000000 0000000200000000 0000000000000000
[   38.598885] page dumped because: test dump page


==========
Tail page:
==========
[   38.436384] page:ffffea0010aa0280 compound refcount:503 mapcount:1 mapping:ffff888455fb3399 index:0xa8 compound_mapcount:1
[   38.446350] anon flags: 0x17ffe0000000000()
[   38.449661] raw: 017ffe0000000000 ffffea0010aa0001 ffffea0010aa0288 dead000000000400
[   38.456228] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   38.462794] page dumped because: test dump page

============================
Tail page with bad refcount:
============================
[   38.466088] page:ffffea0010aa0b40 compound refcount:468 mapcount:1 mapping:ffff888455fb3399 index:0xa8 compound_mapcount:1
[   38.475967] page:ffffea0010aa0b40 PROBLEM: non-zero refcount (==2) on this tail page
[   38.482490] anon flags: 0x17ffe0000000000()
[   38.485432] raw: 017ffe0000000000 ffffea0010aa0001 ffffea0010aa0b48 dead000000000400
[   38.491996] raw: 0000000000000000 0000000000000000 00000002ffffffff 0000000000000000
[   38.498532] page dumped because: test bad tail page refcount



thanks,
-- 
John Hubbard
NVIDIA

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ