lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 May 2020 23:50:05 -0400
From:   Qian Cai <cai@....pw>
To:     Vitaly Wool <vitaly.wool@...sulko.com>
Cc:     Michal Hocko <mhocko@...e.com>,
        David Hildenbrand <david@...hat.com>,
        Linux-MM <linux-mm@...ck.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Minchan Kim <minchan@...nel.org>,
        Seth Jennings <sjenning@...hat.com>,
        Dan Streetman <ddstreet@...e.org>
Subject: Re: zswap z3fold + memory offline = infinite loop

On Wed, May 13, 2020 at 4:28 AM Vitaly Wool <vitaly.wool@...sulko.com> wrote:
>
>
>
> On Wed, May 13, 2020, 2:36 AM Qian Cai <cai@....pw> wrote:
>>
>> Put zswap z3fold pages into the memory and then offline those memory would trigger an infinite loop here in
>>
>> __offline_pages() --> do_migrate_range() because there is no error handling,
>>
>>                         if (pfn) {
>>                                 /*
>>                                  * TODO: fatal migration failures should bail
>>                                  * out
>>                                  */
>>                                 do_migrate_range(pfn, end_pfn);
>>
>> There, isolate_movable_page() will always return -EBUSY  because,
>>
>>         if (!mapping->a_ops->isolate_page(page, mode))
>>                 goto out_no_isolated;
>>
>> i.e., z3fold_page_isolate() will always return false because,
>>
>> zhdr->mapped_count == 2
>
>
> So who mapped these pages? The whole zswap operation presumes that objects are mapped for a short while to run some I/O and so, most of the time zhdr->mapped_count would be 0.

I have no clue why those pages have been mapped for so long, but it is
trivial to reproduce using the above reproducer. Also, zbud has no
such issue. Alternatively, if you could send me some debug patches to
narrow it down, I'll be happy to run for you.

>
> Removing that check in ->isolate() is not a big deal, but ->migratepage() shall not allow actual migration anyway if there are mapped objects.

Is that worse than an endless loop here?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ