lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e4da056c-8d6c-9687-0785-b1900cb7c3e2@linux.alibaba.com>
Date:   Fri, 29 May 2020 13:56:25 +0800
From:   wetp <wetp.zy@...ux.alibaba.com>
To:     HORIGUCHI NAOYA(堀口 直也) 
        <naoya.horiguchi@....com>
Cc:     "n-horiguchi@...jp.nec.com" <n-horiguchi@...jp.nec.com>,
        "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] mm, memory_failure: only send BUS_MCEERR_AO to early-kill
 process


On 2020/5/29 上午10:12, HORIGUCHI NAOYA(堀口 直也) wrote:
> On Thu, May 28, 2020 at 02:50:09PM +0800, wetp wrote:
>> On 2020/5/28 上午10:22, HORIGUCHI NAOYA(堀口 直也) wrote:
>>> Hi Zhang,
>>>
>>> Sorry for my late response.
>>>
>>> On Tue, May 26, 2020 at 03:06:41PM +0800, Wetp Zhang wrote:
>>>> From: Zhang Yi <wetpzy@...il.com>
>>>>
>>>> If a process don't need early-kill, it may not care the BUS_MCEERR_AO.
>>>> Let the process to be killed when it really access the corrupted memory.
>>>>
>>>> Signed-off-by: Zhang Yi <wetpzy@...il.com>
>>> Thank you for pointing this. This looks to me a bug (per-process flag
>>> is ignored when system-wide flag is set).
>> The flag is not problem for me.
>>
>> In my case, two processes share memory with no any flag setting, both will
>> be killed when only one
>>
>> access the fail memory.
> Thanks, now your problem seems clearer.
>
> It seems that this happens because in "Action Required" case kill_proc()
> takes the first branch for current process, while it takes the else branch
> for other affected processes:
>
>      static int kill_proc(struct to_kill *tk, unsigned long pfn, int flags)
>      {
>              ...
>      
>              if ((flags & MF_ACTION_REQUIRED) && t->mm == current->mm) {
>                      ret = force_sig_mceerr(BUS_MCEERR_AR, (void __user *)tk->addr,
>                                             addr_lsb);
>              } else {
>                      /*
>                       * Don't use force here, it's convenient if the signal
>                       * can be temporarily blocked.
>                       * This could cause a loop when the user sets SIGBUS
>                       * to SIG_IGN, but hopefully no one will do that?
>                       */
>                      ret = send_sig_mceerr(BUS_MCEERR_AO, (void __user *)tk->addr,
>                                            addr_lsb, t);  /* synchronous? */
>              }
>
> Sending SIGBUS with BUS_MCEERR_AO for action optional error is strange, so
> maybe this logic should be like this:
>
>
>              if (flags & MF_ACTION_REQUIRED) {
>                      if (t->mm == current->mm)
>                              ret = force_sig_mceerr(BUS_MCEERR_AR, (void __user *)tk->addr,
>                                             addr_lsb);
>                      /* send no signal to non-current processes */
Ok, this can solve my problem.

>              } else {
>                      /*
>                       * Don't use force here, it's convenient if the signal
>                       * can be temporarily blocked.
>                       * This could cause a loop when the user sets SIGBUS
>                       * to SIG_IGN, but hopefully no one will do that?
>                       */
>                      ret = send_sig_mceerr(BUS_MCEERR_AO, (void __user *)tk->addr,
>                                            addr_lsb, t);  /* synchronous? */
>              }
>
>>>> ---
>>>>    mm/memory-failure.c | 7 ++++---
>>>>    1 file changed, 4 insertions(+), 3 deletions(-)
>>>>
>>>> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
>>>> index a96364be8ab4..2db13d48865c 100644
>>>> --- a/mm/memory-failure.c
>>>> +++ b/mm/memory-failure.c
>>>> @@ -210,7 +210,7 @@ static int kill_proc(struct to_kill *tk, unsigned long pfn, int flags)
>>>>    {
>>>>    	struct task_struct *t = tk->tsk;
>>>>    	short addr_lsb = tk->size_shift;
>>>> -	int ret;
>>>> +	int ret = 0;
>>>>
>>>>    	pr_err("Memory failure: %#lx: Sending SIGBUS to %s:%d due to hardware memory corruption\n",
>>>>    		pfn, t->comm, t->pid);
>>>> @@ -225,8 +225,9 @@ static int kill_proc(struct to_kill *tk, unsigned long pfn, int flags)
>>>>    		 * This could cause a loop when the user sets SIGBUS
>>>>    		 * to SIG_IGN, but hopefully no one will do that?
>>>>    		 */
>>>> -		ret = send_sig_mceerr(BUS_MCEERR_AO, (void __user *)tk->addr,
>>>> -				      addr_lsb, t);  /* synchronous? */
>>>> +		if ((t->flags & PF_MCE_PROCESS) && (t->flags & PF_MCE_EARLY))
>>>> +			ret = send_sig_mceerr(BUS_MCEERR_AO,
>>>> +				(void __user *)tk->addr, addr_lsb, t);
>>> kill_proc() could be called only for processes that are selected by
>>> collect_procs() with task_early_kill().  So I think that we should fix
>>> task_early_kill(), maybe by reordering sysctl_memory_failure_early_kill
>>> check and find_early_kill_thread() check.
>>>
>>>       static struct task_struct *task_early_kill(struct task_struct *tsk,
>>>                                                  int force_early)
>>>       {
>>>               struct task_struct *t;
>>>               if (!tsk->mm)
>>>                       return NULL;
>>>               if (force_early)
>>>                       return tsk;
>> The force_early is rely the flag MF_ACTION_REQUIRED, so it is always true
>> when MCE occurs.
>>
>> This leads always sending SIGBUS to processes even if those are not current
>> or no flag setting.
>>
>>   I think it could keep the non-current processes which has no flag setting
>> running.
>>
>>
>> Besides, base on your recommendation I reorder the force_early check and
>> find_early_kill_thread()
>>
>> check, to send the signal to the right thread.
> Sorry, my previous comment around task_early_kill() is for a separate problem,
> so I'll try some fix on this later.
Thanks.

Should me send the patch V2 for my problem alone?  Or you will fix it 
with task_early_kill() together ?


> Thanks,
> Naoya Horiguchi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ