| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <da00f435-a867-0108-8855-872019d85d44@suse.cz>
Date: Thu, 6 Aug 2020 17:53:10 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: Matthew Wilcox <willy@...radead.org>
Cc: John Hubbard <jhubbard@...dia.com>,
Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>, linux-mm@...ck.org,
cai@....pw, kirill@...temov.name, rppt@...ux.ibm.com,
william.kucharski@...cle.com,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [PATCH v2] mm, dump_page: do not crash with bad
compound_mapcount()
On 8/6/20 5:39 PM, Matthew Wilcox wrote:
>> >> +++ b/mm/huge_memory.c
>> >> @@ -2125,7 +2125,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd,
>> >> * Set PG_double_map before dropping compound_mapcount to avoid
>> >> * false-negative page_mapped().
>> >> */
>> >> - if (compound_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) {
>> >> + if (head_mapcount(page) > 1 && !TestSetPageDoubleMap(page)) {
>> >
>> > I'm a little nervous about this one. The page does actually come from
>> > pmd_page(), and today that's guaranteed to be a head page. But I'm
>> > not convinced that's going to still be true in twenty years. With the
>> > current THP patchset, I won't allocate pages larger than PMD order, but
>> > I can see there being interest in tracking pages in chunks larger than
>> > 2MB in the future. And then pmd_page() might well return a tail page.
>> > So it might be a good idea to not convert this one.
>>
>> Hmm the function converts the compound mapcount of the whole page to a
>> HPAGE_PMD_NR of base pages. If suddenly the compound page was bigger than a pmd,
>> then I guess this wouldn't work properly anymore without changes anyway?
>> Maybe we could stick something like VM_BUG_ON(PageTransHuge(page)) there as
>> "enforced documentation" for now?
>
> I think it would work as-is. But also I may have totally misunderstood it.
> I'll write this declaratively and specifically for x86 (PMD order is 9)
> ... tell me when I've made a mistake ;-)
>
> This function is for splitting the PMD. We're leaving the underlying
> page intact and just changing the page table. So if, say, we have an
> underlying 4MB page (and maybe the pages are mapped as PMDs in this
> process), we might get subpage number 512 of this order-10 page. We'd
> need to check the DoubleMap bit on subpage 1, and the compound_mapcount
> also stored in page 1, but we'd only want to spread the mapcount out
> over the 512 subpages from 512-1023; we wouldn't want to spread it out
> over 0-511 because they aren't affected by this particular PMD.
Yeah, and then we decrease the compound mapcount, which is a counter of "how
many times is this compound page mapped as a whole". But we only removed (the
second) half of the compound mapping, so imho that would be wrong?
> Having to reason about stuff like this is why I limited the THP code to
> stop at PMD order ... I don't want to make my life even more complicated
> than I have to!
Kirill might correct me but I'd expect the THP code right now has baked in many
assumptions about THP pages being exactly HPAGE_PMD_ORDER large?
Powered by blists - more mailing lists