lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <361D9B8E-CE8F-4BA0-8076-8384C2B7E860@oracle.com>
Date:   Thu, 22 Oct 2020 07:23:33 -0600
From:   William Kucharski <william.kucharski@...cle.com>
To:     Matthew Wilcox <willy@...radead.org>
Cc:     Qian Cai <cai@....pw>, Christoph Hellwig <hch@...radead.org>,
        "Darrick J. Wong" <darrick.wong@...cle.com>,
        linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
        linux-mm@...ck.org
Subject: Re: kernel BUG at mm/page-writeback.c:2241 [
 BUG_ON(PageWriteback(page); ]



> On Oct 21, 2020, at 6:49 PM, Matthew Wilcox <willy@...radead.org> wrote:
> 
> On Wed, Oct 21, 2020 at 08:30:18PM -0400, Qian Cai wrote:
>> Today's linux-next starts to trigger this wondering if anyone has any clue.
> 
> I've seen that occasionally too.  I changed that BUG_ON to VM_BUG_ON_PAGE
> to try to get a clue about it.  Good to know it's not the THP patches
> since they aren't in linux-next.
> 
> I don't understand how it can happen.  We have the page locked, and then we do:
> 
>                        if (PageWriteback(page)) {
>                                if (wbc->sync_mode != WB_SYNC_NONE)
>                                        wait_on_page_writeback(page);
>                                else
>                                        goto continue_unlock;
>                        }
> 
>                        VM_BUG_ON_PAGE(PageWriteback(page), page);
> 
> Nobody should be able to put this page under writeback while we have it
> locked ... right?  The page can be redirtied by the code that's supposed
> to be writing it back, but I don't see how anyone can make PageWriteback
> true while we're holding the page lock.

Looking at __test_set_page_writeback(), I see that it (and most other
callers to lock_page_memcg()) do the following:

  lock_page_memcg(page)

  /* do other stuff */

  ret = TestSetPageWriteback(page);

  /* do more stuff */

  unlock_page_memcg(page)

yet lock_page_memcg() does have a few cases where it can (silently)
return NULL to indicate an error.

Only test_clear_page_writeback() actually saves off the return value
(but it too never bothers to check whether it is NULL or not.)

Could it be one of those error conditions is occurring leading to no
lock actually being taken?

The conditions would be extremely rare, but it feels wrong not to check
somewhere:

	  struct page *head = compound_head(page); /* rmap on tail pages */

[ ... ]

          if (mem_cgroup_disabled())
              return NULL;
  again:
          memcg = head->mem_cgroup;
          if (unlikely(!memcg))
                  return NULL;










Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ