lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <560dc7ad-d2a3-f040-0d96-267fa1c33759@de.ibm.com>
Date:   Tue, 8 Dec 2020 19:35:21 +0100
From:   Christian Borntraeger <borntraeger@...ibm.com>
To:     Gerald Schaefer <gerald.schaefer@...ux.ibm.com>,
        Matthew Wilcox <willy@...radead.org>,
        Mike Kravetz <mike.kravetz@...cle.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-mm <linux-mm@...ck.org>, Heiko Carstens <hca@...ux.ibm.com>
Subject: Re: [RFC PATCH 0/1] "Bad page state" while freeing gigantic pages



On 08.12.20 19:28, Gerald Schaefer wrote:
> The following "Bad page state" occurs on s390 when freeing gigantic pages:
> 
> [  276.681603] BUG: Bad page state in process bash  pfn:380001
> [  276.681614] page:00000000c35f0856 refcount:0 mapcount:0 mapping:00000000126b68aa index:0x0 pfn:0x380001
> [  276.681620] aops:0x0
> [  276.681622] flags: 0x3ffff00000000000()
> [  276.681626] raw: 3ffff00000000000 0000000000000100 0000000000000122 0000000100000000
> [  276.681628] raw: 0000000000000000 0000000000000000 ffffffff00000000 0000000000000000
> [  276.681630] page dumped because: non-NULL mapping
> [  276.681632] Modules linked in:
> [  276.681637] CPU: 6 PID: 616 Comm: bash Not tainted 5.10.0-rc7-next-20201208 #1
> [  276.681639] Hardware name: IBM 3906 M03 703 (LPAR)
> [  276.681641] Call Trace:
> [  276.681648]  [<0000000458c252b6>] show_stack+0x6e/0xe8
> [  276.681652]  [<000000045971cf60>] dump_stack+0x90/0xc8
> [  276.681656]  [<0000000458e8b186>] bad_page+0xd6/0x130
> [  276.681658]  [<0000000458e8cdea>] free_pcppages_bulk+0x26a/0x800
> [  276.681661]  [<0000000458e8e67e>] free_unref_page+0x6e/0x90
> [  276.681663]  [<0000000458e8ea6c>] free_contig_range+0x94/0xe8
> [  276.681666]  [<0000000458ea5e54>] update_and_free_page+0x1c4/0x2c8
> [  276.681669]  [<0000000458ea784e>] free_pool_huge_page+0x11e/0x138
> [  276.681671]  [<0000000458ea8530>] set_max_huge_pages+0x228/0x300
> [  276.681673]  [<0000000458ea86c0>] nr_hugepages_store_common+0xb8/0x130
> [  276.681678]  [<0000000458fd5b6a>] kernfs_fop_write+0xd2/0x218
> [  276.681681]  [<0000000458ef9da0>] vfs_write+0xb0/0x2b8
> [  276.681684]  [<0000000458efa15c>] ksys_write+0xac/0xe0
> [  276.681687]  [<000000045972c5ca>] system_call+0xe6/0x288
> [  276.681730] Disabling lock debugging due to kernel taint
> 
> I bisected it to commit 1378a5ee451a ("mm: store compound_nr as well as
> compound_order"), and it seems that the new compound_nr overlaying
> page->mapping is not properly cleared, which then triggers the non-NULL
> mapping warning.
> 
> This is because only the compound_order is cleared in
> destroy_compound_gigantic_page(), and compound_nr is set to 1U << order == 1
> for order 0 in set_compound_order(page, 0).
> 
> For some reason, I can not reproduce this on x86, but I do not see where
> this could be an arch-sepcific issue. Still, I might be missing something,
> and my proposed patch also looks a bit ugly (at least to me), hence this
> RFC. Any comments?
> 
> BTW, for "normal sized" hugepages, this is not an issue, as page->mapping
> seems to be cleared explicitly in this case, in free_tail_pages_check(),
> but the freeing path for normal hugepages is quite different from that for
> gigantic pages using free_contig_range(). So a "page[1].mapping = NULL"
> might also be an option, instead of the "page[1].compound_nr = 0" in my
> patch, but that looks even more ugly, since it would clear more than
> needed.
> 
> Gerald Schaefer (1):
>   mm/hugetlb: clear compound_nr before freeing gigantic pages
> 
>  mm/hugetlb.c | 1 +
>  1 file changed, 1 insertion(+)

I cant see the patch?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ