| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Mar 2022 21:43:48 +0800
From: Miaohe Lin <linmiaohe@...wei.com>
To: Mike Kravetz <mike.kravetz@...cle.com>, <linux-mm@...ck.org>,
<linux-kernel@...r.kernel.org>
CC: HORIGUCHI NAOYA <naoya.horiguchi@....com>,
Oscar Salvador <osalvador@...e.de>,
Michal Hocko <mhocko@...e.com>,
Andrew Morton <akpm@...ux-foundation.org>,
<stable@...r.kernel.org>
Subject: Re: [PATCH] hugetlb: do not demote poisoned hugetlb pages
On 2022/3/8 5:57, Mike Kravetz wrote:
> It is possible for poisoned hugetlb pages to reside on the free lists.
> The huge page allocation routines which dequeue entries from the free
> lists make a point of avoiding poisoned pages. There is no such check
> and avoidance in the demote code path.
>
> If a hugetlb page on the is on a free list, poison will only be set in
> the head page rather then the page with the actual error. If such a
> page is demoted, then the poison flag may follow the wrong page. A page
> without error could have poison set, and a page with poison could not
> have the flag set.
>
> Check for poison before attempting to demote a hugetlb page. Also,
> return -EBUSY to the caller if only poisoned pages are on the free list.
>
> Fixes: 8531fc6f52f5 ("hugetlb: add hugetlb demote page support")
> Signed-off-by: Mike Kravetz <mike.kravetz@...cle.com>
> Cc: <stable@...r.kernel.org>
> ---
> mm/hugetlb.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index b34f50156f7e..f8ca7cca3c1a 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -3475,7 +3475,6 @@ static int demote_pool_huge_page(struct hstate *h, nodemask_t *nodes_allowed)
> {
> int nr_nodes, node;
> struct page *page;
> - int rc = 0;
>
> lockdep_assert_held(&hugetlb_lock);
>
> @@ -3486,15 +3485,19 @@ static int demote_pool_huge_page(struct hstate *h, nodemask_t *nodes_allowed)
> }
>
> for_each_node_mask_to_free(h, nr_nodes, node, nodes_allowed) {
> - if (!list_empty(&h->hugepage_freelists[node])) {
> - page = list_entry(h->hugepage_freelists[node].next,
> - struct page, lru);
> - rc = demote_free_huge_page(h, page);
> - break;
> + list_for_each_entry(page, &h->hugepage_freelists[node], lru) {
> + if (PageHWPoison(page))
> + continue;
> +
> + return demote_free_huge_page(h, page);
It seems this patch is not ideal. Memory failure can hit the hugetlb page anytime without
holding the hugetlb_lock. So the page might become HWPoison just after the check. But this
patch should have handled the common case. Many thanks for your work. :)
> }
> }
>
> - return rc;
> + /*
> + * Only way to get here is if all pages on free lists are poisoned.
> + * Return -EBUSY so that caller will not retry.
> + */
> + return -EBUSY;
> }
>
> #define HSTATE_ATTR_RO(_name) \
>
Powered by blists - more mailing lists