| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 May 2022 10:54:05 +0800
From: Miaohe Lin <linmiaohe@...wei.com>
To: Mike Kravetz <mike.kravetz@...cle.com>,
Naoya Horiguchi <naoya.horiguchi@...ux.dev>
CC: Andrew Morton <akpm@...ux-foundation.org>,
zhenwei pi <pizhenwei@...edance.com>,
Naoya Horiguchi <naoya.horiguchi@....com>,
<linux-kernel@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>
Subject: Re: [PATCH v1] mm,hwpoison: set PG_hwpoison for busy hugetlb pages
On 2022/5/12 2:35, Mike Kravetz wrote:
> On 5/11/22 08:19, Naoya Horiguchi wrote:
>> From: Naoya Horiguchi <naoya.horiguchi@....com>
>>
>> If memory_failure() fails to grab page refcount on a hugetlb page
>> because it's busy, it returns without setting PG_hwpoison on it.
>> This not only loses a chance of error containment, but breaks the rule
>> that action_result() should be called only when memory_failure() do
>> any of handling work (even if that's just setting PG_hwpoison).
>> This inconsistency could harm code maintainability.
>>
>> So set PG_hwpoison and call hugetlb_set_page_hwpoison() for such a case.
I'm sorry but where is hugetlb_set_page_hwpoison() defined and used ? I can't find it.
>>
>> Fixes: 405ce051236c ("mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb()")
>> Signed-off-by: Naoya Horiguchi <naoya.horiguchi@....com>
>> ---
>> include/linux/mm.h | 1 +
>> mm/memory-failure.c | 8 ++++----
>> 2 files changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/linux/mm.h b/include/linux/mm.h
>> index d446e834a3e5..04de0c3e4f9f 100644
>> --- a/include/linux/mm.h
>> +++ b/include/linux/mm.h
>> @@ -3187,6 +3187,7 @@ enum mf_flags {
>> MF_MUST_KILL = 1 << 2,
>> MF_SOFT_OFFLINE = 1 << 3,
>> MF_UNPOISON = 1 << 4,
>> + MF_NO_RETRY = 1 << 5,
>> };
>> extern int memory_failure(unsigned long pfn, int flags);
>> extern void memory_failure_queue(unsigned long pfn, int flags);
>> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
>> index 6a28d020a4da..e3269b991016 100644
>> --- a/mm/memory-failure.c
>> +++ b/mm/memory-failure.c
>> @@ -1526,7 +1526,8 @@ int __get_huge_page_for_hwpoison(unsigned long pfn, int flags)
>> count_increased = true;
>> } else {
>> ret = -EBUSY;
>> - goto out;
>> + if (!(flags & MF_NO_RETRY))
>> + goto out;
>> }
>
> Hi Naoya,
>
> We are in the else block because !HPageFreed() and !HPageMigratable().
> IIUC, this likely means the page is isolated. One common reason for isolation
> is migration. So, the page could be isolated and on a list for migration.
>
> I took a quick look at the hugetlb migration code and did not see any checks
> for PageHWPoison after a hugetlb page is isolated. I could have missed
> something? If there are no checks, we will read the PageHWPoison page
> in kernel mode while copying to the migration target.
>
> Is this an issue? Is is something we need to be concerned with? Memory
> errors can happen at any time, and gracefully handling them is best effort.
It seems HWPoison hugetlb page will still be accessed before this patch. Can we do a
get_page_unless_zero first here to ensure that hugetlb page migration should fail due
to this extra page reference and thus not access the page content? If hugetlb page is
already freezed, corrupted memory will still be consumed though. :(
Thanks!
>
Powered by blists - more mailing lists