| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 May 2022 04:46:17 +0000
From: HORIGUCHI NAOYA(堀口 直也)
<naoya.horiguchi@....com>
To: Miaohe Lin <linmiaohe@...wei.com>
CC: Mike Kravetz <mike.kravetz@...cle.com>,
Naoya Horiguchi <naoya.horiguchi@...ux.dev>,
Andrew Morton <akpm@...ux-foundation.org>,
zhenwei pi <pizhenwei@...edance.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Linux-MM <linux-mm@...ck.org>
Subject: Re: [PATCH v1] mm,hwpoison: set PG_hwpoison for busy hugetlb pages
On Thu, May 12, 2022 at 10:54:05AM +0800, Miaohe Lin wrote:
> On 2022/5/12 2:35, Mike Kravetz wrote:
> > On 5/11/22 08:19, Naoya Horiguchi wrote:
> >> From: Naoya Horiguchi <naoya.horiguchi@....com>
> >>
> >> If memory_failure() fails to grab page refcount on a hugetlb page
> >> because it's busy, it returns without setting PG_hwpoison on it.
> >> This not only loses a chance of error containment, but breaks the rule
> >> that action_result() should be called only when memory_failure() do
> >> any of handling work (even if that's just setting PG_hwpoison).
> >> This inconsistency could harm code maintainability.
> >>
> >> So set PG_hwpoison and call hugetlb_set_page_hwpoison() for such a case.
>
> I'm sorry but where is hugetlb_set_page_hwpoison() defined and used ? I can't find it.
Sorry, this depends on the unmerged patch
https://lore.kernel.org/linux-mm/20220427042841.678351-2-naoya.horiguchi@linux.dev/
, so should come after that. I'll do both into a single patchset next.
...
> >> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> >> index 6a28d020a4da..e3269b991016 100644
> >> --- a/mm/memory-failure.c
> >> +++ b/mm/memory-failure.c
> >> @@ -1526,7 +1526,8 @@ int __get_huge_page_for_hwpoison(unsigned long pfn, int flags)
> >> count_increased = true;
> >> } else {
> >> ret = -EBUSY;
> >> - goto out;
> >> + if (!(flags & MF_NO_RETRY))
> >> + goto out;
> >> }
> >
> > Hi Naoya,
> >
> > We are in the else block because !HPageFreed() and !HPageMigratable().
> > IIUC, this likely means the page is isolated. One common reason for isolation
> > is migration. So, the page could be isolated and on a list for migration.
> >
> > I took a quick look at the hugetlb migration code and did not see any checks
> > for PageHWPoison after a hugetlb page is isolated. I could have missed
> > something? If there are no checks, we will read the PageHWPoison page
> > in kernel mode while copying to the migration target.
> >
> > Is this an issue? Is is something we need to be concerned with? Memory
> > errors can happen at any time, and gracefully handling them is best effort.
>
> It seems HWPoison hugetlb page will still be accessed before this patch. Can we do a
> get_page_unless_zero first here to ensure that hugetlb page migration should fail due
> to this extra page reference and thus not access the page content? If hugetlb page is
> already freezed, corrupted memory will still be consumed though. :(
Right, I have no idea about this ...
Thanks,
Naoya Horiguchi
Powered by blists - more mailing lists