| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 21:56:52 +0800
From: Miaohe Lin <linmiaohe@...wei.com>
To: Naoya Horiguchi <naoya.horiguchi@...ux.dev>
CC: Andrew Morton <akpm@...ux-foundation.org>,
David Hildenbrand <david@...hat.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Liu Shixin <liushixin2@...wei.com>,
Yang Shi <shy828301@...il.com>,
Oscar Salvador <osalvador@...e.de>,
Muchun Song <songmuchun@...edance.com>,
Naoya Horiguchi <naoya.horiguchi@....com>,
<linux-kernel@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>
Subject: Re: [PATCH v1 4/5] mm, hwpoison: skip raw hwpoison page in freeing
1GB hugepage
On 2022/6/2 13:06, Naoya Horiguchi wrote:
> From: Naoya Horiguchi <naoya.horiguchi@....com>
>
> Currently if memory_failure() (modified to remove blocking code) is called
> on a page in some 1GB hugepage, memory error handling returns failure and
> the raw error page gets into undesirable state. The impact is small in
> production systems (just leaked single 4kB page), but this limits the test
> efficiency because unpoison doesn't work for it. So we can no longer
I think I get the point after I have read the above commit log several times and refered to
the discussion in [1]. The impact is small due to the 1G hugepage is dissolved while memory
error handling returns failure. So we just leak single 4KB page and unpoison doesn't work for
it due to page refcnt is 0. Do I get the point?
[1] https://lore.kernel.org/all/20220519021757.GA520829@hori.linux.bs1.fc.nec.co.jp/
Although I wonder why __page_handle_poison() fails for 1GB hugepage, the code itself looks good
to me. Thanks!
Reviewed-by: Miaohe Lin <linmiaohe@...wei.com>
> create 1GB hugepage on the 1GB physical address range with such hwpoison
> pages, that could be an issue in testing on small systems.
>
> When a hwpoison page in a 1GB hugepage is handled, it's caught by the
> PageHWPoison check in free_pages_prepare() because the hugepage is broken
> down into raw error page and order is 0:
>
> if (unlikely(PageHWPoison(page)) && !order) {
> ...
> return false;
> }
>
> Then, the page is not sent to buddy and the page refcount is left 0.
>
> Originally this check is supposed to work when the error page is freed from
> page_handle_poison() (that is called from soft-offline), but now we are
> opening another path to call it, so the callers of __page_handle_poison()
> need to handle the case by considering the return value 0 as success. Then
> page refcount for hwpoison is properly incremented and now unpoison works.
>
> Signed-off-by: Naoya Horiguchi <naoya.horiguchi@....com>
> ---
> mm/memory-failure.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> index f149a7864c81..babeb34f7477 100644
> --- a/mm/memory-failure.c
> +++ b/mm/memory-failure.c
> @@ -1043,7 +1043,6 @@ static int me_huge_page(struct page_state *ps, struct page *p)
> res = truncate_error_page(hpage, page_to_pfn(p), mapping);
> unlock_page(hpage);
> } else {
> - res = MF_FAILED;
> unlock_page(hpage);
> /*
> * migration entry prevents later access on error anonymous
> @@ -1051,9 +1050,11 @@ static int me_huge_page(struct page_state *ps, struct page *p)
> * save healthy subpages.
> */
> put_page(hpage);
> - if (__page_handle_poison(p) > 0) {
> + if (__page_handle_poison(p) >= 0) {
> page_ref_inc(p);
> res = MF_RECOVERED;
> + } else {
> + res = MF_FAILED;
> }
> }
>
> @@ -1601,9 +1602,11 @@ static int try_memory_failure_hugetlb(unsigned long pfn, int flags, int *hugetlb
> */
> if (res == 0) {
> unlock_page(head);
> - if (__page_handle_poison(p) > 0) {
> + if (__page_handle_poison(p) >= 0) {
> page_ref_inc(p);
> res = MF_RECOVERED;
> + } else {
> + res = MF_FAILED;
> }
> action_result(pfn, MF_MSG_FREE_HUGE, res);
> return res == MF_RECOVERED ? 0 : -EBUSY;
>
Powered by blists - more mailing lists