lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 28 Feb 2024 19:35:12 +0800
From: Yisheng Xie <ethan.xys@...ux.alibaba.com>
To: David Hildenbrand <david@...hat.com>,
 Alex Williamson <alex.williamson@...hat.com>, akpm@...ux-foundation.org
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH] vfio/type1: unpin PageReserved page


在 2024/2/27 18:27, David Hildenbrand 写道:
> On 26.02.24 18:32, Alex Williamson wrote:
>> On Tue, 27 Feb 2024 01:14:54 +0800
>> Yisheng Xie <ethan.xys@...ux.alibaba.com> wrote:
>>
>>> 在 2024/2/27 00:14, Alex Williamson 写道:
>>>> On Tue, 27 Feb 2024 00:01:06 +0800
>>>> Yisheng Xie<ethan.xys@...ux.alibaba.com>  wrote:
>>>>> We meet a warning as following:
>>>>>    WARNING: CPU: 99 PID: 1766859 at mm/gup.c:209 
>>>>> try_grab_page.part.0+0xe8/0x1b0
>>>>>    CPU: 99 PID: 1766859 Comm: qemu-kvm Kdump: loaded Tainted: GOE  
>>>>> 5.10.134-008.2.x86_64 #1
>>>> ^^^^^^^^
>>>>
>>>> Does this issue reproduce on mainline?  Thanks,
>>>
>>> I have check the code of mainline, the logical seems the same as my
>>> version.
>>>
>>> so I think it can reproduce if i understand correctly.
>>
>> I obviously can't speak to what's in your 5.10.134-008.2 kernel, but I
>> do know there's a very similar issue resolved in v6.0 mainline and
>> included in v5.10.146 of the stable tree.  Please test.  Thanks,
>
> This commit, to be precise:
>
> commit 873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4
> Author: Alex Williamson <alex.williamson@...hat.com>
> Date:   Mon Aug 29 21:05:40 2022 -0600
>
>     vfio/type1: Unpin zero pages
>         There's currently a reference count leak on the zero page.  We 
> increment
>     the reference via pin_user_pages_remote(), but the page is later 
> handled
>     as an invalid/reserved page, therefore it's not accounted against the
>     user and not unpinned by our put_pfn().
>         Introducing special zero page handling in put_pfn() would 
> resolve the
>     leak, but without accounting of the zero page, a single user could
>     still create enough mappings to generate a reference count overflow.
>         The zero page is always resident, so for our purposes there's 
> no reason
>     to keep it pinned.  Therefore, add a loop to walk pages returned from
>     pin_user_pages_remote() and unpin any zero pages.
>
>
> BUT
>
> in the meantime, we also have
>
> commit c8070b78751955e59b42457b974bea4a4fe00187
> Author: David Howells <dhowells@...hat.com>
> Date:   Fri May 26 22:41:40 2023 +0100
>
>     mm: Don't pin ZERO_PAGE in pin_user_pages()
>         Make pin_user_pages*() leave a ZERO_PAGE unpinned if it 
> extracts a pointer
>     to it from the page tables and make unpin_user_page*() 
> correspondingly
>     ignore a ZERO_PAGE when unpinning.  We don't want to risk 
> overrunning a
>     zero page's refcount as we're only allowed ~2 million pins on it -
>     something that userspace can conceivably trigger.
>         Add a pair of functions to test whether a page or a folio is a 
> ZERO_PAGE.
>
>
> So the unpin_user_page_* won't do anything with the shared zeropage.
>
> (likely, we could revert 873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4)

Thanks for your detail info. BTW, do we need handle all of the 
pagereserved page?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ