lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240426154919.hupoxurihhbfj67x@quentin>
Date: Fri, 26 Apr 2024 15:49:19 +0000
From: "Pankaj Raghav (Samsung)" <kernel@...kajraghav.com>
To: Matthew Wilcox <willy@...radead.org>
Cc: djwong@...nel.org, brauner@...nel.org, david@...morbit.com,
	chandan.babu@...cle.com, akpm@...ux-foundation.org,
	linux-fsdevel@...r.kernel.org, hare@...e.de,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org,
	linux-xfs@...r.kernel.org, mcgrof@...nel.org, gost.dev@...sung.com,
	p.raghav@...sung.com
Subject: Re: [PATCH v4 05/11] mm: do not split a folio if it has minimum
 folio order requirement

On Thu, Apr 25, 2024 at 09:10:16PM +0100, Matthew Wilcox wrote:
> On Thu, Apr 25, 2024 at 01:37:40PM +0200, Pankaj Raghav (Samsung) wrote:
> > From: Pankaj Raghav <p.raghav@...sung.com>
> > 
> > Splitting a larger folio with a base order is supported using
> > split_huge_page_to_list_to_order() API. However, using that API for LBS
> > is resulting in an NULL ptr dereference error in the writeback path [1].
> > 
> > Refuse to split a folio if it has minimum folio order requirement until
> > we can start using split_huge_page_to_list_to_order() API. Splitting the
> > folio can be added as a later optimization.
> > 
> > [1] https://gist.github.com/mcgrof/d12f586ec6ebe32b2472b5d634c397df
> 
> Obviously this has to be tracked down and fixed before this patchset can
> be merged ... I think I have some ideas.  Let me look a bit.  How
> would I go about reproducing this?

I am able to reproduce it in a VM with 4G RAM and running generic/447
(sometimes you have to run it twice) on a 16K BS on a 4K PS system.

I have a suspicion on this series: https://lore.kernel.org/linux-fsdevel/20240215063649.2164017-1-hch@lst.de/
but I am still unsure why this is happening when we split with LBS
configurations.

If you have kdevops installed, then go with Luis's suggestion, or else
this is my local config.

This is the diff I applied instead of this patch:

diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 9859aa4f7553..63ee7b6ed03d 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -3041,6 +3041,10 @@ int split_huge_page_to_list_to_order(struct page *page, struct list_head *list,
 {
        struct folio *folio = page_folio(page);
        struct deferred_split *ds_queue = get_deferred_split_queue(folio);
+       unsigned int mapping_min_order = mapping_min_folio_order(folio->mapping);
+
+       if (!folio_test_anon(folio))
+               new_order = max_t(unsigned int, mapping_min_order, new_order);
        /* reset xarray order to new order after split */
        XA_STATE_ORDER(xas, &folio->mapping->i_pages, folio->index, new_order);
        struct anon_vma *anon_vma = NULL;
@@ -3117,6 +3121,8 @@ int split_huge_page_to_list_to_order(struct page *page, struct list_head *list,
                        goto out;
                }
 
+               // XXX: Remove it later
+               VM_WARN_ON_FOLIO((new_order < mapping_min_order), folio);
                gfp = current_gfp_context(mapping_gfp_mask(mapping) &
                                                        GFP_RECLAIM_MASK);
 
(END)

xfstests is based on https://github.com/kdave/xfstests/tree/v2024.04.14

xfstests config:

[default]
FSTYP=xfs
RESULT_BASE=/root/results/
DUMP_CORRUPT_FS=1
CANON_DEVS=yes
RECREATE_TEST_DEV=true
TEST_DEV=/dev/nvme0n1
TEST_DIR=/media/test
SCRATCH_DEV=/dev/vdb
SCRATCH_MNT=/media/scratch
LOGWRITES_DEV=/dev/vdc

[16k_4ks]
MKFS_OPTIONS='-f -m reflink=1,rmapbt=1, -i sparse=1, -b size=16k, -s size=4k'

[nix-shell:~]# lsblk
NAME    MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
vdb     254:16   0   32G  0 disk /media/scratch
vdc     254:32   0   32G  0 disk 
nvme0n1 259:0    0   32G  0 disk /media/test

$ ./check -s 16k_4ks generic/447

BT:
[   74.170698] BUG: KASAN: null-ptr-deref in filemap_get_folios_tag+0x14b/0x510                                                                                                                                                                                                                                                                                                               
[   74.170938] Write of size 4 at addr 0000000000000036 by task kworker/u16:6/284                                                                                                                                                                                                                                                                                                             
[   74.170938]                                                                                                                                                                                                                                                                                                                                                                                
[   74.170938] CPU: 0 PID: 284 Comm: kworker/u16:6 Not tainted 6.9.0-rc4-00011-g4676d00b6f6f #7                                                                                                                                                                                                                                                                                               
[   74.170938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014                                                                                                                                                                                                                                                               
[   74.170938] Workqueue: writeback wb_workfn (flush-254:16)                                                                                                                                                                                                                                                                                                                                  
[   74.170938] Call Trace:                                                                                                                                                                                                                                                                                                                                                                    
[   74.170938]  <TASK>                                                                                                                                                                                                                                                                                                                                                                        
[   74.170938]  dump_stack_lvl+0x51/0x70                                                                                                                                                                                                                                                                                                                                                      
[   74.170938]  kasan_report+0xab/0xe0                                                                                                                                                                                                                                                                                                                                                        
[   74.170938]  ? filemap_get_folios_tag+0x14b/0x510                                                                                                                                                                                                                                                                                                                                          
[   74.170938]  kasan_check_range+0x35/0x1b0                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  filemap_get_folios_tag+0x14b/0x510                                                                                                                                                                                                                                                                                                                                            
[   74.170938]  ? __pfx_filemap_get_folios_tag+0x10/0x10                                                                                                                                                                                                                                                                                                                                      
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  writeback_iter+0x508/0xcc0                                                                                                                                                                                                                                                                                                                                                    
[   74.170938]  ? __pfx_iomap_do_writepage+0x10/0x10                                                                                                                                                                                                                                                                                                                                          
[   74.170938]  write_cache_pages+0x80/0x100                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? __pfx_write_cache_pages+0x10/0x10                                                                                                                                                                                                                                                                                                                                           
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? _raw_spin_lock+0x87/0xe0                                                                                                                                                                                                                                                                                                                                                    
[   74.170938]  iomap_writepages+0x85/0xe0                                                                                                                                                                                                                                                                                                                                                    
[   74.170938]  xfs_vm_writepages+0xe3/0x140 [xfs]                                                                                                                                                                                                                                                                                                                                            
[   74.170938]  ? __pfx_xfs_vm_writepages+0x10/0x10 [xfs]                                                                                                                                                                                                                                                                                                                                     
[   74.170938]  ? kasan_save_track+0x10/0x30                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? __kasan_kmalloc+0x7b/0x90                                                                                                                                                                                                                                                                                                                                                   
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? virtqueue_add_split+0x605/0x1b00                                                                                                                                                                                                                                                                                                                                            
[   74.170938]  do_writepages+0x176/0x740                                                                                                                                                                                                                                                                                                                                                     
[   74.170938]  ? __pfx_do_writepages+0x10/0x10                                                                                                                                                                                                                                                                                                                                               
[   74.170938]  ? __pfx_virtqueue_add_split+0x10/0x10                                                                                                                                                                                                                                                                                                                                         
[   74.170938]  ? __pfx_update_sd_lb_stats.constprop.0+0x10/0x10                                                                                                                                                                                                                                                                                                                              
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? virtqueue_add_sgs+0xfe/0x130                                                                                                                                                                                                                                                                                                                                                
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? virtblk_add_req+0x15c/0x280                                                                                                                                                                                                                                                                                                                                                 
[   74.170938]  __writeback_single_inode+0x9f/0x840                                                                                                                                                                                                                                                                                                                                           
[   74.170938]  ? wbc_attach_and_unlock_inode+0x345/0x5d0                                                                                                                                                                                                                                                                                                                                     
[   74.170938]  writeback_sb_inodes+0x491/0xce0                                                                                                                                                                                                                                                                                                                                               
[   74.170938]  ? __pfx_wb_calc_thresh+0x10/0x10                                                                                                                                                                                                                                                                                                                                              
[   74.170938]  ? __pfx_writeback_sb_inodes+0x10/0x10                                                                                                                                                                                                                                                                                                                                         
[   74.170938]  ? __wb_calc_thresh+0x1a0/0x3c0                                                                                                                                                                                                                                                                                                                                                
[   74.170938]  ? __pfx_down_read_trylock+0x10/0x10                                                                                                                                                                                                                                                                                                                                           
[   74.170938]  ? wb_over_bg_thresh+0x16b/0x5e0                                                                                                                                                                                                                                                                                                                                               
[   74.170938]  ? __pfx_move_expired_inodes+0x10/0x10                                                                                                                                                                                                                                                                                                                                         
[   74.170938]  __writeback_inodes_wb+0xb7/0x200                                                                                                                                                                                                                                                                                                                                              
[   74.170938]  wb_writeback+0x2c4/0x660                                                                                                                                                                                                                                                                                                                                                      
[   74.170938]  ? __pfx_wb_writeback+0x10/0x10                                                                                                                                                                                                                                                                                                                                                
[   74.170938]  ? __pfx__raw_spin_lock_irq+0x10/0x10                                                                                                                                                                                                                                                                                                                                          
[   74.170938]  wb_workfn+0x54e/0xaf0                                                                                                                                                                                                                                                                                                                                                         
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? __pfx_wb_workfn+0x10/0x10                                                                                                                                                                                                                                                                                                                                                   
[   74.170938]  ? __pfx___schedule+0x10/0x10                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? __pfx__raw_spin_lock_irq+0x10/0x10                                                                                                                                                                                                                                                                                                                                          
[   74.170938]  process_one_work+0x622/0x1020                                                                                                                                                                                                                                                                                                                                                 
[   74.170938]  worker_thread+0x844/0x10e0                                                                                                                                                                                                                                                                                                                                                    
[   74.170938]  ? srso_return_thunk+0x5/0x5f                                                                                                                                                                                                                                                                                                                                                  
[   74.170938]  ? __kthread_parkme+0x82/0x150                                                                                                                                                                                                                                                                                                                                                 
[   74.170938]  ? __pfx_worker_thread+0x10/0x10                                                                                                                                                                                                                                                                                                                                               
[   74.170938]  kthread+0x2b4/0x380                                                                                                                                                                                                                                                                                                                                                           
[   74.170938]  ? __pfx_kthread+0x10/0x10                                                                                                                                                                                                                                                                                                                                                     
[   74.170938]  ret_from_fork+0x30/0x70                                                                                                                                                                                                                                                                                                                                                       
[   74.170938]  ? __pfx_kthread+0x10/0x10                                                                                                                                                                                                                                                                                                                                                     
[   74.170938]  ret_from_fork_asm+0x1a/0x30       
[   74.170938]  </TASK>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ