lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ea14ad49-b094-451a-8e4f-560010868930@arm.com>
Date: Fri, 17 May 2024 12:32:06 +0530
From: Anshuman Khandual <anshuman.khandual@....com>
To: Miaohe Lin <linmiaohe@...wei.com>, akpm@...ux-foundation.org
Cc: shy828301@...il.com, nao.horiguchi@...il.com, xuyu@...ux.alibaba.com,
 david@...hat.com, osalvador@...e.de, linux-mm@...ck.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] mm/huge_memory: don't unpoison huge_zero_folio

On 5/16/24 17:56, Miaohe Lin wrote:
> When I did memory failure tests recently, below panic occurs:
> 
>  kernel BUG at include/linux/mm.h:1135!
>  invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
>  CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14
>  RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0
>  RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246
>  RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8
>  RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0
>  RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492
>  R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000
>  R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00
>  FS:  0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0
>  Call Trace:
>   <TASK>
>   do_shrink_slab+0x14f/0x6a0
>   shrink_slab+0xca/0x8c0
>   shrink_node+0x2d0/0x7d0
>   balance_pgdat+0x33a/0x720
>   kswapd+0x1f3/0x410
>   kthread+0xd5/0x100
>   ret_from_fork+0x2f/0x50
>   ret_from_fork_asm+0x1a/0x30
>   </TASK>
>  Modules linked in: mce_inject hwpoison_inject
>  ---[ end trace 0000000000000000 ]---
>  RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0
>  RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246
>  RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8
>  RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0
>  RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492
>  R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000
>  R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00
>  FS:  0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000
>  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>  CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0
> 
> The root cause is that HWPoison flag will be set for huge_zero_folio
> without increasing the folio refcnt. But then unpoison_memory() will
> decrease the folio refcnt unexpectly as it appears like a successfully

Small nit, a typo in here   ^^^^^ s/unexpectly/unexpectedly/.

> hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0)
> when releasing huge_zero_folio.
> 
> Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue.
> We're not prepared to unpoison huge_zero_folio yet.
> 
> Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page")

The target commit looks right.

> Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
> Acked-by: David Hildenbrand <david@...hat.com>
> Reviewed-by: Yang Shi <shy828301@...il.com>
> Reviewed-by: Oscar Salvador <osalvador@...e.de>
> Cc: <stable@...r.kernel.org>
> ---
> v3:
>  Move up is_huge_zero_folio() check and change return value to
> -EOPNOTSUPP per Oscar.
>  Collect Reviewed-by and Acked-by tag. Thanks.
> v2:
>  Change to simply check for the huge zero page per David. Thanks.
> ---
>  mm/memory-failure.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> index 16ada4fb02b7..a9fe9eda593f 100644
> --- a/mm/memory-failure.c
> +++ b/mm/memory-failure.c
> @@ -2546,6 +2546,13 @@ int unpoison_memory(unsigned long pfn)
>  		goto unlock_mutex;
>  	}
>  
> +	if (is_huge_zero_folio(folio)) {
> +		unpoison_pr_info("Unpoison: huge zero page is not supported %#lx\n",
> +				 pfn, &unpoison_rs);
> +		ret = -EOPNOTSUPP;
> +		goto unlock_mutex;
> +	}
> +
>  	if (!PageHWPoison(p)) {
>  		unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n",
>  				 pfn, &unpoison_rs);

This patch applies on latest linux-next but not on latest mainline as
is_huge_zero_folio() is absent there.

Reviewed-by: Anshuman Khandual <anshuman.khandual@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ