| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f9e9e33b-3338-44bc-abbf-5a9328719601@airmail.cc>
Date: Thu, 16 Oct 2025 21:54:00 +0000
From: craftfever <craftfever@...mail.cc>
To: Andrew Morton <akpm@...ux-foundation.org>,
Pedro Demarchi Gomes <pedrodemargomes@...il.com>
Cc: David Hildenbrand <david@...hat.com>, Xu Xin <xu.xin16@....com.cn>,
Chengming Zhou <chengming.zhou@...ux.dev>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] ksm: use range-walk function to jump over holes in
scan_get_next_rmap_item
Andrew Morton wrote:
> On Wed, 15 Oct 2025 22:22:36 -0300 Pedro Demarchi Gomes <pedrodemargomes@...il.com> wrote:
>
>> Currently, scan_get_next_rmap_item() walks every page address in a VMA
>> to locate mergeable pages. This becomes highly inefficient when scanning
>> large virtual memory areas that contain mostly unmapped regions.
>>
>> This patch replaces the per-address lookup with a range walk using
>> walk_page_range(). The range walker allows KSM to skip over entire
>> unmapped holes in a VMA, avoiding unnecessary lookups.
>> This problem was previously discussed in [1].
>>
>> ...
>>
>> Reported-by: craftfever <craftfever@...mail.cc>
>> Closes: https://lkml.kernel.org/r/020cf8de6e773bb78ba7614ef250129f11a63781@murena.io
>> Suggested-by: David Hildenbrand <david@...hat.com>
>> Signed-off-by: Pedro Demarchi Gomes <pedrodemargomes@...il.com>
>
> Is Fixes: b1d3e9bbccb4 ("mm/ksm: convert scan_get_next_rmap_item() from
> follow_page() to folio_walk") appropriate?
>
> The problem which is being addressed seems pretty serious. What do
> people think about proposing a -stable backport of this fix?
>
> It would be better if this changelog were to describe the user-visible
> effects of the problem. A copy-n-paste from
> https://bugzilla.kernel.org/show_bug.cgi?id=220599 would suffice.
Emergency Update:
A moment ago I had ksmd crashed, so patch really needs further work. Trace:
[ 2472.174930] BUG: Bad page map in process ksmd pte:fffffffffffff600
[ 2472.174938] pgd:11394a067 p4d:11394a067 pud:100f96067 pmd:102c68067
[ 2472.174941] addr:00007f2ae1511000 vm_flags:c8100073
anon_vma:ffff8ab79bcea1a0 mapping:0000000000000000 index:7f2ae1511
[ 2472.174944] file:(null) fault:0x0 mmap:0x0 mmap_prepare: 0x0
read_folio:0x0
[ 2472.174978] CPU: 2 UID: 0 PID: 52 Comm: ksmd Tainted: G S BU OE
6.18.0-rc1-1-git-00014-g1f4a222b0e33-dirty #4 PREEMPT(voluntary)
b9513c77908d39edabd314a5ac9b34ef2c53c2c8
[ 2472.174984] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [U]=USER,
[O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[ 2472.174985] Hardware name: FUJITSU LIFEBOOK AH532/G21/FJNBB1D, BIOS
Version 1.12 06/10/2019
[ 2472.174987] Sched_ext:
rusty_1.0.16_ge25cc6e5_dirty_x86_64_unknown_linux_gnu (enabled+all),
task: runnable_at=-5ms
[ 2472.174989] Call Trace:
[ 2472.174990] <TASK>
[ 2472.174992] dump_stack_lvl+0x5d/0x80
[ 2472.174997] print_bad_page_map.cold+0x26d/0x355
[ 2472.175000] ? ___pte_offset_map+0x1b/0x160
[ 2472.175005] vm_normal_page+0xf4/0x100
[ 2472.175010] ksm_pmd_entry+0x1cf/0x2f0
[ 2472.175014] walk_pgd_range+0x5a2/0xb50
[ 2472.175020] __walk_page_range+0x6e/0x1e0
[ 2472.175025] walk_page_range_mm+0x150/0x210
[ 2472.175030] ksm_scan_thread+0x166/0x2080
[ 2472.175037] ? __pfx_ksm_scan_thread+0x10/0x10
[ 2472.175042] kthread+0xfc/0x240
[ 2472.175046] ? __pfx_kthread+0x10/0x10
[ 2472.175050] ret_from_fork+0x1c2/0x1f0
[ 2472.175053] ? __pfx_kthread+0x10/0x10
[ 2472.175057] ret_from_fork_asm+0x1a/0x30
[ 2472.175062] </TASK>
[ 2472.175132] BUG: Bad page map in process ksmd pte:fffffffffffff600
[ 2472.175139] pgd:11394a067 p4d:11394a067 pud:100f96067 pmd:11989b067
[ 2472.175143] addr:00007f2ae1712000 vm_flags:c8100073
anon_vma:ffff8ab79bcea1a0 mapping:0000000000000000 index:7f2ae1712
KSM crashed.
Powered by blists - more mailing lists