| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <610d1a69-e237-43ec-b554-d52b5308ace1@suse.cz>
Date: Wed, 28 May 2025 11:46:23 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: kernel test robot <oliver.sang@...el.com>,
"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Bernard Metzler <bmt@...ich.ibm.com>, Jason Gunthorpe <jgg@...pe.ca>,
Leon Romanovsky <leon@...nel.org>
Cc: oe-lkp@...ts.linux.dev, lkp@...el.com, linux-mm@...ck.org,
Matthew Wilcox <willy@...radead.org>, Simon Horman <horms@...nel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>, linux-rdma@...r.kernel.org
Subject: Re: [linux-next:master] [mm, slab] 6431f06eec:
WARNING:at_include/linux/mm.h:#skb_append_pagefrags
On 5/22/25 06:54, kernel test robot wrote:
>
>
> Hello,
>
>
> we noticed the WARN added in this commit is hit in our tests. not sure if it's
> expected. below full report FYI.
It's expected in the sense that if somebody is doing the wrong thing, there
would be a report. So it seems that has now happened :)
> kernel test robot noticed "WARNING:at_include/linux/mm.h:#skb_append_pagefrags" on:
>
> commit: 6431f06eecf44e7b8d42237cb0e166a456f491ad ("mm, slab: warn when increasing refcount on large kmalloc page")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
FYI that's
https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.16/testing&id=6431f06eecf44e7b8d42237cb0e166a456f491ad
so we have skb_splice_from_iter() calling skb_append_pagefrags() and that
does a get_page(). But this warning means one of the pages is a kmalloc()
with size >8kb that is using the page allocator and not slab caches. But
that 8kb threshold is an implementation detail, so we want all kmalloc()
allocated buffers to behave the same and use frozen pages and thus not allow
get_page().
Note skb_splice_from_iter() has above the call to skb_append_pagefrags():
if (WARN_ON_ONCE(!sendpage_ok(page)))
goto out;
and sendpage_ok() is:
return !PageSlab(page) && page_count(page) >= 1;
Thus if we went ahead with frozen pages for large kmalloc(), sendpage_ok()
would start marking them as not ok, which seems like the right thing. But
this callsite would still produce a WARN_ON_ONCE(), so that suggests it's
not really expected to for kmalloc() pages to reach this code.
It's possible that some other code using sendpage_ok() elsewhere prevents
this from happening, and this WARN_ON_ONCE() is just a safety double check.
Or not, and something (siw?) needs to be fixed to e.g. stop using kmalloc()
and use the page allocator directly. I don't know this code so I'm just
ccing networking and siw maintainers. Thanks in advance.
Vlastimil
>
> [test failed on linux-next/master 7bac2c97af4078d7a627500c9bcdd5b033f97718]
>
> in testcase: blktests
> version: blktests-x86_64-613b837-1_20250520
> with following parameters:
>
> disk: 1SSD
> test: nvme-group-00
> nvme_trtype: rdma
> use_siw: true
>
>
>
> config: x86_64-rhel-9.4-func
> compiler: gcc-12
> test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (Skylake) with 16G memory
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@...el.com>
> | Closes: https://lore.kernel.org/oe-lkp/202505221248.595a9117-lkp@intel.com
>
>
> [ 130.177740][ T2674] ------------[ cut here ]------------
> [ 130.183066][ T2674] WARNING: CPU: 6 PID: 2674 at include/linux/mm.h:1552 skb_append_pagefrags (kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/mm.h:1552 kbuild/obj/consumer/x86_64-rhel-9.4-func/net/core/skbuff.c:4518)
> [ 130.192642][ T2674] Modules linked in: siw ib_uverbs nvmet_rdma nvmet nvme_rdma nvme_fabrics rdma_cm nvme_auth nvme_core iw_cm ib_cm ib_core xfs dm_multipath btrfs blake2b_generic xor zstd_compress raid6_pq intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp snd_soc_avs snd_hda_codec_hdmi coretemp snd_soc_hda_codec snd_hda_ext_core sd_mod snd_ctl_led snd_soc_core sg snd_hda_codec_realtek kvm_intel snd_hda_codec_generic snd_compress ipmi_devintf snd_hda_scodec_component ipmi_msghandler i915 kvm snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi intel_gtt snd_hda_codec cec irqbypass ghash_clmulni_intel drm_buddy snd_hda_core sha512_ssse3 ttm snd_hwdep sha256_ssse3 drm_display_helper sha1_ssse3 snd_pcm ahci mei_wdt drm_client_lib drm_kms_helper rapl libahci mei_me snd_timer intel_cstate video wmi_bmof i2c_i801 snd intel_uncore mei pcspkr soundcore i2c_smbus libata serio_raw intel_pmc_core intel_pch_thermal intel_vsec pmt_telemetry wmi acpi_pad pmt_class binfmt_misc drm fuse loop dm_mod ip_tables
> [ 130.192875][ T2674] [last unloaded: ib_uverbs]
> [ 130.286562][ T2674] CPU: 6 UID: 0 PID: 2674 Comm: siw_tx/6 Tainted: G S 6.15.0-rc3-00001-g6431f06eecf4 #1 PREEMPT(voluntary)
> [ 130.299313][ T2674] Tainted: [S]=CPU_OUT_OF_SPEC
> [ 130.303929][ T2674] Hardware name: HP HP Z240 SFF Workstation/802E, BIOS N51 Ver. 01.63 10/05/2017
> [ 130.312877][ T2674] RIP: 0010:skb_append_pagefrags (kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/mm.h:1552 kbuild/obj/consumer/x86_64-rhel-9.4-func/net/core/skbuff.c:4518)
> [ 130.318708][ T2674] Code: a2 ff ff 48 8b 4c 24 18 4c 8b 4c 24 10 8b 54 24 08 4c 8b 14 24 e9 1b fb ff ff 4c 8d 60 ff e9 47 fb ff ff 0f 0b e9 bb fb ff ff <0f> 0b e9 7b fb ff ff b8 a6 ff ff ff e9 d7 fc ff ff 0f 0b 31 ff e9
> All code
> ========
> 0: a2 ff ff 48 8b 4c 24 movabs %al,0x4c18244c8b48ffff
> 7: 18 4c
> 9: 8b 4c 24 10 mov 0x10(%rsp),%ecx
> d: 8b 54 24 08 mov 0x8(%rsp),%edx
> 11: 4c 8b 14 24 mov (%rsp),%r10
> 15: e9 1b fb ff ff jmp 0xfffffffffffffb35
> 1a: 4c 8d 60 ff lea -0x1(%rax),%r12
> 1e: e9 47 fb ff ff jmp 0xfffffffffffffb6a
> 23: 0f 0b ud2
> 25: e9 bb fb ff ff jmp 0xfffffffffffffbe5
> 2a:* 0f 0b ud2 <-- trapping instruction
> 2c: e9 7b fb ff ff jmp 0xfffffffffffffbac
> 31: b8 a6 ff ff ff mov $0xffffffa6,%eax
> 36: e9 d7 fc ff ff jmp 0xfffffffffffffd12
> 3b: 0f 0b ud2
> 3d: 31 ff xor %edi,%edi
> 3f: e9 .byte 0xe9
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: e9 7b fb ff ff jmp 0xfffffffffffffb82
> 7: b8 a6 ff ff ff mov $0xffffffa6,%eax
> c: e9 d7 fc ff ff jmp 0xfffffffffffffce8
> 11: 0f 0b ud2
> 13: 31 ff xor %edi,%edi
> 15: e9 .byte 0xe9
> [ 130.338106][ T2674] RSP: 0018:ffffc90000ec7220 EFLAGS: 00010246
> [ 130.344005][ T2674] RAX: 00000000000000f8 RBX: ffffea00086b0000 RCX: ffff8883ffd08840
> [ 130.351795][ T2674] RDX: 0000000000000001 RSI: 1ffffd40010d6006 RDI: ffffea00086b0030
> [ 130.359609][ T2674] RBP: ffff8883ffd08780 R08: 0000000000000011 R09: ffff8883ffd08848
> [ 130.367426][ T2674] R10: 0000000000000001 R11: 0000000000000001 R12: ffffea00086b0000
> [ 130.375247][ T2674] R13: 0000000000000001 R14: 0000000000001000 R15: 0000000000000000
> [ 130.383044][ T2674] FS: 0000000000000000(0000) GS:ffff888426d45000(0000) knlGS:0000000000000000
> [ 130.391798][ T2674] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 130.398234][ T2674] CR2: 000055b575c2cd28 CR3: 000000043c06e004 CR4: 00000000003726f0
> [ 130.406050][ T2674] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 130.413861][ T2674] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 130.421668][ T2674] Call Trace:
> [ 130.424805][ T2674] <TASK>
> [ 130.427594][ T2674] ? __pfx_tcp_established_options (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/ipv4/tcp_output.c:989)
> [ 130.433409][ T2674] skb_splice_from_iter (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/core/skbuff.c:7256)
> [ 130.438455][ T2674] ? __pfx_skb_splice_from_iter (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/core/skbuff.c:7223)
> [ 130.444015][ T2674] ? __sk_mem_raise_allocated (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/core/sock.c:3335)
> [ 130.449674][ T2674] ? __sk_mem_schedule (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/core/sock.c:3353)
> [ 130.454470][ T2674] tcp_sendmsg_locked (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/ipv4/tcp.c:1275)
> [ 130.459521][ T2674] ? tcp_sendmsg (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/ipv4/tcp.c:1370)
> [ 130.463786][ T2674] ? sock_sendmsg (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/socket.c:712 kbuild/obj/consumer/x86_64-rhel-9.4-func/net/socket.c:727 kbuild/obj/consumer/x86_64-rhel-9.4-func/net/socket.c:750)
> [ 130.468307][ T2674] ? __pfx_tcp_sendmsg_locked (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/ipv4/tcp.c:1061)
> [ 130.473697][ T2674] ? __pfx_sock_sendmsg (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/socket.c:739)
> [ 130.478561][ T2674] ? _raw_spin_lock_bh (kbuild/obj/consumer/x86_64-rhel-9.4-func/arch/x86/include/asm/atomic.h:107 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/atomic/atomic-arch-fallback.h:2170 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/atomic/atomic-instrumented.h:1302 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/asm-generic/qspinlock.h:111 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/spinlock.h:187 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/spinlock_api_smp.h:127 kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/locking/spinlock.c:178)
> [ 130.483350][ T2674] ? __pfx_tcp_release_cb (kbuild/obj/consumer/x86_64-rhel-9.4-func/net/ipv4/tcp_output.c:1151)
> [ 130.488394][ T2674] siw_tcp_sendpages+0x1f1/0x4f0 siw
> [ 130.494322][ T2674] ? __pfx_siw_tcp_sendpages+0x10/0x10 siw
> [ 130.500763][ T2674] siw_tx_hdt (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:379 kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:586) siw
> [ 130.505558][ T2674] ? __pfx_sched_balance_find_src_group (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/fair.c:11298)
> [ 130.511811][ T2674] ? __pfx_siw_tx_hdt (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:431) siw
> [ 130.517045][ T2674] ? sched_balance_rq (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/fair.c:11770)
> [ 130.521998][ T2674] ? dl_scaled_delta_exec (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/deadline.c:1481)
> [ 130.527133][ T2674] ? place_entity (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/fair.c:5206)
> [ 130.531567][ T2674] ? __pfx__raw_spin_lock (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/locking/spinlock.c:153)
> [ 130.536606][ T2674] ? pick_eevdf (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/fair.c:946)
> [ 130.540970][ T2674] ? __resched_curr (kbuild/obj/consumer/x86_64-rhel-9.4-func/arch/x86/include/asm/bitops.h:60 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/asm-generic/bitops/instrumented-atomic.h:29 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/thread_info.h:97 kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/core.c:1113)
> [ 130.545678][ T2674] ? update_curr (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/fair.c:1236)
> [ 130.550031][ T2674] ? xas_load (kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/xarray.h:175 kbuild/obj/consumer/x86_64-rhel-9.4-func/include/linux/xarray.h:1264 kbuild/obj/consumer/x86_64-rhel-9.4-func/lib/xarray.c:241)
> [ 130.554136][ T2674] ? xa_load (kbuild/obj/consumer/x86_64-rhel-9.4-func/lib/xarray.c:1613)
> [ 130.558136][ T2674] ? __pfx_xa_load (kbuild/obj/consumer/x86_64-rhel-9.4-func/lib/xarray.c:1613)
> [ 130.562569][ T2674] ? ttwu_do_activate (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/core.c:3705 kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/core.c:3735)
> [ 130.567431][ T2674] ? update_rq_clock_task (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/sched.h:1325 kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/pelt.h:120 kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/core.c:797)
> [ 130.572650][ T2674] ? siw_mem_id2obj (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_mem.c:52) siw
> [ 130.577866][ T2674] ? __pfx_siw_try_1seg (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:50) siw
> [ 130.583264][ T2674] ? __pfx_try_to_wake_up (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/core.c:4175)
> [ 130.588310][ T2674] ? finish_task_switch+0x155/0x750
> [ 130.593957][ T2674] siw_qp_sq_proc_tx (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:882) siw
> [ 130.599352][ T2674] ? siw_activate_tx (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp.c:996) siw
> [ 130.604670][ T2674] siw_qp_sq_process (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:1038) siw
> [ 130.609905][ T2674] siw_sq_resume (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:1170) siw
> [ 130.614789][ T2674] siw_run_sq (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:1258) siw
> [ 130.619508][ T2674] ? __pfx_siw_run_sq (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:1236) siw
> [ 130.624735][ T2674] ? __pfx__raw_spin_lock_irqsave (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/locking/spinlock.c:161)
> [ 130.630482][ T2674] ? __pfx_autoremove_wake_function (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/sched/wait.c:383)
> [ 130.636383][ T2674] ? __kthread_parkme (kbuild/obj/consumer/x86_64-rhel-9.4-func/arch/x86/include/asm/bitops.h:206 (discriminator 15) kbuild/obj/consumer/x86_64-rhel-9.4-func/arch/x86/include/asm/bitops.h:238 (discriminator 15) kbuild/obj/consumer/x86_64-rhel-9.4-func/include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 15) kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/kthread.c:291 (discriminator 15))
> [ 130.641160][ T2674] ? __pfx_siw_run_sq (kbuild/obj/consumer/x86_64-rhel-9.4-func/drivers/infiniband/sw/siw/siw_qp_tx.c:1236) siw
> [ 130.646377][ T2674] kthread (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/kthread.c:464)
> [ 130.650291][ T2674] ? __pfx_kthread (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/kthread.c:413)
> [ 130.654724][ T2674] ? __pfx__raw_spin_lock_irq (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/locking/spinlock.c:169)
> [ 130.660098][ T2674] ? __pfx_kthread (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/kthread.c:413)
> [ 130.664534][ T2674] ret_from_fork (kbuild/obj/consumer/x86_64-rhel-9.4-func/arch/x86/kernel/process.c:159)
> [ 130.668809][ T2674] ? __pfx_kthread (kbuild/obj/consumer/x86_64-rhel-9.4-func/kernel/kthread.c:413)
> [ 130.673247][ T2674] ret_from_fork_asm (kbuild/obj/consumer/x86_64-rhel-9.4-func/arch/x86/entry/entry_64.S:258)
> [ 130.677869][ T2674] </TASK>
> [ 130.680755][ T2674] ---[ end trace 0000000000000000 ]---
>
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20250522/202505221248.595a9117-lkp@intel.com
>
>
>
Powered by blists - more mailing lists