From: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
To: Michal Hocko <mhocko@kernel.org>
Cc: akpm@linux-foundation.org, andrea@kernel.org,
kirill@shutemov.name, oleg@redhat.com,
wenwei.tww@alibaba-inc.com, linux-mm@kvack.org,
linux-kernel@vger.kernel.org
Subject: Re: Re: Re: Re: [PATCH 2/2] mm, oom: fix potential data corruption when oom_reaper races with writer
Date: Tue, 15 Aug 2017 21:58:29 +0900 [thread overview]
Message-ID: <201708151258.v7FCwTsV029946@www262.sakura.ne.jp> (raw)
In-Reply-To: <20170815122621.GE29067@dhcp22.suse.cz>
> On Tue 15-08-17 19:06:28, Tetsuo Handa wrote:
> > Michal Hocko wrote:
> > > On Tue 15-08-17 07:51:02, Tetsuo Handa wrote:
> > > > Michal Hocko wrote:
> > > [...]
> > > > > Were you able to reproduce with other filesystems?
> > > >
> > > > Yes, I can reproduce this problem using both xfs and ext4 on 4.11.11-200.fc25.x86_64
> > > > on Oracle VM VirtualBox on Windows.
> > >
> > > Just a quick question.
> > > http://lkml.kernel.org/r/201708112053.FIG52141.tHJSOQFLOFMFOV@I-love.SAKURA.ne.jp
> > > mentioned next-20170811 kernel and this one 4.11. Your original report
> > > as a reply to this thread
> > > http://lkml.kernel.org/r/201708072228.FAJ09347.tOOVOFFQJSHMFL@I-love.SAKURA.ne.jp
> > > mentioned next-20170728. None of them seem to have this fix
> > > http://lkml.kernel.org/r/20170807113839.16695-3-mhocko@kernel.org so let
> > > me ask again. Have you seen an unexpected content written with that
> > > patch applied?
> >
> > No. All non-zero non-0xFF values are without that patch applied.
> > I want to confirm that that patch actually fixes non-zero non-0xFF values
> > (so that we can have better patch description for that patch).
>
> OK, so I have clearly misunderstood you. I thought that you can still
> see corrupted content with the patch _applied_. Now I see why I couldn't
> reproduce this...
If I apply this patch, I can no longer reproduce this problem even with btrfs.
-+ * and could cause a memory corruption (zero pages instead of the
-+ * original content).
++ * and could cause a memory corruption (random content instead of the
++ * original content).
Tested-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>
> Now I also understand what you meant when asking for an explanation. I
> can only speculate how we could end up with the non-zero page previously
> but the closest match would be that the page got unmapped and reused by
> a different path and a stalled tlb entry would leak the content. Such a
> thing would happen if we freed the page _before_ we flushed the tlb
> during unmap.
>
> Considering that oom_reaper is relying on unmap_page_range which seems
> to be doing the right thing wrt. flushing vs. freeing ordering (enforced
> by the tlb_gather) I am wondering what else could go wrong but I vaguely
> remember there were some races between THP and MADV_DONTNEED in the
> past. Maybe we have hit an incarnation of something like that. Anyway
> the oom_reaper doesn't try to be clever and it only calls to
> unmap_page_range which should be safe from that context.
>
> The primary bug here was that we allowed to refault an unmmaped memory
> and that should be fixed by the patch AFAICS. If there are more issues
> we should definitely track those down but those should be oom_reaper
> independent because we really do not do anything special here.
>
> --
> Michal Hocko
> SUSE Labs
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-08-15 12:58 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 11:38 [PATCH 0/2] mm, oom: fix oom_reaper fallouts Michal Hocko
2017-08-07 11:38 ` [PATCH 1/2] mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS Michal Hocko
2017-08-15 0:49 ` David Rientjes
2017-08-07 11:38 ` [PATCH 2/2] mm, oom: fix potential data corruption when oom_reaper races with writer Michal Hocko
2017-08-08 17:48 ` Andrea Arcangeli
2017-08-08 23:35 ` Tetsuo Handa
2017-08-09 18:36 ` Andrea Arcangeli
2017-08-10 8:21 ` Michal Hocko
2017-08-10 13:33 ` Michal Hocko
2017-08-11 2:28 ` Tetsuo Handa
2017-08-11 7:09 ` Michal Hocko
2017-08-11 7:54 ` Tetsuo Handa
2017-08-11 10:22 ` Andrea Arcangeli
2017-08-11 10:42 ` Andrea Arcangeli
2017-08-11 11:53 ` Tetsuo Handa
2017-08-11 12:08 ` Michal Hocko
2017-08-11 15:46 ` Tetsuo Handa
2017-08-14 13:59 ` Michal Hocko
2017-08-14 22:51 ` Tetsuo Handa
2017-08-15 6:55 ` Michal Hocko
2017-08-15 8:41 ` Michal Hocko
2017-08-15 10:06 ` Tetsuo Handa
2017-08-15 12:26 ` Michal Hocko
2017-08-15 12:58 ` Tetsuo Handa [this message]
2017-08-17 13:58 ` Michal Hocko
2017-08-15 5:30 ` Tetsuo Handa
2017-08-07 13:28 ` [PATCH 0/2] mm, oom: fix oom_reaper fallouts Tetsuo Handa
2017-08-07 14:04 ` Michal Hocko
2017-08-07 15:23 ` Tetsuo Handa
2017-08-15 12:29 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201708151258.v7FCwTsV029946@www262.sakura.ne.jp \
--to=penguin-kernel@i-love.sakura.ne.jp \
--cc=akpm@linux-foundation.org \
--cc=andrea@kernel.org \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=oleg@redhat.com \
--cc=wenwei.tww@alibaba-inc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).