linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Miaohe Lin <linmiaohe@huawei.com>
To: David Hildenbrand <david@redhat.com>, <akpm@linux-foundation.org>
Cc: <willy@infradead.org>, <vbabka@suse.cz>, <dhowells@redhat.com>,
	<neilb@suse.de>, <apopple@nvidia.com>, <surenb@google.com>,
	<minchan@kernel.org>, <peterx@redhat.com>, <sfr@canb.auug.org.au>,
	<rcampbell@nvidia.com>, <naoya.horiguchi@nec.com>,
	<linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] mm/swapfile: unuse_pte can map random data if swap read fails
Date: Tue, 19 Apr 2022 19:21:02 +0800	[thread overview]
Message-ID: <1b614ac3-02c0-ec66-b51a-e9b7e1a375ad@huawei.com> (raw)
In-Reply-To: <b57fea1e-5c9b-f47e-f565-16b54f1e8782@redhat.com>

On 2022/4/19 15:37, David Hildenbrand wrote:
> On 16.04.22 05:05, Miaohe Lin wrote:
>> There is a bug in unuse_pte(): when swap page happens to be unreadable,
>> page filled with random data is mapped into user address space. In case
>> of error, a special swap entry indicating swap read fails is set to the
>> page table. So the swapcache page can be freed and the user won't end up
>> with a permanently mounted swap because a sector is bad. And if the page
>> is accessed later, the user process will be killed so that corrupted data
>> is never consumed. On the other hand, if the page is never accessed, the
>> user won't even notice it.
>>
>> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
>> ---
>> v2:
>>   use special swap entry to avoid permanently mounted swap
>>   free the bad page in swapcache
>> ---
>>  include/linux/swap.h    |  7 ++++++-
>>  include/linux/swapops.h | 10 ++++++++++
>>  mm/memory.c             |  5 ++++-
>>  mm/swapfile.c           | 11 +++++++++++
>>  4 files changed, 31 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/linux/swap.h b/include/linux/swap.h
>> index d112434f85df..03c576111737 100644
>> --- a/include/linux/swap.h
>> +++ b/include/linux/swap.h
>> @@ -55,6 +55,10 @@ static inline int current_is_kswapd(void)
>>   * actions on faults.
>>   */
>>  
>> +#define SWAP_READ_ERROR_NUM 1
>> +#define SWAP_READ_ERROR     (MAX_SWAPFILES + SWP_HWPOISON_NUM + \
>> +			     SWP_MIGRATION_NUM + SWP_DEVICE_NUM + \
>> +			     SWP_PTE_MARKER_NUM)
> 
> Does anything speak against reusing the hwpoison marker? At least from a
> program POV it's similar "the previously well defined content at this
> user space address is no longer readable/writable".

Looks like a good idea. :)

> 
> I recall that we can just set the pfn to 0 for the hwpoison marker.
> 
> There is e.g., check_hwpoisoned_entry() and it just stops if it finds
> "pfn=0".

Do you mean that we should set the pfn to 0 for the hwpoison marker so that we can
distinguish swapin error case from real hwpoison case?

> 
> 

Will try to do this in next version. Thanks a lot!

  reply	other threads:[~2022-04-19 11:21 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-16  3:05 [PATCH v2] mm/swapfile: unuse_pte can map random data if swap read fails Miaohe Lin
2022-04-19  3:51 ` Alistair Popple
2022-04-19  7:29   ` Miaohe Lin
2022-04-19  7:39     ` David Hildenbrand
2022-04-19  8:08       ` Alistair Popple
2022-04-19 11:14         ` David Hildenbrand
2022-04-19 16:16           ` Peter Xu
2022-04-19 11:14         ` Miaohe Lin
2022-04-19  7:53   ` Alistair Popple
2022-04-19 11:26     ` Miaohe Lin
2022-04-20  0:25       ` Alistair Popple
2022-04-20  6:15         ` Miaohe Lin
2022-04-20  7:07           ` David Hildenbrand
2022-04-20  8:37             ` Miaohe Lin
2022-04-19  7:37 ` David Hildenbrand
2022-04-19 11:21   ` Miaohe Lin [this message]
2022-04-19 11:46     ` David Hildenbrand
2022-04-19 12:00       ` Miaohe Lin
2022-04-19 12:12         ` David Hildenbrand
2022-04-19 12:45           ` Miaohe Lin
2022-04-19 21:36 ` Peter Xu
2022-04-20  5:56   ` [PATCH] mm/swap: Fix lost swap bits in unuse_pte() kernel test robot
2022-04-20  6:23     ` Miaohe Lin
2022-04-20  6:39       ` [kbuild-all] " Philip Li
2022-04-20  6:52         ` Miaohe Lin
2022-04-20  6:48       ` Chen, Rong A
2022-04-20  6:56         ` Miaohe Lin
2022-04-20  6:21   ` [PATCH v2] mm/swapfile: unuse_pte can map random data if swap read fails Miaohe Lin
2022-04-20 13:32     ` Peter Xu
2022-04-21  1:50       ` Miaohe Lin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1b614ac3-02c0-ec66-b51a-e9b7e1a375ad@huawei.com \
    --to=linmiaohe@huawei.com \
    --cc=akpm@linux-foundation.org \
    --cc=apopple@nvidia.com \
    --cc=david@redhat.com \
    --cc=dhowells@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=minchan@kernel.org \
    --cc=naoya.horiguchi@nec.com \
    --cc=neilb@suse.de \
    --cc=peterx@redhat.com \
    --cc=rcampbell@nvidia.com \
    --cc=sfr@canb.auug.org.au \
    --cc=surenb@google.com \
    --cc=vbabka@suse.cz \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).