* [PATCH] mm: teach dump_page() to correctly output poisoned struct pages
@ 2018-07-02 15:27 Pavel Tatashin
2018-07-02 15:58 ` Michal Hocko
0 siblings, 1 reply; 3+ messages in thread
From: Pavel Tatashin @ 2018-07-02 15:27 UTC (permalink / raw)
To: steven.sistare, daniel.m.jordan, linux-kernel, akpm,
kirill.shutemov, mhocko, linux-mm, mgorman, gregkh,
pasha.tatashin
If struct page is poisoned, and uninitialized access is detected via
PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
the dump_page() itself accesses struct page to determine how to print
it, and therefore gets into a recursive loop.
For example:
dump_page()
__dump_page()
PageSlab(page)
PF_POISONED_CHECK(page)
VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
dump_page() recursion loop.
Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")
Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
---
mm/debug.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/mm/debug.c b/mm/debug.c
index 56e2d9125ea5..469b526e6abc 100644
--- a/mm/debug.c
+++ b/mm/debug.c
@@ -43,12 +43,20 @@ const struct trace_print_flags vmaflag_names[] = {
void __dump_page(struct page *page, const char *reason)
{
+ bool page_poisoned = PagePoisoned(page);
+ int mapcount;
+
+ if (page_poisoned) {
+ pr_emerg("page:%px is uninitialized and poisoned", page);
+ goto hex_only;
+ }
+
/*
* Avoid VM_BUG_ON() in page_mapcount().
* page->_mapcount space in struct page is used by sl[aou]b pages to
* encode own info.
*/
- int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
+ mapcount = PageSlab(page) ? 0 : page_mapcount(page);
pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
page, page_ref_count(page), mapcount,
@@ -60,6 +68,7 @@ void __dump_page(struct page *page, const char *reason)
pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags);
+hex_only:
print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
sizeof(unsigned long), page,
sizeof(struct page), false);
@@ -68,7 +77,7 @@ void __dump_page(struct page *page, const char *reason)
pr_alert("page dumped because: %s\n", reason);
#ifdef CONFIG_MEMCG
- if (page->mem_cgroup)
+ if (!page_poisoned && page->mem_cgroup)
pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
#endif
}
--
2.18.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mm: teach dump_page() to correctly output poisoned struct pages
2018-07-02 15:27 [PATCH] mm: teach dump_page() to correctly output poisoned struct pages Pavel Tatashin
@ 2018-07-02 15:58 ` Michal Hocko
2018-07-02 17:54 ` Pavel Tatashin
0 siblings, 1 reply; 3+ messages in thread
From: Michal Hocko @ 2018-07-02 15:58 UTC (permalink / raw)
To: Pavel Tatashin
Cc: steven.sistare, daniel.m.jordan, linux-kernel, akpm,
kirill.shutemov, linux-mm, mgorman, gregkh
On Mon 02-07-18 11:27:45, Pavel Tatashin wrote:
> If struct page is poisoned, and uninitialized access is detected via
> PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
> the dump_page() itself accesses struct page to determine how to print
> it, and therefore gets into a recursive loop.
>
> For example:
> dump_page()
> __dump_page()
> PageSlab(page)
> PF_POISONED_CHECK(page)
> VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
> dump_page() recursion loop.
This deserves a big fat comment in __dump_page. Basically no Page$FOO
can be used on an HWPoison page.
> Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")
> Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
Acked-by: Michal Hocko <mhocko@suse.com>
> ---
> mm/debug.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/mm/debug.c b/mm/debug.c
> index 56e2d9125ea5..469b526e6abc 100644
> --- a/mm/debug.c
> +++ b/mm/debug.c
> @@ -43,12 +43,20 @@ const struct trace_print_flags vmaflag_names[] = {
>
> void __dump_page(struct page *page, const char *reason)
> {
> + bool page_poisoned = PagePoisoned(page);
> + int mapcount;
> +
> + if (page_poisoned) {
> + pr_emerg("page:%px is uninitialized and poisoned", page);
> + goto hex_only;
> + }
> +
> /*
> * Avoid VM_BUG_ON() in page_mapcount().
> * page->_mapcount space in struct page is used by sl[aou]b pages to
> * encode own info.
> */
> - int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
> + mapcount = PageSlab(page) ? 0 : page_mapcount(page);
>
> pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
> page, page_ref_count(page), mapcount,
> @@ -60,6 +68,7 @@ void __dump_page(struct page *page, const char *reason)
>
> pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags);
>
> +hex_only:
> print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
> sizeof(unsigned long), page,
> sizeof(struct page), false);
> @@ -68,7 +77,7 @@ void __dump_page(struct page *page, const char *reason)
> pr_alert("page dumped because: %s\n", reason);
>
> #ifdef CONFIG_MEMCG
> - if (page->mem_cgroup)
> + if (!page_poisoned && page->mem_cgroup)
> pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
> #endif
> }
> --
> 2.18.0
>
--
Michal Hocko
SUSE Labs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] mm: teach dump_page() to correctly output poisoned struct pages
2018-07-02 15:58 ` Michal Hocko
@ 2018-07-02 17:54 ` Pavel Tatashin
0 siblings, 0 replies; 3+ messages in thread
From: Pavel Tatashin @ 2018-07-02 17:54 UTC (permalink / raw)
To: mhocko
Cc: Steven Sistare, Daniel Jordan, LKML, Andrew Morton,
kirill.shutemov, Linux Memory Management List, mgorman, gregkh
On Mon, Jul 2, 2018 at 11:59 AM Michal Hocko <mhocko@kernel.org> wrote:
>
> On Mon 02-07-18 11:27:45, Pavel Tatashin wrote:
> > If struct page is poisoned, and uninitialized access is detected via
> > PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
> > the dump_page() itself accesses struct page to determine how to print
> > it, and therefore gets into a recursive loop.
> >
> > For example:
> > dump_page()
> > __dump_page()
> > PageSlab(page)
> > PF_POISONED_CHECK(page)
> > VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
> > dump_page() recursion loop.
>
> This deserves a big fat comment in __dump_page. Basically no Page$FOO
> can be used on an HWPoison page.
>
> > Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")
> > Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
>
> Acked-by: Michal Hocko <mhocko@suse.com>
Thank you, I will send out an updated version with a comment.
Pavel
>
> > ---
> > mm/debug.c | 13 +++++++++++--
> > 1 file changed, 11 insertions(+), 2 deletions(-)
> >
> > diff --git a/mm/debug.c b/mm/debug.c
> > index 56e2d9125ea5..469b526e6abc 100644
> > --- a/mm/debug.c
> > +++ b/mm/debug.c
> > @@ -43,12 +43,20 @@ const struct trace_print_flags vmaflag_names[] = {
> >
> > void __dump_page(struct page *page, const char *reason)
> > {
> > + bool page_poisoned = PagePoisoned(page);
> > + int mapcount;
> > +
> > + if (page_poisoned) {
> > + pr_emerg("page:%px is uninitialized and poisoned", page);
> > + goto hex_only;
> > + }
> > +
> > /*
> > * Avoid VM_BUG_ON() in page_mapcount().
> > * page->_mapcount space in struct page is used by sl[aou]b pages to
> > * encode own info.
> > */
> > - int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
> > + mapcount = PageSlab(page) ? 0 : page_mapcount(page);
> >
> > pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
> > page, page_ref_count(page), mapcount,
> > @@ -60,6 +68,7 @@ void __dump_page(struct page *page, const char *reason)
> >
> > pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags);
> >
> > +hex_only:
> > print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
> > sizeof(unsigned long), page,
> > sizeof(struct page), false);
> > @@ -68,7 +77,7 @@ void __dump_page(struct page *page, const char *reason)
> > pr_alert("page dumped because: %s\n", reason);
> >
> > #ifdef CONFIG_MEMCG
> > - if (page->mem_cgroup)
> > + if (!page_poisoned && page->mem_cgroup)
> > pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
> > #endif
> > }
> > --
> > 2.18.0
> >
>
> --
> Michal Hocko
> SUSE Labs
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-02 17:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-02 15:27 [PATCH] mm: teach dump_page() to correctly output poisoned struct pages Pavel Tatashin
2018-07-02 15:58 ` Michal Hocko
2018-07-02 17:54 ` Pavel Tatashin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).