linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mm: teach dump_page() to correctly output poisoned struct pages
@ 2018-07-02 15:27 Pavel Tatashin
  2018-07-02 15:58 ` Michal Hocko
  0 siblings, 1 reply; 3+ messages in thread
From: Pavel Tatashin @ 2018-07-02 15:27 UTC (permalink / raw)
  To: steven.sistare, daniel.m.jordan, linux-kernel, akpm,
	kirill.shutemov, mhocko, linux-mm, mgorman, gregkh,
	pasha.tatashin

If struct page is poisoned, and uninitialized access is detected via
PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
the dump_page() itself accesses struct page to determine how to print
it, and therefore gets into a recursive loop.

For example:
dump_page()
 __dump_page()
  PageSlab(page)
   PF_POISONED_CHECK(page)
    VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
     dump_page() recursion loop.

Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")

Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
---
 mm/debug.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/mm/debug.c b/mm/debug.c
index 56e2d9125ea5..469b526e6abc 100644
--- a/mm/debug.c
+++ b/mm/debug.c
@@ -43,12 +43,20 @@ const struct trace_print_flags vmaflag_names[] = {
 
 void __dump_page(struct page *page, const char *reason)
 {
+	bool page_poisoned = PagePoisoned(page);
+	int mapcount;
+
+	if (page_poisoned) {
+		pr_emerg("page:%px is uninitialized and poisoned", page);
+		goto hex_only;
+	}
+
 	/*
 	 * Avoid VM_BUG_ON() in page_mapcount().
 	 * page->_mapcount space in struct page is used by sl[aou]b pages to
 	 * encode own info.
 	 */
-	int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
+	mapcount = PageSlab(page) ? 0 : page_mapcount(page);
 
 	pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
 		  page, page_ref_count(page), mapcount,
@@ -60,6 +68,7 @@ void __dump_page(struct page *page, const char *reason)
 
 	pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags);
 
+hex_only:
 	print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
 			sizeof(unsigned long), page,
 			sizeof(struct page), false);
@@ -68,7 +77,7 @@ void __dump_page(struct page *page, const char *reason)
 		pr_alert("page dumped because: %s\n", reason);
 
 #ifdef CONFIG_MEMCG
-	if (page->mem_cgroup)
+	if (!page_poisoned && page->mem_cgroup)
 		pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
 #endif
 }
-- 
2.18.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] mm: teach dump_page() to correctly output poisoned struct pages
  2018-07-02 15:27 [PATCH] mm: teach dump_page() to correctly output poisoned struct pages Pavel Tatashin
@ 2018-07-02 15:58 ` Michal Hocko
  2018-07-02 17:54   ` Pavel Tatashin
  0 siblings, 1 reply; 3+ messages in thread
From: Michal Hocko @ 2018-07-02 15:58 UTC (permalink / raw)
  To: Pavel Tatashin
  Cc: steven.sistare, daniel.m.jordan, linux-kernel, akpm,
	kirill.shutemov, linux-mm, mgorman, gregkh

On Mon 02-07-18 11:27:45, Pavel Tatashin wrote:
> If struct page is poisoned, and uninitialized access is detected via
> PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
> the dump_page() itself accesses struct page to determine how to print
> it, and therefore gets into a recursive loop.
> 
> For example:
> dump_page()
>  __dump_page()
>   PageSlab(page)
>    PF_POISONED_CHECK(page)
>     VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
>      dump_page() recursion loop.

This deserves a big fat comment in __dump_page. Basically no Page$FOO
can be used on an HWPoison page.
 
> Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")
> Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>

Acked-by: Michal Hocko <mhocko@suse.com>

> ---
>  mm/debug.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/mm/debug.c b/mm/debug.c
> index 56e2d9125ea5..469b526e6abc 100644
> --- a/mm/debug.c
> +++ b/mm/debug.c
> @@ -43,12 +43,20 @@ const struct trace_print_flags vmaflag_names[] = {
>  
>  void __dump_page(struct page *page, const char *reason)
>  {
> +	bool page_poisoned = PagePoisoned(page);
> +	int mapcount;
> +
> +	if (page_poisoned) {
> +		pr_emerg("page:%px is uninitialized and poisoned", page);
> +		goto hex_only;
> +	}
> +
>  	/*
>  	 * Avoid VM_BUG_ON() in page_mapcount().
>  	 * page->_mapcount space in struct page is used by sl[aou]b pages to
>  	 * encode own info.
>  	 */
> -	int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
> +	mapcount = PageSlab(page) ? 0 : page_mapcount(page);
>  
>  	pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
>  		  page, page_ref_count(page), mapcount,
> @@ -60,6 +68,7 @@ void __dump_page(struct page *page, const char *reason)
>  
>  	pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags);
>  
> +hex_only:
>  	print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
>  			sizeof(unsigned long), page,
>  			sizeof(struct page), false);
> @@ -68,7 +77,7 @@ void __dump_page(struct page *page, const char *reason)
>  		pr_alert("page dumped because: %s\n", reason);
>  
>  #ifdef CONFIG_MEMCG
> -	if (page->mem_cgroup)
> +	if (!page_poisoned && page->mem_cgroup)
>  		pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
>  #endif
>  }
> -- 
> 2.18.0
> 

-- 
Michal Hocko
SUSE Labs

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] mm: teach dump_page() to correctly output poisoned struct pages
  2018-07-02 15:58 ` Michal Hocko
@ 2018-07-02 17:54   ` Pavel Tatashin
  0 siblings, 0 replies; 3+ messages in thread
From: Pavel Tatashin @ 2018-07-02 17:54 UTC (permalink / raw)
  To: mhocko
  Cc: Steven Sistare, Daniel Jordan, LKML, Andrew Morton,
	kirill.shutemov, Linux Memory Management List, mgorman, gregkh

On Mon, Jul 2, 2018 at 11:59 AM Michal Hocko <mhocko@kernel.org> wrote:
>
> On Mon 02-07-18 11:27:45, Pavel Tatashin wrote:
> > If struct page is poisoned, and uninitialized access is detected via
> > PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
> > the dump_page() itself accesses struct page to determine how to print
> > it, and therefore gets into a recursive loop.
> >
> > For example:
> > dump_page()
> >  __dump_page()
> >   PageSlab(page)
> >    PF_POISONED_CHECK(page)
> >     VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
> >      dump_page() recursion loop.
>
> This deserves a big fat comment in __dump_page. Basically no Page$FOO
> can be used on an HWPoison page.
>
> > Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")
> > Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com>
>
> Acked-by: Michal Hocko <mhocko@suse.com>

Thank you, I will send out an updated version with a comment.

Pavel

>
> > ---
> >  mm/debug.c | 13 +++++++++++--
> >  1 file changed, 11 insertions(+), 2 deletions(-)
> >
> > diff --git a/mm/debug.c b/mm/debug.c
> > index 56e2d9125ea5..469b526e6abc 100644
> > --- a/mm/debug.c
> > +++ b/mm/debug.c
> > @@ -43,12 +43,20 @@ const struct trace_print_flags vmaflag_names[] = {
> >
> >  void __dump_page(struct page *page, const char *reason)
> >  {
> > +     bool page_poisoned = PagePoisoned(page);
> > +     int mapcount;
> > +
> > +     if (page_poisoned) {
> > +             pr_emerg("page:%px is uninitialized and poisoned", page);
> > +             goto hex_only;
> > +     }
> > +
> >       /*
> >        * Avoid VM_BUG_ON() in page_mapcount().
> >        * page->_mapcount space in struct page is used by sl[aou]b pages to
> >        * encode own info.
> >        */
> > -     int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
> > +     mapcount = PageSlab(page) ? 0 : page_mapcount(page);
> >
> >       pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
> >                 page, page_ref_count(page), mapcount,
> > @@ -60,6 +68,7 @@ void __dump_page(struct page *page, const char *reason)
> >
> >       pr_emerg("flags: %#lx(%pGp)\n", page->flags, &page->flags);
> >
> > +hex_only:
> >       print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
> >                       sizeof(unsigned long), page,
> >                       sizeof(struct page), false);
> > @@ -68,7 +77,7 @@ void __dump_page(struct page *page, const char *reason)
> >               pr_alert("page dumped because: %s\n", reason);
> >
> >  #ifdef CONFIG_MEMCG
> > -     if (page->mem_cgroup)
> > +     if (!page_poisoned && page->mem_cgroup)
> >               pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
> >  #endif
> >  }
> > --
> > 2.18.0
> >
>
> --
> Michal Hocko
> SUSE Labs
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-02 17:55 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-02 15:27 [PATCH] mm: teach dump_page() to correctly output poisoned struct pages Pavel Tatashin
2018-07-02 15:58 ` Michal Hocko
2018-07-02 17:54   ` Pavel Tatashin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).