Re: [PATCH] mm/memory-failure: fix race with compound page split/merge

From: Konstantin Khlebnikov
Date: Tue Apr 19 2016 - 01:54:41 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 4.4 000/137] 4.4.8-stable review"
Previous message: Krzysztof Kozlowski: "Re: [PATCH] ARM: dts: exynos: Remove unsupported s2mps11 regulator bindings from Exynos5420 boards"
In reply to: Naoya Horiguchi: "Re: [PATCH] mm/memory-failure: fix race with compound page split/merge"
Next in thread: Andrew Morton: "Re: [PATCH] mm/memory-failure: fix race with compound page split/merge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 19, 2016 at 2:15 AM, Naoya Horiguchi
<n-horiguchi@xxxxxxxxxxxxx> wrote:
> # CCed Andrew,
>
> On Mon, Apr 18, 2016 at 02:43:45PM +0300, Konstantin Khlebnikov wrote:
>> Get_hwpoison_page() must recheck relation between head and tail pages.
>>
>> Signed-off-by: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx>
>
> Looks good to me. Without this recheck, the race causes kernel to pin
> an irrelevant page, and finally makes kernel crash for refcount mismcach...

Yep. I seen that a lot. Unfortunately that was in 3.18 branch and
it'll took several months to verify this fix.
This code and page reference counting overall have changed
significantly since then, so probably here is more bugs.
For example, I'm not sure about races with atomic set for page
reference counting,
I've found and removed couple in mellanox driver but there're more in
mm and net.

>
> Acked-by: Naoya Horiguchi <n-horiguchi@xxxxxxxxxxxxx>
>
>> ---
>> mm/memory-failure.c | 10 +++++++++-
>> 1 file changed, 9 insertions(+), 1 deletion(-)
>>
>> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
>> index 78f5f2641b91..ca5acee53b7a 100644
>> --- a/mm/memory-failure.c
>> +++ b/mm/memory-failure.c
>> @@ -888,7 +888,15 @@ int get_hwpoison_page(struct page *page)
>> }
>> }
>>
>> - return get_page_unless_zero(head);
>> + if (get_page_unless_zero(head)) {
>> + if (head == compound_head(page))
>> + return 1;
>> +
>> + pr_info("MCE: %#lx cannot catch tail\n", page_to_pfn(page));
>
> Recently Chen Yucong replaced the label "MCE:" with "Memory failure:",
> but the resolution is trivial, I think.
>
> Thanks,
> Naoya Horiguchi
>
>> + put_page(head);
>> + }
>> +
>> + return 0;
>> }
>> EXPORT_SYMBOL_GPL(get_hwpoison_page);
>>
>>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@xxxxxxxxxx For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a hrefmailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>

Next message: Greg Kroah-Hartman: "Re: [PATCH 4.4 000/137] 4.4.8-stable review"
Previous message: Krzysztof Kozlowski: "Re: [PATCH] ARM: dts: exynos: Remove unsupported s2mps11 regulator bindings from Exynos5420 boards"
In reply to: Naoya Horiguchi: "Re: [PATCH] mm/memory-failure: fix race with compound page split/merge"
Next in thread: Andrew Morton: "Re: [PATCH] mm/memory-failure: fix race with compound page split/merge"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]