Re: [PATCH v2] mm: teach dump_page() to correctly output poisoned struct pages
On Mon, 2 Jul 2018 14:05:36 -0400 Pavel Tatashin
wrote:
> If struct page is poisoned, and uninitialized access is detected via
> PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
> the dump_page() itself accesses struct page to determine how to print
> it, and therefore gets into a recursive loop.
>
> For example:
> dump_page()
> __dump_page()
> PageSlab(page)
>PF_POISONED_CHECK(page)
> VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
> dump_page() recursion loop.
>
> Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity
> checking")
>
> Signed-off-by: Pavel Tatashin
> Acked-by: Michal Hocko
Thanks. I added a cc:stable to make sure this gets into 4.17.x.
Re: [PATCH v2] mm: teach dump_page() to correctly output poisoned struct pages
On Mon, 2 Jul 2018 14:05:36 -0400 Pavel Tatashin
wrote:
> If struct page is poisoned, and uninitialized access is detected via
> PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
> the dump_page() itself accesses struct page to determine how to print
> it, and therefore gets into a recursive loop.
>
> For example:
> dump_page()
> __dump_page()
> PageSlab(page)
>PF_POISONED_CHECK(page)
> VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
> dump_page() recursion loop.
>
> Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity
> checking")
>
> Signed-off-by: Pavel Tatashin
> Acked-by: Michal Hocko
Thanks. I added a cc:stable to make sure this gets into 4.17.x.
Re: [PATCH v2] mm: teach dump_page() to correctly output poisoned struct pages
On Mon 02-07-18 14:05:36, Pavel Tatashin wrote:
[...]
> void __dump_page(struct page *page, const char *reason)
> {
> + bool page_poisoned = PagePoisoned(page);
> + int mapcount;
> +
> + /*
> + * If struct page is poisoned don't access Page*() functions as that
> + * leads to recursive loop. Page*() check for poisoned pages, and calls
> + * dump_page() when detected.
> + */
> + if (page_poisoned) {
> + pr_emerg("page:%px is uninitialized and poisoned", page);
> + goto hex_only;
> + }
Thanks for the updated comment. Exactly what I was looking for!
--
Michal Hocko
SUSE Labs
Re: [PATCH v2] mm: teach dump_page() to correctly output poisoned struct pages
On Mon 02-07-18 14:05:36, Pavel Tatashin wrote:
[...]
> void __dump_page(struct page *page, const char *reason)
> {
> + bool page_poisoned = PagePoisoned(page);
> + int mapcount;
> +
> + /*
> + * If struct page is poisoned don't access Page*() functions as that
> + * leads to recursive loop. Page*() check for poisoned pages, and calls
> + * dump_page() when detected.
> + */
> + if (page_poisoned) {
> + pr_emerg("page:%px is uninitialized and poisoned", page);
> + goto hex_only;
> + }
Thanks for the updated comment. Exactly what I was looking for!
--
Michal Hocko
SUSE Labs
[PATCH v2] mm: teach dump_page() to correctly output poisoned struct pages
If struct page is poisoned, and uninitialized access is detected via
PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
the dump_page() itself accesses struct page to determine how to print
it, and therefore gets into a recursive loop.
For example:
dump_page()
__dump_page()
PageSlab(page)
PF_POISONED_CHECK(page)
VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
dump_page() recursion loop.
Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")
Signed-off-by: Pavel Tatashin
Acked-by: Michal Hocko
---
mm/debug.c | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/mm/debug.c b/mm/debug.c
index 56e2d9125ea5..38c926520c97 100644
--- a/mm/debug.c
+++ b/mm/debug.c
@@ -43,12 +43,25 @@ const struct trace_print_flags vmaflag_names[] = {
void __dump_page(struct page *page, const char *reason)
{
+ bool page_poisoned = PagePoisoned(page);
+ int mapcount;
+
+ /*
+* If struct page is poisoned don't access Page*() functions as that
+* leads to recursive loop. Page*() check for poisoned pages, and calls
+* dump_page() when detected.
+*/
+ if (page_poisoned) {
+ pr_emerg("page:%px is uninitialized and poisoned", page);
+ goto hex_only;
+ }
+
/*
* Avoid VM_BUG_ON() in page_mapcount().
* page->_mapcount space in struct page is used by sl[aou]b pages to
* encode own info.
*/
- int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
+ mapcount = PageSlab(page) ? 0 : page_mapcount(page);
pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
page, page_ref_count(page), mapcount,
@@ -60,6 +73,7 @@ void __dump_page(struct page *page, const char *reason)
pr_emerg("flags: %#lx(%pGp)\n", page->flags, >flags);
+hex_only:
print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
sizeof(unsigned long), page,
sizeof(struct page), false);
@@ -68,7 +82,7 @@ void __dump_page(struct page *page, const char *reason)
pr_alert("page dumped because: %s\n", reason);
#ifdef CONFIG_MEMCG
- if (page->mem_cgroup)
+ if (!page_poisoned && page->mem_cgroup)
pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
#endif
}
--
2.18.0
[PATCH v2] mm: teach dump_page() to correctly output poisoned struct pages
If struct page is poisoned, and uninitialized access is detected via
PF_POISONED_CHECK(page) dump_page() is called to output the page. But,
the dump_page() itself accesses struct page to determine how to print
it, and therefore gets into a recursive loop.
For example:
dump_page()
__dump_page()
PageSlab(page)
PF_POISONED_CHECK(page)
VM_BUG_ON_PGFLAGS(PagePoisoned(page), page)
dump_page() recursion loop.
Fixes: f165b378bbdf ("mm: uninitialized struct page poisoning sanity checking")
Signed-off-by: Pavel Tatashin
Acked-by: Michal Hocko
---
mm/debug.c | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/mm/debug.c b/mm/debug.c
index 56e2d9125ea5..38c926520c97 100644
--- a/mm/debug.c
+++ b/mm/debug.c
@@ -43,12 +43,25 @@ const struct trace_print_flags vmaflag_names[] = {
void __dump_page(struct page *page, const char *reason)
{
+ bool page_poisoned = PagePoisoned(page);
+ int mapcount;
+
+ /*
+* If struct page is poisoned don't access Page*() functions as that
+* leads to recursive loop. Page*() check for poisoned pages, and calls
+* dump_page() when detected.
+*/
+ if (page_poisoned) {
+ pr_emerg("page:%px is uninitialized and poisoned", page);
+ goto hex_only;
+ }
+
/*
* Avoid VM_BUG_ON() in page_mapcount().
* page->_mapcount space in struct page is used by sl[aou]b pages to
* encode own info.
*/
- int mapcount = PageSlab(page) ? 0 : page_mapcount(page);
+ mapcount = PageSlab(page) ? 0 : page_mapcount(page);
pr_emerg("page:%px count:%d mapcount:%d mapping:%px index:%#lx",
page, page_ref_count(page), mapcount,
@@ -60,6 +73,7 @@ void __dump_page(struct page *page, const char *reason)
pr_emerg("flags: %#lx(%pGp)\n", page->flags, >flags);
+hex_only:
print_hex_dump(KERN_ALERT, "raw: ", DUMP_PREFIX_NONE, 32,
sizeof(unsigned long), page,
sizeof(struct page), false);
@@ -68,7 +82,7 @@ void __dump_page(struct page *page, const char *reason)
pr_alert("page dumped because: %s\n", reason);
#ifdef CONFIG_MEMCG
- if (page->mem_cgroup)
+ if (!page_poisoned && page->mem_cgroup)
pr_alert("page->mem_cgroup:%px\n", page->mem_cgroup);
#endif
}
--
2.18.0
