Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp2786564ybg; Mon, 28 Oct 2019 02:20:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqzLwKa844QyuAB6fRY2cf5xPQB4FW8BqCSsQYHVSOcHfaKPeZ+qdT7g7L8JdUNASDY8eF+c X-Received: by 2002:a17:906:e20d:: with SMTP id gf13mr14943872ejb.176.1572254443384; Mon, 28 Oct 2019 02:20:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572254443; cv=none; d=google.com; s=arc-20160816; b=zpKfTEnIZv7pElzKpn3LwN88Wi9wU9wQixftFM4iY6pd5tdRZhXyLZ9hxDsi61Ua3z 8cG8CPZX0XPANPqEtKGszULDaXxaHFM2OGf5QRZLhiX5rO8sJr6KnZeqakZDtvCVlNcP LHvPd4Yi5WcsrT1D26EqU0WcEQLqVWpoOMAw3m5vbcHhTiQJSZojz4vyoW5R24G1C4FH pP+42dM5u7R7Ld7Bbxeue0FlOayuaFTPrCSOe0+qyFDKH8HqqsIowPq4V5K9T8on4qoo xymUvTWklv3OYopcAWbt1PK1tZfKZp065zi3LjPHBjP9jBv0LvOExtsD/xzmxSqYfSZT UDWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pN7FM0lE41qOjZS4XmKVC/Hk2KYhKE1dC3vb3MxmHLI=; b=qXgXJUi0vxbgr9Wh80l1GveZAuEguc0TuIR2c2UwRsgkFLgn3WTEm7WZBSNBSXuGPu 69tF2xf66bIs2zBHeCIrAQxfxGUS/yYKuk6mtm9i8g3uzmyDnHPk4VPUvpdrQToQo578 A5T2fCxTZjeTwJEMsWfZwkhFcQs8qcGsMCA4mLOhbwE2VpI10uFX3jgtGCP9I8wd4tkg B2X7U6v9MIHKOdUIpW1qKYehjdShq1dwsBRzYD2/eTc/vbxXa9BUz7TSpw9K8xNHuR5r eK8uEHqzuVCy00TMPE0a5VSqmMgn8O5zf//B0oOzH3jeYWKG/d0Nd2/F9Krc1QWO4qSn BvWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gsuENh9v; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l15si6742866edb.81.2019.10.28.02.20.20; Mon, 28 Oct 2019 02:20:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=gsuENh9v; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732463AbfJ0VYM (ORCPT + 99 others); Sun, 27 Oct 2019 17:24:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:45578 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730777AbfJ0VYG (ORCPT ); Sun, 27 Oct 2019 17:24:06 -0400 Received: from localhost (100.50.158.77.rev.sfr.net [77.158.50.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0727A21726; Sun, 27 Oct 2019 21:24:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572211445; bh=ZGKy0LfQM2/wY5dYcXvQFbwuLbdK5gPKL1YPowHNLoM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gsuENh9vddJXKUaXv3cLDhGlYbCshjCZmMpyqfC+xBRbFEd2fff/YFBYVopeGUstz jgSIpSwdpN0v3eZVjL+WSpf71F6VQQmMDpQTH3F01baLBsIJs77dT4a1NniZJwAeKf d8uhjbLMsRF51QWRw0MDXjqtmbwZKQDWLXparITA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jane Chu , Naoya Horiguchi , Dan Williams , Michal Hocko , Andrew Morton , Linus Torvalds Subject: [PATCH 5.3 154/197] mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped more than once Date: Sun, 27 Oct 2019 22:01:12 +0100 Message-Id: <20191027203400.001440568@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191027203351.684916567@linuxfoundation.org> References: <20191027203351.684916567@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jane Chu commit 3d7fed4ad8ccb691d217efbb0f934e6a4df5ef91 upstream. Mmap /dev/dax more than once, then read the poison location using address from one of the mappings. The other mappings due to not having the page mapped in will cause SIGKILLs delivered to the process. SIGKILL succeeds over SIGBUS, so user process loses the opportunity to handle the UE. Although one may add MAP_POPULATE to mmap(2) to work around the issue, MAP_POPULATE makes mapping 128GB of pmem several magnitudes slower, so isn't always an option. Details - ndctl inject-error --block=10 --count=1 namespace6.0 ./read_poison -x dax6.0 -o 5120 -m 2 mmaped address 0x7f5bb6600000 mmaped address 0x7f3cf3600000 doing local read at address 0x7f3cf3601400 Killed Console messages in instrumented kernel - mce: Uncorrected hardware memory error in user-access at edbe201400 Memory failure: tk->addr = 7f5bb6601000 Memory failure: address edbe201: call dev_pagemap_mapping_shift dev_pagemap_mapping_shift: page edbe201: no PUD Memory failure: tk->size_shift == 0 Memory failure: Unable to find user space address edbe201 in read_poison Memory failure: tk->addr = 7f3cf3601000 Memory failure: address edbe201: call dev_pagemap_mapping_shift Memory failure: tk->size_shift = 21 Memory failure: 0xedbe201: forcibly killing read_poison:22434 because of failure to unmap corrupted page => to deliver SIGKILL Memory failure: 0xedbe201: Killing read_poison:22434 due to hardware memory corruption => to deliver SIGBUS Link: http://lkml.kernel.org/r/1565112345-28754-3-git-send-email-jane.chu@oracle.com Signed-off-by: Jane Chu Suggested-by: Naoya Horiguchi Reviewed-by: Dan Williams Acked-by: Naoya Horiguchi Cc: Michal Hocko Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/memory-failure.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -199,7 +199,6 @@ struct to_kill { struct task_struct *tsk; unsigned long addr; short size_shift; - char addr_valid; }; /* @@ -324,22 +323,27 @@ static void add_to_kill(struct task_stru } } tk->addr = page_address_in_vma(p, vma); - tk->addr_valid = 1; if (is_zone_device_page(p)) tk->size_shift = dev_pagemap_mapping_shift(p, vma); else tk->size_shift = compound_order(compound_head(p)) + PAGE_SHIFT; /* - * In theory we don't have to kill when the page was - * munmaped. But it could be also a mremap. Since that's - * likely very rare kill anyways just out of paranoia, but use - * a SIGKILL because the error is not contained anymore. + * Send SIGKILL if "tk->addr == -EFAULT". Also, as + * "tk->size_shift" is always non-zero for !is_zone_device_page(), + * so "tk->size_shift == 0" effectively checks no mapping on + * ZONE_DEVICE. Indeed, when a devdax page is mmapped N times + * to a process' address space, it's possible not all N VMAs + * contain mappings for the page, but at least one VMA does. + * Only deliver SIGBUS with payload derived from the VMA that + * has a mapping for the page. */ - if (tk->addr == -EFAULT || tk->size_shift == 0) { + if (tk->addr == -EFAULT) { pr_info("Memory failure: Unable to find user space address %lx in %s\n", page_to_pfn(p), tsk->comm); - tk->addr_valid = 0; + } else if (tk->size_shift == 0) { + kfree(tk); + return; } get_task_struct(tsk); tk->tsk = tsk; @@ -366,7 +370,7 @@ static void kill_procs(struct list_head * make sure the process doesn't catch the * signal and then access the memory. Just kill it. */ - if (fail || tk->addr_valid == 0) { + if (fail || tk->addr == -EFAULT) { pr_err("Memory failure: %#lx: forcibly killing %s:%d because of failure to unmap corrupted page\n", pfn, tk->tsk->comm, tk->tsk->pid); do_send_sig_info(SIGKILL, SEND_SIG_PRIV,