Received: by 10.223.164.202 with SMTP id h10csp120030wrb; Tue, 7 Nov 2017 03:58:01 -0800 (PST) X-Google-Smtp-Source: ABhQp+RzJUnwLcglYKIi7sv+IMUorGl0un2Uv8r2OOz+WEXRxx95jgQAkUdhIu1qO7n0i3U9x76j X-Received: by 10.98.147.197 with SMTP id r66mr20496293pfk.20.1510055881438; Tue, 07 Nov 2017 03:58:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510055881; cv=none; d=google.com; s=arc-20160816; b=m9WOr4tUchUL9hYGBibfEh58UoOpBsecbn0K8PxrXDDGnYMf5L2eNNOgL9T5Z4AWmr dlLIz/2l12z0igduiUCS/SNXXZ1nixdQL2YSlFqrqLH3pB2T/OTyUY4lVYkhD01+Z++z of3+SJoL3rvNPqzI2+0JhVzyVuiAFbRny0Llg7U+kun3lsHdWcTmBaCr7bQqz+omyBNl fnEpF+4Ce3Y+ftJTIPIp/ii9r+o0KdwOUD53StkRLOFi7lNnZJTTCP6JwlsuWegJqgO9 fKFYUozOKe6u6vJjGsEe59TIZJVgsPJH3FUeOwTTtBKSUyA+rBINd/h56pMWygunWnn+ gAmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=QZ+/1WsQEs81J4krzvkx5iwrvL/HYMZklTDtubPu/Zg=; b=Z990IvrLWBJxIVot51Tpd6zV1H7AK+cH+Izm5enlG7L9RXBM4Ecsf2mvZae6s0Ty+T Xy+b+VcjcytlEUVAu1cPT6yTfs0zciFnPaqDjD/qlN2lJK0jCxJwfSF1ooPxiBG10aLQ DBjv6+Z0aFE7ekd+1hGPZbxOLDYD96J5dvixizhfl5m6EqvvTGRFpklgBM1pBg9ZsrPM jdBzG40aLITLe59pHw4D4jGiPkfpQ5OL8z8GWq/3Kk0aSCS97EjgYEftUIulu8vLBsTZ 66WZOIs6ZCzUGD6LfHp0HA+UudTmc79jNl7qo7Sr1ShDmjOK0pTypAvYOraWSxzqChUi q09A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x11si1032385plv.4.2017.11.07.03.57.47; Tue, 07 Nov 2017 03:58:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756759AbdKGJrg (ORCPT + 91 others); Tue, 7 Nov 2017 04:47:36 -0500 Received: from mx2.suse.de ([195.135.220.15]:51363 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753174AbdKGJrd (ORCPT ); Tue, 7 Nov 2017 04:47:33 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 1FE24AAC8; Tue, 7 Nov 2017 09:47:32 +0000 (UTC) Date: Tue, 7 Nov 2017 10:47:30 +0100 From: Michal Hocko To: Jaewon Kim Cc: akpm@linux-foundation.org, vbabka@suse.cz, minchan@kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, jaewon31.kim@gmail.com, Joonsoo Kim Subject: Re: [PATCH] mm: page_ext: check if page_ext is not prepared Message-ID: <20171107094730.5732nqqltx2miszq@dhcp22.suse.cz> References: <20171107094131.14621-1-jaewon31.kim@samsung.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171107094131.14621-1-jaewon31.kim@samsung.com> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [CC Joonsoo] On Tue 07-11-17 18:41:31, Jaewon Kim wrote: > online_page_ext and page_ext_init allocate page_ext for each section, but > they do not allocate if the first PFN is !pfn_present(pfn) or > !pfn_valid(pfn). Then section->page_ext remains as NULL. lookup_page_ext > checks NULL only if CONFIG_DEBUG_VM is enabled. For a valid PFN, > __set_page_owner will try to get page_ext through lookup_page_ext. > Without CONFIG_DEBUG_VM lookup_page_ext will misuse NULL pointer as value > 0. This incurrs invalid address access. > > This is the panic example when PFN 0x100000 is not valid but PFN 0x13FC00 > is being used for page_ext. section->page_ext is NULL, get_entry returned > invalid page_ext address as 0x1DFA000 for a PFN 0x13FC00. > > To avoid this panic, CONFIG_DEBUG_VM should be removed so that page_ext > will be checked at all times. > > <1>[ 11.618085] Unable to handle kernel paging request at virtual address 01dfa014 > <1>[ 11.618140] pgd = ffffffc0c6dc9000 > <1>[ 11.618174] [01dfa014] *pgd=0000000000000000, *pud=0000000000000000 > <4>[ 11.618240] ------------[ cut here ]------------ > <2>[ 11.618278] Kernel BUG at ffffff80082371e0 [verbose debug info unavailable] > <0>[ 11.618338] Internal error: Oops: 96000045 [#1] PREEMPT SMP > <4>[ 11.618381] Modules linked in: > <4>[ 11.618524] task: ffffffc0c6ec9180 task.stack: ffffffc0c6f40000 > <4>[ 11.618569] PC is at __set_page_owner+0x48/0x78 > <4>[ 11.618607] LR is at __set_page_owner+0x44/0x78 > <4>[ 11.626025] [] __set_page_owner+0x48/0x78 > <4>[ 11.626071] [] get_page_from_freelist+0x880/0x8e8 > <4>[ 11.626118] [] __alloc_pages_nodemask+0x14c/0xc48 > <4>[ 11.626165] [] __do_page_cache_readahead+0xdc/0x264 > <4>[ 11.626214] [] filemap_fault+0x2ac/0x550 > <4>[ 11.626259] [] ext4_filemap_fault+0x3c/0x58 > <4>[ 11.626305] [] __do_fault+0x80/0x120 > <4>[ 11.626347] [] handle_mm_fault+0x704/0xbb0 > <4>[ 11.626393] [] do_page_fault+0x2e8/0x394 > <4>[ 11.626437] [] do_mem_abort+0x88/0x124 > I suspec this goes all the way down to when page_ext has been resurrected. It is quite interesting that nobody has noticed this in 3 years but maybe the feature is not used all that much and the HW has to be quite special to trigger. Anyway the following should be added Fixes: eefa864b701d ("mm/page_ext: resurrect struct page extending code for debugging") Cc: stable > Signed-off-by: Jaewon Kim Acked-by: Michal Hocko > --- > mm/page_ext.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/mm/page_ext.c b/mm/page_ext.c > index 32f18911deda..114a4d3dcc3c 100644 > --- a/mm/page_ext.c > +++ b/mm/page_ext.c > @@ -124,7 +124,6 @@ struct page_ext *lookup_page_ext(struct page *page) > struct page_ext *base; > > base = NODE_DATA(page_to_nid(page))->node_page_ext; > -#if defined(CONFIG_DEBUG_VM) > /* > * The sanity checks the page allocator does upon freeing a > * page can reach here before the page_ext arrays are > @@ -133,7 +132,6 @@ struct page_ext *lookup_page_ext(struct page *page) > */ > if (unlikely(!base)) > return NULL; > -#endif > index = pfn - round_down(node_start_pfn(page_to_nid(page)), > MAX_ORDER_NR_PAGES); > return get_entry(base, index); > @@ -198,7 +196,6 @@ struct page_ext *lookup_page_ext(struct page *page) > { > unsigned long pfn = page_to_pfn(page); > struct mem_section *section = __pfn_to_section(pfn); > -#if defined(CONFIG_DEBUG_VM) > /* > * The sanity checks the page allocator does upon freeing a > * page can reach here before the page_ext arrays are > @@ -207,7 +204,6 @@ struct page_ext *lookup_page_ext(struct page *page) > */ > if (!section->page_ext) > return NULL; > -#endif > return get_entry(section->page_ext, pfn); > } > > -- > 2.13.0 > -- Michal Hocko SUSE Labs From 1583564098576674679@xxx Thu Nov 09 05:13:29 +0000 2017 X-GM-THRID: 1583564098576674679 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread