From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=/2eA=3Q=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,
	USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2B9FEC32771
	for <linux-mm@archiver.kernel.org>; Mon, 27 Jan 2020 10:30:42 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D5647207FD
	for <linux-mm@archiver.kernel.org>; Mon, 27 Jan 2020 10:30:41 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Bro+uHw7"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D5647207FD
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 70F476B0006; Mon, 27 Jan 2020 05:30:41 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6C0546B0007; Mon, 27 Jan 2020 05:30:41 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5AFC46B0008; Mon, 27 Jan 2020 05:30:41 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0051.hostedemail.com [216.40.44.51])
	by kanga.kvack.org (Postfix) with ESMTP id 432336B0006
	for <linux-mm@kvack.org>; Mon, 27 Jan 2020 05:30:41 -0500 (EST)
Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with SMTP id 09C592493
	for <linux-mm@kvack.org>; Mon, 27 Jan 2020 10:30:41 +0000 (UTC)
X-FDA: 76423045482.21.rifle46_5ea541cd201a
X-HE-Tag: rifle46_5ea541cd201a
X-Filterd-Recvd-Size: 9441
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	by imf36.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 27 Jan 2020 10:30:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1580121040;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=G1GFzdJ0DQ1qjF0ORbkQDEQvblbFypL6jJrmuNkjQm4=;
	b=Bro+uHw76fIi0CRkqNzM/rlqlmxN3dtIlUPJqIapuczCnGFR0aViU4xcqqj4ZaOkXwCthH
	GMIxRGKeV2ZRcwnF52Q+pTEkcyYYPMrnIpRGHsQBpGHie8rLOlOqSliLikCKBfx6oEM1le
	qXCJ8EOMnV6R0iuVSzy7X3t7TWiQcCo=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-53-Roito7xGNzijEu2OjIkyVw-1; Mon, 27 Jan 2020 05:30:38 -0500
Received: by mail-wm1-f72.google.com with SMTP id z7so753283wmi.0
        for <linux-mm@kvack.org>; Mon, 27 Jan 2020 02:30:37 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=B5seMdInBob5KBB/Ici0anA5L1DZMOsToJq/Z5iUw2E=;
        b=ptwn6gZcit6LOypx0MOE1u+VpNv0wDP0LCbscGzuLMUOHX0A2zN3CuHt9O008yFunJ
         SVywXotrn/N/CGJXM76n2VJulcFD3NLDz/5gCSp8MkoOlBKMfrpJYqp6Ae2jaLl382Vk
         0UqWM5bMI3x7yJRBQn5qVBP5Hx3HsXKc8m6klVcBRGVwzxYhdr4P4I+tqzidDldotNCh
         P89vgJauw5WDg5Rwxch757+4TxEX/zOQ0UV5OhmS6ymaGRAdRrrrJbzL++iaOteYV4NO
         jOEuWLEwLwpIfnbIJKlFFeTS1VqfNXBTy7ys6DfXrVXzyT2Z4ZoFO+wFnQZTloawzaJX
         Zn7Q==
X-Gm-Message-State: APjAAAXT1xK8NH2CCgvIYxvKtS+5+/A3ibcldx/SGIvKsye4mKu9CNaY
	IxiUAMIwF/v+g6uQ5PjfLY8/o5rjMi9NYMIsWJg6k6mebPwvpmU8w1AxZZKSVDe5IN07k0nxiLq
	ncvPpYND44Q==
X-Received: by 2002:a05:600c:20c1:: with SMTP id y1mr5646040wmm.164.1580121036577;
        Mon, 27 Jan 2020 02:30:36 -0800 (PST)
X-Google-Smtp-Source: APXvYqxNP1yLOiuz11SqkgN+NSgVx33ZKZPJzCymBsy7575Ijof+Xt9mNxslTm1pwcw9yz9/cYbQrg==
X-Received: by 2002:a05:600c:20c1:: with SMTP id y1mr5646000wmm.164.1580121036206;
        Mon, 27 Jan 2020 02:30:36 -0800 (PST)
Received: from localhost (cpc111743-lutn13-2-0-cust844.9-3.cable.virginm.net. [82.17.115.77])
        by smtp.gmail.com with ESMTPSA id w22sm17514661wmk.34.2020.01.27.02.30.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 27 Jan 2020 02:30:35 -0800 (PST)
Date: Mon, 27 Jan 2020 10:30:34 +0000
From: Aaron Tomlin <atomlin@redhat.com>
To: Grzegorz Halat <ghalat@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-fsdevel@vger.kernel.org, linux-doc@vger.kernel.org,
	ssaner@redhat.com, oleksandr@redhat.com, vbendel@redhat.com,
	kirill@shutemov.name, khlebnikov@yandex-team.ru,
	borntraeger@de.ibm.com, Andrew Morton <akpm@linux-foundation.org>,
	Iurii Zaikin <yzaikin@google.com>,
	Kees Cook <keescook@chromium.org>,
	Luis Chamberlain <mcgrof@kernel.org>,
	Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH 1/1] mm: sysctl: add panic_on_mm_error sysctl
Message-ID: <20200127103034.lb2piuvtohwqysbs@atomlin.usersys.com>
References: <20200127101100.92588-1-ghalat@redhat.com>
MIME-Version: 1.0
In-Reply-To: <20200127101100.92588-1-ghalat@redhat.com>
X-PGP-Key: http://pgp.mit.edu/pks/lookup?search=atomlin%40redhat.com
X-PGP-Fingerprint: 7906 84EB FA8A 9638 8D1E  6E9B E2DE 9658 19CC 77D6
User-Agent: NeoMutt/20180716-1637-ee8449
X-MC-Unique: Roito7xGNzijEu2OjIkyVw-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon 2020-01-27 11:11 +0100, Grzegorz Halat wrote:
> Memory management subsystem performs various checks at runtime,
> if an inconsistency is detected then such event is being logged and kerne=
l
> continues to run. While debugging such problems it is helpful to collect
> memory dump as early as possible. Currently, there is no easy way to pani=
c
> kernel when such error is detected.
>=20
> It was proposed[1] to panic the kernel if panic_on_oops is set but this
> approach was not accepted. One of alternative proposals was introduction =
of
> a new sysctl.
>=20
> The patch adds panic_on_mm_error sysctl. If the sysctl is set then the
> kernel will be crashed when an inconsistency is detected by memory
> management. This currently means panic when bad page or bad PTE
> is detected(this may be extended to other places in MM).
>=20
> Another use case of this sysctl may be in security-wise environments,
> it may be more desired to crash machine than continue to run with
> potentially damaged data structures.
>=20
> [1] https://marc.info/?l=3Dlinux-mm&m=3D142649500728327&w=3D2
>=20
> Signed-off-by: Grzegorz Halat <ghalat@redhat.com>
> ---
>  Documentation/admin-guide/sysctl/kernel.rst | 12 ++++++++++++
>  include/linux/kernel.h                      |  1 +
>  kernel/sysctl.c                             |  9 +++++++++
>  mm/memory.c                                 |  7 +++++++
>  mm/page_alloc.c                             |  4 +++-
>  5 files changed, 32 insertions(+), 1 deletion(-)
>=20
> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/=
admin-guide/sysctl/kernel.rst
> index def074807cee..2fecd6b2547e 100644
> --- a/Documentation/admin-guide/sysctl/kernel.rst
> +++ b/Documentation/admin-guide/sysctl/kernel.rst
> @@ -61,6 +61,7 @@ show up in /proc/sys/kernel:
>  - overflowgid
>  - overflowuid
>  - panic
> +- panic_on_mm_error
>  - panic_on_oops
>  - panic_on_stackoverflow
>  - panic_on_unrecovered_nmi
> @@ -611,6 +612,17 @@ an IO error.
>     and you can use this option to take a crash dump.
> =20
> =20
> +panic_on_mm_error:
> +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> +
> +Controls the kernel's behaviour when inconsistency is detected
> +by memory management code, for example bad page state or bad PTE.
> +
> +0: try to continue operation.
> +
> +1: panic immediately.
> +
> +
>  panic_on_oops:
>  =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =20
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 0d9db2a14f44..5f9d408512ff 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -518,6 +518,7 @@ extern int oops_in_progress;=09=09/* If set, an oops,=
 panic(), BUG() or die() is in
>  extern int panic_timeout;
>  extern unsigned long panic_print;
>  extern int panic_on_oops;
> +extern int panic_on_mm_error;
>  extern int panic_on_unrecovered_nmi;
>  extern int panic_on_io_nmi;
>  extern int panic_on_warn;
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 70665934d53e..6477e1cce28b 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -1238,6 +1238,15 @@ static struct ctl_table kern_table[] =3D {
>  =09=09.extra1=09=09=3D SYSCTL_ZERO,
>  =09=09.extra2=09=09=3D SYSCTL_ONE,
>  =09},
> +=09{
> +=09=09.procname=09=3D "panic_on_mm_error",
> +=09=09.data=09=09=3D &panic_on_mm_error,
> +=09=09.maxlen=09=09=3D sizeof(int),
> +=09=09.mode=09=09=3D 0644,
> +=09=09.proc_handler=09=3D proc_dointvec_minmax,
> +=09=09.extra1=09=09=3D SYSCTL_ZERO,
> +=09=09.extra2=09=09=3D SYSCTL_ONE,
> +=09},
>  #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON)
>  =09{
>  =09=09.procname=09=3D "timer_migration",
> diff --git a/mm/memory.c b/mm/memory.c
> index 45442d9a4f52..cce74ff39447 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -71,6 +71,7 @@
>  #include <linux/dax.h>
>  #include <linux/oom.h>
>  #include <linux/numa.h>
> +#include <linux/module.h>
> =20
>  #include <trace/events/kmem.h>
> =20
> @@ -88,6 +89,8 @@
>  #warning Unfortunate NUMA and NUMA Balancing config, growing page-frame =
for last_cpupid.
>  #endif
> =20
> +int panic_on_mm_error __read_mostly;
> +
>  #ifndef CONFIG_NEED_MULTIPLE_NODES
>  /* use the per-pgdat data instead for discontigmem - mbligh */
>  unsigned long max_mapnr;
> @@ -543,6 +546,10 @@ static void print_bad_pte(struct vm_area_struct *vma=
, unsigned long addr,
>  =09=09 vma->vm_ops ? vma->vm_ops->fault : NULL,
>  =09=09 vma->vm_file ? vma->vm_file->f_op->mmap : NULL,
>  =09=09 mapping ? mapping->a_ops->readpage : NULL);
> +
> +=09print_modules();
> +=09if (panic_on_mm_error)
> +=09=09panic("Bad page map detected");
>  =09dump_stack();
>  =09add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
>  }
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index d047bf7d8fd4..2ea6a65ba011 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -643,9 +643,11 @@ static void bad_page(struct page *page, const char *=
reason,
>  =09if (bad_flags)
>  =09=09pr_alert("bad because of flags: %#lx(%pGp)\n",
>  =09=09=09=09=09=09bad_flags, &bad_flags);
> -=09dump_page_owner(page);
> =20
> +=09dump_page_owner(page);
>  =09print_modules();
> +=09if (panic_on_mm_error)
> +=09=09panic("Bad page state detected");
>  =09dump_stack();
>  out:
>  =09/* Leave bad fields for debug, except PageBuddy could make trouble */

Reviewed-by: Aaron Tomlin <atomlin@redhat.com>

--=20
Aaron Tomlin