From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9993C433E1 for ; Wed, 19 Aug 2020 19:10:32 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 7EE7A20674 for ; Wed, 19 Aug 2020 19:10:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="b4dvNmtA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7EE7A20674 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nvidia.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id F36C98D0019; Wed, 19 Aug 2020 15:10:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EE8738D0003; Wed, 19 Aug 2020 15:10:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DD9078D0019; Wed, 19 Aug 2020 15:10:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0225.hostedemail.com [216.40.44.225]) by kanga.kvack.org (Postfix) with ESMTP id C6B1C8D0003 for ; Wed, 19 Aug 2020 15:10:31 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 6D224362C for ; Wed, 19 Aug 2020 19:10:31 +0000 (UTC) X-FDA: 77168259462.16.sky51_4d03f372702a Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id 329BA100E6917 for ; Wed, 19 Aug 2020 19:10:31 +0000 (UTC) X-HE-Tag: sky51_4d03f372702a X-Filterd-Recvd-Size: 4943 Received: from hqnvemgate25.nvidia.com (hqnvemgate25.nvidia.com [216.228.121.64]) by imf22.hostedemail.com (Postfix) with ESMTP for ; Wed, 19 Aug 2020 19:10:30 +0000 (UTC) Received: from hqpgpgate102.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate25.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA) id ; Wed, 19 Aug 2020 12:09:30 -0700 Received: from hqmail.nvidia.com ([172.20.161.6]) by hqpgpgate102.nvidia.com (PGP Universal service); Wed, 19 Aug 2020 12:10:29 -0700 X-PGP-Universal: processed; by hqpgpgate102.nvidia.com on Wed, 19 Aug 2020 12:10:29 -0700 Received: from [10.2.49.218] (172.20.13.39) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 19 Aug 2020 19:10:28 +0000 Subject: Re: [PATCH] mm/debug: Do not dereference i_ino blindly To: "Matthew Wilcox (Oracle)" , CC: Andrew Morton , Mike Rapoport , Vlastimil Babka References: <20200819185710.28180-1-willy@infradead.org> From: John Hubbard Message-ID: <2473ed5e-1f88-4cb1-825e-857fc2d9c42c@nvidia.com> Date: Wed, 19 Aug 2020 12:10:28 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <20200819185710.28180-1-willy@infradead.org> X-Originating-IP: [172.20.13.39] X-ClientProxiedBy: HQMAIL107.nvidia.com (172.20.187.13) To HQMAIL107.nvidia.com (172.20.187.13) Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1597864170; bh=vJOUBrsfj4xfcZDcn/P4sWiv9hnKQLofOnZAHXNhve0=; h=X-PGP-Universal:Subject:To:CC:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:X-Originating-IP: X-ClientProxiedBy:Content-Type:Content-Language: Content-Transfer-Encoding; b=b4dvNmtAVMiH5r4HRP7CUbKvqXgO0OMBMYKlDDQ1c+g8eeqMLOBm/+/qPTdLw9NRp o963QDZghxVzPbVghnBXf2bVIRWwTU/Y6JZRHsWh8n74VdDL8ps9O7Ns5ZFtXoHjcm vYycPHqJLVXvAk7nQaNjMeI9vLx9tkiRACesU5re3wOivOxDfhAhk3Q5tBWtmop+kX WXaqN/WifJlveiCppGm/hxKonNve3F0bBj9LPY0qDOM2PFl1ZMAmrh77u0WbsrYUaG 8CPSMLwf96sF6JFQXHKPxu5QbKQO+za6uG+24YJhB/bBE0Oz0mZM+BBxSaNMgaAFUR zEFGkAbgx0f/g== X-Rspamd-Queue-Id: 329BA100E6917 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam05 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 8/19/20 11:57 AM, Matthew Wilcox (Oracle) wrote: > We check i_dentry is fetchable and i_ino is earlier in the struct > than i_ino, so it ought to work fine, but it's possible that struct > randomisation has reordered i_ino after i_dentry and the pointer is > just wild enough that i_dentry is fetchable and i_ino isn't. > > Also print the inode number if the dentry is invalid. > > Reported-by: Vlastimil Babka > Signed-off-by: Matthew Wilcox (Oracle) > --- > mm/debug.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > It's hard to write software that reports what's wrong with itself. Let's just keep adding to the pile, then. :) Reviewed-by: John Hubbard thanks, -- John Hubbard NVIDIA > diff --git a/mm/debug.c b/mm/debug.c > index ca8d1cacdecc..2a767865145c 100644 > --- a/mm/debug.c > +++ b/mm/debug.c > @@ -120,6 +120,7 @@ void __dump_page(struct page *page, const char *reason) > struct hlist_node *dentry_first; > struct dentry *dentry_ptr; > struct dentry dentry; > + unsigned long ino; > > /* > * mapping can be invalid pointer and we don't want to crash > @@ -136,21 +137,22 @@ void __dump_page(struct page *page, const char *reason) > goto out_mapping; > } > > - if (get_kernel_nofault(dentry_first, &host->i_dentry.first)) { > + if (get_kernel_nofault(dentry_first, &host->i_dentry.first) || > + get_kernel_nofault(ino, &host->i_ino)) { > pr_warn("aops:%ps with invalid host inode %px\n", > a_ops, host); > goto out_mapping; > } > > if (!dentry_first) { > - pr_warn("aops:%ps ino:%lx\n", a_ops, host->i_ino); > + pr_warn("aops:%ps ino:%lx\n", a_ops, ino); > goto out_mapping; > } > > dentry_ptr = container_of(dentry_first, struct dentry, d_u.d_alias); > if (get_kernel_nofault(dentry, dentry_ptr)) { > - pr_warn("aops:%ps with invalid dentry %px\n", a_ops, > - dentry_ptr); > + pr_warn("aops:%ps ino:%lx with invalid dentry %px\n", > + a_ops, ino, dentry_ptr); > } else { > /* > * if dentry is corrupted, the %pd handler may still > @@ -158,7 +160,7 @@ void __dump_page(struct page *page, const char *reason) > * corrupted struct page > */ > pr_warn("aops:%ps ino:%lx dentry name:\"%pd\"\n", > - a_ops, host->i_ino, &dentry); > + a_ops, ino, &dentry); > } > } > out_mapping: >