Re: [PATCH RFC 01/14] mm/memory: drop highest_memmap_pfn sanity check in vm_normal_page()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07.07.25 08:31, Hugh Dickins wrote:

On Fri, 4 Jul 2025, David Hildenbrand wrote:

On 03.07.25 16:44, Lance Yang wrote:

On 2025/7/3 20:39, David Hildenbrand wrote:

On 03.07.25 14:34, Lance Yang wrote:

On Mon, Jun 23, 2025 at 10:04 PM David Hildenbrand <david@xxxxxxxxxx>
wrote:


On 20.06.25 14:50, Oscar Salvador wrote:

On Tue, Jun 17, 2025 at 05:43:32PM +0200, David Hildenbrand wrote:

In 2009, we converted a VM_BUG_ON(!pfn_valid(pfn)) to the current
highest_memmap_pfn sanity check in commit 22b31eec63e5 ("badpage:
vm_normal_page use print_bad_pte"), because highest_memmap_pfn was
readily available.

Nowadays, this is the last remaining highest_memmap_pfn user, and this
sanity check is not really triggering ... frequently.

Let's convert it to VM_WARN_ON_ONCE(!pfn_valid(pfn)), so we can
simplify and get rid of highest_memmap_pfn. Checking for
pfn_to_online_page() might be even better, but it would not handle
ZONE_DEVICE properly.

Do the same in vm_normal_page_pmd(), where we don't even report a
problem at all ...

What might be better in the future is having a runtime option like
page-table-check to enable such checks dynamically on-demand.
Something
for the future.

Signed-off-by: David Hildenbrand <david@xxxxxxxxxx>


The author of 22b31eec63e5 thinks this is not at all an improvement.
Of course the condition is not triggering frequently, of course it
should not happen: but it does happen, and it still seems worthwhile
to catch it in production with a "Bad page map" than to let it run on
to whatever kind of crash it hits instead.


Well, obviously I don't agree and was waiting for having this discussion :)
We catch corruption in a handful of PTE bits, and that's about it. You neither detect corruption of flags nor of PFN bits that result in another valid PFN. 

Corruption of the "special" bit might be fun.
When I was able to trigger this during development once, the whole machine went down shortly after -- mostly because of use-after-free of something that is now a page table, which is just bad for both users of such a page!
E.g., quit that process and we will happily clear the PTE, corrupting data of the other user. Fun.
I'm sure I could find a way to unify the code while printing some comparable message, but this check as it stands is just not worth it IMHO: trying to handle something gracefully that shouldn't happen, when really we cannot handle it gracefully. 

--
Cheers,

David / dhildenb
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux