From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9D1AC54EAA for ; Mon, 30 Jan 2023 19:31:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3A0126B0071; Mon, 30 Jan 2023 14:31:02 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 350C36B0073; Mon, 30 Jan 2023 14:31:02 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2179C6B0074; Mon, 30 Jan 2023 14:31:02 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 0E0456B0071 for ; Mon, 30 Jan 2023 14:31:02 -0500 (EST) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id CB480AAC17 for ; Mon, 30 Jan 2023 19:31:01 +0000 (UTC) X-FDA: 80412458322.28.788CDBB Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by imf05.hostedemail.com (Postfix) with ESMTP id 0897E100022 for ; Mon, 30 Jan 2023 19:30:59 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=O+xOgxNE; spf=pass (imf05.hostedemail.com: domain of shy828301@gmail.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=shy828301@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675107060; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=F9PTEi3LP5qjzlOwYo4KrrEmqowP24McZVMm7MYvsEQ=; b=n9tzP2iRobRZ1Haz16eBXGSwI5pD2jI6FIhbxmq2N/oie+trlHUsuBPDZ6offLaFGw/+Gh DFKCTLemQP/A1L5luIdrQ6ztV9iaEdRxCL9uhz/5hdtOe+KOWIwB/LqXlfHfIbMXXXvxkJ 5XGDhb6qcyqhMBsAm4Lq05ay8LOuRrw= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=O+xOgxNE; spf=pass (imf05.hostedemail.com: domain of shy828301@gmail.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=shy828301@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675107060; a=rsa-sha256; cv=none; b=hH1LYhv9s3uG5d8NmloLeXr6DFaKpFJcdwQMW16YYIl1YQW1amh3h9jMsTasBipzFbXFDu zvxAvWkip37obyluKksMzgbwEYkrbOgBiCB3cGcJ2R7ykP8r5jqpt0Q3hNkivxrEvV/Qx/ FWZsyFlxLDrzI97d48rzNQRyOClzPIU= Received: by mail-pf1-f177.google.com with SMTP id g9so6543804pfk.13 for ; Mon, 30 Jan 2023 11:30:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=F9PTEi3LP5qjzlOwYo4KrrEmqowP24McZVMm7MYvsEQ=; b=O+xOgxNEK0fnesc6wWQzkCADFdu/zHIYpzITiz0Dz28KVh5X3zm5Xm6Ygy4+iQqyOi h3J5F4iJCi6UrkJmLgkUhaBNkH+0fEv2dL3VSQJZBH7MQ5bpemeeWggqLODX/q5AKbq2 bPVv7R1jYu8H1lcW4X/U7xTsW+Yfb1CsFB/OkC3fQ0T2Y+P3LasDZzdS5sEf7o1EWw0D ld1/AsZa4W9o/gGLLSA/54R0qfOzBUo79+L7u2XKeY2LyHNxfzZr/0wgA8TrXLPtdjBJ idP04fBTn+CG77t3Lg2fjB2nZtcT6Hf+NyFBXJVWqcJb5YD9w7hCe1Ue6P2CVTHGIckT sZJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=F9PTEi3LP5qjzlOwYo4KrrEmqowP24McZVMm7MYvsEQ=; b=zF8pqo7/KZJQIb49Xv0BMxiYXQJYO9oYzAbV7jfCqqB3egGhaVcEaTD/P0a7sAeLfU Q5JhVTkaSIZfX1vbPjGnTKUT/ub5oJu9R1S2URz/79k5tNdR4N+2mN38MmVlODm64s/I SsVgKGelHTrKfSCWwZ96lDlLyxEm1jEToAiiBJmVWFdGjV0rL7gBzy+H15aPAqosZtV1 GZv3Y6wKRFTeBJyb0CeVM1bpc8vUUyebc5h6S5n9URBSdn3aDOctRDggzmEt9DW+4s0U tBGdVn2maokn0ujEWime/imb8InwXCEppWENyAYYvwmARBF8ww8mfknVBORBtAWxPkgS 3eJA== X-Gm-Message-State: AFqh2kqogUu1EwZgdsD7pZChm6tGnavBCgkJF4xtFUDknz3nP/b6kU62 ZxG7wW0DVavmXaksrRbrbCl6CvD6g26HeXzuvAk= X-Google-Smtp-Source: AMrXdXstxyaP68b2yhuNeitMDV9+opc+Ac75LgO9fShQyNLpQPZMe3ZnwzKW9u9P9wxllM5rdVAEypOqKPQ12f9Mkzw= X-Received: by 2002:aa7:8249:0:b0:58b:c29a:87a6 with SMTP id e9-20020aa78249000000b0058bc29a87a6mr6886416pfn.13.1675107058832; Mon, 30 Jan 2023 11:30:58 -0800 (PST) MIME-Version: 1.0 References: <20230129024451.121590-1-wangkefeng.wang@huawei.com> <20230129134815.21083b65ef3ae4c3e7fae8eb@linux-foundation.org> <568c10e8-c225-b3c4-483a-5bb3329de4c5@huawei.com> <13e4e6ee-414e-7e36-5ac1-fa0fa555ba41@huawei.com> In-Reply-To: <13e4e6ee-414e-7e36-5ac1-fa0fa555ba41@huawei.com> From: Yang Shi Date: Mon, 30 Jan 2023 11:30:47 -0800 Message-ID: Subject: Re: [PATCH] mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty() To: Kefeng Wang Cc: Michal Hocko , Andrew Morton , Tejun Heo , Jens Axboe , Jan Kara , Shakeel Butt , Naoya Horiguchi , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Ma Wupeng Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: y7uenq1zd69ahd88wow18qixw5j9td8r X-Rspam-User: X-Rspamd-Queue-Id: 0897E100022 X-Rspamd-Server: rspam06 X-HE-Tag: 1675107059-441359 X-HE-Meta: U2FsdGVkX18t6UWGMUj1zieQsx8D9SdiDJttfeYTQ/7gxzTk8oGG3k39Xfe0YTQvXi7/wn8qraLBRALmyhTX2gY34eU8HsJj1pbMJ44KBykmZ9/MmcW4hwZADDkTaBcapKRN17He2k3avubEAtnd6RoHkFEvOaQfK1tRcIIHXHRADzcCr4q7dYCAIal50hqW4iu7gK/jFNtSlvG8UmNBRBv77doqZ6VUBdn/fbER4FjCOhX/yjmbu9ViED3oa6KKOmuki8CiFdi/W/cPjlV633m2twJzF5+o6U6XhnF2O0e66wPWACmKdq6aJtYWO0Us3F0+Fj9ytS7PiLt6n7bd27SyCQXPBixqdVrIIWp9Z9L2BW02rOBvNs1LBQBGxCuTZreXmBWTx/6rDdxIT3B5pmFGwCIt7k908GSy6Y3Jp1MsXpNNaWRWtDCnLeHyDVQwg8PcQXrwccuXn8m5m1n0aNY9YylPPBJfbRISd1blbScaKbfrIcPsCq/mNJbdM5jWdFzjRPrzZcxLuHrs9CdoNyV2Sg/qnnzOxcWDL71r2JygKiVivsn4WgCcyAz8duwecQxdp4abVuynIqDBSK2rhe+cS3U79j/s9MjA62NIN0Sr7TQrQ0+ijOMoC+iW0THfiSxzAYKAlcnxeDKDn229vz/u0hi16OTxo8xLk86UxjLedwzlQfRJdKyc5ZeSx5/ME5tP1NLpndlvnX4JiFakdBMdDyn5ahDlaWCLRO7q3E1mgkpcGH+dwVTFj6Sue1RltoZxjG82Nn25FzweGpMAiHU1kyRyNYIX5JTJKVbn13UBreEQWE62nq3RXGlPR2tAKQP5CWChM7al9AFmNnUs9fX3qUlJ7omLp30Dsse6LH5vSTw0+9EdAzRmIfEOVKyKhPGH5bacbq+epXFFCwNMfS87tUNTlt5NuNTxSuAXmsMG2CFI5KpTr0eVRqR7KI5vwNxHvN2dbMU8TpEfOqG dQRiGYmB 0qgQAxwaad0q+DMOeVX58yTNbCCCyrLteKallNNgYgfheY58Vsz+taz/8PVAnirT6gAVd3bzoQDlF3IwKoj/TJkQbA2aKeMqf/nSar+wiAeS1wQnYTuCezisPyL/lVE0ZFBm0mwuBQWjSpYUyZiyVtQfZMWxPPe8ttdJRilse/tVE9/EB5iDbzI32wUHjJxp4SamWXvvpQo8k6OcsyVfZYXx0rO1do+p8/fK+7RcrIMK06G4V/t2rU63gaeqBLEKD9jiinciilfpVUNVnZQvD37eO53Dad8LDuhK3nW74WnnoobNEhj/ESzPLcRi2pGdTh5GRXg3drZUKOFO7ANmr5SlhKacJFlCuY6I/wNa71CgF7wVLEjRVhxCvYhZPvqYj19JLVZzZE4YRf42GcEEZNffRs9l/3mkmTINHdC2oh+JgwsMxrW+VOdFDsO0i5+oB20Hn34uOAENqeheSDusrxhFnh7tThXsIlcUJ3shk7/I5YOkJxPepbzKMxk2kpB8H6MDe2s7FJtX4uzA2vmJn0xqeGJcADGyH+JM4cdxbb/hNiZJQmBj3vpzdcPiPsBtQ8Z2O X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Jan 30, 2023 at 4:20 AM Kefeng Wang wrote: > > > > On 2023/1/30 16:48, Michal Hocko wrote: > > On Mon 30-01-23 09:16:13, Kefeng Wang wrote: > >> > >> > >> On 2023/1/30 5:48, Andrew Morton wrote: > >>> On Sun, 29 Jan 2023 10:44:51 +0800 Kefeng Wang wrote: > >>> > >>>> As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), > >>> > >>> Merged in 2017. > >>> > >>>> hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg > >>>> could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could > >>>> occurs a NULL pointer dereference, let's do not record the foreign > >>>> writebacks for folio memcg is null in mem_cgroup_track_foreign() to > >>>> fix it. > >>>> > >>>> Reported-by: Ma Wupeng > >>>> Fixes: 97b27821b485 ("writeback, memcg: Implement foreign dirty flushing") > >>> > >>> Merged in 2019. > >>> > ... > > > > Just to make sure I understand. The page has been hwpoisoned, uncharged > > but stayed in the page cache so a next page fault on the address has blowned > > up? > > > > Say we address the NULL memcg case. What is the resulting behavior? > > Doesn't userspace access a poisoned page and get a silend memory > > corruption? > > + Yang Shi > > Check previous link[1], seems that it is a known issue, and there is a > TODO list for storage backed filesystems from Yang. For tmpfs and hugetlbfs, the page cache still stay in page cache, the later page fault will handle the case gracefully. Other real storage backed filesystem will have page cache truncated. The page cache will be uncharged before truncate. If the truncate fails, we may end up in this case. > > > [1] > https://lore.kernel.org/all/20211020210755.23964-6-shy828301@gmail.com/T/#m1d40559ca2dcf94396df5369214288f69dec379b