On Fri, Feb 07, 2020 at 08:44:15PM -0800, Matthew Wilcox wrote:
> From: "Matthew Wilcox (Oracle)" <willy@xxxxxxxxxxxxx>
>
> There was no protection against a corrupted struct page having an
> implausible compound_head(). Sanity check that a compound page has
> a head within reach of the maximum allocatable page (this will need
> to be adjusted if one of the plans to allocate 1GB pages comes to
> fruition). In addition,
>
> - Print the mapping pointer using %p insted of %px. The actual value of
> the pointer can be read out of the raw page dump and using %p gives a
> chance to correlate it with an earlier printk of the mapping pointer
> - Print the mapping pointer from the head page, not the tail page
> (the tail ->mapping pointer may be in use for other purposes, eg part
> of a list_head)
> - Print the order of the page for compound pages
> - Dump the raw head page as well as the raw page
> - Print the refcount from the head page, not the tail page
>
> Suggested-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> Co-developed-by: John Hubbard <jhubbard@xxxxxxxxxx>
> Signed-off-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
> ---
> mm/debug.c | 33 +++++++++++++++++++++++----------
> 1 file changed, 23 insertions(+), 10 deletions(-)
>
> diff --git a/mm/debug.c b/mm/debug.c
> index ecccd9f17801..3594951cc408 100644
> --- a/mm/debug.c
> +++ b/mm/debug.c
> @@ -44,8 +44,10 @@ const struct trace_print_flags vmaflag_names[] = {
>
> void __dump_page(struct page *page, const char *reason)
> {
> + struct page *head = compound_head(page);
> struct address_space *mapping;
> bool page_poisoned = PagePoisoned(page);
> + bool compound = PageCompound(page);
> /*
> * Accessing the pageblock without the zone lock. It could change to
> * "isolate" again in the meantime, but since we are just dumping the
> @@ -66,25 +68,32 @@ void __dump_page(struct page *page, const char *reason)
> goto hex_only;
> }
>
> - mapping = page_mapping(page);
> + if (page < head || (page >= head + MAX_ORDER_NR_PAGES)) {
> + /* Corrupt page, cannot call page_mapping */
> + mapping = page->mapping;
> + head = page;
> + compound = false;
> + } else {
> + mapping = page_mapping(page);
> + }
>
> /*
> * Avoid VM_BUG_ON() in page_mapcount().
> * page->_mapcount space in struct page is used by sl[aou]b pages to
> * encode own info.
> */
> - mapcount = PageSlab(page) ? 0 : page_mapcount(page);
> + mapcount = PageSlab(head) ? 0 : page_mapcount(head);
This is wrong. We want to see mapcount for the tail page, not head.
--
Kirill A. Shutemov
