On Fri, Apr 29, 2022 at 10:22:06PM +0800, zhenwei pi wrote:
> hwpoison_filter is missing in the soft offline path, this leads an
> issue: after enabling the corrupt filter, the user process still has
> a chance to inject hwpoison fault by
> madvise(addr, len, MADV_SOFT_OFFLINE) at PFN which is expected to
> reject.
The motivation is fine to me. Thank you for finding this.
>
> Cc: Wu Fengguang <fengguang.wu@xxxxxxxxx>
> Signed-off-by: zhenwei pi <pizhenwei@xxxxxxxxxxxxx>
> ---
> mm/memory-failure.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/mm/memory-failure.c b/mm/memory-failure.c
> index a6a27c8b800f..6564f5a34658 100644
> --- a/mm/memory-failure.c
> +++ b/mm/memory-failure.c
> @@ -2313,7 +2313,9 @@ static void put_ref_page(struct page *page)
> * @pfn: pfn to soft-offline
> * @flags: flags. Same as memory_failure().
> *
> - * Returns 0 on success, otherwise negated errno.
> + * Returns 0 on success
> + * -EOPNOTSUPP for memory_filter() filtered the error event
Using word hwpoison_filter() rather than memory_filter() seems better to me.
> + * < 0 otherwise negated errno.
> *
> * Soft offline a page, by migration or invalidation,
> * without killing anything. This is for the case when
> @@ -2350,6 +2352,11 @@ int soft_offline_page(unsigned long pfn, int flags)
> return -EIO;
> }
>
> + if (hwpoison_filter(page)) {
> + put_ref_page(ref_page);
> + return -EOPNOTSUPP;
> + }
> +
Based on the assumption behind hwpoison_filter(), calling it after
get_hwpoison_page() would be better?
Thanks,
Naoya Horiguchi
