From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Dave Hansen <dave.hansen@intel.com>,
Hugh Dickins <hughd@google.com>,
Jerome Marchand <jmarchan@redhat.com>,
linux-kernel@vger.kernel.org,
Naoya Horiguchi <nao.horiguchi@gmail.com>
Subject: Re: [PATCH v4 13/13] mincore: apply page table walker on do_mincore()
Date: Wed, 9 Jul 2014 16:34:36 +0300 [thread overview]
Message-ID: <20140709133436.GA18391@node.dhcp.inet.fi> (raw)
In-Reply-To: <1404234451-21695-14-git-send-email-n-horiguchi@ah.jp.nec.com>
On Tue, Jul 01, 2014 at 01:07:31PM -0400, Naoya Horiguchi wrote:
> This patch makes do_mincore() use walk_page_vma(), which reduces many lines
> of code by using common page table walk code.
>
> ChangeLog v4:
> - remove redundant vma
>
> ChangeLog v3:
> - add NULL vma check in mincore_unmapped_range()
> - don't use pte_entry()
>
> ChangeLog v2:
> - change type of args of callbacks to void *
> - move definition of mincore_walk to the start of the function to fix compiler
> warning
>
> Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Trinity crases this implementation of mincore pretty easily:
[ 42.775369] BUG: unable to handle kernel paging request at ffff88007bb61000
[ 42.776656] IP: [<ffffffff81126f8f>] mincore_unmapped_range+0xdf/0x100
[ 42.777560] PGD 2ef6067 PUD 87fa01067 PMD 87f823067 PTE 800000007bb61060
[ 42.778529] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
[ 42.779106] Modules linked in:
[ 42.779106] CPU: 0 PID: 917 Comm: trinity-c27 Not tainted 3.16.0-rc4-next-20140709-00013-g28e4629f71a8 #1450
[ 42.779106] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 42.779106] task: ffff880852e98110 ti: ffff880844024000 task.ti: ffff880844024000
[ 42.779106] RIP: 0010:[<ffffffff81126f8f>] [<ffffffff81126f8f>] mincore_unmapped_range+0xdf/0x100
[ 42.779106] RSP: 0018:ffff880844027df0 EFLAGS: 00010202
[ 42.779106] RAX: 000000000000001c RBX: 00007fc300000000 RCX: 00003ffffffff000
[ 42.779106] RDX: 000000000000001b RSI: ffff88007bb60fe5 RDI: 00007fc2c2c00000
[ 42.779106] RBP: ffff880844027e28 R08: 00007fc2c2e00000 R09: 0000000000000000
[ 42.779106] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000200
[ 42.779106] R13: ffff88007bb60fe5 R14: ffff880855a80018 R15: 00007fc2c2c00000
[ 42.779106] FS: 00007fc345666700(0000) GS:ffff880859600000(0000) knlGS:0000000000000000
[ 42.779106] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.779106] CR2: ffff88007bb61000 CR3: 0000000852dfd000 CR4: 00000000000006f0
[ 42.779106] Stack:
[ 42.779106] ffff880844027f10 ffff88007bb60fe5 00007fc300000000 00007fc2c2e00000
[ 42.779106] 00007fc2c1e1b000 ffff880844027f10 00007fc2c2c00000 ffff880844027eb8
[ 42.779106] ffffffff81135bfe 00007fc341c1bfff ffff880000000000 ffff880852dfd7f8
[ 42.779106] Call Trace:
[ 42.779106] [<ffffffff81135bfe>] __walk_page_range+0x1ae/0x450
[ 42.779106] [<ffffffff81136051>] walk_page_vma+0x71/0x90
[ 42.779106] [<ffffffff8112741e>] SyS_mincore+0x1de/0x270
[ 42.779106] [<ffffffff810949fd>] ? trace_hardirqs_on+0xd/0x10
[ 42.779106] [<ffffffff81126fb0>] ? mincore_unmapped_range+0x100/0x100
[ 42.779106] [<ffffffff81126eb0>] ? mincore_page+0xa0/0xa0
[ 42.779106] [<ffffffff81126dc0>] ? handle_mm_fault+0xd30/0xd30
[ 42.779106] [<ffffffff81746b52>] system_call_fastpath+0x16/0x1b
[ 42.779106] Code: 83 c4 10 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 40 00 31 d2 31 c0 4d 85 e4 4c 8b 6d d0 74 d3 0f 1f 00 48 8b 75 d0 83 c0 01 <c6> 04 16 00 48 63 d0 49 39 d4 77 ed eb b3 48 89 fe 4c 89 f7 e8
[ 42.779106] RIP [<ffffffff81126f8f>] mincore_unmapped_range+0xdf/0x100
[ 42.779106] RSP <ffff880844027df0>
[ 42.779106] CR2: ffff88007bb61000
[ 42.779106] ---[ end trace 3fac62521b6b0cb0 ]---
[ 42.779106] Kernel panic - not syncing: Fatal exception
[ 42.779106] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
Looks like 'vec' overflow. I don't see what could prevent do_mincore() to
write more than PAGE_SIZE to 'vec'.
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: "Kirill A. Shutemov" <kirill@shutemov.name>
To: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Dave Hansen <dave.hansen@intel.com>,
Hugh Dickins <hughd@google.com>,
Jerome Marchand <jmarchan@redhat.com>,
linux-kernel@vger.kernel.org,
Naoya Horiguchi <nao.horiguchi@gmail.com>
Subject: Re: [PATCH v4 13/13] mincore: apply page table walker on do_mincore()
Date: Wed, 9 Jul 2014 16:34:36 +0300 [thread overview]
Message-ID: <20140709133436.GA18391@node.dhcp.inet.fi> (raw)
In-Reply-To: <1404234451-21695-14-git-send-email-n-horiguchi@ah.jp.nec.com>
On Tue, Jul 01, 2014 at 01:07:31PM -0400, Naoya Horiguchi wrote:
> This patch makes do_mincore() use walk_page_vma(), which reduces many lines
> of code by using common page table walk code.
>
> ChangeLog v4:
> - remove redundant vma
>
> ChangeLog v3:
> - add NULL vma check in mincore_unmapped_range()
> - don't use pte_entry()
>
> ChangeLog v2:
> - change type of args of callbacks to void *
> - move definition of mincore_walk to the start of the function to fix compiler
> warning
>
> Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Trinity crases this implementation of mincore pretty easily:
[ 42.775369] BUG: unable to handle kernel paging request at ffff88007bb61000
[ 42.776656] IP: [<ffffffff81126f8f>] mincore_unmapped_range+0xdf/0x100
[ 42.777560] PGD 2ef6067 PUD 87fa01067 PMD 87f823067 PTE 800000007bb61060
[ 42.778529] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
[ 42.779106] Modules linked in:
[ 42.779106] CPU: 0 PID: 917 Comm: trinity-c27 Not tainted 3.16.0-rc4-next-20140709-00013-g28e4629f71a8 #1450
[ 42.779106] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 42.779106] task: ffff880852e98110 ti: ffff880844024000 task.ti: ffff880844024000
[ 42.779106] RIP: 0010:[<ffffffff81126f8f>] [<ffffffff81126f8f>] mincore_unmapped_range+0xdf/0x100
[ 42.779106] RSP: 0018:ffff880844027df0 EFLAGS: 00010202
[ 42.779106] RAX: 000000000000001c RBX: 00007fc300000000 RCX: 00003ffffffff000
[ 42.779106] RDX: 000000000000001b RSI: ffff88007bb60fe5 RDI: 00007fc2c2c00000
[ 42.779106] RBP: ffff880844027e28 R08: 00007fc2c2e00000 R09: 0000000000000000
[ 42.779106] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000200
[ 42.779106] R13: ffff88007bb60fe5 R14: ffff880855a80018 R15: 00007fc2c2c00000
[ 42.779106] FS: 00007fc345666700(0000) GS:ffff880859600000(0000) knlGS:0000000000000000
[ 42.779106] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.779106] CR2: ffff88007bb61000 CR3: 0000000852dfd000 CR4: 00000000000006f0
[ 42.779106] Stack:
[ 42.779106] ffff880844027f10 ffff88007bb60fe5 00007fc300000000 00007fc2c2e00000
[ 42.779106] 00007fc2c1e1b000 ffff880844027f10 00007fc2c2c00000 ffff880844027eb8
[ 42.779106] ffffffff81135bfe 00007fc341c1bfff ffff880000000000 ffff880852dfd7f8
[ 42.779106] Call Trace:
[ 42.779106] [<ffffffff81135bfe>] __walk_page_range+0x1ae/0x450
[ 42.779106] [<ffffffff81136051>] walk_page_vma+0x71/0x90
[ 42.779106] [<ffffffff8112741e>] SyS_mincore+0x1de/0x270
[ 42.779106] [<ffffffff810949fd>] ? trace_hardirqs_on+0xd/0x10
[ 42.779106] [<ffffffff81126fb0>] ? mincore_unmapped_range+0x100/0x100
[ 42.779106] [<ffffffff81126eb0>] ? mincore_page+0xa0/0xa0
[ 42.779106] [<ffffffff81126dc0>] ? handle_mm_fault+0xd30/0xd30
[ 42.779106] [<ffffffff81746b52>] system_call_fastpath+0x16/0x1b
[ 42.779106] Code: 83 c4 10 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 40 00 31 d2 31 c0 4d 85 e4 4c 8b 6d d0 74 d3 0f 1f 00 48 8b 75 d0 83 c0 01 <c6> 04 16 00 48 63 d0 49 39 d4 77 ed eb b3 48 89 fe 4c 89 f7 e8
[ 42.779106] RIP [<ffffffff81126f8f>] mincore_unmapped_range+0xdf/0x100
[ 42.779106] RSP <ffff880844027df0>
[ 42.779106] CR2: ffff88007bb61000
[ 42.779106] ---[ end trace 3fac62521b6b0cb0 ]---
[ 42.779106] Kernel panic - not syncing: Fatal exception
[ 42.779106] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
Looks like 'vec' overflow. I don't see what could prevent do_mincore() to
write more than PAGE_SIZE to 'vec'.
--
Kirill A. Shutemov
next prev parent reply other threads:[~2014-07-09 13:34 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-01 17:07 [PATCH v4 00/13] pagewalk: improve vma handling, apply to new users Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 01/13] mm/pagewalk: remove pgd_entry() and pud_entry() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 02/13] pagewalk: improve vma handling Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 03/13] pagewalk: add walk_page_vma() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 04/13] smaps: remove mem_size_stats->vma and use walk_page_vma() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 05/13] clear_refs: remove clear_refs_private->vma and introduce clear_refs_test_walk() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-10 11:32 ` Kirill A. Shutemov
2014-07-10 11:32 ` Kirill A. Shutemov
2014-07-10 13:27 ` Naoya Horiguchi
2014-07-10 13:27 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 06/13] pagemap: use walk->vma instead of calling find_vma() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 07/13] numa_maps: fix typo in gather_hugetbl_stats Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 08/13] numa_maps: remove numa_maps->vma Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 09/13] memcg: cleanup preparation for page table walk Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 10/13] arch/powerpc/mm/subpage-prot.c: use walk->vma and walk_page_vma() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 11/13] mempolicy: apply page table walker on queue_pages_range() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 21:00 ` Dave Hansen
2014-07-01 21:00 ` Dave Hansen
2014-07-01 21:51 ` Naoya Horiguchi
2014-07-01 21:51 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 12/13] mm: /proc/pid/clear_refs: avoid split_huge_page() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-01 17:07 ` [PATCH v4 13/13] mincore: apply page table walker on do_mincore() Naoya Horiguchi
2014-07-01 17:07 ` Naoya Horiguchi
2014-07-09 13:34 ` Kirill A. Shutemov [this message]
2014-07-09 13:34 ` Kirill A. Shutemov
2014-07-09 21:36 ` Naoya Horiguchi
2014-07-09 21:36 ` Naoya Horiguchi
2014-07-10 10:06 ` Kirill A. Shutemov
2014-07-10 10:06 ` Kirill A. Shutemov
2014-07-10 16:35 ` Naoya Horiguchi
2014-07-10 16:35 ` Naoya Horiguchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140709133436.GA18391@node.dhcp.inet.fi \
--to=kirill@shutemov.name \
--cc=akpm@linux-foundation.org \
--cc=dave.hansen@intel.com \
--cc=hughd@google.com \
--cc=jmarchan@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=nao.horiguchi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.