From: josh@joshtriplett.org
To: Peter Hurley <peter@hurleysoftware.com>
Cc: Fengguang Wu <fengguang.wu@intel.com>,
Iulia Manda <iulia.manda21@gmail.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKP <lkp@01.org>,
linux-kernel@vger.kernel.org
Subject: Re: [CONFIG_MULTIUSER] BUG: unable to handle kernel paging request at ffffffee
Date: Thu, 7 May 2015 08:56:40 -0700 [thread overview]
Message-ID: <20150507155640.GA30083@cloud> (raw)
In-Reply-To: <554AB43A.1030709@hurleysoftware.com>
On Wed, May 06, 2015 at 08:39:22PM -0400, Peter Hurley wrote:
> On 05/06/2015 07:59 PM, josh@joshtriplett.org wrote:
> > On Wed, May 06, 2015 at 08:44:29AM -0700, Josh Triplett wrote:
> >> On Wed, May 06, 2015 at 05:08:50PM +0800, Fengguang Wu wrote:
> >>> FYI, the reported bug is still not fixed in linux-next 20150506.
> >>
> >> This isn't the same bug. The previous one you mentioned was a userspace
> >> assertion failure in libnih, likely caused because some part of upstart
> >> didn't have appropriate error handling for some syscall returning
> >> ENOSYS; that one wasn't an issue, since CONFIG_MULTIUSER=n is not
> >> expected to boot a standard Linux distribution.
> >>
> >> This one, on the other hand, is a kernel panic, and does need fixing.
> >>
> >>> commit 2813893f8b197a14f1e1ddb04d99bce46817c84a
> >>>
> >>> +-----------------------------------------------------------+------------+------------+------------+
> >>> | | c79574abe2 | 2813893f8b | cbdacaf0c1 |
> >>> +-----------------------------------------------------------+------------+------------+------------+
> >>> | boot_successes | 60 | 0 | 0 |
> >>> | boot_failures | 0 | 22 | 1064 |
> >>> | BUG:unable_to_handle_kernel | 0 | 22 | 1032 |
> >>> | Oops | 0 | 22 | 1032 |
> >>> | EIP_is_at_devpts_new_index | 0 | 22 | 1032 |
> >>> | Kernel_panic-not_syncing:Fatal_exception | 0 | 22 | 1032 |
> >>> | backtrace:do_sys_open | 0 | 22 | 1032 |
> >>> | backtrace:SyS_open | 0 | 22 | 1032 |
> >>> | WARNING:at_arch/x86/kernel/fpu/core.c:#fpu__clear() | 0 | 0 | 32 |
> >>> | Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 0 | 0 | 32 |
> >>> +-----------------------------------------------------------+------------+------------+------------+
> >>
> >> Is this table saying the number of times the type of error in the first
> >> column occurred in each commit?
> >>
> >> In any case, investigating. Iulia, can you look at this as well?
> >>
> >> I'm digging through the call stack, and I'm having a hard time seeing
> >> how the CONFIG_MULTIUSER patch could affect anything here.
> >
> > Update: it looks like init_devpts_fs is getting ERR_PTR(-EINVAL) back
> > from kern_mount and storing that in devpts_mnt; later, devpts_new_index
> > pokes at devpts_mnt and explodes.
> >
> > So, there are two separate bugs here. On the one hand, CONFIG_MULTIUSER
> > should not be causing kern_mount to fail with -EINVAL; tracking that
> > down now.
>
> The mount failure is probably from the devpts mount options specifying
> gid= for devpts nodes:
>
> devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
>
> The relevant code is fs/devpts/inode.c:parse_mount_options().
> devpts also supports specifying the uid.
>
> To me, kern_mount() appropriately fails with -EINVAL, since the mount
> options failed.
Except that init_devpts_fs is called at module_init time, long before
the actual mount syscall; it appears to be creating a kernel-internal
mount, and I don't see how mount options provided by userspace much
later would cause the earlier kern_mount to fail.
Also, I don't see anything in parse_mount_options that should actually
fail with CONFIG_MULTIUSER unset.
> > On the other hand, devpts and ptmx should handle the failure
> > better, without crashing; ptmx_open should have gracefully failed back
> > to userspace with -ENODEV or something, since ptmx doesn't make sense
> > without devpts. I'll send a patch for that too.
>
> Yeah, crashing is bad, but I don't think we should even be init'ing
> either BSD or SysV pty drivers if there is no devpts.
Can you review the patch I sent to fix the crash, and see if it looks
reasonable to you?
- Josh Triplett
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: josh@joshtriplett.org
To: Peter Hurley <peter@hurleysoftware.com>
Cc: Fengguang Wu <fengguang.wu@intel.com>,
Iulia Manda <iulia.manda21@gmail.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKP <lkp@01.org>,
linux-kernel@vger.kernel.org
Subject: Re: [CONFIG_MULTIUSER] BUG: unable to handle kernel paging request at ffffffee
Date: Thu, 7 May 2015 08:56:40 -0700 [thread overview]
Message-ID: <20150507155640.GA30083@cloud> (raw)
In-Reply-To: <554AB43A.1030709@hurleysoftware.com>
On Wed, May 06, 2015 at 08:39:22PM -0400, Peter Hurley wrote:
> On 05/06/2015 07:59 PM, josh@joshtriplett.org wrote:
> > On Wed, May 06, 2015 at 08:44:29AM -0700, Josh Triplett wrote:
> >> On Wed, May 06, 2015 at 05:08:50PM +0800, Fengguang Wu wrote:
> >>> FYI, the reported bug is still not fixed in linux-next 20150506.
> >>
> >> This isn't the same bug. The previous one you mentioned was a userspace
> >> assertion failure in libnih, likely caused because some part of upstart
> >> didn't have appropriate error handling for some syscall returning
> >> ENOSYS; that one wasn't an issue, since CONFIG_MULTIUSER=n is not
> >> expected to boot a standard Linux distribution.
> >>
> >> This one, on the other hand, is a kernel panic, and does need fixing.
> >>
> >>> commit 2813893f8b197a14f1e1ddb04d99bce46817c84a
> >>>
> >>> +-----------------------------------------------------------+------------+------------+------------+
> >>> | | c79574abe2 | 2813893f8b | cbdacaf0c1 |
> >>> +-----------------------------------------------------------+------------+------------+------------+
> >>> | boot_successes | 60 | 0 | 0 |
> >>> | boot_failures | 0 | 22 | 1064 |
> >>> | BUG:unable_to_handle_kernel | 0 | 22 | 1032 |
> >>> | Oops | 0 | 22 | 1032 |
> >>> | EIP_is_at_devpts_new_index | 0 | 22 | 1032 |
> >>> | Kernel_panic-not_syncing:Fatal_exception | 0 | 22 | 1032 |
> >>> | backtrace:do_sys_open | 0 | 22 | 1032 |
> >>> | backtrace:SyS_open | 0 | 22 | 1032 |
> >>> | WARNING:at_arch/x86/kernel/fpu/core.c:#fpu__clear() | 0 | 0 | 32 |
> >>> | Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 0 | 0 | 32 |
> >>> +-----------------------------------------------------------+------------+------------+------------+
> >>
> >> Is this table saying the number of times the type of error in the first
> >> column occurred in each commit?
> >>
> >> In any case, investigating. Iulia, can you look at this as well?
> >>
> >> I'm digging through the call stack, and I'm having a hard time seeing
> >> how the CONFIG_MULTIUSER patch could affect anything here.
> >
> > Update: it looks like init_devpts_fs is getting ERR_PTR(-EINVAL) back
> > from kern_mount and storing that in devpts_mnt; later, devpts_new_index
> > pokes at devpts_mnt and explodes.
> >
> > So, there are two separate bugs here. On the one hand, CONFIG_MULTIUSER
> > should not be causing kern_mount to fail with -EINVAL; tracking that
> > down now.
>
> The mount failure is probably from the devpts mount options specifying
> gid= for devpts nodes:
>
> devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
>
> The relevant code is fs/devpts/inode.c:parse_mount_options().
> devpts also supports specifying the uid.
>
> To me, kern_mount() appropriately fails with -EINVAL, since the mount
> options failed.
Except that init_devpts_fs is called at module_init time, long before
the actual mount syscall; it appears to be creating a kernel-internal
mount, and I don't see how mount options provided by userspace much
later would cause the earlier kern_mount to fail.
Also, I don't see anything in parse_mount_options that should actually
fail with CONFIG_MULTIUSER unset.
> > On the other hand, devpts and ptmx should handle the failure
> > better, without crashing; ptmx_open should have gracefully failed back
> > to userspace with -ENODEV or something, since ptmx doesn't make sense
> > without devpts. I'll send a patch for that too.
>
> Yeah, crashing is bad, but I don't think we should even be init'ing
> either BSD or SysV pty drivers if there is no devpts.
Can you review the patch I sent to fix the crash, and see if it looks
reasonable to you?
- Josh Triplett
next prev parent reply other threads:[~2015-05-07 15:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-28 0:43 BUG: unable to handle kernel paging request at ffffffee Fengguang Wu
2015-04-28 0:43 ` Fengguang Wu
2015-05-02 23:18 ` [CONFIG_MULTIUSER] init: error.c:320: Assertion failed in nih_error_get: CURRENT_CONTEXT->error != NULL Fengguang Wu
2015-05-02 23:18 ` Fengguang Wu
2015-05-03 2:21 ` Josh Triplett
2015-05-03 2:21 ` Josh Triplett
2015-05-06 9:08 ` [CONFIG_MULTIUSER] BUG: unable to handle kernel paging request at ffffffee Fengguang Wu
2015-05-06 9:08 ` Fengguang Wu
2015-05-06 15:44 ` Josh Triplett
2015-05-06 15:44 ` Josh Triplett
2015-05-06 23:59 ` josh
2015-05-06 23:59 ` josh
2015-05-07 0:39 ` Peter Hurley
2015-05-07 0:39 ` Peter Hurley
2015-05-07 15:56 ` josh [this message]
2015-05-07 15:56 ` josh
2015-05-07 16:24 ` Peter Hurley
2015-05-07 16:24 ` Peter Hurley
2015-05-07 17:03 ` josh
2015-05-07 17:03 ` josh
2015-05-07 17:10 ` josh
2015-05-07 17:10 ` josh
2015-05-07 0:59 ` Fengguang Wu
2015-05-07 0:59 ` Fengguang Wu
2015-05-07 0:59 ` Fengguang Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150507155640.GA30083@cloud \
--to=josh@joshtriplett.org \
--cc=akpm@linux-foundation.org \
--cc=fengguang.wu@intel.com \
--cc=iulia.manda21@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@01.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peter@hurleysoftware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.