From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Michal Hocko <mhocko@suse.com>,
David Rientjes <rientjes@google.com>,
Andrea Argangeli <andrea@kernel.org>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Oleg Nesterov <oleg@redhat.com>,
Wenwei Tao <wenwei.tww@alibaba-inc.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.9 12/27] mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS
Date: Tue, 22 Aug 2017 12:13:44 -0700 [thread overview]
Message-ID: <20170822191327.569361286@linuxfoundation.org> (raw)
In-Reply-To: <20170822191327.078387788@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michal Hocko <mhocko@suse.com>
commit 5b53a6ea886700a128b697a6fe8375340dea2c30 upstream.
Tetsuo Handa has noticed that MMF_UNSTABLE SIGBUS path in
handle_mm_fault causes a lockdep splat
Out of memory: Kill process 1056 (a.out) score 603 or sacrifice child
Killed process 1056 (a.out) total-vm:4268108kB, anon-rss:2246048kB, file-rss:0kB, shmem-rss:0kB
a.out (1169) used greatest stack depth: 11664 bytes left
DEBUG_LOCKS_WARN_ON(depth <= 0)
------------[ cut here ]------------
WARNING: CPU: 6 PID: 1339 at kernel/locking/lockdep.c:3617 lock_release+0x172/0x1e0
CPU: 6 PID: 1339 Comm: a.out Not tainted 4.13.0-rc3-next-20170803+ #142
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
RIP: 0010:lock_release+0x172/0x1e0
Call Trace:
up_read+0x1a/0x40
__do_page_fault+0x28e/0x4c0
do_page_fault+0x30/0x80
page_fault+0x28/0x30
The reason is that the page fault path might have dropped the mmap_sem
and returned with VM_FAULT_RETRY. MMF_UNSTABLE check however rewrites
the error path to VM_FAULT_SIGBUS and we always expect mmap_sem taken in
that path. Fix this by taking mmap_sem when VM_FAULT_RETRY is held in
the MMF_UNSTABLE path.
We cannot simply add VM_FAULT_SIGBUS to the existing error code because
all arch specific page fault handlers and g-u-p would have to learn a
new error code combination.
Link: http://lkml.kernel.org/r/20170807113839.16695-2-mhocko@kernel.org
Fixes: 3f70dc38cec2 ("mm: make sure that kthreads will not refault oom reaped memory")
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Andrea Argangeli <andrea@kernel.org>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Wenwei Tao <wenwei.tww@alibaba-inc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/memory.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -3635,8 +3635,18 @@ int handle_mm_fault(struct vm_area_struc
* further.
*/
if (unlikely((current->flags & PF_KTHREAD) && !(ret & VM_FAULT_ERROR)
- && test_bit(MMF_UNSTABLE, &vma->vm_mm->flags)))
+ && test_bit(MMF_UNSTABLE, &vma->vm_mm->flags))) {
+
+ /*
+ * We are going to enforce SIGBUS but the PF path might have
+ * dropped the mmap_sem already so take it again so that
+ * we do not break expectations of all arch specific PF paths
+ * and g-u-p
+ */
+ if (ret & VM_FAULT_RETRY)
+ down_read(&vma->vm_mm->mmap_sem);
ret = VM_FAULT_SIGBUS;
+ }
return ret;
}
next prev parent reply other threads:[~2017-08-22 19:30 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-22 19:13 [PATCH 4.9 00/27] 4.9.45-stable review Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 01/27] netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 02/27] audit: Fix use after free in audit_remove_watch_rule() Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 03/27] parisc: pci memory bar assignment fails with 64bit kernels on dino/cujo Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 04/27] crypto: ixp4xx - Fix error handling path in aead_perform() Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 05/27] crypto: x86/sha1 - Fix reads beyond the number of blocks passed Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 06/27] Input: elan_i2c - add ELAN0608 to the ACPI table Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 07/27] Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 08/27] ALSA: seq: 2nd attempt at fixing race creating a queue Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 09/27] ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 10/27] ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 11/27] mm: discard memblock data later Greg Kroah-Hartman
2017-08-22 19:13 ` Greg Kroah-Hartman [this message]
2017-08-22 19:13 ` [PATCH 4.9 13/27] mm/mempolicy: fix use after free when calling get_mempolicy Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 14/27] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 16/27] blk-mq-pci: add a fallback when pci_irq_get_affinity returns NULL Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 17/27] powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 18/27] xen-blkfront: use a right index when checking requests Greg Kroah-Hartman
2017-08-22 19:13 ` Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 19/27] x86/asm/64: Clear AC on NMI entries Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 20/27] irqchip/atmel-aic: Fix unbalanced of_node_put() in aic_common_irq_fixup() Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 21/27] irqchip/atmel-aic: Fix unbalanced refcount in aic_common_rtc_irq_fixup() Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 22/27] genirq: Restore trigger settings in irq_modify_status() Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 23/27] genirq/ipi: Fixup checks against nr_cpu_ids Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 24/27] Sanitize move_pages() permission checks Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 25/27] pids: make task_tgid_nr_ns() safe Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 26/27] usb: optimize acpi companion search for usb port devices Greg Kroah-Hartman
2017-08-22 19:13 ` [PATCH 4.9 27/27] usb: qmi_wwan: add D-Link DWM-222 device ID Greg Kroah-Hartman
2017-08-23 0:34 ` [PATCH 4.9 00/27] 4.9.45-stable review Shuah Khan
2017-08-23 13:03 ` Sumit Semwal
2017-08-27 18:17 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170822191327.569361286@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=andrea@kernel.org \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=oleg@redhat.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=rientjes@google.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wenwei.tww@alibaba-inc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.