From: Al Viro <viro@ZenIV.linux.org.uk>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Biggers <ebiggers3@gmail.com>,
syzbot <syzbot+bacbe5d8791f30c9cee5@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
Dan Williams <dan.j.williams@intel.com>,
James Morse <james.morse@arm.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>, Ingo Molnar <mingo@kernel.org>,
syzkaller-bugs@googlegroups.com
Subject: Re: possible deadlock in get_user_pages_unlocked
Date: Sat, 10 Feb 2018 01:36:40 +0000 [thread overview]
Message-ID: <20180210013640.GN30522@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CACT4Y+bDU00aQpJOUK8eB+Kv4HycNwKA=kShUe9kSd0FUqO+FQ@mail.gmail.com>
On Fri, Feb 02, 2018 at 09:57:27AM +0100, Dmitry Vyukov wrote:
> syzbot tests for up to 5 minutes. However, if there is a race involved
> then you may need more time because the crash is probabilistic.
> But from what I see most of the time, if one can't reproduce it
> easily, it's usually due to some differences in setup that just don't
> allow the crash to happen at all.
> FWIW syzbot re-runs each reproducer on a freshly booted dedicated VM
> and what it provided is the kernel output it got during run of the
> provided program. So we have reasonably high assurance that this
> reproducer worked in at least one setup.
Could you guys check if the following fixes the reproducer?
diff --git a/mm/gup.c b/mm/gup.c
index 61015793f952..058a9a8e4e2e 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -861,6 +861,9 @@ static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
BUG_ON(*locked != 1);
}
+ if (flags & FOLL_NOWAIT)
+ locked = NULL;
+
if (pages)
flags |= FOLL_GET;
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Biggers <ebiggers3@gmail.com>,
syzbot <syzbot+bacbe5d8791f30c9cee5@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
Dan Williams <dan.j.williams@intel.com>,
James Morse <james.morse@arm.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>, Ingo Molnar <mingo@kernel.org>,
syzkaller-bugs@googlegroups.com
Subject: Re: possible deadlock in get_user_pages_unlocked
Date: Sat, 10 Feb 2018 01:36:40 +0000 [thread overview]
Message-ID: <20180210013640.GN30522@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CACT4Y+bDU00aQpJOUK8eB+Kv4HycNwKA=kShUe9kSd0FUqO+FQ@mail.gmail.com>
On Fri, Feb 02, 2018 at 09:57:27AM +0100, Dmitry Vyukov wrote:
> syzbot tests for up to 5 minutes. However, if there is a race involved
> then you may need more time because the crash is probabilistic.
> But from what I see most of the time, if one can't reproduce it
> easily, it's usually due to some differences in setup that just don't
> allow the crash to happen at all.
> FWIW syzbot re-runs each reproducer on a freshly booted dedicated VM
> and what it provided is the kernel output it got during run of the
> provided program. So we have reasonably high assurance that this
> reproducer worked in at least one setup.
Could you guys check if the following fixes the reproducer?
diff --git a/mm/gup.c b/mm/gup.c
index 61015793f952..058a9a8e4e2e 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -861,6 +861,9 @@ static __always_inline long __get_user_pages_locked(struct task_struct *tsk,
BUG_ON(*locked != 1);
}
+ if (flags & FOLL_NOWAIT)
+ locked = NULL;
+
if (pages)
flags |= FOLL_GET;
next prev parent reply other threads:[~2018-02-10 1:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-02 0:58 possible deadlock in get_user_pages_unlocked syzbot
2018-02-02 4:50 ` Al Viro
2018-02-02 4:50 ` Al Viro
2018-02-02 5:35 ` Eric Biggers
2018-02-02 5:35 ` Eric Biggers
2018-02-02 5:46 ` Al Viro
2018-02-02 5:46 ` Al Viro
2018-02-02 6:20 ` Al Viro
2018-02-02 6:20 ` Al Viro
2018-02-02 8:57 ` Dmitry Vyukov
2018-02-02 8:57 ` Dmitry Vyukov
2018-02-10 1:36 ` Al Viro [this message]
2018-02-10 1:36 ` Al Viro
2018-02-10 3:19 ` Eric Biggers
2018-02-10 3:19 ` Eric Biggers
2018-03-10 4:15 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180210013640.GN30522@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=dan.j.williams@intel.com \
--cc=dvyukov@google.com \
--cc=ebiggers3@gmail.com \
--cc=james.morse@arm.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@kernel.org \
--cc=syzbot+bacbe5d8791f30c9cee5@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.