From: Wei Yang <richardw.yang@linux.intel.com>
To: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Wei Yang <richardw.yang@linux.intel.com>,
Shakeel Butt <shakeelb@google.com>, Qian Cai <cai@lca.pw>,
Andrew Morton <akpm@linux-foundation.org>,
Rik van Riel <riel@surriel.com>, Linux MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
linux-s390@vger.kernel.org
Subject: Re: "reuse mergeable anon_vma as parent when fork" causes a crash on s390
Date: Thu, 10 Oct 2019 22:03:49 +0800 [thread overview]
Message-ID: <20191010140349.GA28204@richard> (raw)
In-Reply-To: <8e0d9999-9ee3-78e5-2737-5a504243413c@yandex-team.ru>
On Thu, Oct 10, 2019 at 11:29:44AM +0300, Konstantin Khlebnikov wrote:
>On 10/10/2019 06.15, Wei Yang wrote:
>> On Thu, Oct 10, 2019 at 10:36:01AM +0800, Wei Yang wrote:
>> > Hi, Qian, Shakeel
>> >
>> > Thanks for testing.
>> >
>> > Sounds I missed some case to handle. anon_vma_clone() now would be called in
>> > vma_adjust, which is a different case when it is introduced.
>> >
>>
>> Well, I have to correct my statement. The reason is we may did something more
>> in anon_vma_clone().
>>
>> Here is a quick fix, while I need to go through all the cases carefully.
>
>Oops, I've overlooked this case too.
>
>You have to check src->anon_vma
>otherwise in __split_vma or copy_vma dst could pick completely random anon_vma.
>
Per my understanding, the root cause is commit 7a3ef208e662 did a little
further for the reuse case.
We intend to reuse anon_vma on fork, but we also did this when we just want a
copy of src, like __split_vma(), copy_vma() and __vma_split(). This will lead
to a random anon_vma and not what we expect.
A fix patch is sent for this.
>Also checking prev will not hurt, just to be sure.
>
>So, something like this should work:
>
>if (!dst->anon_vma && src->anon_vma &&
> prev && pprev && pprev->anon_vma == src->anon_vma)
> dst->anon_vma = prev->anon_vma;
>
>>
>> diff --git a/mm/rmap.c b/mm/rmap.c
>> index 12f6c3d7fd9d..2844f442208d 100644
>> --- a/mm/rmap.c
>> +++ b/mm/rmap.c
>> @@ -271,7 +271,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
>> * 1. Parent has vm_prev, which implies we have vm_prev.
>> * 2. Parent and its vm_prev have the same anon_vma.
>> */
>> - if (pprev && pprev->anon_vma == src->anon_vma)
>> + if (!dst->anon_vma && pprev && pprev->anon_vma == src->anon_vma)
>> dst->anon_vma = prev->anon_vma;
>> list_for_each_entry_reverse(pavc, &src->anon_vma_chain, same_vma) {
>>
>> > BTW, do you have the specific test case? So that I could verify my change. The
>> > kernel build test doesn't trigger this.
>> >
>> > Thanks a lot :-)
>> >
>> > On Wed, Oct 09, 2019 at 03:21:11PM -0700, Shakeel Butt wrote:
>> > --
>> > Wei Yang
>> > Help you, Help me
>>
--
Wei Yang
Help you, Help me
prev parent reply other threads:[~2019-10-10 14:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-09 21:29 "reuse mergeable anon_vma as parent when fork" causes a crash on s390 Qian Cai
2019-10-09 22:21 ` Shakeel Butt
2019-10-10 0:04 ` Andrew Morton
2019-10-10 2:36 ` Wei Yang
2019-10-10 3:15 ` Wei Yang
2019-10-10 8:29 ` Konstantin Khlebnikov
2019-10-10 12:14 ` Wei Yang
2019-10-10 14:03 ` Wei Yang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191010140349.GA28204@richard \
--to=richardw.yang@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=borntraeger@de.ibm.com \
--cc=cai@lca.pw \
--cc=gor@linux.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=khlebnikov@yandex-team.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=riel@surriel.com \
--cc=shakeelb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.