Re: preempt bug in set_pmd_pfn? - Jeremy Fitzhardinge

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeremy Fitzhardinge <jeremy@goop.org>
To: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>, Andi Kleen <ak@suse.de>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: preempt bug in set_pmd_pfn?
Date: Wed, 05 Mar 2008 08:45:08 -0800	[thread overview]
Message-ID: <47CECE14.8090808@goop.org> (raw)
In-Reply-To: <20080305064814.GB28398@elte.hu>

Ingo Molnar wrote:
> * Jeremy Fitzhardinge <jeremy@goop.org> wrote:
>
>   
>> Ingo Molnar wrote:
>>     
>>> * Jeremy Fitzhardinge <jeremy@goop.org> wrote:
>>>
>>>   
>>>       
>>>> I think set_pmd_pfn, which is only called by __set_fixmap, might have a 
>>>> preempt bug in it.
>>>>     
>>>>         
>>> yes, and we had similar preemption bugs in the past. I guess most places 
>>> are either infrequent or have some natural atomicity anyway. Wanna send a 
>>> patch?
>>>       
>> Sure.  Should it just disable preemption, or take a lock?  It calls 
>> set_pte_at without holding any pte locks; that seems to be relatively 
>> common.  Is it OK when you're operating on init_mm?
>>     
>
> no, it's not OK to modify the kernel pagetable without locking - taking 
> the pgd_lock should do the trick. Could you send the stacktrace that 
> shows the place that is preemptible?
So far I've noticed two places:

1. __set_fixmap to set up the vdso compat mapping (set_pte_at and tlb 
flush):

BUG: using smp_processor_id() in preemptible [00000000] code: init/1
caller is paravirt_get_lazy_mode+0xe/0x1b
Pid: 1, comm: init Not tainted 2.6.25-rc3-x86-latest.git #196
 [<c022be65>] debug_smp_processor_id+0x99/0xb0
 [<c011aa88>] paravirt_get_lazy_mode+0xe/0x1b
 [<c0105092>] xen_set_pte_at+0x2e/0xc0
 [<c011d322>] __set_fixmap+0x14a/0x176
 [<c011e4bb>] arch_setup_additional_pages+0x83/0x11d
 [<c01934a3>] load_elf_binary+0xad8/0x113a
 [<c016d410>] ? vfs_read+0xef/0x106
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01929cb>] ? load_elf_binary+0x0/0x113a
 [<c01703ab>] ? prepare_binprm+0xc3/0xcb
 [<c0192375>] load_script+0x179/0x18c
 [<c0159caf>] ? get_user_pages+0x31d/0x397
 [<c016fe47>] ? get_arg_page+0x2d/0x80
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01921fc>] ? load_script+0x0/0x18c
 [<c0171302>] do_execve+0x121/0x16a
 [<c01067d9>] sys_execve+0x29/0x52
 [<c0108286>] syscall_call+0x7/0xb
 [<c017007b>] ? search_binary_handler+0x56/0x19f
 [<c010af2f>] ? kernel_execve+0x17/0x1c
 [<c010217f>] ? _stext+0x17/0x19
 [<c01021d6>] ? init_post+0x55/0xbb
 [<c01035e7>] ? xen_irq_disable+0x21/0x23
 [<c010828f>] ? syscall_exit+0x5/0x1d
 [<c0108ee7>] ? kernel_thread_helper+0x7/0x10
 =======================
BUG: using smp_processor_id() in preemptible [00000000] code: init/1
caller is xen_flush_tlb_single+0x11/0x89
Pid: 1, comm: init Not tainted 2.6.25-rc3-x86-latest.git #196
 [<c022be65>] debug_smp_processor_id+0x99/0xb0
 [<c0103c0b>] xen_flush_tlb_single+0x11/0x89
 [<c011d33f>] __set_fixmap+0x167/0x176
 [<c011e4bb>] arch_setup_additional_pages+0x83/0x11d
 [<c01934a3>] load_elf_binary+0xad8/0x113a
 [<c016d410>] ? vfs_read+0xef/0x106
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01929cb>] ? load_elf_binary+0x0/0x113a
 [<c01703ab>] ? prepare_binprm+0xc3/0xcb
 [<c0192375>] load_script+0x179/0x18c
 [<c0159caf>] ? get_user_pages+0x31d/0x397
 [<c016fe47>] ? get_arg_page+0x2d/0x80
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01921fc>] ? load_script+0x0/0x18c
 [<c0171302>] do_execve+0x121/0x16a
 [<c01067d9>] sys_execve+0x29/0x52
 [<c0108286>] syscall_call+0x7/0xb
 [<c017007b>] ? search_binary_handler+0x56/0x19f
 [<c010af2f>] ? kernel_execve+0x17/0x1c
 [<c010217f>] ? _stext+0x17/0x19
 [<c01021d6>] ? init_post+0x55/0xbb
 [<c01035e7>] ? xen_irq_disable+0x21/0x23
 [<c010828f>] ? syscall_exit+0x5/0x1d
 [<c0108ee7>] ? kernel_thread_helper+0x7/0x10
 =======================


2. and vmalloc:

BUG: using smp_processor_id() in preemptible [00000000] code: multipath.stati/1981
caller is paravirt_get_lazy_mode+0xe/0x1b
Pid: 1981, comm: multipath.stati Not tainted 2.6.25-rc3-x86-latest.git #196
 [<c022be65>] debug_smp_processor_id+0x99/0xb0
 [<c011aa88>] paravirt_get_lazy_mode+0xe/0x1b
 [<c0105092>] xen_set_pte_at+0x2e/0xc0
 [<c015f736>] map_vm_area+0x1fa/0x255
 [<c015fc83>] __vmalloc_area_node+0xdb/0xfa
 [<c015fceb>] __vmalloc_node+0x49/0x58
 [<c015fd26>] __vmalloc+0x10/0x12
 [<c015fdca>] vmalloc+0x19/0x1b
 [<c038d3b4>] dm_ctl_ioctl+0x155/0x248
 [<c038c56b>] ? list_versions+0x0/0x79
 [<c0103c00>] ? xen_flush_tlb_single+0x6/0x89
 [<c038d25f>] ? dm_ctl_ioctl+0x0/0x248
 [<c01767be>] vfs_ioctl+0x22/0x67
 [<c0176a54>] do_vfs_ioctl+0x251/0x268
 [<c015b45f>] ? remove_vma+0x34/0x3a
 [<c015bdc8>] ? do_munmap+0x17d/0x197
 [<c0176a97>] sys_ioctl+0x2c/0x45
 [<c0108286>] syscall_call+0x7/0xb
 =======================

    J

next prev parent reply	other threads:[~2008-03-05 16:50 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-04 21:13 preempt bug in set_pmd_pfn? Jeremy Fitzhardinge
2008-03-04 21:28 ` Ingo Molnar
2008-03-04 21:27   ` Jeremy Fitzhardinge
2008-03-05  6:48     ` Ingo Molnar
2008-03-05 14:29       ` Hugh Dickins
2008-03-05 16:48         ` Jeremy Fitzhardinge
2008-03-05 17:38           ` Hugh Dickins
2008-03-05 19:18             ` Jeremy Fitzhardinge
2008-03-05 20:40               ` Hugh Dickins
2008-03-06 12:52               ` Ingo Molnar
2008-03-06 18:19                 ` Jeremy Fitzhardinge
2008-03-05 16:45       ` Jeremy Fitzhardinge [this message]
2008-03-05  0:06 ` Andi Kleen
2008-03-05  0:07   ` Jeremy Fitzhardinge
2008-03-05  0:16     ` Andi Kleen
2008-03-05  0:19       ` Jeremy Fitzhardinge
2008-03-05  1:28         ` Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47CECE14.8090808@goop.org \
    --to=jeremy@goop.org \
    --cc=ak@suse.de \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.