From: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
To: Peter Moody <pmoody@google.com>
Cc: ananth@in.ibm.com, anil.s.keshavamurthy@intel.com,
davem@davemloft.net, linux-kernel@vger.kernel.org,
Kees Cook <keescook@google.com>
Subject: Re: Re: splat in kretprobe in get_task_mm(current)
Date: Thu, 05 Jun 2014 07:49:51 +0900 [thread overview]
Message-ID: <538FA28F.30407@hitachi.com> (raw)
In-Reply-To: <r3nd2eobswp.fsf@perdido.sfo.corp.google.com>
(2014/06/05 0:23), Peter Moody wrote:
>
> On Wed, Jun 04 2014 at 07:07, Masami Hiramatsu wrote:
>
>>> Thank you for reporting that. I've tried to reproduce it with your code, but
>>> not succeeded yet. Could you share us your kernel config too?
>>
>> Hmm, it seems that on my environment (Fedora20, gcc version 4.8.2 20131212),
>> do_execve() in sys_execve has been optimized out (and do_execve_common() is
>> also renamed). I'll try to rebuild it. However, since such optimization sometimes
>> depends on kernel config, I'd like to do it with your config.
>>
>> Thank you,
>
> Sure thing, sorry for not attaching it to begin with.
>
> One other thing is that, at least on the systems I've been able to repro on, the more processes,
> the more likely I was to not emit a splat before just deadlocking the machine. eg. on a 12 core
> machine, I got the splat with 32 processes and a deadlock with 50. On a 2 core qemu virtual
> machine I got a deadlock with 32 and a splat with something like 12 or 16.
>
> And FWIW, I'm running ubuntu precise, with gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
Thank you for sharing the kconfig. I saw the CONFIG_DEBUG_ATOMIC_SLEEP was not set
in your kconfig. When I set that and run your test, I had (a lot of) below warnings
instead of deadlock.
[ 342.072132] BUG: sleeping function called from invalid context at /home/fedora/ksrc/linux-3/kernel/fork.c:615
[ 342.080684] in_atomic(): 1, irqs_disabled(): 1, pid: 5017, name: execve
[ 342.080684] INFO: lockdep is turned off.
[ 342.080684] irq event stamp: 0
[ 342.080684] hardirqs last enabled at (0): [< (null)>] (null)
[ 342.080684] hardirqs last disabled at (0): [<ffffffff81045468>] copy_process.part.31+0x5ba/0x183d
[ 342.080684] softirqs last enabled at (0): [<ffffffff81045468>] copy_process.part.31+0x5ba/0x183d
[ 342.080684] softirqs last disabled at (0): [< (null)>] (null)
[ 342.080684] CPU: 5 PID: 5017 Comm: execve Not tainted 3.15.0-rc8+ #7
[ 342.080684] Hardware name: Red Hat Inc. OpenStack Nova, BIOS 0.5.1 01/01/2007
[ 342.080684] 0000000000000000 ffff8803ff81bdf8 ffffffff81554140 ffff88040a9df500
[ 342.080684] ffff8803ff81be08 ffffffff8106d17c ffff8803ff81be20 ffffffff81044bd8
[ 342.080684] ffffffff8114ad8f ffff8803ff81be30 ffffffffa015802d ffff8803ff81be88
[ 342.080684] Call Trace:
[ 342.080684] [<ffffffff81554140>] dump_stack+0x4d/0x66
[ 342.080684] [<ffffffff8106d17c>] __might_sleep+0x118/0x11a
[ 342.080684] [<ffffffff81044bd8>] mmput+0x20/0xd9
[ 342.080684] [<ffffffff8114ad8f>] ? SyS_execve+0x2a/0x2e
[ 342.080684] [<ffffffffa015802d>] exec_handler+0x2d/0x34 [exec_mm_probe]
[ 342.080684] [<ffffffff81032a2c>] trampoline_handler+0x11b/0x1ac
[ 342.080684] [<ffffffff8103265a>] kretprobe_trampoline+0x25/0x4c
[ 342.080684] [<ffffffff81032635>] ? kretprobe_trampoline_holder+0x9/0x9
[ 342.080684] [<ffffffff8155ca99>] stub_execve+0x69/0xa0
Here, as you can see, calling mmput() in kretprobe handler is actually the root cause
of this problem.
Thank you,
--
Masami HIRAMATSU
Software Platform Research Dept. Linux Technology Research Center
Hitachi, Ltd., Yokohama Research Laboratory
E-mail: masami.hiramatsu.pt@hitachi.com
next prev parent reply other threads:[~2014-06-04 22:50 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-03 17:39 splat in kretprobe in get_task_mm(current) Peter Moody
2014-06-03 21:53 ` Peter Moody
2014-06-04 8:03 ` Masami Hiramatsu
2014-06-04 14:07 ` Masami Hiramatsu
2014-06-04 15:23 ` Peter Moody
2014-06-04 22:49 ` Masami Hiramatsu [this message]
2014-06-04 23:00 ` Peter Moody
2014-06-04 16:05 ` (ltc-kernel 9473) " Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=538FA28F.30407@hitachi.com \
--to=masami.hiramatsu.pt@hitachi.com \
--cc=ananth@in.ibm.com \
--cc=anil.s.keshavamurthy@intel.com \
--cc=davem@davemloft.net \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pmoody@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.