From: Vlastimil Babka <vbabka@suse.cz>
To: Konstantin Khlebnikov <koct9i@gmail.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org
Cc: Rik van Riel <riel@redhat.com>,
"Elifaz, Dana" <Dana.Elifaz@amd.com>,
"Bridgman, John" <John.Bridgman@amd.com>,
Daniel Forrest <dan.forrest@ssec.wisc.edu>,
Chris Clayton <chris2553@googlemail.com>,
Oded Gabbay <oded.gabbay@amd.com>, Michal Hocko <mhocko@suse.cz>
Subject: Re: [PATCH] mm: fix corner case in anon_vma endless growing prevention
Date: Sun, 11 Jan 2015 16:05:01 +0100 [thread overview]
Message-ID: <54B2911D.4050904@suse.cz> (raw)
In-Reply-To: <20150111135406.13266.42007.stgit@zurg>
On 01/11/2015 02:54 PM, Konstantin Khlebnikov wrote:
> Fix for BUG_ON(anon_vma->degree) splashes in unlink_anon_vmas()
> ("kernel BUG at mm/rmap.c:399!").
>
> Anon_vma_clone() is usually called for a copy of source vma in destination
> argument. If source vma has anon_vma it should be already in dst->anon_vma.
> NULL in dst->anon_vma is used as a sign that it's called from anon_vma_fork().
> In this case anon_vma_clone() finds anon_vma for reusing.
>
> Vma_adjust() calls it differently and this breaks anon_vma reusing logic:
> anon_vma_clone() links vma to old anon_vma and updates degree counters but
> vma_adjust() overrides vma->anon_vma right after that. As a result final
> unlink_anon_vmas() decrements degree for wrong anon_vma.
>
> This patch assigns ->anon_vma before calling anon_vma_clone().
>
> Signed-off-by: Konstantin Khlebnikov <koct9i@gmail.com>
> Fixes: 7a3ef208e662 ("mm: prevent endless growth of anon_vma hierarchy")
> Tested-by: Chris Clayton <chris2553@googlemail.com>
> Tested-by: Oded Gabbay <oded.gabbay@amd.com>
> Cc: Daniel Forrest <dan.forrest@ssec.wisc.edu>
> Cc: Michal Hocko <mhocko@suse.cz>
> Cc: Rik van Riel <riel@redhat.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
> ---
> mm/mmap.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/mm/mmap.c b/mm/mmap.c
> index 7b36aa7..12616c5 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -778,10 +778,12 @@ again: remove_next = 1 + (end > next->vm_end);
> if (exporter && exporter->anon_vma && !importer->anon_vma) {
> int error;
>
> + importer->anon_vma = exporter->anon_vma;
> error = anon_vma_clone(importer, exporter);
> - if (error)
> + if (error) {
> + importer->anon_vma = NULL;
> return error;
> - importer->anon_vma = exporter->anon_vma;
> + }
> }
> }
>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Vlastimil Babka <vbabka@suse.cz>
To: Konstantin Khlebnikov <koct9i@gmail.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org
Cc: Rik van Riel <riel@redhat.com>,
"Elifaz, Dana" <Dana.Elifaz@amd.com>,
"Bridgman, John" <John.Bridgman@amd.com>,
Daniel Forrest <dan.forrest@ssec.wisc.edu>,
Chris Clayton <chris2553@googlemail.com>,
Oded Gabbay <oded.gabbay@amd.com>, Michal Hocko <mhocko@suse.cz>
Subject: Re: [PATCH] mm: fix corner case in anon_vma endless growing prevention
Date: Sun, 11 Jan 2015 16:05:01 +0100 [thread overview]
Message-ID: <54B2911D.4050904@suse.cz> (raw)
In-Reply-To: <20150111135406.13266.42007.stgit@zurg>
On 01/11/2015 02:54 PM, Konstantin Khlebnikov wrote:
> Fix for BUG_ON(anon_vma->degree) splashes in unlink_anon_vmas()
> ("kernel BUG at mm/rmap.c:399!").
>
> Anon_vma_clone() is usually called for a copy of source vma in destination
> argument. If source vma has anon_vma it should be already in dst->anon_vma.
> NULL in dst->anon_vma is used as a sign that it's called from anon_vma_fork().
> In this case anon_vma_clone() finds anon_vma for reusing.
>
> Vma_adjust() calls it differently and this breaks anon_vma reusing logic:
> anon_vma_clone() links vma to old anon_vma and updates degree counters but
> vma_adjust() overrides vma->anon_vma right after that. As a result final
> unlink_anon_vmas() decrements degree for wrong anon_vma.
>
> This patch assigns ->anon_vma before calling anon_vma_clone().
>
> Signed-off-by: Konstantin Khlebnikov <koct9i@gmail.com>
> Fixes: 7a3ef208e662 ("mm: prevent endless growth of anon_vma hierarchy")
> Tested-by: Chris Clayton <chris2553@googlemail.com>
> Tested-by: Oded Gabbay <oded.gabbay@amd.com>
> Cc: Daniel Forrest <dan.forrest@ssec.wisc.edu>
> Cc: Michal Hocko <mhocko@suse.cz>
> Cc: Rik van Riel <riel@redhat.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
> ---
> mm/mmap.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/mm/mmap.c b/mm/mmap.c
> index 7b36aa7..12616c5 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -778,10 +778,12 @@ again: remove_next = 1 + (end > next->vm_end);
> if (exporter && exporter->anon_vma && !importer->anon_vma) {
> int error;
>
> + importer->anon_vma = exporter->anon_vma;
> error = anon_vma_clone(importer, exporter);
> - if (error)
> + if (error) {
> + importer->anon_vma = NULL;
> return error;
> - importer->anon_vma = exporter->anon_vma;
> + }
> }
> }
>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
next prev parent reply other threads:[~2015-01-11 15:05 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-11 13:54 [PATCH] mm: fix corner case in anon_vma endless growing prevention Konstantin Khlebnikov
2015-01-11 13:54 ` Konstantin Khlebnikov
2015-01-11 14:25 ` Rik van Riel
2015-01-11 14:25 ` Rik van Riel
2015-01-11 15:05 ` Vlastimil Babka [this message]
2015-01-11 15:05 ` Vlastimil Babka
2015-01-12 9:50 ` Michal Hocko
2015-01-12 9:50 ` Michal Hocko
2015-01-12 20:21 ` Andrew Morton
2015-01-12 20:21 ` Andrew Morton
2015-01-13 6:53 ` Konstantin Khlebnikov
2015-01-13 6:53 ` Konstantin Khlebnikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B2911D.4050904@suse.cz \
--to=vbabka@suse.cz \
--cc=Dana.Elifaz@amd.com \
--cc=John.Bridgman@amd.com \
--cc=akpm@linux-foundation.org \
--cc=chris2553@googlemail.com \
--cc=dan.forrest@ssec.wisc.edu \
--cc=koct9i@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.cz \
--cc=oded.gabbay@amd.com \
--cc=riel@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.