From: Andrey Ryabinin <a.ryabinin@samsung.com>
To: John Stultz <john.stultz@linaro.org>
Cc: lkml <linux-kernel@vger.kernel.org>,
dvyukov@google.com, kcc@google.com, dmitryc@google.com,
adech.fo@gmail.com, tetra2005@gmail.com, koct9i@gmail.com,
"Sasha Levin" <sasha.levin@oracle.com>,
"Christoph Lameter" <cl@linux.com>,
iamjoonsoo.kim@lge.com, "Dave Hansen" <dave.hansen@intel.com>,
"Andi Kleen" <andi@firstfloor.org>, "Ingo Molnar" <mingo@elte.hu>,
"Thomas Gleixner" <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>,
"Pekka Enberg" <penberg@kernel.org>,
"David Rientjes" <rientjes@google.com>,
"Greg KH" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
riandrews@android.com,
"Serban Constantinescu" <serban.constantinescu@arm.com>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
devel@driverdev.osuosl.org
Subject: Re: [PATCH] android: binder: fix binder mmap failures
Date: Fri, 27 Feb 2015 20:37:50 +0300 [thread overview]
Message-ID: <54F0AB6E.80302@samsung.com> (raw)
In-Reply-To: <CALAqxLWGno+=nrpu3W5RkMnzqWLDXQQFymRYtVCngxXvw2c09w@mail.gmail.com>
On 02/27/2015 08:26 PM, John Stultz wrote:
> On Fri, Feb 27, 2015 at 8:30 AM, Andrey Ryabinin <a.ryabinin@samsung.com> wrote:
>> binder_update_page_range() initializes only addr and size
>> fields in 'struct vm_struct tmp_area;' and passes it to
>> map_vm_area().
>>
>> Before 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation")
>> this was because map_vm_area() didn't use any other fields
>> in vm_struct except addr and size.
>>
>> Now get_vm_area_size() (used in map_vm_area()) reads vm_struct's
>> flags to determine whether vm area has guard hole or not.
>>
>> binder_update_page_range() don't initialize flags field, so
>> this causes following binder mmap failures:
>> -----------[ cut here ]------------
>> WARNING: CPU: 0 PID: 1971 at mm/vmalloc.c:130
>> vmap_page_range_noflush+0x119/0x144()
>> CPU: 0 PID: 1971 Comm: healthd Not tainted 4.0.0-rc1-00399-g7da3fdc-dirty #157
>> Hardware name: ARM-Versatile Express
>> [<c001246d>] (unwind_backtrace) from [<c000f7f9>] (show_stack+0x11/0x14)
>> [<c000f7f9>] (show_stack) from [<c049a221>] (dump_stack+0x59/0x7c)
>> [<c049a221>] (dump_stack) from [<c001cf21>] (warn_slowpath_common+0x55/0x84)
>> [<c001cf21>] (warn_slowpath_common) from [<c001cfe3>]
>> (warn_slowpath_null+0x17/0x1c)
>> [<c001cfe3>] (warn_slowpath_null) from [<c00c66c5>]
>> (vmap_page_range_noflush+0x119/0x144)
>> [<c00c66c5>] (vmap_page_range_noflush) from [<c00c716b>] (map_vm_area+0x27/0x48)
>> [<c00c716b>] (map_vm_area) from [<c038ddaf>]
>> (binder_update_page_range+0x12f/0x27c)
>> [<c038ddaf>] (binder_update_page_range) from [<c038e857>]
>> (binder_mmap+0xbf/0x1ac)
>> [<c038e857>] (binder_mmap) from [<c00c2dc7>] (mmap_region+0x2eb/0x4d4)
>> [<c00c2dc7>] (mmap_region) from [<c00c3197>] (do_mmap_pgoff+0x1e7/0x250)
>> [<c00c3197>] (do_mmap_pgoff) from [<c00b35b5>] (vm_mmap_pgoff+0x45/0x60)
>> [<c00b35b5>] (vm_mmap_pgoff) from [<c00c1f39>] (SyS_mmap_pgoff+0x5d/0x80)
>> [<c00c1f39>] (SyS_mmap_pgoff) from [<c000ce81>] (ret_fast_syscall+0x1/0x5c)
>> ---[ end trace 48c2c4b9a1349e54 ]---
>> binder: 1982: binder_alloc_buf failed to map page at f0e00000 in kernel
>> binder: binder_mmap: 1982 b6bde000-b6cdc000 alloc small buf failed -12
>>
>> Use map_kernel_range_noflush() instead of map_vm_area() as this is better
>> API for binder's purposes and it allows to get rid of 'vm_struct tmp_area' at all.
>>
>> Fixes: 71394fe50146 ("mm: vmalloc: add flag preventing guard hole allocation")
>> Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
>> Reported-by: Amit Pundir <amit.pundir@linaro.org>
>> ---
>> drivers/android/binder.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/android/binder.c b/drivers/android/binder.c
>> index 33b09b6..a984fbb 100644
>> --- a/drivers/android/binder.c
>> +++ b/drivers/android/binder.c
>> @@ -551,7 +551,6 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
>> {
>> void *page_addr;
>> unsigned long user_page_addr;
>> - struct vm_struct tmp_area;
>> struct page **page;
>> struct mm_struct *mm;
>>
>> @@ -600,9 +599,10 @@ static int binder_update_page_range(struct binder_proc *proc, int allocate,
>> proc->pid, page_addr);
>> goto err_alloc_page_failed;
>> }
>> - tmp_area.addr = page_addr;
>> - tmp_area.size = PAGE_SIZE + PAGE_SIZE /* guard page? */;
>> - ret = map_vm_area(&tmp_area, PAGE_KERNEL, page);
>> + ret = map_kernel_range_noflush((unsigned long)page_addr,
>> + PAGE_SIZE, PAGE_KERNEL, page);
>> + flush_cache_vmap((unsigned long)page_addr,
>> + (unsigned long)page_addr + PAGE_SIZE);
>> if (ret) {
>> pr_err("%d: binder_alloc_buf failed to map page at %p in kernel\n",
>> proc->pid, page_addr);
>
> So with this patch I don't see the warnings, but I'm still seeing:
> [ 11.154283] binder: 1956: binder_alloc_buf failed to map page at
> f0340000 in kernel
> [ 11.154916] binder: binder_mmap: 1956 b6ce0000-b6d00000 alloc small
> buf failed -12
>
> over and over. So I don't think this patch is quite right.
>
Thanks.
Seems that error check is wrong now.
map_vm_area() returns 0 on success, map_kernel_range_noflush() number of mapped pages.
> thanks
> -john
>
next prev parent reply other threads:[~2015-02-27 17:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-26 22:04 Regression in v4.0.0-rc1 with Android Binder Amit Pundir
2015-02-26 23:37 ` Greg KH
2015-02-27 0:12 ` Arve Hjønnevåg
2015-02-27 3:01 ` David Rientjes
2015-02-27 16:30 ` [PATCH] android: binder: fix binder mmap failures Andrey Ryabinin
2015-02-27 17:26 ` John Stultz
2015-02-27 17:37 ` Andrey Ryabinin [this message]
2015-02-27 17:44 ` [PATCH v2] " Andrey Ryabinin
2015-02-27 18:03 ` John Stultz
2015-02-27 20:59 ` David Rientjes
2015-03-01 18:17 ` Amit Pundir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54F0AB6E.80302@samsung.com \
--to=a.ryabinin@samsung.com \
--cc=adech.fo@gmail.com \
--cc=andi@firstfloor.org \
--cc=arve@android.com \
--cc=cl@linux.com \
--cc=dave.hansen@intel.com \
--cc=devel@driverdev.osuosl.org \
--cc=dmitryc@google.com \
--cc=dvyukov@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=john.stultz@linaro.org \
--cc=kcc@google.com \
--cc=koct9i@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=penberg@kernel.org \
--cc=riandrews@android.com \
--cc=rientjes@google.com \
--cc=sasha.levin@oracle.com \
--cc=serban.constantinescu@arm.com \
--cc=sumit.semwal@linaro.org \
--cc=tetra2005@gmail.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.