From: Peter Hurley <peter@hurleysoftware.com>
To: josh@joshtriplett.org
Cc: Fengguang Wu <fengguang.wu@intel.com>,
Iulia Manda <iulia.manda21@gmail.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKP <lkp@01.org>,
linux-kernel@vger.kernel.org
Subject: Re: [CONFIG_MULTIUSER] BUG: unable to handle kernel paging request at ffffffee
Date: Thu, 07 May 2015 12:24:07 -0400 [thread overview]
Message-ID: <554B91A7.7020904@hurleysoftware.com> (raw)
In-Reply-To: <20150507155640.GA30083@cloud>
On 05/07/2015 11:56 AM, josh@joshtriplett.org wrote:
> On Wed, May 06, 2015 at 08:39:22PM -0400, Peter Hurley wrote:
>> On 05/06/2015 07:59 PM, josh@joshtriplett.org wrote:
>>> On Wed, May 06, 2015 at 08:44:29AM -0700, Josh Triplett wrote:
>>>> On Wed, May 06, 2015 at 05:08:50PM +0800, Fengguang Wu wrote:
>>>>> FYI, the reported bug is still not fixed in linux-next 20150506.
>>>>
>>>> This isn't the same bug. The previous one you mentioned was a userspace
>>>> assertion failure in libnih, likely caused because some part of upstart
>>>> didn't have appropriate error handling for some syscall returning
>>>> ENOSYS; that one wasn't an issue, since CONFIG_MULTIUSER=n is not
>>>> expected to boot a standard Linux distribution.
>>>>
>>>> This one, on the other hand, is a kernel panic, and does need fixing.
>>>>
>>>>> commit 2813893f8b197a14f1e1ddb04d99bce46817c84a
>>>>>
>>>>> +-----------------------------------------------------------+------------+------------+------------+
>>>>> | | c79574abe2 | 2813893f8b | cbdacaf0c1 |
>>>>> +-----------------------------------------------------------+------------+------------+------------+
>>>>> | boot_successes | 60 | 0 | 0 |
>>>>> | boot_failures | 0 | 22 | 1064 |
>>>>> | BUG:unable_to_handle_kernel | 0 | 22 | 1032 |
>>>>> | Oops | 0 | 22 | 1032 |
>>>>> | EIP_is_at_devpts_new_index | 0 | 22 | 1032 |
>>>>> | Kernel_panic-not_syncing:Fatal_exception | 0 | 22 | 1032 |
>>>>> | backtrace:do_sys_open | 0 | 22 | 1032 |
>>>>> | backtrace:SyS_open | 0 | 22 | 1032 |
>>>>> | WARNING:at_arch/x86/kernel/fpu/core.c:#fpu__clear() | 0 | 0 | 32 |
>>>>> | Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 0 | 0 | 32 |
>>>>> +-----------------------------------------------------------+------------+------------+------------+
>>>>
>>>> Is this table saying the number of times the type of error in the first
>>>> column occurred in each commit?
>>>>
>>>> In any case, investigating. Iulia, can you look at this as well?
>>>>
>>>> I'm digging through the call stack, and I'm having a hard time seeing
>>>> how the CONFIG_MULTIUSER patch could affect anything here.
>>>
>>> Update: it looks like init_devpts_fs is getting ERR_PTR(-EINVAL) back
>>> from kern_mount and storing that in devpts_mnt; later, devpts_new_index
>>> pokes at devpts_mnt and explodes.
>>>
>>> So, there are two separate bugs here. On the one hand, CONFIG_MULTIUSER
>>> should not be causing kern_mount to fail with -EINVAL; tracking that
>>> down now.
>>
>> The mount failure is probably from the devpts mount options specifying
>> gid= for devpts nodes:
>>
>> devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
>>
>> The relevant code is fs/devpts/inode.c:parse_mount_options().
>> devpts also supports specifying the uid.
>>
>> To me, kern_mount() appropriately fails with -EINVAL, since the mount
>> options failed.
>
> Except that init_devpts_fs is called at module_init time, long before
> the actual mount syscall; it appears to be creating a kernel-internal
> mount, and I don't see how mount options provided by userspace much
> later would cause the earlier kern_mount to fail.
Yeah, I realized that later; that the userspace mount is really a rebind
to that initial root kernel mount.
> Also, I don't see anything in parse_mount_options that should actually
> fail with CONFIG_MULTIUSER unset.
I didn't look deeper than that, but it seemed likely that it stemmed from
that. Maybe it's related to CONFIG_DEVPTS_MULTIPLE_INSTANCES (documented
in Documentation/fs/devpts.txt) and FS_USERNS_MOUNT?
>>> On the other hand, devpts and ptmx should handle the failure
>>> better, without crashing; ptmx_open should have gracefully failed back
>>> to userspace with -ENODEV or something, since ptmx doesn't make sense
>>> without devpts. I'll send a patch for that too.
>>
>> Yeah, crashing is bad, but I don't think we should even be init'ing
>> either BSD or SysV pty drivers if there is no devpts.
>
> Can you review the patch I sent to fix the crash, and see if it looks
> reasonable to you?
On my todo list for today.
Regards,
Peter Hurley
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Peter Hurley <peter@hurleysoftware.com>
To: josh@joshtriplett.org
Cc: Fengguang Wu <fengguang.wu@intel.com>,
Iulia Manda <iulia.manda21@gmail.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKP <lkp@01.org>,
linux-kernel@vger.kernel.org
Subject: Re: [CONFIG_MULTIUSER] BUG: unable to handle kernel paging request at ffffffee
Date: Thu, 07 May 2015 12:24:07 -0400 [thread overview]
Message-ID: <554B91A7.7020904@hurleysoftware.com> (raw)
In-Reply-To: <20150507155640.GA30083@cloud>
On 05/07/2015 11:56 AM, josh@joshtriplett.org wrote:
> On Wed, May 06, 2015 at 08:39:22PM -0400, Peter Hurley wrote:
>> On 05/06/2015 07:59 PM, josh@joshtriplett.org wrote:
>>> On Wed, May 06, 2015 at 08:44:29AM -0700, Josh Triplett wrote:
>>>> On Wed, May 06, 2015 at 05:08:50PM +0800, Fengguang Wu wrote:
>>>>> FYI, the reported bug is still not fixed in linux-next 20150506.
>>>>
>>>> This isn't the same bug. The previous one you mentioned was a userspace
>>>> assertion failure in libnih, likely caused because some part of upstart
>>>> didn't have appropriate error handling for some syscall returning
>>>> ENOSYS; that one wasn't an issue, since CONFIG_MULTIUSER=n is not
>>>> expected to boot a standard Linux distribution.
>>>>
>>>> This one, on the other hand, is a kernel panic, and does need fixing.
>>>>
>>>>> commit 2813893f8b197a14f1e1ddb04d99bce46817c84a
>>>>>
>>>>> +-----------------------------------------------------------+------------+------------+------------+
>>>>> | | c79574abe2 | 2813893f8b | cbdacaf0c1 |
>>>>> +-----------------------------------------------------------+------------+------------+------------+
>>>>> | boot_successes | 60 | 0 | 0 |
>>>>> | boot_failures | 0 | 22 | 1064 |
>>>>> | BUG:unable_to_handle_kernel | 0 | 22 | 1032 |
>>>>> | Oops | 0 | 22 | 1032 |
>>>>> | EIP_is_at_devpts_new_index | 0 | 22 | 1032 |
>>>>> | Kernel_panic-not_syncing:Fatal_exception | 0 | 22 | 1032 |
>>>>> | backtrace:do_sys_open | 0 | 22 | 1032 |
>>>>> | backtrace:SyS_open | 0 | 22 | 1032 |
>>>>> | WARNING:at_arch/x86/kernel/fpu/core.c:#fpu__clear() | 0 | 0 | 32 |
>>>>> | Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 0 | 0 | 32 |
>>>>> +-----------------------------------------------------------+------------+------------+------------+
>>>>
>>>> Is this table saying the number of times the type of error in the first
>>>> column occurred in each commit?
>>>>
>>>> In any case, investigating. Iulia, can you look at this as well?
>>>>
>>>> I'm digging through the call stack, and I'm having a hard time seeing
>>>> how the CONFIG_MULTIUSER patch could affect anything here.
>>>
>>> Update: it looks like init_devpts_fs is getting ERR_PTR(-EINVAL) back
>>> from kern_mount and storing that in devpts_mnt; later, devpts_new_index
>>> pokes at devpts_mnt and explodes.
>>>
>>> So, there are two separate bugs here. On the one hand, CONFIG_MULTIUSER
>>> should not be causing kern_mount to fail with -EINVAL; tracking that
>>> down now.
>>
>> The mount failure is probably from the devpts mount options specifying
>> gid= for devpts nodes:
>>
>> devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
>>
>> The relevant code is fs/devpts/inode.c:parse_mount_options().
>> devpts also supports specifying the uid.
>>
>> To me, kern_mount() appropriately fails with -EINVAL, since the mount
>> options failed.
>
> Except that init_devpts_fs is called at module_init time, long before
> the actual mount syscall; it appears to be creating a kernel-internal
> mount, and I don't see how mount options provided by userspace much
> later would cause the earlier kern_mount to fail.
Yeah, I realized that later; that the userspace mount is really a rebind
to that initial root kernel mount.
> Also, I don't see anything in parse_mount_options that should actually
> fail with CONFIG_MULTIUSER unset.
I didn't look deeper than that, but it seemed likely that it stemmed from
that. Maybe it's related to CONFIG_DEVPTS_MULTIPLE_INSTANCES (documented
in Documentation/fs/devpts.txt) and FS_USERNS_MOUNT?
>>> On the other hand, devpts and ptmx should handle the failure
>>> better, without crashing; ptmx_open should have gracefully failed back
>>> to userspace with -ENODEV or something, since ptmx doesn't make sense
>>> without devpts. I'll send a patch for that too.
>>
>> Yeah, crashing is bad, but I don't think we should even be init'ing
>> either BSD or SysV pty drivers if there is no devpts.
>
> Can you review the patch I sent to fix the crash, and see if it looks
> reasonable to you?
On my todo list for today.
Regards,
Peter Hurley
next prev parent reply other threads:[~2015-05-07 16:24 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-28 0:43 BUG: unable to handle kernel paging request at ffffffee Fengguang Wu
2015-04-28 0:43 ` Fengguang Wu
2015-05-02 23:18 ` [CONFIG_MULTIUSER] init: error.c:320: Assertion failed in nih_error_get: CURRENT_CONTEXT->error != NULL Fengguang Wu
2015-05-02 23:18 ` Fengguang Wu
2015-05-03 2:21 ` Josh Triplett
2015-05-03 2:21 ` Josh Triplett
2015-05-06 9:08 ` [CONFIG_MULTIUSER] BUG: unable to handle kernel paging request at ffffffee Fengguang Wu
2015-05-06 9:08 ` Fengguang Wu
2015-05-06 15:44 ` Josh Triplett
2015-05-06 15:44 ` Josh Triplett
2015-05-06 23:59 ` josh
2015-05-06 23:59 ` josh
2015-05-07 0:39 ` Peter Hurley
2015-05-07 0:39 ` Peter Hurley
2015-05-07 15:56 ` josh
2015-05-07 15:56 ` josh
2015-05-07 16:24 ` Peter Hurley [this message]
2015-05-07 16:24 ` Peter Hurley
2015-05-07 17:03 ` josh
2015-05-07 17:03 ` josh
2015-05-07 17:10 ` josh
2015-05-07 17:10 ` josh
2015-05-07 0:59 ` Fengguang Wu
2015-05-07 0:59 ` Fengguang Wu
2015-05-07 0:59 ` Fengguang Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=554B91A7.7020904@hurleysoftware.com \
--to=peter@hurleysoftware.com \
--cc=akpm@linux-foundation.org \
--cc=fengguang.wu@intel.com \
--cc=iulia.manda21@gmail.com \
--cc=josh@joshtriplett.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@01.org \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.