lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1315989783.2361.7.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC>
Date:	Wed, 14 Sep 2011 10:43:03 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Shaohua Li <shaohua.li@...el.com>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Hugh Dickins <hughd@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	Rik van Riel <riel@...hat.com>
Subject: Re: [BUG] infinite loop in find_get_pages()

Le mercredi 14 septembre 2011 à 16:20 +0800, Shaohua Li a écrit :
> 2011/9/14 Shaohua Li <shli@...nel.org>:
> > it appears we didn't account skipped swap entry in find_get_pages().
> > does the attached patch help?
> I can easily reproduce the issue. Just cp files in tmpfs, trigger swap and
> drop caches. The debug patch fixes it at my side.
> Eric, please try it.
> 

Hello Shaohua

I tried it with added traces :


[  277.077855] mv used greatest stack depth: 3336 bytes left
[  310.558012] nr_found=2 nr_skip=2
[  310.558139] nr_found=14 nr_skip=14
[  332.195162] nr_found=2 nr_skip=2
[  332.195274] nr_found=14 nr_skip=14
[  352.315273] nr_found=14 nr_skip=14
[  372.673575] nr_found=14 nr_skip=14
[  397.115463] nr_found=14 nr_skip=14
[  403.391694] cc1 used greatest stack depth: 3184 bytes left
[  404.761194] cc1 used greatest stack depth: 2640 bytes left
[  417.306510] nr_found=14 nr_skip=14
[  440.198051] nr_found=14 nr_skip=14

I also used :

-	if (unlikely(!ret && nr_found))
+	if (unlikely(!ret && nr_found > nr_skip))
 		goto restart;

It seems to fix the bug. I suspect it also aborts
invalidate_mapping_pages() if we skip 14 pages, but existing comment
states its OK :

        /*
         * Note: this function may get called on a shmem/tmpfs mapping:
         * pagevec_lookup() might then return 0 prematurely (because it
         * got a gangful of swap entries); but it's hardly worth worrying
         * about - it can rarely have anything to free from such a mapping
         * (most pages are dirty), and already skips over any difficulties.
         */
 
Thanks !


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ