lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 27 Dec 2012 21:45:10 -0500 (EST)
From:	Zhouping Liu <zliu@...hat.com>
To:	Zlatko Calusic <zlatko.calusic@...on.hr>
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	Ingo Molnar <mingo@...hat.com>,
	Johannes Weiner <jweiner@...hat.com>, mgorman@...e.de,
	hughd@...gle.com, Andrea Arcangeli <aarcange@...hat.com>,
	Hillf Danton <dhillf@...il.com>, sedat.dilek@...il.com
Subject: Re: BUG: unable to handle kernel NULL pointer dereference at
 0000000000000500

> 
> Thank you for the report Zhouping!
> 
> Would you be so kind to test the following patch and report results?
> Apply the patch to the latest mainline.

Hello Zlatko,

I have tested the below patch(applied it on mainline directly),
but IMO, I'd like to say it maybe don't fix the issue completely.

run the reproducer[1] on two machine, one machine has 2 numa nodes(8Gb RAM),
another one has 4 numa nodes(8Gb RAM), then the system hung all the time, such as the dmesg log:

[  713.066937] Killed process 6085 (oom01) total-vm:18880768kB, anon-rss:7915612kB, file-rss:4kB
[  959.555269] INFO: task kworker/13:2:147 blocked for more than 120 seconds.
[  959.562144] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1079.382018] INFO: task kworker/13:2:147 blocked for more than 120 seconds.
[ 1079.388872] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1199.209709] INFO: task kworker/13:2:147 blocked for more than 120 seconds.
[ 1199.216562] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1319.036939] INFO: task kworker/13:2:147 blocked for more than 120 seconds.
[ 1319.043794] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1438.864797] INFO: task kworker/13:2:147 blocked for more than 120 seconds.
[ 1438.871649] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1558.691611] INFO: task kworker/13:2:147 blocked for more than 120 seconds.
[ 1558.698466] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
......

I'm not sure whether it's your patch triggering the hung task or not, but reverted cda73a10eb3,
the reproducer(oom01) can PASS without both 'NULL pointer dereference at 0000000000000500' and hung task issues.

but some time, it's possible that the reproducer(oom01) cause hung task on a box with large RAM(100Gb+), so I can't judge it...

Thanks,
Zhouping

> 
> Thanks,
> 
> diff --git a/mm/vmscan.c b/mm/vmscan.c
> index 23291b9..e55ce55 100644
> --- a/mm/vmscan.c
> +++ b/mm/vmscan.c
> @@ -2564,6 +2564,7 @@ static bool prepare_kswapd_sleep(pg_data_t
> *pgdat, int order, long remaining,
>  static unsigned long balance_pgdat(pg_data_t *pgdat, int order,
>  							int *classzone_idx)
>  {
> +	bool pgdat_is_balanced = false;
>  	struct zone *unbalanced_zone;
>  	int i;
>  	int end_zone = 0;	/* Inclusive.  0 = ZONE_DMA */
> @@ -2638,8 +2639,11 @@ loop_again:
>  				zone_clear_flag(zone, ZONE_CONGESTED);
>  			}
>  		}
> -		if (i < 0)
> +
> +		if (i < 0) {
> +			pgdat_is_balanced = true;
>  			goto out;
> +		}
>  
>  		for (i = 0; i <= end_zone; i++) {
>  			struct zone *zone = pgdat->node_zones + i;
> @@ -2766,8 +2770,11 @@ loop_again:
>  				pfmemalloc_watermark_ok(pgdat))
>  			wake_up(&pgdat->pfmemalloc_wait);
>  
> -		if (pgdat_balanced(pgdat, order, *classzone_idx))
> +		if (pgdat_balanced(pgdat, order, *classzone_idx)) {
> +			pgdat_is_balanced = true;
>  			break;		/* kswapd: all done */
> +		}
> +
>  		/*
>  		 * OK, kswapd is getting into trouble.  Take a nap, then take
>  		 * another pass across the zones.
> @@ -2775,7 +2782,7 @@ loop_again:
>  		if (total_scanned && (sc.priority < DEF_PRIORITY - 2)) {
>  			if (has_under_min_watermark_zone)
>  				count_vm_event(KSWAPD_SKIP_CONGESTION_WAIT);
> -			else
> +			else if (unbalanced_zone)
>  				wait_iff_congested(unbalanced_zone, BLK_RW_ASYNC, HZ/10);
>  		}
>  
> @@ -2788,9 +2795,9 @@ loop_again:
>  		if (sc.nr_reclaimed >= SWAP_CLUSTER_MAX)
>  			break;
>  	} while (--sc.priority >= 0);
> -out:
>  
> -	if (!pgdat_balanced(pgdat, order, *classzone_idx)) {
> +out:
> +	if (!pgdat_is_balanced) {
>  		cond_resched();
>  
>  		try_to_freeze();
> 
> --
> Zlatko
> 
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@...ck.org.  For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@...ck.org"> email@...ck.org </a>
> 

-- 
Thanks,
Zhouping
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ