| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Feb 2015 12:07:58 -0500
From: Sasha Levin <sasha.levin@...cle.com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andrea Arcangeli <aarcange@...hat.com>,
Hugh Dickins <hughd@...gle.com>
CC: Dave Hansen <dave.hansen@...el.com>, Mel Gorman <mgorman@...e.de>,
Rik van Riel <riel@...hat.com>,
Vlastimil Babka <vbabka@...e.cz>,
Christoph Lameter <cl@...two.org>,
Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
Steve Capper <steve.capper@...aro.org>,
"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
Johannes Weiner <hannes@...xchg.org>,
Michal Hocko <mhocko@...e.cz>,
Jerome Marchand <jmarchan@...hat.com>,
linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCHv3 14/24] thp: implement new split_huge_page()
On 02/12/2015 11:18 AM, Kirill A. Shutemov wrote:
> +void __get_page_tail(struct page *page);
> static inline void get_page(struct page *page)
> {
> - struct page *page_head = compound_head(page);
> - VM_BUG_ON_PAGE(atomic_read(&page_head->_count) <= 0, page);
> - atomic_inc(&page_head->_count);
> + if (unlikely(PageTail(page)))
> + return __get_page_tail(page);
> +
> + /*
> + * Getting a normal page or the head of a compound page
> + * requires to already have an elevated page->_count.
> + */
> + VM_BUG_ON_PAGE(atomic_read(&page->_count) <= 0, page);
This BUG_ON seems to get hit:
[ 612.180784] page:ffffea00004cb180 count:0 mapcount:0 mapping: (null) index:0x2
[ 612.188538] flags: 0x1fffff80000000()
[ 612.190452] page dumped because: VM_BUG_ON_PAGE(atomic_read(&page->_count) <= 0)
[ 612.195857] ------------[ cut here ]------------
[ 612.196636] kernel BUG at include/linux/mm.h:463!
[ 612.196636] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 612.196636] Dumping ftrace buffer:
[ 612.196636] (ftrace buffer empty)
[ 612.196636] Modules linked in:
[ 612.196636] CPU: 21 PID: 16300 Comm: trinity-c99 Not tainted 3.19.0-next-20150212-sasha-00072-gdc1aa32 #1913
[ 612.196636] task: ffff880012dbb000 ti: ffff880012df8000 task.ti: ffff880012df8000
[ 612.196636] RIP: copy_page_range (include/linux/mm.h:463 mm/memory.c:921 mm/memory.c:971 mm/memory.c:993 mm/memory.c:1055)
[ 612.196636] RSP: 0018:ffff880012dffad0 EFLAGS: 00010286
[ 612.196636] RAX: dffffc0000000000 RBX: 00000000132c6100 RCX: 0000000000000000
[ 612.196636] RDX: 1ffffd4000099637 RSI: 0000000000000000 RDI: ffffea00004cb1b8
[ 612.196636] RBP: ffff880012dffc60 R08: 0000000000000001 R09: 0000000000000000
[ 612.196636] R10: ffffffffa5875ce8 R11: 0000000000000001 R12: ffff880012df6630
[ 612.196636] R13: ffff880711fe6630 R14: 00007f33954c6000 R15: 0000000000000010
[ 612.196636] FS: 00007f33993b0700(0000) GS:ffff880712800000(0000) knlGS:0000000000000000
[ 612.196636] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 612.196636] CR2: 00007f33993b06c8 CR3: 000000002ab33000 CR4: 00000000000007a0
[ 612.196636] DR0: ffffffff80000fff DR1: 0000000000000000 DR2: 0000000000000000
[ 612.196636] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000b1060a
[ 612.196636] Stack:
[ 612.196636] ffffffffa1937460 0000000000000002 ffff880012dffb30 ffffffff944141f6
[ 612.196636] ffff880012df8010 0000000000000020 ffff880012dffbf0 0000000000000000
[ 612.196636] 0000000008100073 1ffff100025bff7a ffff880012df1e50 1ffff100025bf002
[ 612.196636] Call Trace:
[ 612.196636] ? __lock_is_held (kernel/locking/lockdep.c:3518)
[ 612.196636] ? apply_to_page_range (mm/memory.c:1002)
[ 612.196636] ? __vma_link_rb (mm/mmap.c:633)
[ 612.196636] ? anon_vma_fork (mm/rmap.c:351)
[ 612.196636] copy_process (kernel/fork.c:470 kernel/fork.c:869 kernel/fork.c:923 kernel/fork.c:1395)
[ 612.196636] ? __cleanup_sighand (kernel/fork.c:1196)
[ 612.196636] do_fork (kernel/fork.c:1659)
[ 612.196636] ? trace_hardirqs_on_caller (kernel/locking/lockdep.c:2554 kernel/locking/lockdep.c:2601)
[ 612.196636] ? fork_idle (kernel/fork.c:1636)
[ 612.196636] ? syscall_trace_enter_phase2 (arch/x86/kernel/ptrace.c:1598)
[ 612.196636] SyS_clone (kernel/fork.c:1748)
[ 612.196636] stub_clone (arch/x86/kernel/entry_64.S:517)
[ 612.196636] ? tracesys_phase2 (arch/x86/kernel/entry_64.S:422)
[ 612.196636] Code: ff df 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 4c 04 00 00 48 8b 48 30 e9 fe f9 ff ff 48 c7 c6 40 34 f4 9e 48 89 c7 e8 0e ca fe ff <0f> 0b 0f 0b 48 89 c7 e8 12 2a ff ff e9 df fb ff ff 0f 0b 0f 0b
All code
========
0: ff df lcallq *<internal disassembler error>
2: 48 89 f9 mov %rdi,%rcx
5: 48 c1 e9 03 shr $0x3,%rcx
9: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1)
d: 0f 85 4c 04 00 00 jne 0x45f
13: 48 8b 48 30 mov 0x30(%rax),%rcx
17: e9 fe f9 ff ff jmpq 0xfffffffffffffa1a
1c: 48 c7 c6 40 34 f4 9e mov $0xffffffff9ef43440,%rsi
23: 48 89 c7 mov %rax,%rdi
26: e8 0e ca fe ff callq 0xfffffffffffeca39
2b:* 0f 0b ud2 <-- trapping instruction
2d: 0f 0b ud2
2f: 48 89 c7 mov %rax,%rdi
32: e8 12 2a ff ff callq 0xffffffffffff2a49
37: e9 df fb ff ff jmpq 0xfffffffffffffc1b
3c: 0f 0b ud2
3e: 0f 0b ud2
...
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 0f 0b ud2
4: 48 89 c7 mov %rax,%rdi
7: e8 12 2a ff ff callq 0xffffffffffff2a1e
c: e9 df fb ff ff jmpq 0xfffffffffffffbf0
11: 0f 0b ud2
13: 0f 0b ud2
...
[ 612.196636] RIP copy_page_range (include/linux/mm.h:463 mm/memory.c:921 mm/memory.c:971 mm/memory.c:993 mm/memory.c:1055)
[ 612.196636] RSP <ffff880012dffad0>
Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists