lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 Jan 2016 11:02:12 +0300
From:	Cyrill Gorcunov <gorcunov@...il.com>
To:	kernel test robot <ying.huang@...ux.intel.com>
Cc:	Ebru Akagunduz <ebru.akagunduz@...il.com>, lkp@...org,
	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Dan Carpenter <dan.carpenter@...cle.com>,
	Michal Hocko <mhocko@...e.cz>,
	Johannes Weiner <hannes@...xchg.org>,
	Hugh Dickins <hughd@...gle.com>,
	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
	Vlastimil Babka <vbabka@...e.cz>,
	David Rientjes <rientjes@...gle.com>,
	Mel Gorman <mgorman@...e.de>, Xie XiuQi <xiexiuqi@...wei.com>,
	Joonsoo Kim <iamjoonsoo.kim@....com>,
	Andrea Arcangeli <aarcange@...hat.com>,
	Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
	Rik van Riel <riel@...hat.com>,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [lkp] [mm] 7d2eba0557: BUG: unable to handle kernel NULL pointer
 dereference at           (null)

On Tue, Jan 19, 2016 at 09:53:36AM +0800, kernel test robot wrote:
> FYI, we noticed the below changes on
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> commit 7d2eba0557c18f7522b98befed98799990dd4fdb ("mm: add tracepoint for scanning pages")
> 
> 
> +-----------------------------------------------------------+------------+------------+
> |                                                           | cb5490a5ee | 7d2eba0557 |
> +-----------------------------------------------------------+------------+------------+
> | boot_successes                                            | 0          | 0          |
> | boot_failures                                             | 12         | 12         |
> | BUG:kernel_test_oversize                                  | 10         |            |
> | Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 2          | 4          |
> | BUG:unable_to_handle_kernel                               | 0          | 8          |
> | Oops                                                      | 0          | 8          |
> | RIP:khugepaged_scan_pmd                                   | 0          | 8          |
> | Kernel_panic-not_syncing:Fatal_exception                  | 0          | 8          |
> | backtrace:khugepaged                                      | 0          | 8          |
> +-----------------------------------------------------------+------------+------------+
> 
> 
> 
> [   28.528131] systemd-journald[162]: Vacuuming...
> [   28.543867] systemd-journald[162]: Vacuuming done, freed 0 bytes
> [   28.548220] systemd-journald[162]: Flushing /dev/kmsg...
> [   28.552721] BUG: unable to handle kernel NULL pointer dereference at           (null)
> [   28.553471] IP: [<ffffffffadeed16b>] khugepaged_scan_pmd+0x33b/0xaa0
> [   28.553480] PGD 0 
> [   28.553484] Oops: 0000 [#1] PREEMPT SMP 
> [   28.553490] Modules linked in: autofs4
> [   28.553497] CPU: 1 PID: 25 Comm: khugepaged Not tainted 4.4.0-05704-g7d2eba0 #1
> [   28.553498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
> [   28.553501] task: ffff880035b75000 ti: ffff880035b78000 task.ti: ffff880035b78000
> [   28.553503] RIP: 0010:[<ffffffffadeed16b>]  [<ffffffffadeed16b>] khugepaged_scan_pmd+0x33b/0xaa0
> [   28.553508] RSP: 0018:ffff880035b7bd20  EFLAGS: 00010246
> [   28.553510] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffff880035b7bdf0
> [   28.553512] RDX: ffff880000000000 RSI: 0000000000000000 RDI: 800000002f8000e7
> [   28.553514] RBP: ffff880035b7bda0 R08: ffff8800155a6448 R09: 0000000000000000
> [   28.553516] R10: 0000000000000371 R11: ffff8800354d1120 R12: 0000000000000000
> [   28.553517] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
> [   28.553520] FS:  0000000000000000(0000) GS:ffff880036800000(0000) knlGS:0000000000000000
> [   28.553522] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   28.553524] CR2: 0000000000000000 CR3: 00000000157a8000 CR4: 00000000000406a0
> [   28.553528] Stack:
> [   28.553530]  ffff880035b75bd8 ffff880035b7bdf0 ffffffffadd3a94f ffff880035b75000
> [   28.553535]  ffff880015751510 0000000000000b54 ffff880035b7be10 ffff880035b7bd78
> [   28.553541]  0000000000000000 00007fd735600000 ffff8800354d1000 0000000000000001
> [   28.553546] Call Trace:
> [   28.553552]  [<ffffffffadd3a94f>] ? __lock_is_held+0x6f/0xa0
> [   28.553556]  [<ffffffffadeee2ea>] khugepaged+0xa1a/0xac0
> [   28.553560]  [<ffffffffadd30bd0>] ? woken_wake_function+0x30/0x30
> [   28.553563]  [<ffffffffadeed8d0>] ? khugepaged_scan_pmd+0xaa0/0xaa0
> [   28.553568]  [<ffffffffadcf9bb2>] kthread+0x132/0x160
> [   28.553574]  [<ffffffffadcf9a80>] ? kthread_unpark+0x80/0x80
> [   28.553578]  [<ffffffffae764c9f>] ret_from_fork+0x3f/0x70
> [   28.553581]  [<ffffffffadcf9a80>] ? kthread_unpark+0x80/0x80
> [   28.553583] Code: 02 00 00 bb 03 00 00 00 48 83 05 d0 4e b4 02 01 4d 89 e5 48 8b 7d b8 e8 74 5d 87 00 48 83 05 ec 4e b4 02 01 c7 45 c0 00 00 00 00 <49> 8b 14 24 48 89 d0 48 c1 ea 35 48 8b 14 d5 00 00 a2 b0 48 c1 
> [   28.553655] RIP  [<ffffffffadeed16b>] khugepaged_scan_pmd+0x33b/0xaa0
> [   28.553659]  RSP <ffff880035b7bd20>
> [   28.553660] CR2: 0000000000000000
> [   28.553666] ---[ end trace bb022a4fda57d1e5 ]---
> [   28.553669] Kernel panic - not syncing: Fatal exception

Seems it should be something like that (untested at moment, please
take a look).
---
From: Cyrill Gorcunov <gorcunov@...nvz.org>
Subject: [PATCH] mm: Fix tracepoint for scanning pages

The page might be NULL so use page_to_pfn in conditional call.

Signed-off-by: Cyrill Gorcunov <gorcunov@...nvz.org>
---
 include/trace/events/huge_memory.h |   12 ++++++------
 mm/huge_memory.c                   |    6 +++---
 2 files changed, 9 insertions(+), 9 deletions(-)

Index: linux-ml.git/include/trace/events/huge_memory.h
===================================================================
--- linux-ml.git.orig/include/trace/events/huge_memory.h
+++ linux-ml.git/include/trace/events/huge_memory.h
@@ -46,10 +46,10 @@ SCAN_STATUS
 
 TRACE_EVENT(mm_khugepaged_scan_pmd,
 
-	TP_PROTO(struct mm_struct *mm, unsigned long pfn, bool writable,
+	TP_PROTO(struct mm_struct *mm, struct page *page, bool writable,
 		 bool referenced, int none_or_zero, int status),
 
-	TP_ARGS(mm, pfn, writable, referenced, none_or_zero, status),
+	TP_ARGS(mm, page, writable, referenced, none_or_zero, status),
 
 	TP_STRUCT__entry(
 		__field(struct mm_struct *, mm)
@@ -62,7 +62,7 @@ TRACE_EVENT(mm_khugepaged_scan_pmd,
 
 	TP_fast_assign(
 		__entry->mm = mm;
-		__entry->pfn = pfn;
+		__entry->pfn = page ? page_to_pfn(page) : -1UL;
 		__entry->writable = writable;
 		__entry->referenced = referenced;
 		__entry->none_or_zero = none_or_zero;
@@ -104,10 +104,10 @@ TRACE_EVENT(mm_collapse_huge_page,
 
 TRACE_EVENT(mm_collapse_huge_page_isolate,
 
-	TP_PROTO(unsigned long pfn, int none_or_zero,
+	TP_PROTO(struct page *page, int none_or_zero,
 		 bool referenced, bool  writable, int status),
 
-	TP_ARGS(pfn, none_or_zero, referenced, writable, status),
+	TP_ARGS(page, none_or_zero, referenced, writable, status),
 
 	TP_STRUCT__entry(
 		__field(unsigned long, pfn)
@@ -118,7 +118,7 @@ TRACE_EVENT(mm_collapse_huge_page_isolat
 	),
 
 	TP_fast_assign(
-		__entry->pfn = pfn;
+		__entry->pfn = page ? page_to_pfn(page) : -1UL;
 		__entry->none_or_zero = none_or_zero;
 		__entry->referenced = referenced;
 		__entry->writable = writable;
Index: linux-ml.git/mm/huge_memory.c
===================================================================
--- linux-ml.git.orig/mm/huge_memory.c
+++ linux-ml.git/mm/huge_memory.c
@@ -2068,7 +2068,7 @@ static int __collapse_huge_page_isolate(
 	if (likely(writable)) {
 		if (likely(referenced)) {
 			result = SCAN_SUCCEED;
-			trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
+			trace_mm_collapse_huge_page_isolate(page, none_or_zero,
 							    referenced, writable, result);
 			return 1;
 		}
@@ -2078,7 +2078,7 @@ static int __collapse_huge_page_isolate(
 
 out:
 	release_pte_pages(pte, _pte);
-	trace_mm_collapse_huge_page_isolate(page_to_pfn(page), none_or_zero,
+	trace_mm_collapse_huge_page_isolate(page, none_or_zero,
 					    referenced, writable, result);
 	return 0;
 }
@@ -2576,7 +2576,7 @@ out_unmap:
 		collapse_huge_page(mm, address, hpage, vma, node);
 	}
 out:
-	trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
+	trace_mm_khugepaged_scan_pmd(mm, page, writable, referenced,
 				     none_or_zero, result);
 	return ret;
 }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ