lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 24 May 2016 11:12:23 +0300
From:	Mika Westerberg <mika.westerberg@...ux.intel.com>
To:	Andrea Arcangeli <aarcange@...hat.com>
Cc:	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	linux-kernel@...r.kernel.org
Subject: Re: v4.6 kernel BUG at mm/rmap.c:1101!

On Mon, May 23, 2016 at 05:08:26PM +0200, Andrea Arcangeli wrote:
> On Mon, May 23, 2016 at 05:06:38PM +0300, Mika Westerberg wrote:
> > Hi,
> > 
> > After upgrading kernel of my desktop system from v4.6-rc7 to v4.6, I've
> > started seeing following:
> > 
> > [176611.093747] page:ffffea0000360000 count:1 mapcount:0 mapping:ffff880034d2e0a1 index:0x1f9b06600 compound_mapcount: 0
> > [176611.093751] flags: 0x3fff8000044079(locked|uptodate|dirty|lru|active|head|swapbacked)
> > [176611.093752] page dumped because: VM_BUG_ON_PAGE(page->index != linear_page_index(vma, address))
> > [176611.093753] page->mem_cgroup:ffff88049e81b800
> > [176611.093765] ------------[ cut here ]------------
> 
> This is a splitted pmd tail that is triggering a COW, but it's still a
> compound page because the physical split didn't happen yet.
> 
> So like Kirill correctly pointed out, in such case we've to do
> compound_head because the page->mapping that has to be refiled to the
> local anon_vma is in the head.
> 
> It's just a false positive VM_BUG_ON, the code itself is correct.

OK, thanks for the explanation.

> Production kernels should be built with CONFIG_DEBUG_VM=n so this is
> not going to affect them and there's no bug for the production builds.

Hmm, the kernel shipped with Fedora 23 has that enabled:

lahna % grep CONFIG_DEBUG_VM /boot/config-4.4.9-300.fc23.x86_64 
CONFIG_DEBUG_VM=y
# CONFIG_DEBUG_VM_VMACACHE is not set
# CONFIG_DEBUG_VM_RB is not set

> Can you test this to shut off the false positive?

I'm testing with Kirill's patch (because he sent it first ;-)) and let
you know what happens. Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ