| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <04bd1284-ff3b-4b3d-899d-9a1e3705df28@oracle.com>
Date: Tue, 11 Mar 2025 10:40:17 -0400
From: Sidhartha Kumar <sidhartha.kumar@...cle.com>
To: Vasily Gorbik <gor@...ux.ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, maple-tree@...ts.infradead.org,
linux-mm@...ck.org, liam.howlett@...cle.com, richard.weiyang@...il.com
Subject: Re: [PATCH v3 5/6] maple_tree: add sufficient height
On 3/10/25 2:13 PM, Vasily Gorbik wrote:
> On Thu, Feb 27, 2025 at 08:48:22PM +0000, Sidhartha Kumar wrote:
>> In order to support rebalancing and spanning stores using less than the
>> worst case number of nodes, we need to track more than just the vacant
>> height. Using only vacant height to reduce the worst case maple node
>> allocation count can lead to a shortcoming of nodes in the following
>> scenarios.
> ...
>> Signed-off-by: Sidhartha Kumar <sidhartha.kumar@...cle.com>
>> ---
>> include/linux/maple_tree.h | 4 +++-
>> lib/maple_tree.c | 17 +++++++++++++++--
>> tools/testing/radix-tree/maple.c | 28 ++++++++++++++++++++++++++++
>> 3 files changed, 46 insertions(+), 3 deletions(-)
>
> Hi Sidhartha,
>
> Starting from this commit, the LTP test "linkat02" consistently triggers
> a kernel WARNING followed by a crash, at least on s390 (and probably on
> other big-endian architectures as well). The maple tree selftest passes
> successfully.
>
Would you be able to rerun this test with the following diff applied and
CONFIG_DEBUG_MAPLE_TREE=y so I can check the state of the tree to easier
reproduce the error?
diff --git a/lib/maple_tree.c b/lib/maple_tree.c
index ea1f0acac118..74a4b1924a55 100644
--- a/lib/maple_tree.c
+++ b/lib/maple_tree.c
@@ -1153,8 +1153,11 @@ static inline struct maple_node
*mas_pop_node(struct ma_state *mas)
unsigned int req = mas_alloc_req(mas);
/* nothing or a request pending. */
- if (WARN_ON(!total))
+ if (WARN_ON(!total)) {
+ mas_dump(mas);
+ mt_dump(mas->tree, mt_dump_hex);
return NULL;
+ }
if (total == 1) {
/* single allocation in this ma_state */
> [ 233.489583] LTP: starting linkat02
> linkat02 0 TINFO : Using /tmp/ltp-8P2ZJL0mgN/LTP_lin3flG7N as tmpdir (tmpfs filesystem)
> linkat02 0 TINFO : Found free device 0 '/dev/loop0'
> [ 234.187957] loop0: detected capacity change from 0 to 614400
> linkat02 0 TINFO : Formatting /dev/loop0 with ext2 opts='' extra opts=''
> mke2fs 1.47.1 (20-May-2024)
> [ 234.571157] operation not supported error, dev loop0, sector 614272 op 0x9:(WRITE_ZEROES) flags 0x10000800 phys_seg 0 prio class 0
> linkat02 0 TINFO : Mounting /dev/loop0 to /tmp/ltp-8P2ZJL0mgN/LTP_lin3flG7N/mntpoint fstyp=ext2 flags=0
> [ 234.690816] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
> [ 234.696090] EXT4-fs (loop0): mounted filesystem 29120d07-e10b-43b8-bfb0-6156683a2769 r/w without journal. Quota mode: none.
> linkat02 0 TINFO : Failed reach the hardlinks limit
> [ 239.616047] ------------[ cut here ]------------
> [ 239.616231] WARNING: CPU: 0 PID: 669 at lib/maple_tree.c:1156 mas_pop_node+0x220/0x290
> [ 239.616252] Modules linked in:
> [ 239.616292] CPU: 0 UID: 0 PID: 669 Comm: linkat02 Not tainted 6.14.0-rc5-next-20250307 #29
> [ 239.616305] Hardware name: IBM 3931 A01 704 (KVM/Linux)
> [ 239.616315] Krnl PSW : 0704c00180000000 00007fffe2b6c314 (mas_pop_node+0x224/0x290)
> [ 239.616334] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
> [ 239.616349] Krnl GPRS: 0000000000000005 001c0feffc355f67 00007f7fe1aafb38 001c000000000000
> [ 239.616360] 001c000000000000 001c0fef00007f05 0000000000000000 ffffffffffffffff
> [ 239.616371] 00007f7fe1aaf3e0 00007f7fe1aafb08 001c000000000000 0000000000000000
> [ 239.616381] 0000000001026838 0000000000000005 00007f7fe1aaf020 00007f7fe1aaefc8
> [ 239.616399] Krnl Code: 00007fffe2b6c306: e370a0000024 stg %r7,0(%r10)
> [ 239.616399] 00007fffe2b6c30c: a7f4ff83 brc 15,00007fffe2b6c212
> [ 239.616399] #00007fffe2b6c310: af000000 mc 0,0
> [ 239.616399] >00007fffe2b6c314: a7b90000 lghi %r11,0
> [ 239.616399] 00007fffe2b6c318: a7f4ff89 brc 15,00007fffe2b6c22a
> [ 239.616399] 00007fffe2b6c31c: c0e5fefc1f8a brasl %r14,00007fffe0af0230
> [ 239.616399] 00007fffe2b6c322: a7f4ff4b brc 15,00007fffe2b6c1b8
> [ 239.616399] 00007fffe2b6c326: c0e5fefc1fa5 brasl %r14,00007fffe0af0270
> [ 239.616454] Call Trace:
> [ 239.616463] [<00007fffe2b6c314>] mas_pop_node+0x224/0x290
> [ 239.616475] [<00007fffe2b85ab6>] mas_spanning_rebalance+0x3006/0x4e90
> [ 239.616487] [<00007fffe2b87e7a>] mas_rebalance+0x53a/0x9c0
> [ 239.616627] [<00007fffe2b8c10a>] mas_wr_bnode+0x14a/0x1a0
> [ 239.616639] [<00007fffe2b9a87c>] mas_erase+0xd9c/0x1120
> [ 239.616650] [<00007fffe2b9acbe>] mtree_erase+0xbe/0xf0
> [ 239.616661] [<00007fffe0c3b4d2>] simple_offset_remove+0x52/0x90
> [ 239.616674] [<00007fffe093dc16>] shmem_unlink+0xb6/0x320
> [ 239.616686] [<00007fffe0bc0830>] vfs_unlink+0x270/0x760
> [ 239.616698] [<00007fffe0bd473a>] do_unlinkat+0x40a/0x5c0
> [ 239.616709] [<00007fffe0bd4a48>] __s390x_sys_unlink+0x58/0x70
> [ 239.616720] [<00007fffe0155356>] do_syscall+0x2f6/0x430
> [ 239.616733] [<00007fffe2bd3668>] __do_syscall+0xc8/0x1c0
> [ 239.616746] [<00007fffe2bf70d4>] system_call+0x74/0x98
> [ 239.616758] 4 locks held by linkat02/669:
> [ 239.616769] #0: 0000780097e89450 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x4c/0xc0
> [ 239.616799] #1: 00007800a7de6cd0 (&type->i_mutex_dir_key#5/1){+.+.}-{3:3}, at: do_unlinkat+0x1f8/0x5c0
> [ 239.616831] #2: 00007800a7de7ac0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: vfs_unlink+0xc6/0x760
> [ 239.616860] #3: 00007800a7de6a58 (&simple_offset_lock_class){+.+.}-{2:2}, at: mtree_erase+0xb4/0xf0
> [ 239.616886] Last Breaking-Event-Address:
> [ 239.616895] [<00007fffe2b6c12a>] mas_pop_node+0x3a/0x290
> [ 239.616909] irq event stamp: 5205821
> [ 239.616918] hardirqs last enabled at (5205831): [<00007fffe03d2be8>] __up_console_sem+0xe8/0x130
> [ 239.616931] hardirqs last disabled at (5205840): [<00007fffe03d2bc6>] __up_console_sem+0xc6/0x130
> [ 239.616943] softirqs last enabled at (5200824): [<00007fffe0246b6c>] handle_softirqs+0x6dc/0xe30
> [ 239.616955] softirqs last disabled at (5200687): [<00007fffe024508a>] __irq_exit_rcu+0x34a/0x3f0
> [ 239.616994] ---[ end trace 0000000000000000 ]---
> [ 239.617009] Unable to handle kernel pointer dereference in virtual kernel address space
> [ 239.617019] Failing address: 0000000000000000 TEID: 0000000000000483
> [ 239.617029] Fault in home space mode while using kernel ASCE.
> [ 239.617049] AS:0000000005dac00b R2:00000001ffffc00b R3:00000001ffff8007 S:00000001ffff7801 P:000000000000013d
> [ 239.617150] Oops: 0004 ilc:3 [#1] PREEMPT SMP
> [ 239.617162] Modules linked in:
> [ 239.617170] CPU: 0 UID: 0 PID: 669 Comm: linkat02 Tainted: G W 6.14.0-rc5-next-20250307 #29
> [ 239.617243] Tainted: [W]=WARN
> [ 239.617248] Hardware name: IBM 3931 A01 704 (KVM/Linux)
> [ 239.617253] Krnl PSW : 0704c00180000000 00007fffe2b6a988 (mab_mas_cp+0x168/0x640)
> [ 239.617264] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
> [ 239.617272] Krnl GPRS: 0000000000000008 0000000000000000 00007fff00000008 00007f7f00000009
> [ 239.617279] 0000000000000008 001c000000000000 0000000000000008 0000000000000048
> [ 239.617285] 001c0ffffc638e09 001c000000000009 0000000000000098 001c000000000000
> [ 239.617292] 0000000001026838 00007f7fe1aaf608 001c000000000013 00007f7fe1aaef68
> [ 239.617302] Krnl Code: 00007fffe2b6a97c: b90800e5 agr %r14,%r5
> [ 239.617302] 00007fffe2b6a980: 9500e000 cli 0(%r14),0
> [ 239.617302] #00007fffe2b6a984: a7740262 brc 7,00007fffe2b6ae48
> [ 239.617302] >00007fffe2b6a988: e548a0000000 mvghi 0(%r10),0
> [ 239.617302] 00007fffe2b6a98e: e3a0f0c00004 lg %r10,192(%r15)
> [ 239.617302] 00007fffe2b6a994: a7b80000 lhi %r11,0
> [ 239.617302] 00007fffe2b6a998: eb2a0003000d sllg %r2,%r10,3
> [ 239.617302] 00007fffe2b6a99e: e320f0f00024 stg %r2,240(%r15)
> [ 239.617350] Call Trace:
> [ 239.617354] [<00007fffe2b6a988>] mab_mas_cp+0x168/0x640
> [ 239.617362] [<00007fffe2b85bcc>] mas_spanning_rebalance+0x311c/0x4e90
> [ 239.617369] [<00007fffe2b87e7a>] mas_rebalance+0x53a/0x9c0
> [ 239.617376] [<00007fffe2b8c10a>] mas_wr_bnode+0x14a/0x1a0
> [ 239.617383] [<00007fffe2b9a87c>] mas_erase+0xd9c/0x1120
> [ 239.617389] [<00007fffe2b9acbe>] mtree_erase+0xbe/0xf0
> [ 239.617396] [<00007fffe0c3b4d2>] simple_offset_remove+0x52/0x90
> [ 239.617403] [<00007fffe093dc16>] shmem_unlink+0xb6/0x320
> [ 239.617410] [<00007fffe0bc0830>] vfs_unlink+0x270/0x760
> [ 239.617416] [<00007fffe0bd473a>] do_unlinkat+0x40a/0x5c0
> [ 239.617422] [<00007fffe0bd4a48>] __s390x_sys_unlink+0x58/0x70
> [ 239.617429] [<00007fffe0155356>] do_syscall+0x2f6/0x430
> [ 239.617436] [<00007fffe2bd3668>] __do_syscall+0xc8/0x1c0
> [ 239.617443] [<00007fffe2bf70d4>] system_call+0x74/0x98
> [ 239.617450] INFO: lockdep is turned off.
> [ 239.617454] Last Breaking-Event-Address:
> [ 239.617458] [<00007fffe2b6a8f4>] mab_mas_cp+0xd4/0x640
> [ 239.617468] Kernel panic - not syncing: Fatal exception: panic_on_oops
>
Powered by blists - more mailing lists