rmap: make anon_vma_prepare link in all the anon_vmas of a mergeable VMA
in [Kernel]
|
Prev: BUG? boot failed with "crashkernel=256M@32M", but "crashkernel=256M@64M" can work
Next: USB: testusb: imported David Brownell's USB testing application
From: Borislav Petkov on 8 Apr 2010 02:00 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Wed, Apr 07, 2010 at 07:33:01PM -0700 > Anyway, I think it might be interesting to test my anon_vma_prepare() > locking change patch together with Rik's _first_ version of his "fix > anon_vma_prepare" thing (the one without the spinlock). They should apply > independently of each other, and maybe it all even works together. There are still issues: vma_adjust() grabs mapping->i_mmap_lock for file mappings while we might sleep in anon_vma_prepare(): [ 9.386929] BUG: sleeping function called from invalid context at mm/rmap.c:119 [ 9.387188] in_atomic(): 1, irqs_disabled(): 0, pid: 1068, name: modprobe [ 9.387343] 3 locks held by modprobe/1068: [ 9.387524] #0: (&p->cred_guard_mutex){+.+.+.}, at: [<ffffffff810d97fc>] prepare_bprm_creds+0x29/0x5a [ 9.387959] #1: (&mm->mmap_sem){++++++}, at: [<ffffffff81110ee2>] elf_map+0x70/0x190 [ 9.388416] #2: (&(&inode->i_data.i_mmap_lock)->rlock){+.+...}, at: [<ffffffff810bcbdf>] vma_adjust+0x190 /0x3ca [ 9.388848] Pid: 1068, comm: modprobe Not tainted 2.6.34-rc3-00290-ge4b2849 #6 [ 9.389102] Call Trace: [ 9.389256] [<ffffffff810630f6>] ? __debug_show_held_locks+0x22/0x24 [ 9.389418] [<ffffffff8102c288>] __might_sleep+0x117/0x11b [ 9.389570] [<ffffffff810c0f2e>] anon_vma_prepare+0x30/0x132 [ 9.389722] [<ffffffff810bcd95>] vma_adjust+0x346/0x3ca [ 9.389874] [<ffffffff810bcf68>] __split_vma+0x14f/0x1b9 [ 9.390027] [<ffffffff810bd143>] do_munmap+0x171/0x315 [ 9.390181] [<ffffffff81110ee2>] ? elf_map+0x70/0x190 [ 9.390335] [<ffffffff81110f9d>] elf_map+0x12b/0x190 [ 9.390493] [<ffffffff81111b35>] load_elf_binary+0xb33/0x170e [ 9.390645] [<ffffffff8102d529>] ? sub_preempt_count+0xa3/0xb6 [ 9.390800] [<ffffffff810d945a>] search_binary_handler+0x166/0x30e [ 9.390952] [<ffffffff810d92ab>] ? copy_strings+0x1d4/0x1e5 [ 9.391111] [<ffffffff81111002>] ? load_elf_binary+0x0/0x170e [ 9.391265] [<ffffffff810dadff>] do_execve+0x1fc/0x2f5 [ 9.391424] [<ffffffff8100a379>] sys_execve+0x43/0x61 [ 9.391576] [<ffffffff810025fa>] stub_execve+0x6a/0xc0 -- Regards/Gruss, Boris. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Borislav Petkov on 8 Apr 2010 16:40 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Thu, Apr 08, 2010 at 11:32:06AM -0700 Here we go, another night of testing starts... got more caffeine this time :) > > I haven't seen any places that insert VMAs by itself. > > Several strange places that allocate them, but they > > all appear to use the standard functions to insert them. > > Yeah, it's complicated enough to add a vma with all the rbtree etc stuff > that I hope nobody actually cooks their own. But I too grepped for vma > allocations, and there were more of them than I expected, so... .... and of course, I just hit that WARN_ONCE on the first suspend (it did suspend ok though): [ 88.078958] ------------[ cut here ]------------ [ 88.079007] WARNING: at mm/memory.c:3110 handle_mm_fault+0x56/0x67c() [ 88.079032] Hardware name: System Product Name [ 88.079056] Mapping with no anon_vma [ 88.079082] Modules linked in: powernow_k8 cpufreq_ondemand cpufreq_powersave cpufreq_userspace freq_table cpufreq_conservative binfmt_misc kvm_amd kvm ipv6 vfat fat dm_crypt dm_mod k10temp 8250_pnp 8250 serial_core edac_core ohci_hcd pcspkr [ 88.079637] Pid: 1965, comm: console-kit-dae Not tainted 2.6.34-rc3-00290-g2156db9 #7 [ 88.079676] Call Trace: [ 88.079713] [<ffffffff81037ea8>] warn_slowpath_common+0x7c/0x94 [ 88.079744] [<ffffffff81037f17>] warn_slowpath_fmt+0x41/0x43 [ 88.079774] [<ffffffff810b857d>] handle_mm_fault+0x56/0x67c [ 88.079805] [<ffffffff8101f392>] do_page_fault+0x30b/0x32d [ 88.079838] [<ffffffff810615ce>] ? put_lock_stats+0xe/0x27 [ 88.079866] [<ffffffff81062a55>] ? lock_release_holdtime+0x104/0x109 [ 88.079898] [<ffffffff813f93e3>] ? error_sti+0x5/0x6 [ 88.079929] [<ffffffff813f7de2>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 88.079960] [<ffffffff813f91ff>] page_fault+0x1f/0x30 [ 88.079988] ---[ end trace 154dd7f6249e1cc3 ]--- and then sysfs triggered that lockdep circular locking warning - I thought it was fixed already :( [ 256.831204] ======================================================= [ 256.831210] [ INFO: possible circular locking dependency detected ] [ 256.831216] 2.6.34-rc3-00290-g2156db9 #7 [ 256.831221] ------------------------------------------------------- [ 256.831226] hib.sh/2464 is trying to acquire lock: [ 256.831231] (s_active#80){++++.+}, at: [<ffffffff81127412>] sysfs_addrm_finish+0x36/0x5f [ 256.831250] [ 256.831252] but task is already holding lock: [ 256.831256] (&per_cpu(cpu_policy_rwsem, cpu)){+++++.}, at: [<ffffffff8131bb52>] lock_policy_rwsem_write+0x4f/0x80 [ 256.831271] [ 256.831273] which lock already depends on the new lock. [ 256.831275] [ 256.831278] [ 256.831280] the existing dependency chain (in reverse order) is: [ 256.831284] [ 256.831286] -> #1 (&per_cpu(cpu_policy_rwsem, cpu)){+++++.}: [ 256.831294] [<ffffffff8106790a>] __lock_acquire+0x1306/0x169f [ 256.831305] [<ffffffff81067d95>] lock_acquire+0xf2/0x118 [ 256.831314] [<ffffffff813f727a>] down_read+0x4c/0x91 [ 256.831323] [<ffffffff8131c9f3>] lock_policy_rwsem_read+0x4f/0x80 [ 256.831332] [<ffffffff8131ca5c>] show+0x38/0x71 [ 256.831341] [<ffffffff81125ef0>] sysfs_read_file+0xb9/0x13e [ 256.831348] [<ffffffff810d5901>] vfs_read+0xaf/0x150 [ 256.831357] [<ffffffff810d5a65>] sys_read+0x4a/0x71 [ 256.831364] [<ffffffff810021db>] system_call_fastpath+0x16/0x1b [ 256.831375] [ 256.831376] -> #0 (s_active#80){++++.+}: [ 256.831385] [<ffffffff810675c1>] __lock_acquire+0xfbd/0x169f [ 256.831385] [<ffffffff81067d95>] lock_acquire+0xf2/0x118 [ 256.831385] [<ffffffff81126a79>] sysfs_deactivate+0x91/0xe6 [ 256.831385] [<ffffffff81127412>] sysfs_addrm_finish+0x36/0x5f [ 256.831385] [<ffffffff81127504>] sysfs_remove_dir+0x7a/0x8d [ 256.831385] [<ffffffff8118522e>] kobject_del+0x16/0x37 [ 256.831385] [<ffffffff8118528d>] kobject_release+0x3e/0x66 [ 256.831385] [<ffffffff811860d9>] kref_put+0x43/0x4d [ 256.831385] [<ffffffff811851a9>] kobject_put+0x47/0x4b [ 256.831385] [<ffffffff8131ba68>] __cpufreq_remove_dev+0x1e5/0x241 [ 256.831385] [<ffffffff813f4e33>] cpufreq_cpu_callback+0x67/0x7f [ 256.831385] [<ffffffff8105846b>] notifier_call_chain+0x37/0x63 [ 256.831385] [<ffffffff81058505>] __raw_notifier_call_chain+0xe/0x10 [ 256.831385] [<ffffffff813e6091>] _cpu_down+0x98/0x2a6 [ 256.831385] [<ffffffff810396b1>] disable_nonboot_cpus+0x74/0x10d [ 256.831385] [<ffffffff81075ac9>] hibernation_snapshot+0xac/0x1e1 [ 256.831385] [<ffffffff81075ccc>] hibernate+0xce/0x172 [ 256.831385] [<ffffffff81074a39>] state_store+0x5c/0xd3 [ 256.831385] [<ffffffff81184fb7>] kobj_attr_store+0x17/0x19 [ 256.831385] [<ffffffff81125dfb>] sysfs_write_file+0x108/0x144 [ 256.831385] [<ffffffff810d56c7>] vfs_write+0xb2/0x153 [ 256.831385] [<ffffffff810d582b>] sys_write+0x4a/0x71 [ 256.831385] [<ffffffff810021db>] system_call_fastpath+0x16/0x1b [ 256.831385] [ 256.831385] other info that might help us debug this: [ 256.831385] [ 256.831385] 6 locks held by hib.sh/2464: [ 256.831385] #0: (&buffer->mutex){+.+.+.}, at: [<ffffffff81125d2f>] sysfs_write_file+0x3c/0x144 [ 256.831385] #1: (s_active#49){.+.+.+}, at: [<ffffffff81125dda>] sysfs_write_file+0xe7/0x144 [ 256.831385] #2: (pm_mutex){+.+.+.}, at: [<ffffffff81075c1a>] hibernate+0x1c/0x172 [ 256.831385] #3: (cpu_add_remove_lock){+.+.+.}, at: [<ffffffff810395d1>] cpu_maps_update_begin+0x17/0x19 [ 256.831385] #4: (cpu_hotplug.lock){+.+.+.}, at: [<ffffffff81039616>] cpu_hotplug_begin+0x2c/0x53 [ 256.831385] #5: (&per_cpu(cpu_policy_rwsem, cpu)){+++++.}, at: [<ffffffff8131bb52>] lock_policy_rwsem_write+0x4f/0x80 [ 256.831385] [ 256.831385] stack backtrace: [ 256.831385] Pid: 2464, comm: hib.sh Tainted: G W 2.6.34-rc3-00290-g2156db9 #7 [ 256.831385] Call Trace: [ 256.831385] [<ffffffff810643c3>] print_circular_bug+0xae/0xbd [ 256.831385] [<ffffffff810675c1>] __lock_acquire+0xfbd/0x169f [ 256.831385] [<ffffffff81127412>] ? sysfs_addrm_finish+0x36/0x5f [ 256.831385] [<ffffffff81067d95>] lock_acquire+0xf2/0x118 [ 256.831385] [<ffffffff81127412>] ? sysfs_addrm_finish+0x36/0x5f [ 256.831385] [<ffffffff81126a79>] sysfs_deactivate+0x91/0xe6 [ 256.831385] [<ffffffff81127412>] ? sysfs_addrm_finish+0x36/0x5f [ 256.831385] [<ffffffff81063d12>] ? trace_hardirqs_on+0xd/0xf [ 256.831385] [<ffffffff81126f3d>] ? release_sysfs_dirent+0x89/0xa9 [ 256.831385] [<ffffffff81127412>] sysfs_addrm_finish+0x36/0x5f [ 256.831385] [<ffffffff81127504>] sysfs_remove_dir+0x7a/0x8d [ 256.831385] [<ffffffff8118522e>] kobject_del+0x16/0x37 [ 256.831385] [<ffffffff8118528d>] kobject_release+0x3e/0x66 [ 256.831385] [<ffffffff8118524f>] ? kobject_release+0x0/0x66 [ 256.831385] [<ffffffff811860d9>] kref_put+0x43/0x4d [ 256.831385] [<ffffffff811851a9>] kobject_put+0x47/0x4b [ 256.831385] [<ffffffff8131ba68>] __cpufreq_remove_dev+0x1e5/0x241 [ 256.831385] [<ffffffff813f4e33>] cpufreq_cpu_callback+0x67/0x7f [ 256.831385] [<ffffffff8105846b>] notifier_call_chain+0x37/0x63 [ 256.831385] [<ffffffff81058505>] __raw_notifier_call_chain+0xe/0x10 [ 256.831385] [<ffffffff813e6091>] _cpu_down+0x98/0x2a6 [ 256.831385] [<ffffffff810396b1>] disable_nonboot_cpus+0x74/0x10d [ 256.831385] [<ffffffff81075ac9>] hibernation_snapshot+0xac/0x1e1 [ 256.831385] [<ffffffff81075ccc>] hibernate+0xce/0x172 [ 256.831385] [<ffffffff81074a39>] state_store+0x5c/0xd3 [ 256.831385] [<ffffffff81184fb7>] kobj_attr_store+0x17/0x19 [ 256.831385] [<ffffffff81125dfb>] sysfs_write_file+0x108/0x144 [ 256.831385] [<ffffffff810d56c7>] vfs_write+0xb2/0x153 [ 256.831385] [<ffffffff81063cda>] ? trace_hardirqs_on_caller+0x120/0x14b [ 256.831385] [<ffffffff810d582b>] sys_write+0x4a/0x71 [ 256.831385] [<ffffffff810021db>] system_call_fastpath+0x16/0x1b -- Regards/Gruss, Boris. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Borislav Petkov on 8 Apr 2010 17:10 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Thu, Apr 08, 2010 at 07:11:11AM -0700 > [ The patch below also makes it warn once and return SIGBUS for the case > where there is no anon_vma. I decided I still want to hear about it if > there might be some path that tries to insert a vma on its own ] And this happens quite often - I changed the WARN_ONCE to WARN and can't start kvm, iceowl (mozilla calendar) and the console-kit-daemon craps up upon boot too: [ 55.814570] ------------[ cut here ]------------ [ 55.814623] WARNING: at mm/memory.c:3110 handle_mm_fault+0x43/0x66a() [ 55.814648] Hardware name: System Product Name [ 55.814671] Mapping with no anon_vma [ 55.814693] Modules linked in: powernow_k8 cpufreq_ondemand cpufreq_powersave cpufreq_userspace freq_table cpufreq_conservative binfmt_misc kvm_amd kvm ipv6 vfat fat dm_crypt dm_mod 8250_pnp 8250 edac_core ohci_hcd serial_core k10temp pcspkr [ 55.815249] Pid: 1936, comm: console-kit-dae Not tainted 2.6.34-rc3-00290-g2156db9-dirty #8 [ 55.815290] Call Trace: [ 55.815327] [<ffffffff81037ea8>] warn_slowpath_common+0x7c/0x94 [ 55.815362] [<ffffffff81037f17>] warn_slowpath_fmt+0x41/0x43 [ 55.815391] [<ffffffff810b856a>] handle_mm_fault+0x43/0x66a [ 55.815420] [<ffffffff8101f392>] do_page_fault+0x30b/0x32d [ 55.815452] [<ffffffff810615ce>] ? put_lock_stats+0xe/0x27 [ 55.815483] [<ffffffff81062a55>] ? lock_release_holdtime+0x104/0x109 [ 55.815518] [<ffffffff813f93e3>] ? error_sti+0x5/0x6 [ 55.815553] [<ffffffff813f7dd2>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 55.815585] [<ffffffff813f91ff>] page_fault+0x1f/0x30 [ 55.815613] ---[ end trace fa59f67cbfeeca44 ]--- [ 60.801651] ------------[ cut here ]------------ [ 60.801672] WARNING: at mm/memory.c:3110 handle_mm_fault+0x43/0x66a() [ 60.801681] Hardware name: System Product Name [ 60.801689] Mapping with no anon_vma [ 60.801702] Modules linked in: powernow_k8 cpufreq_ondemand cpufreq_powersave cpufreq_userspace freq_table cpufreq_conservative binfmt_misc kvm_amd kvm ipv6 vfat fat dm_crypt dm_mod 8250_pnp 8250 edac_core ohci_hcd serial_core k10temp pcspkr [ 60.802156] Pid: 2008, comm: iceowl-bin Tainted: G W 2.6.34-rc3-00290-g2156db9-dirty #8 [ 60.802169] Call Trace: [ 60.802181] [<ffffffff81037ea8>] warn_slowpath_common+0x7c/0x94 [ 60.802191] [<ffffffff81037f17>] warn_slowpath_fmt+0x41/0x43 [ 60.802203] [<ffffffff810b856a>] handle_mm_fault+0x43/0x66a [ 60.802213] [<ffffffff8101f392>] do_page_fault+0x30b/0x32d [ 60.802225] [<ffffffff810615ce>] ? put_lock_stats+0xe/0x27 [ 60.802235] [<ffffffff81062a55>] ? lock_release_holdtime+0x104/0x109 [ 60.802268] [<ffffffff813f93e3>] ? error_sti+0x5/0x6 [ 60.802279] [<ffffffff813f7dd2>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 60.802290] [<ffffffff813f91ff>] page_fault+0x1f/0x30 [ 60.802305] ---[ end trace fa59f67cbfeeca45 ]--- [ 92.123350] ------------[ cut here ]------------ [ 92.123402] WARNING: at kernel/sched.c:3555 add_preempt_count+0x9c/0xcb() [ 92.123428] Hardware name: System Product Name [ 92.123451] Modules linked in: powernow_k8 cpufreq_ondemand cpufreq_powersave cpufreq_userspace freq_table cpufreq_conservative binfmt_misc kvm_amd kvm ipv6 vfat fat dm_crypt dm_mod 8250_pnp 8250 edac_core ohci_hcd serial_core k10temp pcspkr [ 92.123902] Pid: 2111, comm: kvm Tainted: G W 2.6.34-rc3-00290-g2156db9-dirty #8 [ 92.123940] Call Trace: [ 92.123973] [<ffffffff81037ea8>] warn_slowpath_common+0x7c/0x94 [ 92.124002] [<ffffffff81037ed4>] warn_slowpath_null+0x14/0x16 [ 92.124031] [<ffffffff8102d5d8>] add_preempt_count+0x9c/0xcb [ 92.124061] [<ffffffff813f7ee9>] _raw_spin_lock_nest_lock+0x21/0x7a [ 92.124090] [<ffffffff810bc079>] ? mm_take_all_locks+0xf9/0x150 [ 92.124118] [<ffffffff810bc079>] mm_take_all_locks+0xf9/0x150 [ 92.124146] [<ffffffff810cc48d>] ? do_mmu_notifier_register+0xd3/0x19d [ 92.124174] [<ffffffff810cc495>] do_mmu_notifier_register+0xdb/0x19d [ 92.124202] [<ffffffff810cc57c>] mmu_notifier_register+0x13/0x15 [ 92.124256] [<ffffffffa00c67e3>] kvm_dev_ioctl+0x2c8/0x495 [kvm] [ 92.124318] [<ffffffff810e24ff>] vfs_ioctl+0x32/0xa6 [ 92.124357] [<ffffffff810e2a91>] do_vfs_ioctl+0x495/0x4db [ 92.124390] [<ffffffff813f93e3>] ? error_sti+0x5/0x6 [ 92.124425] [<ffffffff813f8fad>] ? retint_swapgs+0xe/0x13 [ 92.124458] [<ffffffff810e2b1e>] sys_ioctl+0x47/0x6a [ 92.124498] [<ffffffff810021db>] system_call_fastpath+0x16/0x1b [ 92.124527] ---[ end trace fa59f67cbfeeca46 ]--- [ 92.213834] ------------[ cut here ]------------ [ 92.213888] WARNING: at mm/memory.c:3110 handle_mm_fault+0x43/0x66a() [ 92.213913] Hardware name: System Product Name [ 92.213937] Mapping with no anon_vma [ 92.213959] Modules linked in: powernow_k8 cpufreq_ondemand cpufreq_powersave cpufreq_userspace freq_table cpufreq_conservative binfmt_misc kvm_amd kvm ipv6 vfat fat dm_crypt dm_mod 8250_pnp 8250 edac_core ohci_hcd serial_core k10temp pcspkr [ 92.214529] Pid: 2111, comm: kvm Tainted: G W 2.6.34-rc3-00290-g2156db9-dirty #8 [ 92.214571] Call Trace: [ 92.214612] [<ffffffff81037ea8>] warn_slowpath_common+0x7c/0x94 [ 92.214647] [<ffffffff81037f17>] warn_slowpath_fmt+0x41/0x43 [ 92.214683] [<ffffffff810b856a>] handle_mm_fault+0x43/0x66a [ 92.214718] [<ffffffff8101f392>] do_page_fault+0x30b/0x32d [ 92.214751] [<ffffffff810be3ab>] ? do_mmap_pgoff+0x290/0x2f3 [ 92.214787] [<ffffffff813f93e3>] ? error_sti+0x5/0x6 [ 92.214821] [<ffffffff81062b97>] ? trace_hardirqs_off_caller+0x1f/0xa9 [ 92.214857] [<ffffffff813f7dd2>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 92.214896] [<ffffffff813f91ff>] page_fault+0x1f/0x30 [ 92.214928] ---[ end trace fa59f67cbfeeca47 ]--- -- Regards/Gruss, Boris. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Borislav Petkov on 8 Apr 2010 20:00 From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Thu, Apr 08, 2010 at 04:16:23PM -0700 > > And this happens quite often - I changed the WARN_ONCE to WARN and can't > > start kvm, iceowl (mozilla calendar) and the console-kit-daemon craps up > > upon boot too: > > Hmm. I tried console-kit-daemon, which I had installed, but didn't get > anything like that. Probably some setup difference. > > I also went through every user of 'vm_area_cachep', and saw nothing > suspicious at least for the mmu case (I didn't check the nommu.c code). I > must have missed something. > > One thing you could do is to add some more debugging info when that "no > anon_vma" warning happens. In particular, if you still have the SLUB > debugging on, you could try to do that > > page = virt_to_head_page(vma); > object_err(vm_area_cachep, page, (void *)vma, "NULL anon_vma"); > > and it should give you _which_ routine did the kmem_cache_alloc() for the > vma that doesn't have an anon_vma. Yep, looks good: its mmap_region()... [ 88.237326] ------------[ cut here ]------------ [ 88.237377] WARNING: at mm/memory.c:3110 handle_mm_fault+0x43/0x6ab() [ 88.237403] Hardware name: System Product Name [ 88.237428] Mapping with no anon_vma [ 88.237451] Modules linked in: powernow_k8 cpufreq_ondemand cpufreq_powersave cpufreq_userspace freq_table cpufreq_conservative binfmt_misc kvm_amd kvm ipv6 vfat fat dm_crypt dm_mod 8250_pnp 8250 ohci_hcd edac_core serial_core pcspkr k10temp [ 88.237938] Pid: 1978, comm: console-kit-dae Not tainted 2.6.34-rc3-00290-g2156db9-dirty #9 [ 88.237980] Call Trace: [ 88.239269] [<ffffffff81037ec0>] warn_slowpath_common+0x7c/0x94 [ 88.239320] [<ffffffff81037f2f>] warn_slowpath_fmt+0x41/0x43 [ 88.239378] [<ffffffff810b8582>] handle_mm_fault+0x43/0x6ab [ 88.239440] [<ffffffff8101f3b2>] do_page_fault+0x30b/0x32d [ 88.239471] [<ffffffff810615e6>] ? put_lock_stats+0xe/0x27 [ 88.239517] [<ffffffff81062a6d>] ? lock_release_holdtime+0x104/0x109 [ 88.239548] [<ffffffff813f9463>] ? error_sti+0x5/0x6 [ 88.239597] [<ffffffff813f7e52>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 88.239626] [<ffffffff813f927f>] page_fault+0x1f/0x30 [ 88.239674] ---[ end trace 42d53170a0d3ccef ]--- [ 88.239699] ============================================================================= [ 88.239750] BUG vm_area_struct: NULL anon_vma [ 88.239790] ----------------------------------------------------------------------------- [ 88.239794] [ 88.239805] INFO: Allocated in mmap_region+0x23d/0x500 age=2 cpu=0 pid=1978 [ 88.239815] INFO: Slab 0xffffea0007a0f0e8 objects=17 used=1 fp=0xffff88022dfbb0f0 flags=0x80000000000000c2 [ 88.239823] INFO: Object 0xffff88022dfbb000 @offset=0 fp=0xffff88022dfbb0f0 [ 88.239827] [ 88.239832] Object 0xffff88022dfbb000: 00 32 53 2b 02 88 ff ff 00 20 ab 29 d1 7f 00 00 .2S+..ÿÿ..«)Ñ... [ 88.239861] Object 0xffff88022dfbb010: 00 30 ac 29 d1 7f 00 00 e0 81 2b 2c 02 88 ff ff .0¬)Ñ...à.+,..ÿÿ [ 88.239886] Object 0xffff88022dfbb020: 25 00 00 00 00 00 00 80 73 00 10 00 00 00 00 00 %.......s....... [ 88.239910] Object 0xffff88022dfbb030: 10 82 2b 2c 02 88 ff ff 00 00 00 00 00 00 00 00 ..+,..ÿÿ........ [ 88.239966] Object 0xffff88022dfbb040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 88.240016] Object 0xffff88022dfbb050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 88.240077] Object 0xffff88022dfbb060: 00 00 00 00 00 00 00 00 10 a0 1c 2c 02 88 ff ff ...........,..ÿÿ [ 88.240160] Object 0xffff88022dfbb070: 10 a0 1c 2c 02 88 ff ff 00 00 00 00 00 00 00 00 ...,..ÿÿ........ [ 88.240225] Object 0xffff88022dfbb080: 00 00 00 00 00 00 00 00 b2 9a 12 fd 07 00 00 00 ........²..ý.... [ 88.240294] Object 0xffff88022dfbb090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 88.240352] Object 0xffff88022dfbb0a0: 00 00 00 00 00 00 00 00 ........ [ 88.240442] Redzone 0xffff88022dfbb0a8: cc cc cc cc cc cc cc cc ÌÌÌÌÌÌÌÌ [ 88.240509] Padding 0xffff88022dfbb0e8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ [ 88.240567] Pid: 1978, comm: console-kit-dae Tainted: G W 2.6.34-rc3-00290-g2156db9-dirty #9 [ 88.240578] Call Trace: [ 88.240593] [<ffffffff810cd802>] print_trailer+0x139/0x142 [ 88.240607] [<ffffffff810cd845>] object_err+0x3a/0x42 [ 88.240617] [<ffffffff810b85e2>] handle_mm_fault+0xa3/0x6ab [ 88.240641] [<ffffffff8101f3b2>] do_page_fault+0x30b/0x32d [ 88.240652] [<ffffffff810615e6>] ? put_lock_stats+0xe/0x27 [ 88.240663] [<ffffffff81062a6d>] ? lock_release_holdtime+0x104/0x109 [ 88.240685] [<ffffffff813f9463>] ? error_sti+0x5/0x6 [ 88.240695] [<ffffffff813f7e52>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 88.240707] [<ffffffff813f927f>] page_fault+0x1f/0x30 [ 93.841666] ------------[ cut here ]------------ [ 93.841716] WARNING: at mm/memory.c:3110 handle_mm_fault+0x43/0x6ab() [ 93.841741] Hardware name: System Product Name [ 93.841766] Mapping with no anon_vma [ 93.841793] Modules linked in: powernow_k8 cpufreq_ondemand cpufreq_powersave cpufreq_userspace freq_table cpufreq_conservative binfmt_misc kvm_amd kvm ipv6 vfat fat dm_crypt dm_mod 8250_pnp 8250 ohci_hcd edac_core serial_core pcspkr k10temp [ 93.842339] Pid: 2050, comm: iceowl-bin Tainted: G W 2.6.34-rc3-00290-g2156db9-dirty #9 [ 93.842383] Call Trace: [ 93.842424] [<ffffffff81037ec0>] warn_slowpath_common+0x7c/0x94 [ 93.842457] [<ffffffff81037f2f>] warn_slowpath_fmt+0x41/0x43 [ 93.842492] [<ffffffff810b8582>] handle_mm_fault+0x43/0x6ab [ 93.842527] [<ffffffff8101f3b2>] do_page_fault+0x30b/0x32d [ 93.842561] [<ffffffff810615e6>] ? put_lock_stats+0xe/0x27 [ 93.842593] [<ffffffff81062a6d>] ? lock_release_holdtime+0x104/0x109 [ 93.842627] [<ffffffff813f9463>] ? error_sti+0x5/0x6 [ 93.842660] [<ffffffff813f7e52>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 93.842694] [<ffffffff813f927f>] page_fault+0x1f/0x30 [ 93.842724] ---[ end trace 42d53170a0d3ccf0 ]--- [ 93.842750] ============================================================================= [ 93.842794] BUG vm_area_struct: NULL anon_vma [ 93.842822] ----------------------------------------------------------------------------- [ 93.842827] [ 93.842889] INFO: Allocated in mmap_region+0x23d/0x500 age=1 cpu=2 pid=2050 [ 93.842918] INFO: Slab 0xffffea00079b84b8 objects=17 used=7 fp=0xffff88022c6f1690 flags=0x80000000000000c2 [ 93.842961] INFO: Object 0xffff88022c6f15a0 @offset=1440 fp=0xffff88022c6f1690 [ 93.842965] [ 93.843005] Bytes b4 0xffff88022c6f1590: 48 d9 fc ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a HÙüÿ....ZZZZZZZZ [ 93.843466] Object 0xffff88022c6f15a0: 00 78 b4 2e 02 88 ff ff 00 80 ce 49 5f 7f 00 00 .x´...ÿÿ..ÎI_... [ 93.843877] Object 0xffff88022c6f15b0: 00 90 4e 4a 5f 7f 00 00 c0 13 6f 2c 02 88 ff ff ..NJ_...À.o,..ÿÿ [ 93.844391] Object 0xffff88022c6f15c0: 25 00 00 00 00 00 00 80 73 00 10 00 00 00 00 00 %.......s....... [ 93.844794] Object 0xffff88022c6f15d0: e0 94 4a 2c 02 88 ff ff 00 00 00 00 00 00 00 00 à.J,..ÿÿ........ [ 93.845198] Object 0xffff88022c6f15e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 93.845665] Object 0xffff88022c6f15f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 93.846076] Object 0xffff88022c6f1600: 00 00 00 00 00 00 00 00 30 2d ec 2a 02 88 ff ff ........0-ì*..ÿÿ [ 93.846518] Object 0xffff88022c6f1610: 30 2d ec 2a 02 88 ff ff 00 00 00 00 00 00 00 00 0-ì*..ÿÿ........ [ 93.846931] Object 0xffff88022c6f1620: 00 00 00 00 00 00 00 00 e8 9c f4 f5 07 00 00 00 ........è.ôõ.... [ 93.847372] Object 0xffff88022c6f1630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 93.847787] Object 0xffff88022c6f1640: 00 00 00 00 00 00 00 00 ........ [ 93.848194] Redzone 0xffff88022c6f1648: cc cc cc cc cc cc cc cc ÌÌÌÌÌÌÌÌ [ 93.848635] Padding 0xffff88022c6f1688: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ [ 93.849036] Pid: 2050, comm: iceowl-bin Tainted: G W 2.6.34-rc3-00290-g2156db9-dirty #9 [ 93.849078] Call Trace: [ 93.849111] [<ffffffff810cd802>] print_trailer+0x139/0x142 [ 93.849142] [<ffffffff810cd845>] object_err+0x3a/0x42 [ 93.849174] [<ffffffff810b85e2>] handle_mm_fault+0xa3/0x6ab [ 93.849204] [<ffffffff8101f3b2>] do_page_fault+0x30b/0x32d [ 93.849237] [<ffffffff810615e6>] ? put_lock_stats+0xe/0x27 [ 93.849301] [<ffffffff81062a6d>] ? lock_release_holdtime+0x104/0x109 [ 93.849337] [<ffffffff813f9463>] ? error_sti+0x5/0x6 [ 93.849370] [<ffffffff813f7e52>] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 93.849418] [<ffffffff813f927f>] page_fault+0x1f/0x30 -- Regards/Gruss, Boris. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Borislav Petkov on 8 Apr 2010 21:40
From: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Thu, Apr 08, 2010 at 05:50:21PM -0700 > > Yep, looks good: its mmap_region()... > > Can you double-check your current diffs - maybe something got corrupted. > > mmap_region installs the vma with vma_link(), and the last thing > vma_link() does with my patch is that "anon_vma_prepare()". Right, it looks like it. I'll add some more debugging calls there tomorrow - it might give us more clues in case someone hasn't caught it until then. > Maybe with all the patches flying around, you had a reject or something, > and you lost that one anon_vma_prepare()? > > Or maybe I screwed up somewhere and sent you the wrong patch. Here it is > again, just in case. Doesn't look like it - here's the diff between yours and what I have applied here (yep, only minor fuzz but no code differences) Also, I've added my version at the end: --- a.diff 2010-04-09 03:03:35.000000000 +0200 +++ b.diff 2010-04-09 03:03:52.000000000 +0200 @@ -1,8 +1,8 @@ diff --git a/mm/memory.c b/mm/memory.c -index 1d2ea39..bd7ea7f 100644 +index 833952d..08d4423 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -2224,9 +2224,6 @@ reuse: +@@ -2223,9 +2223,6 @@ reuse: gotten: pte_unmap_unlock(page_table, ptl); @@ -12,7 +12,7 @@ index 1d2ea39..bd7ea7f 100644 if (is_zero_pfn(pte_pfn(orig_pte))) { new_page = alloc_zeroed_user_highpage_movable(vma, address); if (!new_page) -@@ -2767,8 +2764,6 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2766,8 +2763,6 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, /* Allocate our own private page. */ pte_unmap(page_table); @@ -21,7 +21,7 @@ index 1d2ea39..bd7ea7f 100644 page = alloc_zeroed_user_highpage_movable(vma, address); if (!page) goto oom; -@@ -2864,10 +2859,6 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2863,10 +2858,6 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (flags & FAULT_FLAG_WRITE) { if (!(vma->vm_flags & VM_SHARED)) { anon = 1; @@ -32,7 +32,7 @@ index 1d2ea39..bd7ea7f 100644 page = alloc_page_vma(GFP_HIGHUSER_MOVABLE, vma, address); if (!page) { -@@ -3116,6 +3107,9 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3115,6 +3106,9 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -43,7 +43,7 @@ index 1d2ea39..bd7ea7f 100644 count_vm_event(PGFAULT); diff --git a/mm/mmap.c b/mm/mmap.c -index bf0600c..4592a93 100644 +index 75557c6..82392c2 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -463,6 +463,8 @@ static void vma_link(struct mm_struct *mm, struct vm_area_struct *vma, > [ I have a horrible cold, and can hardly think straight. So who knows, > maybe I'm missing something. But if you have lost one of the > 'anon_vma_prepare()' call sites, that would certainly explain why you > get NULL anon_vma's ] Oh, sorry to hear that. Ok, let's stop for today - it is 3am here and even if some would say, "well, this is just getting interesting" :), I think it would be best to "sleep on it." :) Thanks. -- commit 2156db98fd84d07e3b86564f429fcc8c6b7d61df Author: Linus Torvalds <torvalds(a)linux-foundation.org> Date: Thu Apr 8 22:09:53 2010 +0200 rmap: preallocate anon VMAs On Thu, 8 Apr 2010, Borislav Petkov wrote: > > There are still issues: vma_adjust() grabs mapping->i_mmap_lock for file > mappings while we might sleep in anon_vma_prepare(): Ahh. Good catch. So I can't actually do that anon_vma_prepare() thing in __insert_vm_struct. It should be simple enough to just move it into the caller, just after it releases that lock. There's only one user of that __insert_vm_struct() anyway. You can do it yourself, or you can replace my previous patch with this.. [ The patch below also makes it warn once and return SIGBUS for the case where there is no anon_vma. I decided I still want to hear about it if there might be some path that tries to insert a vma on its own ] Linus diff --git a/mm/memory.c b/mm/memory.c index 1d2ea39..bd7ea7f 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2224,9 +2224,6 @@ reuse: gotten: pte_unmap_unlock(page_table, ptl); - if (unlikely(anon_vma_prepare(vma))) - goto oom; - if (is_zero_pfn(pte_pfn(orig_pte))) { new_page = alloc_zeroed_user_highpage_movable(vma, address); if (!new_page) @@ -2767,8 +2764,6 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, /* Allocate our own private page. */ pte_unmap(page_table); - if (unlikely(anon_vma_prepare(vma))) - goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); if (!page) goto oom; @@ -2864,10 +2859,6 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (flags & FAULT_FLAG_WRITE) { if (!(vma->vm_flags & VM_SHARED)) { anon = 1; - if (unlikely(anon_vma_prepare(vma))) { - ret = VM_FAULT_OOM; - goto out; - } page = alloc_page_vma(GFP_HIGHUSER_MOVABLE, vma, address); if (!page) { @@ -3116,6 +3107,9 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; + if (WARN_ONCE(!vma->anon_vma, "Mapping with no anon_vma")) + return VM_FAULT_SIGBUS; + __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); diff --git a/mm/mmap.c b/mm/mmap.c index bf0600c..4592a93 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -463,6 +463,8 @@ static void vma_link(struct mm_struct *mm, struct vm_area_struct *vma, mm->map_count++; validate_mm(mm); + + anon_vma_prepare(vma); } /* @@ -628,6 +630,8 @@ again: remove_next = 1 + (end > next->vm_end); if (mapping) spin_unlock(&mapping->i_mmap_lock); + anon_vma_prepare(vma); + if (remove_next) { if (file) { fput(file); @@ -1674,12 +1678,6 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) if (!(vma->vm_flags & VM_GROWSUP)) return -EFAULT; - /* - * We must make sure the anon_vma is allocated - * so that the anon_vma locking is not a noop. - */ - if (unlikely(anon_vma_prepare(vma))) - return -ENOMEM; anon_vma_lock(vma); /* @@ -1720,13 +1718,6 @@ static int expand_downwards(struct vm_area_struct *vma, { int error; - /* - * We must make sure the anon_vma is allocated - * so that the anon_vma locking is not a noop. - */ - if (unlikely(anon_vma_prepare(vma))) - return -ENOMEM; - address &= PAGE_MASK; error = security_file_mmap(NULL, 0, 0, 0, address, 1); if (error) -- Regards/Gruss, Boris. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |