Re: [PATCH v2] mm/mmap: Regression fix for unmapped_area{_topdown}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Liam,

It's a bit hard to follow this particular issue on v6.1 as there are many email threads related to this.

I just wanted to ask if whether this is fixed on mainline and v6.1 stable yet.

If there's a new thread tackling this issue, I'd appreciate it if you can link it here.

Thanks,
regards

On 5/2/23 23:09, Liam R. Howlett wrote:
...Adding Rick to the Cc this time.

* Liam R. Howlett <Liam.Howlett@xxxxxxxxxx> [230502 10:08]:
* Michael Keyes <mgkeyes@xxxxxxxxxxxxxxxxxxxx> [230430 18:41]:
On 29.04.23 15:32, Tad wrote:
This reintroduces the issue described in
https://lore.kernel.org/linux-mm/cb8dc31a-fef2-1d09-f133-e9f7b9f9e77a@xxxxxxxx/
Yes, I also ran into this (even though I'd somehow missed it the
previous time).

Rick Edgecombe reported something similar [1].

This is probably to do with my stack guard checks I recently added.


Apparently the issue arises at mm/mmap.c:1582, where low_limit is set to
vm_end_gap(tmp). Occasionally, this returns a 64-bit address (e.g.
0x7fedea581000), which is obviously greater than high_limit for a 32-bit
mmap, and causes the next call to mas_empty_area() to fail.

I'm not sure why vm_end_gap(tmp) occasionally returns a 64-bit address,
or if the best solution is to just check for this and skip the retry if
it occurs…


Thanks for the debugging.  I will look into it.

I am currently trying to revise how the iterators, prev/next deal with
shifting outside the requested limits.  I suspect it's something to do
with hitting the limit and what someone would assume the next operation
means.

[1] https://lore.kernel.org/linux-mm/32f156ba80010fd97dbaf0a0cdfc84366608624d.camel@xxxxxxxxx/






[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux