Konstantin Khlebnikov wrote: > Konstantin Khlebnikov wrote: >> Martin Mokrejs wrote: >>> >>> >>> Konstantin Khlebnikov wrote: >>>> Martin Mokrejs wrote: >>>>> Andrew Morton wrote: >>>>>> On Wed, 30 May 2012 00:18:31 +0400 >>>>>> Konstantin Khlebnikov<khlebnikov@xxxxxxxxxx> wrote: >>>>>> >>>>>>> Oleg Nesterov wrote: >>>>>>>> On 05/22, Andrew Morton wrote: >>>>>>>>> >>>>>>>>> Also, I have a note here that Oleg was unhappy with the patch. Oleg >>>>>>>>> happiness is important. Has he cheered up yet? >>>>>>>> >>>>>>>> Well, yes, I do not really like this patch ;) Because I think there is >>>>>>>> a more simple/straightforward fix, see below. In my opinion it also >>>>>>>> makes the original code simpler. >>>>>>>> >>>>>>>> But. Obviously this is subjective, I can't prove my patch is "better", >>>>>>>> and I didn't try to test it. >>>>>>>> >>>>>>>> So I won't argue with Konstantin who dislikes my patch, although I >>>>>>>> would like to know the reason. >>>>>>> >>>>>>> I don't remember why I dislike your patch. >>>>>>> For now I can only say ACK ) >>>>>> >>>>>> We'll need a changelogged signed-off patch, please Oleg. And some evidence >>>>>> that it was tested would be nice ;) >>>>> >>>>> I will reboot in few hours, finally after few days ... I am running this first >>>>> patch. I will try to test the second/alternative patch more quickly. Sorry for >>>>> the delay. >>>>> >>>> >>>> easiest way trigger this bug: >>>> >>>> #define _GNU_SOURCE >>>> #include<unistd.h> >>>> #include<sched.h> >>>> #include<sys/syscall.h> >>>> #include<sys/mman.h> >>>> >>>> static inline int sys_clone(unsigned long flags, void *stack, int *ptid, int *ctid) >>>> { >>>> return syscall(SYS_clone, flags, stack, ptid, ctid); >>>> } >>>> >>>> int main(int argc, char **argv) >>>> { >>>> void *page; >>>> >>>> page = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); >>>> sys_clone(CLONE_VFORK | CLONE_VM | CLONE_CHILD_CLEARTID, NULL, NULL, page); >>>> } >>>> >>> >>> I am getting segfaults with this. >>> >>> (gdb) where >>> #0 0x0000000000000000 in ?? () >>> #1 0x00007f430f70a7e0 in __elf_set___libc_subfreeres_element_free_mem__ () from /lib64/libc.so.6 >>> #2 0x00007f430f70a7e8 in __elf_set___libc_atexit_element__IO_cleanup__ () from /lib64/libc.so.6 >>> #3 0x0000000000000001 in ?? () >>> #4 0x0000000000000000 in ?? () >>> (gdb) >>> >>> What number should I give it as an argument? ;-) >> >> there is no arguments. >> >> yeah it corrupts stack. I'm too lazy to write it properly =) >> but on non-patched kernel it also triggers this bug: >> [206732.025131] BUG: Bad rss-counter state mm:ffff88000d8a6c80 idx:1 val:-1 >> >> -- >> To unsubscribe, send a message with 'unsubscribe linux-mm' in >> the body to majordomo@xxxxxxxxx. For more info on Linux MM, >> see: http://www.linux-mm.org/ . >> Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ >> Don't email:<a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx</a> > > this version works without segfaults =) > > #define _GNU_SOURCE > #include <stdlib.h> > #include <sched.h> > #include <sys/mman.h> > > int child(void *arg) > { > return 0; > } > > char stack[4096]; > > int main(int argc, char **argv) > { > void *page; > > page = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); > clone(child, stack + sizeof(stack), CLONE_VFORK | CLONE_VM | CLONE_CHILD_CLEARTID, NULL, NULL, NULL, page); > return 0; > } > Thanks, this app does not crash anymore. Re-confirming that both patches fix the issue on my system. Martin -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>