+ dev-kmem-debug-preadv-progress.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: /dev/kmem : debug preadv() progress
has been added to the -mm tree.  Its filename is
     dev-kmem-debug-preadv-progress.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/dev-kmem-debug-preadv-progress.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/dev-kmem-debug-preadv-progress.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Subject: /dev/kmem : debug preadv() progress

syzbot is reporting unkillable thread when reading /dev/mem .  To check
whether this is merely due to lack of fatal_signal_pending(current) test
or unexpectedly fallen into infinite loop, add debug printk().  This patch
is intended for linux-next only, and will be removed after the cause is
fixed.

  INFO: task syz-executor.4:25539 can't die for more than 143 seconds.
  syz-executor.4  R  running task    28400 25539  25531 0x80004006
  Call Trace:
   context_switch kernel/sched/core.c:3265 [inline]
   __schedule+0x76e/0x17d0 kernel/sched/core.c:3937
   preempt_schedule_irq+0xb5/0x160 kernel/sched/core.c:4185
   retint_kernel+0x1b/0x2b
  RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:205
  Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4
  RSP: 0018:ffff88808d76fb68 EFLAGS: 00010206 ORIG_RAX: ffffffffffffff13
  RAX: 0000000000040000 RBX: ffff8880925be2c0 RCX: 0000000000000c00
  RDX: 0000000000001000 RSI: ffffc9000fbb2c00 RDI: ffff8880925beec0
  RBP: ffff88808d76fb98 R08: ffff888060288440 R09: ffff8880aa402000
  R10: 0000000000000000 R11: ffffea0002496f87 R12: 0000000000001000
  R13: 00007ffffffff000 R14: ffffc9000fbb8000 R15: ffff888060288440
   read_mem+0xfc/0x2c0 drivers/char/mem.c:163
   do_loop_readv_writev fs/read_write.c:714 [inline]
   do_loop_readv_writev fs/read_write.c:701 [inline]
   do_iter_read+0x4a4/0x660 fs/read_write.c:935
   vfs_readv+0xf0/0x160 fs/read_write.c:997
   do_preadv+0x1c4/0x280 fs/read_write.c:1089
   __do_sys_preadv fs/read_write.c:1139 [inline]
   __se_sys_preadv fs/read_write.c:1134 [inline]
   __x64_sys_preadv+0x9a/0xf0 fs/read_write.c:1134
   do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
   entry_SYSCALL_64_after_hwframe+0x49/0xbe

  https://syzkaller.appspot.com/text?tag=CrashLog&x=1469b8a6600000
  https://syzkaller.appspot.com/text?tag=CrashLog&x=160a00a6600000
  https://syzkaller.appspot.com/text?tag=CrashLog&x=16255326600000

Link: http://lkml.kernel.org/r/1565607103-6175-1-git-send-email-penguin-kernel@xxxxxxxxxxxxxxxxxxx
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Cc: Arnd Bergmann <arnd@xxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 drivers/char/mem.c |    9 +++++++++
 fs/read_write.c    |    6 ++++++
 2 files changed, 15 insertions(+)

--- a/drivers/char/mem.c~dev-kmem-debug-preadv-progress
+++ a/drivers/char/mem.c
@@ -140,6 +140,9 @@ static ssize_t read_mem(struct file *fil
 		int allowed, probe;
 
 		sz = size_inside_page(p, count);
+		if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+		    fatal_signal_pending(current))
+			printk("read_mem: sz=%ld count=%ld\n", sz, count);
 
 		err = -EPERM;
 		allowed = page_is_allowed(p >> PAGE_SHIFT);
@@ -179,9 +182,15 @@ static ssize_t read_mem(struct file *fil
 	kfree(bounce);
 
 	*ppos += read;
+	if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+	    fatal_signal_pending(current))
+		printk("read_mem: read=%ld *ppos=%lld\n", read, *ppos);
 	return read;
 
 failed:
+	if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+	    fatal_signal_pending(current))
+		printk("read_mem: err=%d\n", err);
 	kfree(bounce);
 	return err;
 }
--- a/fs/read_write.c~dev-kmem-debug-preadv-progress
+++ a/fs/read_write.c
@@ -710,6 +710,9 @@ static ssize_t do_loop_readv_writev(stru
 		struct iovec iovec = iov_iter_iovec(iter);
 		ssize_t nr;
 
+		if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+		    fatal_signal_pending(current))
+			printk("do_loop_readv_writev: iter->count=%ld iovec.iov_len=%ld\n", iter->count, iovec.iov_len);
 		if (type == READ) {
 			nr = filp->f_op->read(filp, iovec.iov_base,
 					      iovec.iov_len, ppos);
@@ -717,6 +720,9 @@ static ssize_t do_loop_readv_writev(stru
 			nr = filp->f_op->write(filp, iovec.iov_base,
 					       iovec.iov_len, ppos);
 		}
+		if (IS_ENABLED(CONFIG_DEBUG_AID_FOR_SYZBOT) &&
+		    fatal_signal_pending(current))
+			printk("do_loop_readv_writev: nr=%ld\n", nr);
 
 		if (nr < 0) {
 			if (!ret)
_

Patches currently in -mm which might be from penguin-kernel@xxxxxxxxxxxxxxxxxxx are

mm-oom-avoid-printk-iteration-under-rcu.patch
info-task-hung-in-generic_file_write_iter.patch
info-task-hung-in-generic_file_write-fix.patch
dev-kmem-debug-preadv-progress.patch
kexec-bail-out-upon-sigkill-when-allocating-memory.patch




[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux