Re: [request for stable inclusion] mm/hugetlb: check for pte NULL pointer in __page_check_address()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Dec 20, 2013 at 05:28:35PM +0800, Jianguo Wu wrote:
> Hi Greg,
> 
> Please queue this commit for 3.0+
> 
> 98398c32f6687ee1e1f3ae084effb4b75adb0747
> mm/hugetlb: check for pte NULL pointer in __page_check_address()

Thank you Jianguo, I am queuing this patch for the 3.5 and 3.11 kernels.

Cheers,
--
Luis

> 
> I should have added the stable tag when I sent the patch. I didn't
> manage to trigger the bug, but now I've found a reliable way to
> reproduce it:
> 
> 1. process 1 mmap() a hugetlb file, then sleep.
> 2. process 2 mmap() the same hugetlb file, memset the return address, then sleep.
> 3. soft offline the hugetlb page, and kernel get crashed:
> 
> [  179.167579] BUG: unable to handle kernel paging request at ffffeba400000030
> [  179.174530] IP: [<ffffffff814e2829>] _raw_spin_lock+0x9/0x30
> [  179.180180] PGD 0 
> [  179.182189] Oops: 0002 [#1] SMP 
> [  179.185418] Modules linked in: lp ppdev parport_pc parport joydev st sr_mod ide_gd_mod ide_cd_mod cdrom binfmt_misc cpufreq_conservative cpufreq_userspace cpufreq_powersave microcode fuse loop dm_mod igb dca i2c_algo_bit iTCO_wdt iTCO_vendor_support ptp lpc_ich pps_core hid_generic bnx2 serio_raw sg ehci_pci pcspkr mfd_core rtc_cmos i7core_edac mptctl edac_core button i2c_i801 acpi_cpufreq i2c_core usbhid hid uhci_hcd ehci_hcd usbcore sd_mod usb_common crc_t10dif crct10dif_common scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_dh_hp_sw scsi_dh edd ext3 mbcache jbd fan ide_pci_generic ide_core ata_generic ata_piix libata thermal processor thermal_sys hwmon mptsas mptscsih mptbase scsi_transport_sas scsi_mod
> [  179.247994] CPU: 3 PID: 4893 Comm: bash Not tainted 3.13.0-rc4+ #58
> [  179.254232] Hardware name: Huawei Technologies Co., Ltd. Tecal RH2285          /BC11BTSA              , BIOS CTSAV036 04/27/2011
> [  179.265743] task: ffff880c21084450 ti: ffff880c26186000 task.ti: ffff880c26186000
> [  179.273190] RIP: 0010:[<ffffffff814e2829>]  [<ffffffff814e2829>] _raw_spin_lock+0x9/0x30
> [  179.281256] RSP: 0018:ffff880c26187ba8  EFLAGS: 00010206
> [  179.286541] RAX: 0000000000010000 RBX: 0000000000000000 RCX: 0000000000000009
> [  179.293642] RDX: ffffea0000000000 RSI: ffffffff81e7a1f8 RDI: ffffeba400000030
> [  179.300743] RBP: ffff880c26187ba8 R08: 0000000000001000 R09: 0000000000000006
> [  179.307845] R10: 0000000000000461 R11: 0000000000000006 R12: ffffeba400000030
> [  179.314945] R13: ffffea00156c1000 R14: 0000000000000000 R15: ffff880c26187c28
> [  179.322047] FS:  00007f96b110d700(0000) GS:ffff88063fc60000(0000) knlGS:0000000000000000
> [  179.330101] CS:  0010 DS: 0000 ES: 0000 CR0: 00002677f000 CR4: 00000000000007e0
> [  179.342920] Stack:
> [  179.344919]  ffff880c26187be8 ffffffff81156bee ffffffff81d42682 00002aaaaae00000
> [  179.352319]  ffff880627304150 ffff88062366c040 ffffea00156c1000 ffffea00156c1018
> [  179.359718]  ffff880c26187c58 ffffffff81156cf1 ffffea0000c32000 0000000000000000
> [  179.367122] Call Trace:
> [  179.369559]  [<ffffffff81156bee>] __page_check_address+0xce/0x1a0
> [  179.375625]  [<ffffffff81156cf1>] try_to_unmap_one+0x31/0x450
> [  179.381345]  [<ffffffff814de1d1>] ? printk+0x54/0x78
> [  179.386287]  [<ffffffff81157ebe>] try_to_unmap_file+0xce/0x2c0
> [  179.392094]  [<ffffffff81158155>] try_to_unmap+0x55/0x70
> [  179.397382]  [<ffffffff811780fd>] unmap_and_move_huge_page+0xcd/0x1c0
> [  179.403794]  [<ffffffff8112a9f0>] ? page_alloc_cpu_notify+0x50/0x50
> [  179.410034]  [<ffffffff8117869e>] migrate_pages+0x9e/0x210
> [  179.415494]  [<ffffffff8117dab0>] ? soft_offline_huge_page+0x1f0/0x1f0
> [  179.421992]  [<ffffffff8117d979>] soft_offline_huge_page+0xb9/0x1f0
> [  179.428229]  [<ffffffff8117ec13>] soft_offline_page+0x133/0x250
> [  179.434124]  [<ffffffff813935f8>] store_soft_offline_page+0xb8/0xd0
> [  179.440363]  [<ffffffff8137b9ab>] dev_attr_store+0x1b/0x20
> [  179.445825]  [<ffffffff811f6345>] flush_write_buffer+0x85/0x100
> [  179.451717]  [<ffffffff811f6d27>] sysfs_write_file+0xf7/0x110
> [  179.457438]  [<ffffffff811844b7>] vfs_write+0xc7/0x1e0
> [  179.462553]  [<ffffffff811846ed>] SyS_write+0x5d/0xa0
> [  179.467583]  [<ffffffff814ea962>] system_call_fastpath+0x16/0x1b
> [  179.473561] Code: 00 00 8d 91 00 00 01 00 89 c8 f0 0f b1 17 39 c1 ba 01 00 00 00 75 db 89 d0 c9 c3 0f 1f 80 00 00 00 00 55 48 89 e5 b8 00 00 01 00 <f0> 0f c1 07 89 c2 c1 ea 10 66 39 d0 75 0b eb 11 0f 1f 80 00 00 
> [  179.493000] RIP  [<ffffffff814e2829>] _raw_spin_lock+0x9/0x30
> [  179.498729]  RSP <ffff880c26187ba8>
> [  179.502198] CR2: ffffeba400000030
> [  179.505497] ---[ end trace 09e8ee8dfcf9bacf ]---
> [  179.510090] Kernel panic - not syncing: Fatal exception
> 
> Thanks,
> Jianguo Wu
> 
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]