LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Jeremy Fitzhardinge <jeremy@goop.org>
To: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>, Andi Kleen <ak@suse.de>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: preempt bug in set_pmd_pfn?
Date: Wed, 05 Mar 2008 08:45:08 -0800	[thread overview]
Message-ID: <47CECE14.8090808@goop.org> (raw)
In-Reply-To: <20080305064814.GB28398@elte.hu>

Ingo Molnar wrote:
> * Jeremy Fitzhardinge <jeremy@goop.org> wrote:
>
>   
>> Ingo Molnar wrote:
>>     
>>> * Jeremy Fitzhardinge <jeremy@goop.org> wrote:
>>>
>>>   
>>>       
>>>> I think set_pmd_pfn, which is only called by __set_fixmap, might have a 
>>>> preempt bug in it.
>>>>     
>>>>         
>>> yes, and we had similar preemption bugs in the past. I guess most places 
>>> are either infrequent or have some natural atomicity anyway. Wanna send a 
>>> patch?
>>>       
>> Sure.  Should it just disable preemption, or take a lock?  It calls 
>> set_pte_at without holding any pte locks; that seems to be relatively 
>> common.  Is it OK when you're operating on init_mm?
>>     
>
> no, it's not OK to modify the kernel pagetable without locking - taking 
> the pgd_lock should do the trick. Could you send the stacktrace that 
> shows the place that is preemptible?
So far I've noticed two places:

1. __set_fixmap to set up the vdso compat mapping (set_pte_at and tlb 
flush):

BUG: using smp_processor_id() in preemptible [00000000] code: init/1
caller is paravirt_get_lazy_mode+0xe/0x1b
Pid: 1, comm: init Not tainted 2.6.25-rc3-x86-latest.git #196
 [<c022be65>] debug_smp_processor_id+0x99/0xb0
 [<c011aa88>] paravirt_get_lazy_mode+0xe/0x1b
 [<c0105092>] xen_set_pte_at+0x2e/0xc0
 [<c011d322>] __set_fixmap+0x14a/0x176
 [<c011e4bb>] arch_setup_additional_pages+0x83/0x11d
 [<c01934a3>] load_elf_binary+0xad8/0x113a
 [<c016d410>] ? vfs_read+0xef/0x106
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01929cb>] ? load_elf_binary+0x0/0x113a
 [<c01703ab>] ? prepare_binprm+0xc3/0xcb
 [<c0192375>] load_script+0x179/0x18c
 [<c0159caf>] ? get_user_pages+0x31d/0x397
 [<c016fe47>] ? get_arg_page+0x2d/0x80
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01921fc>] ? load_script+0x0/0x18c
 [<c0171302>] do_execve+0x121/0x16a
 [<c01067d9>] sys_execve+0x29/0x52
 [<c0108286>] syscall_call+0x7/0xb
 [<c017007b>] ? search_binary_handler+0x56/0x19f
 [<c010af2f>] ? kernel_execve+0x17/0x1c
 [<c010217f>] ? _stext+0x17/0x19
 [<c01021d6>] ? init_post+0x55/0xbb
 [<c01035e7>] ? xen_irq_disable+0x21/0x23
 [<c010828f>] ? syscall_exit+0x5/0x1d
 [<c0108ee7>] ? kernel_thread_helper+0x7/0x10
 =======================
BUG: using smp_processor_id() in preemptible [00000000] code: init/1
caller is xen_flush_tlb_single+0x11/0x89
Pid: 1, comm: init Not tainted 2.6.25-rc3-x86-latest.git #196
 [<c022be65>] debug_smp_processor_id+0x99/0xb0
 [<c0103c0b>] xen_flush_tlb_single+0x11/0x89
 [<c011d33f>] __set_fixmap+0x167/0x176
 [<c011e4bb>] arch_setup_additional_pages+0x83/0x11d
 [<c01934a3>] load_elf_binary+0xad8/0x113a
 [<c016d410>] ? vfs_read+0xef/0x106
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01929cb>] ? load_elf_binary+0x0/0x113a
 [<c01703ab>] ? prepare_binprm+0xc3/0xcb
 [<c0192375>] load_script+0x179/0x18c
 [<c0159caf>] ? get_user_pages+0x31d/0x397
 [<c016fe47>] ? get_arg_page+0x2d/0x80
 [<c01700dd>] search_binary_handler+0xb8/0x19f
 [<c01921fc>] ? load_script+0x0/0x18c
 [<c0171302>] do_execve+0x121/0x16a
 [<c01067d9>] sys_execve+0x29/0x52
 [<c0108286>] syscall_call+0x7/0xb
 [<c017007b>] ? search_binary_handler+0x56/0x19f
 [<c010af2f>] ? kernel_execve+0x17/0x1c
 [<c010217f>] ? _stext+0x17/0x19
 [<c01021d6>] ? init_post+0x55/0xbb
 [<c01035e7>] ? xen_irq_disable+0x21/0x23
 [<c010828f>] ? syscall_exit+0x5/0x1d
 [<c0108ee7>] ? kernel_thread_helper+0x7/0x10
 =======================


2. and vmalloc:

BUG: using smp_processor_id() in preemptible [00000000] code: multipath.stati/1981
caller is paravirt_get_lazy_mode+0xe/0x1b
Pid: 1981, comm: multipath.stati Not tainted 2.6.25-rc3-x86-latest.git #196
 [<c022be65>] debug_smp_processor_id+0x99/0xb0
 [<c011aa88>] paravirt_get_lazy_mode+0xe/0x1b
 [<c0105092>] xen_set_pte_at+0x2e/0xc0
 [<c015f736>] map_vm_area+0x1fa/0x255
 [<c015fc83>] __vmalloc_area_node+0xdb/0xfa
 [<c015fceb>] __vmalloc_node+0x49/0x58
 [<c015fd26>] __vmalloc+0x10/0x12
 [<c015fdca>] vmalloc+0x19/0x1b
 [<c038d3b4>] dm_ctl_ioctl+0x155/0x248
 [<c038c56b>] ? list_versions+0x0/0x79
 [<c0103c00>] ? xen_flush_tlb_single+0x6/0x89
 [<c038d25f>] ? dm_ctl_ioctl+0x0/0x248
 [<c01767be>] vfs_ioctl+0x22/0x67
 [<c0176a54>] do_vfs_ioctl+0x251/0x268
 [<c015b45f>] ? remove_vma+0x34/0x3a
 [<c015bdc8>] ? do_munmap+0x17d/0x197
 [<c0176a97>] sys_ioctl+0x2c/0x45
 [<c0108286>] syscall_call+0x7/0xb
 =======================

    J

  parent reply	other threads:[~2008-03-05 16:50 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-04 21:13 Jeremy Fitzhardinge
2008-03-04 21:28 ` Ingo Molnar
2008-03-04 21:27   ` Jeremy Fitzhardinge
2008-03-05  6:48     ` Ingo Molnar
2008-03-05 14:29       ` Hugh Dickins
2008-03-05 16:48         ` Jeremy Fitzhardinge
2008-03-05 17:38           ` Hugh Dickins
2008-03-05 19:18             ` Jeremy Fitzhardinge
2008-03-05 20:40               ` Hugh Dickins
2008-03-06 12:52               ` Ingo Molnar
2008-03-06 18:19                 ` Jeremy Fitzhardinge
2008-03-05 16:45       ` Jeremy Fitzhardinge [this message]
2008-03-05  0:06 ` Andi Kleen
2008-03-05  0:07   ` Jeremy Fitzhardinge
2008-03-05  0:16     ` Andi Kleen
2008-03-05  0:19       ` Jeremy Fitzhardinge
2008-03-05  1:28         ` Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47CECE14.8090808@goop.org \
    --to=jeremy@goop.org \
    --cc=ak@suse.de \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --subject='Re: preempt bug in set_pmd_pfn?' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).