* [PATCH] mm: fix kernel crash in khugepaged thread
@ 2015-10-23 9:38 ` yalin wang
0 siblings, 0 replies; 8+ messages in thread
From: yalin wang @ 2015-10-23 9:38 UTC (permalink / raw)
To: akpm, kirill.shutemov, vbabka, jmarchan, mgorman, ebru.akagunduz,
willy, linux-mm, linux-kernel
Cc: yalin wang
This crash is caused by NULL pointer deference:
[ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 182.639491 ] pgd = ffffffc00077a000
[ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
[ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
[ 182.641197 ] Modules linked in:
[ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
[ 182.642077 ] Hardware name: linux,dummy-virt (DT)
[ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
[ 182.642598 ] PC is at khugepaged+0x378/0x1af8
[ 182.642826 ] LR is at khugepaged+0x418/0x1af8
[ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
[ 182.643490 ] sp : ffffffc07963bca0
[ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
[ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
[ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
[ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
[ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
[ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
[ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
[ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
[ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
[ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
[ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
[ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
[ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
[ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
[ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
[ 182.649147 ]
[ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
[ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
[ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
[ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
[ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
[ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
[ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
[ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
[ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
[ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
[ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
[ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
[ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
[ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
[ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
[ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
[ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
[ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
[ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
[ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.661848 ] Call trace:
[ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
[ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
[ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
[ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
[ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
[ 182.664160 ] Kernel panic - not syncing: Fatal exception
[ 182.664571 ] CPU2: stopping
[ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
[ 182.665248 ] Hardware name: linux,dummy-virt (DT)
Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
---
mm/huge_memory.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 4b3420a..a5f4d9c 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2606,8 +2606,9 @@ out_unmap:
collapse_huge_page(mm, address, hpage, vma, node);
}
out:
- trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
- none_or_zero, result, unmapped);
+ if (page)
+ trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
+ referenced, none_or_zero, result, unmapped);
return ret;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH] mm: fix kernel crash in khugepaged thread
@ 2015-10-23 9:38 ` yalin wang
0 siblings, 0 replies; 8+ messages in thread
From: yalin wang @ 2015-10-23 9:38 UTC (permalink / raw)
To: akpm, kirill.shutemov, vbabka, jmarchan, mgorman, ebru.akagunduz,
willy, linux-mm, linux-kernel
Cc: yalin wang
This crash is caused by NULL pointer deference:
[ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 182.639491 ] pgd = ffffffc00077a000
[ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
[ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
[ 182.641197 ] Modules linked in:
[ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
[ 182.642077 ] Hardware name: linux,dummy-virt (DT)
[ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
[ 182.642598 ] PC is at khugepaged+0x378/0x1af8
[ 182.642826 ] LR is at khugepaged+0x418/0x1af8
[ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
[ 182.643490 ] sp : ffffffc07963bca0
[ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
[ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
[ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
[ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
[ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
[ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
[ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
[ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
[ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
[ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
[ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
[ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
[ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
[ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
[ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
[ 182.649147 ]
[ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
[ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
[ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
[ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
[ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
[ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
[ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
[ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
[ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
[ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
[ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
[ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
[ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
[ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
[ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
[ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
[ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
[ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
[ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
[ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 182.661848 ] Call trace:
[ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
[ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
[ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
[ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
[ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
[ 182.664160 ] Kernel panic - not syncing: Fatal exception
[ 182.664571 ] CPU2: stopping
[ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
[ 182.665248 ] Hardware name: linux,dummy-virt (DT)
Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
---
mm/huge_memory.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 4b3420a..a5f4d9c 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2606,8 +2606,9 @@ out_unmap:
collapse_huge_page(mm, address, hpage, vma, node);
}
out:
- trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
- none_or_zero, result, unmapped);
+ if (page)
+ trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
+ referenced, none_or_zero, result, unmapped);
return ret;
}
--
1.9.1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] mm: fix kernel crash in khugepaged thread
2015-10-23 9:38 ` yalin wang
@ 2015-10-23 10:11 ` Kirill A. Shutemov
-1 siblings, 0 replies; 8+ messages in thread
From: Kirill A. Shutemov @ 2015-10-23 10:11 UTC (permalink / raw)
To: yalin wang
Cc: akpm, kirill.shutemov, vbabka, jmarchan, mgorman, ebru.akagunduz,
willy, linux-mm, linux-kernel
On Fri, Oct 23, 2015 at 05:38:49PM +0800, yalin wang wrote:
> This crash is caused by NULL pointer deference:
> [ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
> [ 182.639491 ] pgd = ffffffc00077a000
> [ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
> [ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
> [ 182.641197 ] Modules linked in:
> [ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> [ 182.642077 ] Hardware name: linux,dummy-virt (DT)
> [ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
> [ 182.642598 ] PC is at khugepaged+0x378/0x1af8
> [ 182.642826 ] LR is at khugepaged+0x418/0x1af8
> [ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
> [ 182.643490 ] sp : ffffffc07963bca0
> [ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
> [ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
> [ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
> [ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
> [ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
> [ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
> [ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
> [ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
> [ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
> [ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
> [ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
> [ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
> [ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
> [ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
> [ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
> [ 182.649147 ]
> [ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
> [ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
> [ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
> [ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
> [ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
> [ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
> [ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
> [ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
> [ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
> [ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
> [ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
> [ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
> [ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
> [ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
> [ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
> [ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
> [ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
> [ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
> [ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
> [ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.661848 ] Call trace:
> [ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
> [ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
> [ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
> [ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
> [ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
> [ 182.664160 ] Kernel panic - not syncing: Fatal exception
> [ 182.664571 ] CPU2: stopping
> [ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> [ 182.665248 ] Hardware name: linux,dummy-virt (DT)
>
> Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
> ---
> mm/huge_memory.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 4b3420a..a5f4d9c 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2606,8 +2606,9 @@ out_unmap:
> collapse_huge_page(mm, address, hpage, vma, node);
> }
> out:
> - trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
> - none_or_zero, result, unmapped);
> + if (page)
> + trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
> + referenced, none_or_zero, result, unmapped);
> return ret;
> }
What about this instead?
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 4b3420ade697..392ebba27fe2 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2503,10 +2503,8 @@ static int khugepaged_scan_pmd(struct mm_struct *mm,
VM_BUG_ON(address & ~HPAGE_PMD_MASK);
pmd = mm_find_pmd(mm, address);
- if (!pmd) {
- result = SCAN_PMD_NULL;
- goto out;
- }
+ if (!pmd)
+ return 0;
memset(khugepaged_node_load, 0, sizeof(khugepaged_node_load));
pte = pte_offset_map_lock(mm, pmd, address, &ptl);
@@ -2605,7 +2603,6 @@ out_unmap:
/* collapse_huge_page will return with the mmap_sem released */
collapse_huge_page(mm, address, hpage, vma, node);
}
-out:
trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
none_or_zero, result, unmapped);
return ret;
--
Kirill A. Shutemov
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] mm: fix kernel crash in khugepaged thread
@ 2015-10-23 10:11 ` Kirill A. Shutemov
0 siblings, 0 replies; 8+ messages in thread
From: Kirill A. Shutemov @ 2015-10-23 10:11 UTC (permalink / raw)
To: yalin wang
Cc: akpm, kirill.shutemov, vbabka, jmarchan, mgorman, ebru.akagunduz,
willy, linux-mm, linux-kernel
On Fri, Oct 23, 2015 at 05:38:49PM +0800, yalin wang wrote:
> This crash is caused by NULL pointer deference:
> [ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
> [ 182.639491 ] pgd = ffffffc00077a000
> [ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
> [ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
> [ 182.641197 ] Modules linked in:
> [ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> [ 182.642077 ] Hardware name: linux,dummy-virt (DT)
> [ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
> [ 182.642598 ] PC is at khugepaged+0x378/0x1af8
> [ 182.642826 ] LR is at khugepaged+0x418/0x1af8
> [ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
> [ 182.643490 ] sp : ffffffc07963bca0
> [ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
> [ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
> [ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
> [ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
> [ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
> [ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
> [ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
> [ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
> [ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
> [ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
> [ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
> [ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
> [ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
> [ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
> [ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
> [ 182.649147 ]
> [ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
> [ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
> [ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
> [ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
> [ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
> [ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
> [ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
> [ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
> [ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
> [ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
> [ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
> [ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
> [ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
> [ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
> [ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
> [ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
> [ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
> [ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
> [ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
> [ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 182.661848 ] Call trace:
> [ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
> [ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
> [ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
> [ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
> [ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
> [ 182.664160 ] Kernel panic - not syncing: Fatal exception
> [ 182.664571 ] CPU2: stopping
> [ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> [ 182.665248 ] Hardware name: linux,dummy-virt (DT)
>
> Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
> ---
> mm/huge_memory.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 4b3420a..a5f4d9c 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2606,8 +2606,9 @@ out_unmap:
> collapse_huge_page(mm, address, hpage, vma, node);
> }
> out:
> - trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
> - none_or_zero, result, unmapped);
> + if (page)
> + trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
> + referenced, none_or_zero, result, unmapped);
> return ret;
> }
What about this instead?
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
index 4b3420ade697..392ebba27fe2 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
@@ -2503,10 +2503,8 @@ static int khugepaged_scan_pmd(struct mm_struct *mm,
VM_BUG_ON(address & ~HPAGE_PMD_MASK);
pmd = mm_find_pmd(mm, address);
- if (!pmd) {
- result = SCAN_PMD_NULL;
- goto out;
- }
+ if (!pmd)
+ return 0;
memset(khugepaged_node_load, 0, sizeof(khugepaged_node_load));
pte = pte_offset_map_lock(mm, pmd, address, &ptl);
@@ -2605,7 +2603,6 @@ out_unmap:
/* collapse_huge_page will return with the mmap_sem released */
collapse_huge_page(mm, address, hpage, vma, node);
}
-out:
trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
none_or_zero, result, unmapped);
return ret;
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] mm: fix kernel crash in khugepaged thread
2015-10-23 10:11 ` Kirill A. Shutemov
@ 2015-10-23 16:00 ` yalin wang
-1 siblings, 0 replies; 8+ messages in thread
From: yalin wang @ 2015-10-23 16:00 UTC (permalink / raw)
To: Kirill A. Shutemov
Cc: Andrew Morton, Kirill A. Shutemov, Vlastimil Babka, jmarchan,
mgorman, Ebru Akagunduz, willy, linux-mm, linux-kernel
> On Oct 23, 2015, at 18:11, Kirill A. Shutemov <kirill@shutemov.name> wrote:
>
> On Fri, Oct 23, 2015 at 05:38:49PM +0800, yalin wang wrote:
>> This crash is caused by NULL pointer deference:
>> [ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
>> [ 182.639491 ] pgd = ffffffc00077a000
>> [ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
>> [ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
>> [ 182.641197 ] Modules linked in:
>> [ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
>> [ 182.642077 ] Hardware name: linux,dummy-virt (DT)
>> [ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
>> [ 182.642598 ] PC is at khugepaged+0x378/0x1af8
>> [ 182.642826 ] LR is at khugepaged+0x418/0x1af8
>> [ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
>> [ 182.643490 ] sp : ffffffc07963bca0
>> [ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
>> [ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
>> [ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
>> [ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
>> [ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
>> [ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
>> [ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
>> [ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
>> [ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
>> [ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
>> [ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
>> [ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
>> [ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
>> [ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
>> [ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
>> [ 182.649147 ]
>> [ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
>> [ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
>> [ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
>> [ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
>> [ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
>> [ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
>> [ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
>> [ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
>> [ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
>> [ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
>> [ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
>> [ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
>> [ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
>> [ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
>> [ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
>> [ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
>> [ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
>> [ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
>> [ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
>> [ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.661848 ] Call trace:
>> [ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
>> [ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
>> [ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
>> [ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
>> [ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
>> [ 182.664160 ] Kernel panic - not syncing: Fatal exception
>> [ 182.664571 ] CPU2: stopping
>> [ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
>> [ 182.665248 ] Hardware name: linux,dummy-virt (DT)
>>
>> Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
>> ---
>> mm/huge_memory.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>> index 4b3420a..a5f4d9c 100644
>> --- a/mm/huge_memory.c
>> +++ b/mm/huge_memory.c
>> @@ -2606,8 +2606,9 @@ out_unmap:
>> collapse_huge_page(mm, address, hpage, vma, node);
>> }
>> out:
>> - trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
>> - none_or_zero, result, unmapped);
>> + if (page)
>> + trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
>> + referenced, none_or_zero, result, unmapped);
>> return ret;
>> }
>
> What about this instead?
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 4b3420ade697..392ebba27fe2 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2503,10 +2503,8 @@ static int khugepaged_scan_pmd(struct mm_struct *mm,
> VM_BUG_ON(address & ~HPAGE_PMD_MASK);
>
> pmd = mm_find_pmd(mm, address);
> - if (!pmd) {
> - result = SCAN_PMD_NULL;
> - goto out;
> - }
> + if (!pmd)
> + return 0;
it is not safe to add return here,
there is lots of place which goto out_unmap below mm_find_pmd() ,
like page = vm_normal_page(vma, _address, pteval);
if page == NULL here , will also result in NULL pointer deference crash .
Thanks
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm: fix kernel crash in khugepaged thread
@ 2015-10-23 16:00 ` yalin wang
0 siblings, 0 replies; 8+ messages in thread
From: yalin wang @ 2015-10-23 16:00 UTC (permalink / raw)
To: Kirill A. Shutemov
Cc: Andrew Morton, Kirill A. Shutemov, Vlastimil Babka, jmarchan,
mgorman, Ebru Akagunduz, willy, linux-mm, linux-kernel
> On Oct 23, 2015, at 18:11, Kirill A. Shutemov <kirill@shutemov.name> wrote:
>
> On Fri, Oct 23, 2015 at 05:38:49PM +0800, yalin wang wrote:
>> This crash is caused by NULL pointer deference:
>> [ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
>> [ 182.639491 ] pgd = ffffffc00077a000
>> [ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
>> [ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
>> [ 182.641197 ] Modules linked in:
>> [ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
>> [ 182.642077 ] Hardware name: linux,dummy-virt (DT)
>> [ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
>> [ 182.642598 ] PC is at khugepaged+0x378/0x1af8
>> [ 182.642826 ] LR is at khugepaged+0x418/0x1af8
>> [ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
>> [ 182.643490 ] sp : ffffffc07963bca0
>> [ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
>> [ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
>> [ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
>> [ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
>> [ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
>> [ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
>> [ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
>> [ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
>> [ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
>> [ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
>> [ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
>> [ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
>> [ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
>> [ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
>> [ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
>> [ 182.649147 ]
>> [ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
>> [ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
>> [ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
>> [ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
>> [ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
>> [ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
>> [ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
>> [ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
>> [ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
>> [ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
>> [ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
>> [ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
>> [ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
>> [ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
>> [ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
>> [ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
>> [ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
>> [ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
>> [ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
>> [ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
>> [ 182.661848 ] Call trace:
>> [ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
>> [ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
>> [ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
>> [ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
>> [ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
>> [ 182.664160 ] Kernel panic - not syncing: Fatal exception
>> [ 182.664571 ] CPU2: stopping
>> [ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
>> [ 182.665248 ] Hardware name: linux,dummy-virt (DT)
>>
>> Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
>> ---
>> mm/huge_memory.c | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
>> index 4b3420a..a5f4d9c 100644
>> --- a/mm/huge_memory.c
>> +++ b/mm/huge_memory.c
>> @@ -2606,8 +2606,9 @@ out_unmap:
>> collapse_huge_page(mm, address, hpage, vma, node);
>> }
>> out:
>> - trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
>> - none_or_zero, result, unmapped);
>> + if (page)
>> + trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
>> + referenced, none_or_zero, result, unmapped);
>> return ret;
>> }
>
> What about this instead?
>
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index 4b3420ade697..392ebba27fe2 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -2503,10 +2503,8 @@ static int khugepaged_scan_pmd(struct mm_struct *mm,
> VM_BUG_ON(address & ~HPAGE_PMD_MASK);
>
> pmd = mm_find_pmd(mm, address);
> - if (!pmd) {
> - result = SCAN_PMD_NULL;
> - goto out;
> - }
> + if (!pmd)
> + return 0;
it is not safe to add return here,
there is lots of place which goto out_unmap below mm_find_pmd() ,
like page = vm_normal_page(vma, _address, pteval);
if page == NULL here , will also result in NULL pointer deference crash .
Thanks
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm: fix kernel crash in khugepaged thread
2015-10-23 16:00 ` yalin wang
@ 2015-10-23 19:28 ` Kirill A. Shutemov
-1 siblings, 0 replies; 8+ messages in thread
From: Kirill A. Shutemov @ 2015-10-23 19:28 UTC (permalink / raw)
To: yalin wang
Cc: Andrew Morton, Kirill A. Shutemov, Vlastimil Babka, jmarchan,
mgorman, Ebru Akagunduz, willy, linux-mm, linux-kernel
On Sat, Oct 24, 2015 at 12:00:14AM +0800, yalin wang wrote:
>
> > On Oct 23, 2015, at 18:11, Kirill A. Shutemov <kirill@shutemov.name> wrote:
> >
> > On Fri, Oct 23, 2015 at 05:38:49PM +0800, yalin wang wrote:
> >> This crash is caused by NULL pointer deference:
> >> [ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
> >> [ 182.639491 ] pgd = ffffffc00077a000
> >> [ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
> >> [ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
> >> [ 182.641197 ] Modules linked in:
> >> [ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> >> [ 182.642077 ] Hardware name: linux,dummy-virt (DT)
> >> [ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
> >> [ 182.642598 ] PC is at khugepaged+0x378/0x1af8
> >> [ 182.642826 ] LR is at khugepaged+0x418/0x1af8
> >> [ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
> >> [ 182.643490 ] sp : ffffffc07963bca0
> >> [ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
> >> [ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
> >> [ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
> >> [ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
> >> [ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
> >> [ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
> >> [ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
> >> [ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
> >> [ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
> >> [ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
> >> [ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
> >> [ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
> >> [ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
> >> [ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
> >> [ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
> >> [ 182.649147 ]
> >> [ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
> >> [ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
> >> [ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
> >> [ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
> >> [ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
> >> [ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
> >> [ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
> >> [ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
> >> [ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
> >> [ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
> >> [ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
> >> [ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
> >> [ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
> >> [ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
> >> [ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
> >> [ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
> >> [ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
> >> [ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
> >> [ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
> >> [ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.661848 ] Call trace:
> >> [ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
> >> [ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
> >> [ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
> >> [ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
> >> [ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
> >> [ 182.664160 ] Kernel panic - not syncing: Fatal exception
> >> [ 182.664571 ] CPU2: stopping
> >> [ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> >> [ 182.665248 ] Hardware name: linux,dummy-virt (DT)
> >>
> >> Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
> >> ---
> >> mm/huge_memory.c | 5 +++--
> >> 1 file changed, 3 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> >> index 4b3420a..a5f4d9c 100644
> >> --- a/mm/huge_memory.c
> >> +++ b/mm/huge_memory.c
> >> @@ -2606,8 +2606,9 @@ out_unmap:
> >> collapse_huge_page(mm, address, hpage, vma, node);
> >> }
> >> out:
> >> - trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
> >> - none_or_zero, result, unmapped);
> >> + if (page)
> >> + trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
> >> + referenced, none_or_zero, result, unmapped);
> >> return ret;
> >> }
> >
> > What about this instead?
> >
> > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > index 4b3420ade697..392ebba27fe2 100644
> > --- a/mm/huge_memory.c
> > +++ b/mm/huge_memory.c
> > @@ -2503,10 +2503,8 @@ static int khugepaged_scan_pmd(struct mm_struct *mm,
> > VM_BUG_ON(address & ~HPAGE_PMD_MASK);
> >
> > pmd = mm_find_pmd(mm, address);
> > - if (!pmd) {
> > - result = SCAN_PMD_NULL;
> > - goto out;
> > - }
> > + if (!pmd)
> > + return 0;
>
> it is not safe to add return here,
> there is lots of place which goto out_unmap below mm_find_pmd() ,
> like page = vm_normal_page(vma, _address, pteval);
> if page == NULL here , will also result in NULL pointer deference crash .
Fair enough.
But there is no point to set 'result' for these cases.
--
Kirill A. Shutemov
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] mm: fix kernel crash in khugepaged thread
@ 2015-10-23 19:28 ` Kirill A. Shutemov
0 siblings, 0 replies; 8+ messages in thread
From: Kirill A. Shutemov @ 2015-10-23 19:28 UTC (permalink / raw)
To: yalin wang
Cc: Andrew Morton, Kirill A. Shutemov, Vlastimil Babka, jmarchan,
mgorman, Ebru Akagunduz, willy, linux-mm, linux-kernel
On Sat, Oct 24, 2015 at 12:00:14AM +0800, yalin wang wrote:
>
> > On Oct 23, 2015, at 18:11, Kirill A. Shutemov <kirill@shutemov.name> wrote:
> >
> > On Fri, Oct 23, 2015 at 05:38:49PM +0800, yalin wang wrote:
> >> This crash is caused by NULL pointer deference:
> >> [ 182.639154 ] Unable to handle kernel NULL pointer dereference at virtual address 00000000
> >> [ 182.639491 ] pgd = ffffffc00077a000
> >> [ 182.639761 ] [00000000] *pgd=00000000b9422003, *pud=00000000b9422003, *pmd=00000000b9423003, *pte=0060000008000707
> >> [ 182.640749 ] Internal error: Oops: 94000006 [#1] SMP
> >> [ 182.641197 ] Modules linked in:
> >> [ 182.641580 ] CPU: 1 PID: 26 Comm: khugepaged Tainted: G W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> >> [ 182.642077 ] Hardware name: linux,dummy-virt (DT)
> >> [ 182.642227 ] task: ffffffc07957c080 ti: ffffffc079638000 task.ti: ffffffc079638000
> >> [ 182.642598 ] PC is at khugepaged+0x378/0x1af8
> >> [ 182.642826 ] LR is at khugepaged+0x418/0x1af8
> >> [ 182.643047 ] pc : [<ffffffc0001980ac>] lr : [<ffffffc00019814c>] pstate: 60000145
> >> [ 182.643490 ] sp : ffffffc07963bca0
> >> [ 182.643650 ] x29: ffffffc07963bca0 x28: ffffffc00075c000
> >> [ 182.644024 ] x27: ffffffc00f275040 x26: ffffffc0006c7000
> >> [ 182.644334 ] x25: 00e8000048800f51 x24: 0000000006400000
> >> [ 182.644687 ] x23: 0000000000000002 x22: 0000000000000000
> >> [ 182.644972 ] x21: 0000000000000000 x20: 0000000000000000
> >> [ 182.645446 ] x19: 0000000000000000 x18: 0000007ff86d0990
> >> [ 182.645931 ] x17: 00000000007ef9c8 x16: ffffffc000098390
> >> [ 182.646236 ] x15: ffffffffffffffff x14: 00000000ffffffff
> >> [ 182.646649 ] x13: 000000000000016a x12: 0000000000000000
> >> [ 182.647046 ] x11: ffffffc07f025020 x10: 0000000000000000
> >> [ 182.647395 ] x9 : 0000000000000048 x8 : ffffffc000721e28
> >> [ 182.647872 ] x7 : 0000000000000000 x6 : ffffffc07f02d000
> >> [ 182.648261 ] x5 : fffffffffffffe00 x4 : ffffffc00f275040
> >> [ 182.648611 ] x3 : 0000000000000000 x2 : ffffffc00f2ad000
> >> [ 182.648908 ] x1 : 0000000000000000 x0 : ffffffc000727000
> >> [ 182.649147 ]
> >> [ 182.649252 ] Process khugepaged (pid: 26, stack limit = 0xffffffc079638020)
> >> [ 182.649724 ] Stack: (0xffffffc07963bca0 to 0xffffffc07963c000)
> >> [ 182.650141 ] bca0: ffffffc07963be30 ffffffc0000b5044 ffffffc07961fb80 ffffffc00072e630
> >> [ 182.650587 ] bcc0: ffffffc0005d5090 0000000000000000 ffffffc000197d34 0000000000000000
> >> [ 182.651009 ] bce0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.651446 ] bd00: ffffffc07963bd90 ffffffc07f1cbf80 000000004f3be003 ffffffc00f2750a4
> >> [ 182.651956 ] bd20: ffffffc00f3bf000 ffffffc000000001 0000000000000001 ffffffc07f085740
> >> [ 182.652520 ] bd40: ffffffc00f2ad188 ffffffc000000000 0000000006200000 ffffffc00f275040
> >> [ 182.652972 ] bd60: ffffffc0006b1a90 ffffffc079638000 ffffffc07963be20 ffffffc00f0144d0
> >> [ 182.653357 ] bd80: ffffffc000000000 0000000006400000 ffffffc00f0144d0 00000a0800000001
> >> [ 182.653793 ] bda0: 0000100000000001 ffffffc000000001 ffffffc07f025000 ffffffc00f2750a8
> >> [ 182.654226 ] bdc0: 00000001000005f8 ffffffc00075a000 0000000006a00000 ffffffc000727000
> >> [ 182.654522 ] bde0: ffffffc0006e8478 ffffffc000000000 0000000100000000 ffffffc078fb9000
> >> [ 182.654869 ] be00: ffffffc07963be30 ffffffc000000000 ffffffc07957c080 ffffffc0000cfc4c
> >> [ 182.655225 ] be20: ffffffc07963be20 ffffffc07963be20 0000000000000000 ffffffc000085c50
> >> [ 182.655588 ] be40: ffffffc0000b4f64 ffffffc07961fb80 0000000000000000 0000000000000000
> >> [ 182.656138 ] be60: 0000000000000000 ffffffc0000bee2c ffffffc0000b4f64 0000000000000000
> >> [ 182.656609 ] be80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.657145 ] bea0: ffffffc07963bea0 ffffffc07963bea0 0000000000000000 ffffffc000000000
> >> [ 182.657475 ] bec0: ffffffc07963bec0 ffffffc07963bec0 0000000000000000 0000000000000000
> >> [ 182.657922 ] bee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.658558 ] bf00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.658972 ] bf20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.659291 ] bf40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.659722 ] bf60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.660122 ] bf80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.660654 ] bfa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.661064 ] bfc0: 0000000000000000 0000000000000000 0000000000000000 0000000000000005
> >> [ 182.661466 ] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> >> [ 182.661848 ] Call trace:
> >> [ 182.662050 ] [<ffffffc0001980ac>] khugepaged+0x378/0x1af8
> >> [ 182.662294 ] [<ffffffc0000b5040>] kthread+0xdc/0xf4
> >> [ 182.662605 ] [<ffffffc000085c4c>] ret_from_fork+0xc/0x40
> >> [ 182.663046 ] Code: 35001700 f0002c60 aa0703e3 f9009fa0 (f94000e0)
> >> [ 182.663901 ] ---[ end trace 637503d8e28ae69e ]---
> >> [ 182.664160 ] Kernel panic - not syncing: Fatal exception
> >> [ 182.664571 ] CPU2: stopping
> >> [ 182.664794 ] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 4.3.0-rc6-next-20151022ajb-00001-g32f3386-dirty #3
> >> [ 182.665248 ] Hardware name: linux,dummy-virt (DT)
> >>
> >> Signed-off-by: yalin wang <yalin.wang2010@gmail.com>
> >> ---
> >> mm/huge_memory.c | 5 +++--
> >> 1 file changed, 3 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> >> index 4b3420a..a5f4d9c 100644
> >> --- a/mm/huge_memory.c
> >> +++ b/mm/huge_memory.c
> >> @@ -2606,8 +2606,9 @@ out_unmap:
> >> collapse_huge_page(mm, address, hpage, vma, node);
> >> }
> >> out:
> >> - trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable, referenced,
> >> - none_or_zero, result, unmapped);
> >> + if (page)
> >> + trace_mm_khugepaged_scan_pmd(mm, page_to_pfn(page), writable,
> >> + referenced, none_or_zero, result, unmapped);
> >> return ret;
> >> }
> >
> > What about this instead?
> >
> > diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> > index 4b3420ade697..392ebba27fe2 100644
> > --- a/mm/huge_memory.c
> > +++ b/mm/huge_memory.c
> > @@ -2503,10 +2503,8 @@ static int khugepaged_scan_pmd(struct mm_struct *mm,
> > VM_BUG_ON(address & ~HPAGE_PMD_MASK);
> >
> > pmd = mm_find_pmd(mm, address);
> > - if (!pmd) {
> > - result = SCAN_PMD_NULL;
> > - goto out;
> > - }
> > + if (!pmd)
> > + return 0;
>
> it is not safe to add return here,
> there is lots of place which goto out_unmap below mm_find_pmd() ,
> like page = vm_normal_page(vma, _address, pteval);
> if page == NULL here , will also result in NULL pointer deference crash .
Fair enough.
But there is no point to set 'result' for these cases.
--
Kirill A. Shutemov
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-10-23 19:28 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-23 9:38 [PATCH] mm: fix kernel crash in khugepaged thread yalin wang
2015-10-23 9:38 ` yalin wang
2015-10-23 10:11 ` Kirill A. Shutemov
2015-10-23 10:11 ` Kirill A. Shutemov
2015-10-23 16:00 ` yalin wang
2015-10-23 16:00 ` yalin wang
2015-10-23 19:28 ` Kirill A. Shutemov
2015-10-23 19:28 ` Kirill A. Shutemov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.